diff options
Diffstat (limited to 'poky/meta')
327 files changed, 6547 insertions, 3841 deletions
diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass index a4dbc9a123..114781c780 100644 --- a/poky/meta/classes-global/insane.bbclass +++ b/poky/meta/classes-global/insane.bbclass @@ -34,6 +34,7 @@ WARN_QA ?= " libdir xorg-driver-abi buildpaths \ missing-update-alternatives native-last missing-ptest \ license-exists license-no-generic license-syntax license-format \ license-incompatible license-file-missing obsolete-license \ + 32bit-time \ " ERROR_QA ?= "dev-so debug-deps dev-deps debug-files arch pkgconfig la \ perms dep-cmp pkgvarcheck perm-config perm-line perm-link \ @@ -513,6 +514,11 @@ def check_32bit_symbols(path, packagename, d, elf, messages): """ Check that ELF files do not use any 32 bit time APIs from glibc. """ + thirtytwo_bit_time_archs = set(('arm','armeb','mipsarcho32','powerpc','x86')) + overrides = set(d.getVar('OVERRIDES').split(':')) + if not(thirtytwo_bit_time_archs & overrides): + return + import re # This list is manually constructed by searching the image folder of the # glibc recipe for __USE_TIME_BITS64. There is no good way to do this diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass index 7a8cc1e751..3ef0bbbb44 100644 --- a/poky/meta/classes-recipe/cargo.bbclass +++ b/poky/meta/classes-recipe/cargo.bbclass @@ -55,7 +55,6 @@ oe_cargo_build () { do_compile[progress] = "outof:\s+(\d+)/(\d+)" cargo_do_compile () { - oe_cargo_fix_env oe_cargo_build } diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass index 82ab25b59c..db54826ddb 100644 --- a/poky/meta/classes-recipe/cargo_common.bbclass +++ b/poky/meta/classes-recipe/cargo_common.bbclass @@ -149,6 +149,10 @@ python cargo_common_do_patch_paths() { } do_configure[postfuncs] += "cargo_common_do_patch_paths" +do_compile:prepend () { + oe_cargo_fix_env +} + oe_cargo_fix_env () { export CC="${RUST_TARGET_CC}" export CXX="${RUST_TARGET_CXX}" @@ -170,3 +174,15 @@ oe_cargo_fix_env () { EXTRA_OECARGO_PATHS ??= "" EXPORT_FUNCTIONS do_configure + +# The culprit for this setting is the libc crate, +# which as of Jun 2023 calls directly into 32 bit time functions in glibc, +# bypassing all of glibc provisions to choose the right Y2038-safe functions. As +# rust components statically link with that crate, pretty much everything +# is affected, and so there's no point trying to have recipe-specific +# INSANE_SKIP entries. +# +# Upstream ticket and PR: +# https://github.com/rust-lang/libc/issues/3223 +# https://github.com/rust-lang/libc/pull/3175 +INSANE_SKIP:append = " 32bit-time" diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass index d87d8204e4..d83c636e48 100644 --- a/poky/meta/classes-recipe/cml1.bbclass +++ b/poky/meta/classes-recipe/cml1.bbclass @@ -109,3 +109,9 @@ python do_diffconfig() { do_diffconfig[nostamp] = "1" do_diffconfig[dirs] = "${KCONFIG_CONFIG_ROOTDIR}" addtask diffconfig + +do_showconfig() { + bbplain "Config file written to ${KCONFIG_CONFIG_ROOTDIR}/.config" +} +do_showconfig[nostamp] = "1" +addtask showconfig after do_configure diff --git a/poky/meta/classes-recipe/image-artifact-names.bbclass b/poky/meta/classes-recipe/image-artifact-names.bbclass index ac2376d59a..bc76ff0e16 100644 --- a/poky/meta/classes-recipe/image-artifact-names.bbclass +++ b/poky/meta/classes-recipe/image-artifact-names.bbclass @@ -12,9 +12,10 @@ IMAGE_BASENAME ?= "${PN}" IMAGE_VERSION_SUFFIX ?= "-${DATETIME}" IMAGE_VERSION_SUFFIX[vardepsexclude] += "DATETIME SOURCE_DATE_EPOCH" IMAGE_NAME ?= "${IMAGE_LINK_NAME}${IMAGE_VERSION_SUFFIX}" -IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}" +IMAGE_LINK_NAME ?= "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_NAME_SUFFIX}" # This needs to stay in sync with IMAGE_LINK_NAME, but with INITRAMFS_IMAGE instead of IMAGE_BASENAME +# and without ${IMAGE_NAME_SUFFIX} which all initramfs images should set to empty INITRAMFS_IMAGE_NAME ?= "${@['${INITRAMFS_IMAGE}${IMAGE_MACHINE_SUFFIX}', ''][d.getVar('INITRAMFS_IMAGE') == '']}" # The default DEPLOY_DIR_IMAGE is ${MACHINE} directory: diff --git a/poky/meta/classes-recipe/image-live.bbclass b/poky/meta/classes-recipe/image-live.bbclass index 168774a464..95dd44a8c0 100644 --- a/poky/meta/classes-recipe/image-live.bbclass +++ b/poky/meta/classes-recipe/image-live.bbclass @@ -260,6 +260,5 @@ python do_bootimg() { bb.build.exec_func('create_symlinks', d) } do_bootimg[subimages] = "hddimg iso" -do_bootimg[imgsuffix] = "." addtask bootimg before do_image_complete after do_rootfs diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass index e0dfba4a42..21b220a28d 100644 --- a/poky/meta/classes-recipe/image.bbclass +++ b/poky/meta/classes-recipe/image.bbclass @@ -480,14 +480,14 @@ python () { if subimage not in subimages: subimages.append(subimage) if type not in alltypes: - rm_tmp_images.add(localdata.expand("${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}")) + rm_tmp_images.add(localdata.expand("${IMAGE_NAME}.${type}")) for bt in basetypes[t]: gen_conversion_cmds(bt) localdata.setVar('type', realt) if t not in alltypes: - rm_tmp_images.add(localdata.expand("${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}")) + rm_tmp_images.add(localdata.expand("${IMAGE_NAME}.${type}")) else: subimages.append(realt) @@ -594,13 +594,12 @@ python create_symlinks() { manifest_name = d.getVar('IMAGE_MANIFEST') taskname = d.getVar("BB_CURRENTTASK") subimages = (d.getVarFlag("do_" + taskname, 'subimages', False) or "").split() - imgsuffix = d.getVarFlag("do_" + taskname, 'imgsuffix') or d.expand("${IMAGE_NAME_SUFFIX}.") if not link_name: return for type in subimages: dst = os.path.join(deploy_dir, link_name + "." + type) - src = img_name + imgsuffix + type + src = img_name + "." + type if os.path.exists(os.path.join(deploy_dir, src)): bb.note("Creating symlink: %s -> %s" % (dst, src)) if os.path.islink(dst): diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass index 023eb87537..fdee835e7c 100644 --- a/poky/meta/classes-recipe/image_types.bbclass +++ b/poky/meta/classes-recipe/image_types.bbclass @@ -66,9 +66,9 @@ ZIP_COMPRESSION_LEVEL ?= "-9" ZSTD_COMPRESSION_LEVEL ?= "-3" JFFS2_SUM_EXTRA_ARGS ?= "" -IMAGE_CMD:jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --faketime --output=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.jffs2 ${EXTRA_IMAGECMD}" +IMAGE_CMD:jffs2 = "mkfs.jffs2 --root=${IMAGE_ROOTFS} --faketime --output=${IMGDEPLOYDIR}/${IMAGE_NAME}.jffs2 ${EXTRA_IMAGECMD}" -IMAGE_CMD:cramfs = "mkfs.cramfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cramfs ${EXTRA_IMAGECMD}" +IMAGE_CMD:cramfs = "mkfs.cramfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.cramfs ${EXTRA_IMAGECMD}" oe_mkext234fs () { fstype=$1 @@ -88,14 +88,14 @@ oe_mkext234fs () { eval COUNT=\"$MIN_COUNT\" fi # Create a sparse image block - bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024" - dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024 + bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024" + dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype seek=$ROOTFS_SIZE count=$COUNT bs=1024 bbdebug 1 "Actual Rootfs size: `du -s ${IMAGE_ROOTFS}`" - bbdebug 1 "Actual Partition size: `stat -c '%s' ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype`" - bbdebug 1 Executing "mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype -d ${IMAGE_ROOTFS}" - mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype -d ${IMAGE_ROOTFS} + bbdebug 1 "Actual Partition size: `stat -c '%s' ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype`" + bbdebug 1 Executing "mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype -d ${IMAGE_ROOTFS}" + mkfs.$fstype -F $extra_imagecmd ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype -d ${IMAGE_ROOTFS} # Error codes 0-3 indicate successfull operation of fsck (no errors or errors corrected) - fsck.$fstype -pvfD ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.$fstype || [ $? -le 3 ] + fsck.$fstype -pvfD ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype || [ $? -le 3 ] } IMAGE_CMD:ext2 = "oe_mkext234fs ext2 ${EXTRA_IMAGECMD}" @@ -109,8 +109,8 @@ IMAGE_CMD:btrfs () { size=${MIN_BTRFS_SIZE} bbwarn "Rootfs size is too small for BTRFS. Filesystem will be extended to ${size}K" fi - dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs seek=${size} count=0 bs=1024 - mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs + dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.btrfs seek=${size} count=0 bs=1024 + mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.btrfs } oe_mksquashfs () { @@ -119,7 +119,7 @@ oe_mksquashfs () { # Use the bitbake reproducible timestamp instead of the hardcoded squashfs one export SOURCE_DATE_EPOCH=$(stat -c '%Y' ${IMAGE_ROOTFS}) - mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp + mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.squashfs${comp:+-}${suffix:-$comp} ${EXTRA_IMAGECMD} -noappend ${comp:+-comp }$comp } IMAGE_CMD:squashfs = "oe_mksquashfs" IMAGE_CMD:squashfs-xz = "oe_mksquashfs xz" @@ -127,18 +127,18 @@ IMAGE_CMD:squashfs-lzo = "oe_mksquashfs lzo" IMAGE_CMD:squashfs-lz4 = "oe_mksquashfs lz4" IMAGE_CMD:squashfs-zst = "oe_mksquashfs zstd zst" -IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs ${IMAGE_ROOTFS}" -IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs-lz4 ${IMAGE_ROOTFS}" -IMAGE_CMD:erofs-lz4hc = "mkfs.erofs -zlz4hc ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.erofs-lz4hc ${IMAGE_ROOTFS}" +IMAGE_CMD:erofs = "mkfs.erofs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs ${IMAGE_ROOTFS}" +IMAGE_CMD:erofs-lz4 = "mkfs.erofs -zlz4 ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4 ${IMAGE_ROOTFS}" +IMAGE_CMD:erofs-lz4hc = "mkfs.erofs -zlz4hc ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.erofs-lz4hc ${IMAGE_ROOTFS}" IMAGE_CMD_TAR ?= "tar" # ignore return code 1 "file changed as we read it" as other tasks(e.g. do_image_wic) may be hardlinking rootfs -IMAGE_CMD:tar = "${IMAGE_CMD_TAR} --sort=name --format=posix --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]" +IMAGE_CMD:tar = "${IMAGE_CMD_TAR} --sort=name --format=posix --numeric-owner -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]" do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append" IMAGE_CMD:cpio () { - (cd ${IMAGE_ROOTFS} && find . | sort | cpio --reproducible -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio) + (cd ${IMAGE_ROOTFS} && find . | sort | cpio --reproducible -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}.cpio) # We only need the /init symlink if we're building the real # image. The -dbg image doesn't need it! By being clever # about this we also avoid 'touch' below failing, as it @@ -152,7 +152,7 @@ IMAGE_CMD:cpio () { else touch -r ${IMAGE_ROOTFS} ${WORKDIR}/cpio_append/init fi - (cd ${WORKDIR}/cpio_append && echo ./init | cpio --reproducible -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio) + (cd ${WORKDIR}/cpio_append && echo ./init | cpio --reproducible -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}.cpio) fi fi } @@ -167,7 +167,7 @@ write_ubi_config() { cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg [ubifs] mode=ubi -image=${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.${UBI_IMGTYPE} +image=${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.${UBI_IMGTYPE} vol_id=0 vol_type=${UBI_VOLTYPE} vol_name=${UBI_VOLNAME} @@ -192,9 +192,9 @@ multiubi_mkfs() { write_ubi_config "${vname}" if [ -n "$vname" ]; then - mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args} + mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.ubifs ${mkubifs_args} fi - ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg + ubinize -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}.ubi ${ubinize_args} ubinize${vname}-${IMAGE_NAME}.cfg # Cleanup cfg file mv ubinize${vname}-${IMAGE_NAME}.cfg ${IMGDEPLOYDIR}/ @@ -202,12 +202,12 @@ multiubi_mkfs() { # Create own symlinks for 'named' volumes if [ -n "$vname" ]; then cd ${IMGDEPLOYDIR} - if [ -e ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ]; then - ln -sf ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs \ + if [ -e ${IMAGE_NAME}${vname}.ubifs ]; then + ln -sf ${IMAGE_NAME}${vname}.ubifs \ ${IMAGE_LINK_NAME}${vname}.ubifs fi - if [ -e ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi ]; then - ln -sf ${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubi \ + if [ -e ${IMAGE_NAME}${vname}.ubi ]; then + ln -sf ${IMAGE_NAME}${vname}.ubi \ ${IMAGE_LINK_NAME}${vname}.ubi fi cd - @@ -232,7 +232,7 @@ IMAGE_CMD:ubi () { } IMAGE_TYPEDEP:ubi = "${UBI_IMGTYPE}" -IMAGE_CMD:ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.ubifs ${MKUBIFS_ARGS}" +IMAGE_CMD:ubifs = "mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}.ubifs ${MKUBIFS_ARGS}" MIN_F2FS_SIZE ?= "524288" IMAGE_CMD:f2fs () { @@ -246,9 +246,9 @@ IMAGE_CMD:f2fs () { size=${MIN_F2FS_SIZE} bbwarn "Rootfs size is too small for F2FS. Filesystem will be extended to ${size}K" fi - dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs seek=${size} count=0 bs=1024 - mkfs.f2fs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs - sload.f2fs -f ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.f2fs + dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs seek=${size} count=0 bs=1024 + mkfs.f2fs ${EXTRA_IMAGECMD} ${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs + sload.f2fs -f ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}.f2fs } EXTRA_IMAGECMD = "" @@ -314,32 +314,32 @@ IMAGE_TYPES:append:x86-64 = " hddimg iso" COMPRESSIONTYPES ?= "" CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip 7zip zst sum md5sum sha1sum sha224sum sha256sum sha384sum sha512sum bmap u-boot vmdk vhd vhdx vdi qcow2 base64 gzsync zsync ${COMPRESSIONTYPES}" -CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" -CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.gz" -CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" -CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.xz" -CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.lz4" -CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" -CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zip ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" -CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" -CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.zst" -CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}" -CONVERSION_CMD:md5sum = "md5sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.md5sum" -CONVERSION_CMD:sha1sum = "sha1sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha1sum" -CONVERSION_CMD:sha224sum = "sha224sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha224sum" -CONVERSION_CMD:sha256sum = "sha256sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha256sum" -CONVERSION_CMD:sha384sum = "sha384sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha384sum" -CONVERSION_CMD:sha512sum = "sha512sum ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sha512sum" -CONVERSION_CMD:bmap = "bmaptool create ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} -o ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.bmap" -CONVERSION_CMD:u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.u-boot" -CONVERSION_CMD:vmdk = "qemu-img convert -O vmdk ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vmdk" -CONVERSION_CMD:vhdx = "qemu-img convert -O vhdx -o subformat=dynamic ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vhdx" -CONVERSION_CMD:vhd = "qemu-img convert -O vpc -o subformat=fixed ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vhd" -CONVERSION_CMD:vdi = "qemu-img convert -O vdi ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.vdi" -CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.qcow2" -CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type} > ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.base64" -CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" -CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" +CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}" +CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz" +CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}" +CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz" +CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" +CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}.${type}" +CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}" +CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}" +CONVERSION_CMD:zst = "zstd -f -k -T0 -c ${ZSTD_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst" +CONVERSION_CMD:sum = "sumtool -i ${IMAGE_NAME}.${type} -o ${IMAGE_NAME}.${type}.sum ${JFFS2_SUM_EXTRA_ARGS}" +CONVERSION_CMD:md5sum = "md5sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.md5sum" +CONVERSION_CMD:sha1sum = "sha1sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha1sum" +CONVERSION_CMD:sha224sum = "sha224sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha224sum" +CONVERSION_CMD:sha256sum = "sha256sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha256sum" +CONVERSION_CMD:sha384sum = "sha384sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha384sum" +CONVERSION_CMD:sha512sum = "sha512sum ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.sha512sum" +CONVERSION_CMD:bmap = "bmaptool create ${IMAGE_NAME}.${type} -o ${IMAGE_NAME}.${type}.bmap" +CONVERSION_CMD:u-boot = "mkimage -A ${UBOOT_ARCH} -O linux -T ramdisk -C none -n ${IMAGE_NAME} -d ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.u-boot" +CONVERSION_CMD:vmdk = "qemu-img convert -O vmdk ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vmdk" +CONVERSION_CMD:vhdx = "qemu-img convert -O vhdx -o subformat=dynamic ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vhdx" +CONVERSION_CMD:vhd = "qemu-img convert -O vpc -o subformat=fixed ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vhd" +CONVERSION_CMD:vdi = "qemu-img convert -O vdi ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.vdi" +CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.qcow2" +CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.base64" +CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}.${type}" +CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}.${type}" CONVERSION_DEPENDS_lzma = "xz-native" CONVERSION_DEPENDS_gz = "pigz-native" CONVERSION_DEPENDS_bz2 = "pbzip2-native" diff --git a/poky/meta/classes-recipe/image_types_wic.bbclass b/poky/meta/classes-recipe/image_types_wic.bbclass index be31fbf94f..669606da75 100644 --- a/poky/meta/classes-recipe/image_types_wic.bbclass +++ b/poky/meta/classes-recipe/image_types_wic.bbclass @@ -71,7 +71,7 @@ IMAGE_CMD:wic () { bbfatal "No kickstart files from WKS_FILES were found: ${WKS_FILES}. Please set WKS_FILE or WKS_FILES appropriately." fi BUILDDIR="${TOPDIR}" PSEUDO_UNLOAD=1 wic create "$wks" --vars "${STAGING_DIR}/${MACHINE}/imgdata/" -e "${IMAGE_BASENAME}" -o "$build_wic/" -w "$tmp_wic" ${WIC_CREATE_EXTRA_ARGS} - mv "$build_wic/$(basename "${wks%.wks}")"*.direct "$out${IMAGE_NAME_SUFFIX}.wic" + mv "$build_wic/$(basename "${wks%.wks}")"*.direct "$out.wic" } IMAGE_CMD:wic[vardepsexclude] = "WKS_FULL_PATH WKS_FILES TOPDIR" do_image_wic[cleandirs] = "${WORKDIR}/build-wic" diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass index 6e19dbbba8..df4884b6c4 100644 --- a/poky/meta/classes-recipe/kernel-arch.bbclass +++ b/poky/meta/classes-recipe/kernel-arch.bbclass @@ -80,3 +80,10 @@ KERNEL_OBJCOPY = "${CCACHE}${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}" KERNEL_STRIP = "${CCACHE}${HOST_PREFIX}strip ${HOST_STRIP_KERNEL_ARCH}" TOOLCHAIN ?= "gcc" +# 6.3+ requires the variable LOCALVERSION to be set to not get a "+" in +# the local version. Having it empty means nothing will be added, and any +# value will be appended to the local kernel version. This replaces the +# use of .scmversion file for setting a localversion without using +# the CONFIG_LOCALVERSION option. +KERNEL_LOCALVERSION ??= "" +export LOCALVERSION ?= "${KERNEL_LOCALVERSION}" diff --git a/poky/meta/classes-recipe/kernel-devicetree.bbclass b/poky/meta/classes-recipe/kernel-devicetree.bbclass index 1b60c14740..eff052b402 100644 --- a/poky/meta/classes-recipe/kernel-devicetree.bbclass +++ b/poky/meta/classes-recipe/kernel-devicetree.bbclass @@ -100,28 +100,36 @@ do_deploy:append() { if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then dtb=$dtb_base_name.$dtb_ext fi - install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext - if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then - ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name.$dtb_ext + install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name.$dtb_ext + if [ -n "${KERNEL_DTB_NAME}" ] ; then + ln -sf $dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext fi if [ -n "${KERNEL_DTB_LINK_NAME}" ] ; then - ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext + ln -sf $dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext fi for type in ${KERNEL_IMAGETYPE_FOR_MAKE}; do if [ "$type" = "zImage" ] && [ "${KERNEL_DEVICETREE_BUNDLE}" = "1" ]; then cat ${D}/${KERNEL_IMAGEDEST}/$type \ - $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \ - > $deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} + $deployDir/$dtb_base_name.$dtb_ext \ + > $deployDir/$type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} + if [ -n "${KERNEL_DTB_NAME}" ]; then + ln -sf $type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \ + $deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} + fi if [ -n "${KERNEL_DTB_LINK_NAME}" ]; then - ln -sf $type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} \ + ln -sf $type-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \ $deployDir/$type-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} fi if [ -e "${KERNEL_OUTPUT_DIR}/${type}.initramfs" ]; then cat ${KERNEL_OUTPUT_DIR}/${type}.initramfs \ - $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \ - > $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} + $deployDir/$dtb_base_name.$dtb_ext \ + > $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} + if [ -n "${KERNEL_DTB_NAME}" ]; then + ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \ + $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} + fi if [ -n "${KERNEL_DTB_LINK_NAME}" ]; then - ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} \ + ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name.$dtb_ext${KERNEL_DTB_BIN_EXT} \ $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext${KERNEL_DTB_BIN_EXT} fi fi diff --git a/poky/meta/classes-recipe/kernel-module-split.bbclass b/poky/meta/classes-recipe/kernel-module-split.bbclass index 50882c31a7..c1208d55e0 100644 --- a/poky/meta/classes-recipe/kernel-module-split.bbclass +++ b/poky/meta/classes-recipe/kernel-module-split.bbclass @@ -30,9 +30,8 @@ fi PACKAGE_WRITE_DEPS += "kmod-native depmodwrapper-cross" -do_install:append() { - install -d ${D}${sysconfdir}/modules-load.d/ ${D}${sysconfdir}/modprobe.d/ -} +modulesloaddir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${nonarch_libdir}', '${sysconfdir}', d)}/modules-load.d" +modprobedir ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${nonarch_base_libdir}', '${sysconfdir}', d)}/modprobe.d" KERNEL_SPLIT_MODULES ?= "1" PACKAGESPLITFUNCS =+ "split_kernel_module_packages" @@ -73,9 +72,8 @@ python split_kernel_module_packages () { cmd = "%sobjcopy -j .modinfo -O binary %s %s" % (d.getVar("HOST_PREFIX") or "", file, tmpfile) subprocess.check_call(cmd, shell=True) # errors='replace': Some old kernel versions contain invalid utf-8 characters in mod descriptions (like 0xf6, 'ö') - f = open(tmpfile, errors='replace') - l = f.read().split("\000") - f.close() + with open(tmpfile, errors='replace') as f: + l = f.read().split("\000") os.close(tf[0]) os.unlink(tmpfile) if compressed: @@ -93,7 +91,7 @@ python split_kernel_module_packages () { dvar = d.getVar('PKGD') - # If autoloading is requested, output /etc/modules-load.d/<name>.conf and append + # If autoloading is requested, output ${modulesloaddir}/<name>.conf and append # appropriate modprobe commands to the postinst autoloadlist = (d.getVar("KERNEL_MODULE_AUTOLOAD") or "").split() autoload = d.getVar('module_autoload_%s' % basename) @@ -102,14 +100,18 @@ python split_kernel_module_packages () { if autoload and basename not in autoloadlist: bb.warn("module_autoload_%s is defined but '%s' isn't included in KERNEL_MODULE_AUTOLOAD, please add it there" % (basename, basename)) if basename in autoloadlist: - name = '%s/etc/modules-load.d/%s.conf' % (dvar, basename) - f = open(name, 'w') - if autoload: - for m in autoload.split(): - f.write('%s\n' % m) - else: - f.write('%s\n' % basename) - f.close() + conf = '%s/%s.conf' % (d.getVar('modulesloaddir'), basename) + name = '%s%s' % (dvar, conf) + os.makedirs(os.path.dirname(name), exist_ok=True) + with open(name, 'w') as f: + if autoload: + for m in autoload.split(): + f.write('%s\n' % m) + else: + f.write('%s\n' % basename) + conf2append = ' %s' % conf + d.appendVar('FILES:%s' % pkg, conf2append) + d.appendVar('CONFFILES:%s' % pkg, conf2append) postinst = d.getVar('pkg_postinst:%s' % pkg) if not postinst: bb.fatal("pkg_postinst:%s not defined" % pkg) @@ -120,21 +122,18 @@ python split_kernel_module_packages () { modconflist = (d.getVar("KERNEL_MODULE_PROBECONF") or "").split() modconf = d.getVar('module_conf_%s' % basename) if modconf and basename in modconflist: - name = '%s/etc/modprobe.d/%s.conf' % (dvar, basename) - f = open(name, 'w') - f.write("%s\n" % modconf) - f.close() + conf = '%s/%s.conf' % (d.getVar('modprobedir'), basename) + name = '%s%s' % (dvar, conf) + os.makedirs(os.path.dirname(name), exist_ok=True) + with open(name, 'w') as f: + f.write("%s\n" % modconf) + conf2append = ' %s' % conf + d.appendVar('FILES:%s' % pkg, conf2append) + d.appendVar('CONFFILES:%s' % pkg, conf2append) + elif modconf: bb.error("Please ensure module %s is listed in KERNEL_MODULE_PROBECONF since module_conf_%s is set" % (basename, basename)) - files = d.getVar('FILES:%s' % pkg) - files = "%s /etc/modules-load.d/%s.conf /etc/modprobe.d/%s.conf" % (files, basename, basename) - d.setVar('FILES:%s' % pkg, files) - - conffiles = d.getVar('CONFFILES:%s' % pkg) - conffiles = "%s /etc/modules-load.d/%s.conf /etc/modprobe.d/%s.conf" % (conffiles, basename, basename) - d.setVar('CONFFILES:%s' % pkg, conffiles) - if "description" in vals: old_desc = d.getVar('DESCRIPTION:' + pkg) or "" d.setVar('DESCRIPTION:' + pkg, old_desc + "; " + vals["description"]) @@ -169,8 +168,8 @@ python split_kernel_module_packages () { postrm = d.getVar('pkg_postrm:modules') if splitmods != '1': - etcdir = d.getVar('sysconfdir') - d.appendVar('FILES:' + metapkg, '%s/modules-load.d/ %s/modprobe.d/ %s/modules/' % (etcdir, etcdir, d.getVar("nonarch_base_libdir"))) + d.appendVar('FILES:' + metapkg, '%s %s %s/modules' % + (d.getVar('modulesloaddir'), d.getVar('modprobedir'), d.getVar("nonarch_base_libdir"))) d.appendVar('pkg_postinst:%s' % metapkg, postinst) d.prependVar('pkg_postrm:%s' % metapkg, postrm); return @@ -184,14 +183,6 @@ python split_kernel_module_packages () { modules = do_split_packages(d, root='${nonarch_base_libdir}/modules', file_regex=module_regex, output_pattern=module_pattern, description='%s kernel module', postinst=postinst, postrm=postrm, recursive=True, hook=frob_metadata, extra_depends='%s-%s' % (kernel_package_name, kernel_version)) if modules: d.appendVar('RDEPENDS:' + metapkg, ' '+' '.join(modules)) - - # If modules-load.d and modprobe.d are empty at this point, remove them to - # avoid warnings. removedirs only raises an OSError if an empty - # directory cannot be removed. - dvar = d.getVar('PKGD') - for dir in ["%s/etc/modprobe.d" % (dvar), "%s/etc/modules-load.d" % (dvar), "%s/etc" % (dvar)]: - if len(os.listdir(dir)) == 0: - os.rmdir(dir) } do_package[vardeps] += '${@" ".join(map(lambda s: "module_conf_" + s, (d.getVar("KERNEL_MODULE_PROBECONF") or "").split()))}' diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass index e82b696d1a..2e9563186e 100644 --- a/poky/meta/classes-recipe/kernel.bbclass +++ b/poky/meta/classes-recipe/kernel.bbclass @@ -181,13 +181,14 @@ do_unpack[cleandirs] += " ${S} ${STAGING_KERNEL_DIR} ${B} ${STAGING_KERNEL_BUILD do_clean[cleandirs] += " ${S} ${STAGING_KERNEL_DIR} ${B} ${STAGING_KERNEL_BUILDDIR}" python do_symlink_kernsrc () { s = d.getVar("S") - if s[-1] == '/': - # drop trailing slash, so that os.symlink(kernsrc, s) doesn't use s as directory name and fail - s=s[:-1] kernsrc = d.getVar("STAGING_KERNEL_DIR") if s != kernsrc: bb.utils.mkdirhier(kernsrc) bb.utils.remove(kernsrc, recurse=True) + if s[-1] == '/': + # drop trailing slash, so that os.symlink(kernsrc, s) doesn't use s as + # directory name and fail + s = s[:-1] if d.getVar("EXTERNALSRC"): # With EXTERNALSRC S will not be wiped so we can symlink to it os.symlink(s, kernsrc) @@ -355,6 +356,9 @@ kernel_do_compile() { export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR" export PKG_CONFIG_SYSROOT_DIR="" + # for newer kernels (5.19+) there's a dedicated variable + export HOSTPKG_CONFIG="pkg-config-native" + if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then # kernel sources do not use do_unpack, so SOURCE_DATE_EPOCH may not # be set.... @@ -426,7 +430,7 @@ do_compile_kernelmodules() { if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS} - # Module.symvers gets updated during the + # Module.symvers gets updated during the # building of the kernel modules. We need to # update this in the shared workdir since some # external kernel modules has a dependency on @@ -483,8 +487,6 @@ kernel_do_install() { install -m 0644 .config ${D}/${KERNEL_IMAGEDEST}/config-${KERNEL_VERSION} install -m 0644 vmlinux ${D}/${KERNEL_IMAGEDEST}/vmlinux-${KERNEL_VERSION} [ -e Module.symvers ] && install -m 0644 Module.symvers ${D}/${KERNEL_IMAGEDEST}/Module.symvers-${KERNEL_VERSION} - install -d ${D}${sysconfdir}/modules-load.d - install -d ${D}${sysconfdir}/modprobe.d } # Must be ran no earlier than after do_kernel_checkout or else Makefile won't be in ${S}/Makefile @@ -622,7 +624,6 @@ do_shared_workdir () { # We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware SYSROOT_DIRS = "" -KERNEL_LOCALVERSION ??= "" KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig" python check_oldest_kernel() { @@ -644,6 +645,9 @@ kernel_do_configure() { # $ scripts/setlocalversion . => + # $ make kernelversion => 2.6.37 # $ make kernelrelease => 2.6.37+ + # See kernel-arch.bbclass for post v6.3 removal of the extra + # + in localversion. .scmversion is no longer used, and the + # variable LOCALVERSION must be used if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ]; then echo ${KERNEL_LOCALVERSION} > ${B}/.scmversion echo ${KERNEL_LOCALVERSION} > ${S}/.scmversion diff --git a/poky/meta/classes-recipe/meson.bbclass b/poky/meta/classes-recipe/meson.bbclass index 48688bed75..7f5e9b1943 100644 --- a/poky/meta/classes-recipe/meson.bbclass +++ b/poky/meta/classes-recipe/meson.bbclass @@ -111,6 +111,7 @@ nm = ${@meson_array('BUILD_NM', d)} strip = ${@meson_array('BUILD_STRIP', d)} readelf = ${@meson_array('BUILD_READELF', d)} objcopy = ${@meson_array('BUILD_OBJCOPY', d)} +llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config' pkgconfig = 'pkg-config-native' ${@rust_tool(d, "BUILD_SYS")} diff --git a/poky/meta/classes-recipe/npm.bbclass b/poky/meta/classes-recipe/npm.bbclass index 639f461a3a..91da3295f2 100644 --- a/poky/meta/classes-recipe/npm.bbclass +++ b/poky/meta/classes-recipe/npm.bbclass @@ -109,6 +109,7 @@ python npm_do_configure() { import tempfile from bb.fetch2.npm import NpmEnvironment from bb.fetch2.npm import npm_unpack + from bb.fetch2.npm import npm_package from bb.fetch2.npmsw import foreach_dependencies from bb.progress import OutOfProgressHandler from oe.npm_registry import NpmRegistry @@ -129,22 +130,6 @@ python npm_do_configure() { sha512 = bb.utils.sha512_file(tarball) return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode() - def _npmsw_dependency_dict(orig, deptree): - """ - Return the sub dictionary in the 'orig' dictionary corresponding to the - 'deptree' dependency tree. This function follows the shrinkwrap file - format. - """ - ptr = orig - for dep in deptree: - if "dependencies" not in ptr: - ptr["dependencies"] = {} - ptr = ptr["dependencies"] - if dep not in ptr: - ptr[dep] = {} - ptr = ptr[dep] - return ptr - # Manage the manifest file and shrinkwrap files orig_manifest_file = d.expand("${S}/package.json") orig_shrinkwrap_file = d.expand("${S}/npm-shrinkwrap.json") @@ -168,31 +153,44 @@ python npm_do_configure() { if has_shrinkwrap_file: cached_shrinkwrap = copy.deepcopy(orig_shrinkwrap) - cached_shrinkwrap.pop("dependencies", None) + for package in orig_shrinkwrap["packages"]: + if package != "": + cached_shrinkwrap["packages"].pop(package, None) + cached_shrinkwrap["packages"][""].pop("dependencies", None) + cached_shrinkwrap["packages"][""].pop("devDependencies", None) + cached_shrinkwrap["packages"][""].pop("peerDependencies", None) # Manage the dependencies progress = OutOfProgressHandler(d, r"^(\d+)/(\d+)$") progress_total = 1 # also count the main package progress_done = 0 - def _count_dependency(name, params, deptree): + def _count_dependency(name, params, destsuffix): nonlocal progress_total progress_total += 1 - def _cache_dependency(name, params, deptree): - destsubdirs = [os.path.join("node_modules", dep) for dep in deptree] - destsuffix = os.path.join(*destsubdirs) + def _cache_dependency(name, params, destsuffix): with tempfile.TemporaryDirectory() as tmpdir: # Add the dependency to the npm cache destdir = os.path.join(d.getVar("S"), destsuffix) (tarball, pkg) = npm_pack(env, destdir, tmpdir) _npm_cache_add(tarball, pkg) # Add its signature to the cached shrinkwrap - dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree) + dep = params dep["version"] = pkg['version'] dep["integrity"] = _npm_integrity(tarball) if params.get("dev", False): dep["dev"] = True + if "devDependencies" not in cached_shrinkwrap["packages"][""]: + cached_shrinkwrap["packages"][""]["devDependencies"] = {} + cached_shrinkwrap["packages"][""]["devDependencies"][name] = pkg['version'] + + else: + if "dependencies" not in cached_shrinkwrap["packages"][""]: + cached_shrinkwrap["packages"][""]["dependencies"] = {} + cached_shrinkwrap["packages"][""]["dependencies"][name] = pkg['version'] + + cached_shrinkwrap["packages"][destsuffix] = dep # Display progress nonlocal progress_done progress_done += 1 @@ -203,6 +201,19 @@ python npm_do_configure() { if has_shrinkwrap_file: foreach_dependencies(orig_shrinkwrap, _count_dependency, dev) foreach_dependencies(orig_shrinkwrap, _cache_dependency, dev) + + # Manage Peer Dependencies + if has_shrinkwrap_file: + packages = orig_shrinkwrap.get("packages", {}) + peer_deps = packages.get("", {}).get("peerDependencies", {}) + package_runtime_dependencies = d.getVar("RDEPENDS:%s" % d.getVar("PN")) + + for peer_dep in peer_deps: + peer_dep_yocto_name = npm_package(peer_dep) + if peer_dep_yocto_name not in package_runtime_dependencies: + bb.warn(peer_dep + " is a peer dependencie that is not in RDEPENDS variable. " + + "Please add this peer dependencie to the RDEPENDS variable as %s and generate its recipe with devtool" + % peer_dep_yocto_name) # Configure the main package with tempfile.TemporaryDirectory() as tmpdir: @@ -212,7 +223,7 @@ python npm_do_configure() { # Configure the cached manifest file and cached shrinkwrap file def _update_manifest(depkey): for name in orig_manifest.get(depkey, {}): - version = cached_shrinkwrap["dependencies"][name]["version"] + version = cached_shrinkwrap["packages"][""][depkey][name] if depkey not in cached_manifest: cached_manifest[depkey] = {} cached_manifest[depkey][name] = version @@ -279,6 +290,9 @@ python npm_do_compile() { args.append(("target_arch", d.getVar("NPM_ARCH"))) args.append(("build-from-source", "true")) + # Don't install peer dependencies as they should be in RDEPENDS variable + args.append(("legacy-peer-deps", "true")) + # Pack and install the main package (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM")) diff --git a/poky/meta/classes-recipe/ptest-cargo.bbclass b/poky/meta/classes-recipe/ptest-cargo.bbclass index 4ed528445a..5d53abe969 100644 --- a/poky/meta/classes-recipe/ptest-cargo.bbclass +++ b/poky/meta/classes-recipe/ptest-cargo.bbclass @@ -23,13 +23,13 @@ python do_compile_ptest_cargo() { bb.note(f"Building tests with cargo ({cmd})") try: - proc = subprocess.Popen(cmd, shell=True, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + proc = subprocess.Popen(cmd, shell=True, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True) except subprocess.CalledProcessError as e: bb.fatal(f"Cannot build test with cargo: {e}") lines = [] for line in proc.stdout: - data = line.decode('utf-8').strip('\n') + data = line.strip('\n') lines.append(data) bb.note(data) proc.communicate() @@ -50,7 +50,7 @@ python do_compile_ptest_cargo() { current_manifest_path = os.path.normpath(data['manifest_path']) project_manifest_path = os.path.normpath(manifest_path) if current_manifest_path == project_manifest_path: - if data['target']['test'] or data['target']['doctest'] and data['executable']: + if (data['target']['test'] or data['target']['doctest']) and data['executable']: test_bins.append(data['executable']) except KeyError as e: # skip lines that do not meet the requirements diff --git a/poky/meta/classes-recipe/rootfs-postcommands.bbclass b/poky/meta/classes-recipe/rootfs-postcommands.bbclass index 652601b95f..4492c9c0aa 100644 --- a/poky/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/poky/meta/classes-recipe/rootfs-postcommands.bbclass @@ -37,7 +37,7 @@ APPEND:append = '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", " ro ROOTFS_POSTPROCESS_COMMAND += "write_image_test_data; " # Write manifest -IMAGE_MANIFEST = "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.manifest" +IMAGE_MANIFEST = "${IMGDEPLOYDIR}/${IMAGE_NAME}.manifest" ROOTFS_POSTUNINSTALL_COMMAND =+ "write_image_manifest ; " # Set default postinst log file POSTINST_LOGFILE ?= "${localstatedir}/log/postinstall.log" diff --git a/poky/meta/classes-recipe/rootfs_rpm.bbclass b/poky/meta/classes-recipe/rootfs_rpm.bbclass index 6eccd5a959..55f1cc92ca 100644 --- a/poky/meta/classes-recipe/rootfs_rpm.bbclass +++ b/poky/meta/classes-recipe/rootfs_rpm.bbclass @@ -20,11 +20,9 @@ IMAGE_ROOTFS_EXTRA_SPACE:append = "${@bb.utils.contains("PACKAGE_INSTALL", "dnf" # Dnf is python based, so be sure python3-native is available to us. EXTRANATIVEPATH += "python3-native" -# opkg is needed for update-alternatives RPMROOTFSDEPENDS = "rpm-native:do_populate_sysroot \ dnf-native:do_populate_sysroot \ - createrepo-c-native:do_populate_sysroot \ - opkg-native:do_populate_sysroot" + createrepo-c-native:do_populate_sysroot" do_rootfs[depends] += "${RPMROOTFSDEPENDS}" do_populate_sdk[depends] += "${RPMROOTFSDEPENDS}" diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass index e0cedd7aa2..878272721c 100644 --- a/poky/meta/classes-recipe/rust-common.bbclass +++ b/poky/meta/classes-recipe/rust-common.bbclass @@ -158,6 +158,10 @@ WRAPPER_TARGET_CXX = "${CXX}" WRAPPER_TARGET_CCLD = "${CCLD}" WRAPPER_TARGET_LDFLAGS = "${LDFLAGS}" WRAPPER_TARGET_EXTRALD = "" +# see recipes-devtools/gcc/gcc/0018-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch +# we need to link with ssp_nonshared on musl to avoid "undefined reference to `__stack_chk_fail_local'" +# when building MACHINE=qemux86 for musl +WRAPPER_TARGET_EXTRALD:libc-musl = "-lssp_nonshared" WRAPPER_TARGET_AR = "${AR}" # compiler is used by gcc-rs diff --git a/poky/meta/classes-recipe/testexport.bbclass b/poky/meta/classes-recipe/testexport.bbclass index 0f0c56107f..572f5d9e76 100644 --- a/poky/meta/classes-recipe/testexport.bbclass +++ b/poky/meta/classes-recipe/testexport.bbclass @@ -61,16 +61,12 @@ def testexport_main(d): d.getVar("TEST_TARGET"), None, d.getVar("TEST_TARGET_IP"), d.getVar("TEST_SERVER_IP")) - host_dumper = OERuntimeTestContextExecutor.getHostDumper( - d.getVar("testimage_dump_host"), d.getVar("TESTIMAGE_DUMP_DIR")) - image_manifest = "%s.manifest" % image_name image_packages = OERuntimeTestContextExecutor.readPackagesManifest(image_manifest) extract_dir = d.getVar("TEST_EXTRACTED_DIR") - tc = OERuntimeTestContext(td, logger, target, host_dumper, - image_packages, extract_dir) + tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir) copy_needed_files(d, tc) diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass index 0f02eadf57..e3068348ff 100644 --- a/poky/meta/classes-recipe/testimage.bbclass +++ b/poky/meta/classes-recipe/testimage.bbclass @@ -124,18 +124,6 @@ testimage_dump_target () { find /var/log/ -type f 2>/dev/null -exec echo "====================" \; -exec echo {} \; -exec echo "====================" \; -exec cat {} \; -exec echo "" \; } -testimage_dump_host () { - top -bn1 - iostat -x -z -N -d -p ALL 20 2 - ps -ef - free - df - memstat - dmesg - ip -s link - netstat -an -} - testimage_dump_monitor () { query-status query-block @@ -381,19 +369,13 @@ def testimage_main(d): # runtime use network for download projects for build export_proxies(d) - # we need the host dumper in test context - host_dumper = OERuntimeTestContextExecutor.getHostDumper( - d.getVar("testimage_dump_host"), - d.getVar("TESTIMAGE_DUMP_DIR")) - # the robot dance target = OERuntimeTestContextExecutor.getTarget( d.getVar("TEST_TARGET"), logger, d.getVar("TEST_TARGET_IP"), d.getVar("TEST_SERVER_IP"), **target_kwargs) # test context - tc = OERuntimeTestContext(td, logger, target, host_dumper, - image_packages, extract_dir) + tc = OERuntimeTestContext(td, logger, target, image_packages, extract_dir) # Load tests before starting the target test_paths = get_runtime_paths(d) diff --git a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass index 86a7d30ca0..653e583663 100644 --- a/poky/meta/classes-recipe/uboot-extlinux-config.bbclass +++ b/poky/meta/classes-recipe/uboot-extlinux-config.bbclass @@ -33,11 +33,11 @@ # UBOOT_EXTLINUX_DEFAULT_LABEL ??= "Linux Default" # UBOOT_EXTLINUX_TIMEOUT ??= "30" # -# UBOOT_EXTLINUX_KERNEL_IMAGE_default ??= "../zImage" -# UBOOT_EXTLINUX_MENU_DESCRIPTION_default ??= "Linux Default" +# UBOOT_EXTLINUX_KERNEL_IMAGE:default ??= "../zImage" +# UBOOT_EXTLINUX_MENU_DESCRIPTION:default ??= "Linux Default" # -# UBOOT_EXTLINUX_KERNEL_IMAGE_fallback ??= "../zImage-fallback" -# UBOOT_EXTLINUX_MENU_DESCRIPTION_fallback ??= "Linux Fallback" +# UBOOT_EXTLINUX_KERNEL_IMAGE:fallback ??= "../zImage-fallback" +# UBOOT_EXTLINUX_MENU_DESCRIPTION:fallback ??= "Linux Fallback" # # Results: # diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index bd9e7e7445..c1f1ea0fd6 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -48,8 +48,8 @@ CVE_CHECK_LOG_JSON ?= "${T}/cve.json" CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" -CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve" -CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json" +CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve" +CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json" CVE_CHECK_COPY_FILES ??= "1" CVE_CHECK_CREATE_MANIFEST ??= "1" @@ -70,12 +70,28 @@ CVE_CHECK_COVERAGE ??= "1" # Skip CVE Check for packages (PN) CVE_CHECK_SKIP_RECIPE ?= "" -# Ingore the check for a given list of CVEs. If a CVE is found, -# then it is considered patched. The value is a string containing -# space separated CVE values: +# Replace NVD DB check status for a given CVE. Each of CVE has to be mentioned +# separately with optional detail and description for this status. # -# CVE_CHECK_IGNORE = 'CVE-2014-2524 CVE-2018-1234' +# CVE_STATUS[CVE-1234-0001] = "not-applicable-platform: Issue only applies on Windows" +# CVE_STATUS[CVE-1234-0002] = "fixed-version: Fixed externally" # +# Settings the same status and reason for multiple CVEs is possible +# via CVE_STATUS_GROUPS variable. +# +# CVE_STATUS_GROUPS = "CVE_STATUS_WIN CVE_STATUS_PATCHED" +# +# CVE_STATUS_WIN = "CVE-1234-0001 CVE-1234-0003" +# CVE_STATUS_WIN[status] = "not-applicable-platform: Issue only applies on Windows" +# CVE_STATUS_PATCHED = "CVE-1234-0002 CVE-1234-0004" +# CVE_STATUS_PATCHED[status] = "fixed-version: Fixed externally" +# +# All possible CVE statuses could be found in cve-check-map.conf +# CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored" +# CVE_CHECK_STATUSMAP[fixed-version] = "Patched" +# +# CVE_CHECK_IGNORE is deprecated and CVE_STATUS has to be used instead. +# Keep CVE_CHECK_IGNORE until other layers migrate to new variables CVE_CHECK_IGNORE ?= "" # Layers to be excluded @@ -88,6 +104,24 @@ CVE_CHECK_LAYER_INCLUDELIST ??= "" # set to "alphabetical" for version using single alphabetical character as increment release CVE_VERSION_SUFFIX ??= "" +python () { + # Fallback all CVEs from CVE_CHECK_IGNORE to CVE_STATUS + cve_check_ignore = d.getVar("CVE_CHECK_IGNORE") + if cve_check_ignore: + bb.warn("CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS") + for cve in (d.getVar("CVE_CHECK_IGNORE") or "").split(): + d.setVarFlag("CVE_STATUS", cve, "ignored") + + # Process CVE_STATUS_GROUPS to set multiple statuses and optional detail or description at once + for cve_status_group in (d.getVar("CVE_STATUS_GROUPS") or "").split(): + cve_group = d.getVar(cve_status_group) + if cve_group is not None: + for cve in cve_group.split(): + d.setVarFlag("CVE_STATUS", cve, d.getVarFlag(cve_status_group, "status")) + else: + bb.warn("CVE_STATUS_GROUPS contains undefined variable %s" % cve_status_group) +} + def generate_json_report(d, out_path, link_path): if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")): import json @@ -260,7 +294,7 @@ def check_cves(d, patched_cves): """ Connect to the NVD database and find unpatched cves. """ - from oe.cve_check import Version, convert_cve_version + from oe.cve_check import Version, convert_cve_version, decode_cve_status pn = d.getVar("PN") real_pv = d.getVar("PV") @@ -282,7 +316,12 @@ def check_cves(d, patched_cves): bb.note("Recipe has been skipped by cve-check") return ([], [], [], []) - cve_ignore = d.getVar("CVE_CHECK_IGNORE").split() + # Convert CVE_STATUS into ignored CVEs and check validity + cve_ignore = [] + for cve in (d.getVarFlags("CVE_STATUS") or {}): + decoded_status, _, _ = decode_cve_status(d, cve) + if decoded_status == "Ignored": + cve_ignore.append(cve) import sqlite3 db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro") @@ -413,6 +452,8 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): CVE manifest if enabled. """ + from oe.cve_check import decode_cve_status + cve_file = d.getVar("CVE_CHECK_LOG") fdir_name = d.getVar("FILE_DIRNAME") layer = fdir_name.split("/")[-3] @@ -441,20 +482,27 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data): is_patched = cve in patched is_ignored = cve in ignored + status = "Unpatched" if (is_patched or is_ignored) and not report_all: continue + if is_ignored: + status = "Ignored" + elif is_patched: + status = "Patched" + else: + # default value of status is Unpatched + unpatched_cves.append(cve) write_string += "LAYER: %s\n" % layer write_string += "PACKAGE NAME: %s\n" % d.getVar("PN") write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), d.getVar("PV")) write_string += "CVE: %s\n" % cve - if is_ignored: - write_string += "CVE STATUS: Ignored\n" - elif is_patched: - write_string += "CVE STATUS: Patched\n" - else: - unpatched_cves.append(cve) - write_string += "CVE STATUS: Unpatched\n" + write_string += "CVE STATUS: %s\n" % status + _, detail, description = decode_cve_status(d, cve) + if detail: + write_string += "CVE DETAIL: %s\n" % detail + if description: + write_string += "CVE DESCRIPTION: %s\n" % description write_string += "CVE SUMMARY: %s\n" % cve_data[cve]["summary"] write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"] write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"] @@ -516,6 +564,8 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): Prepare CVE data for the JSON format, then write it. """ + from oe.cve_check import decode_cve_status + output = {"version":"1", "package": []} nvd_link = "https://nvd.nist.gov/vuln/detail/" @@ -576,6 +626,11 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status): "status" : status, "link": issue_link } + _, detail, description = decode_cve_status(d, cve) + if detail: + cve_item["detail"] = detail + if description: + cve_item["description"] = description cve_list.append(cve_item) package_data["issue"] = cve_list diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 9625a6fef4..475d6523bb 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -831,6 +831,7 @@ include conf/distro/defaultsetup.conf include conf/documentation.conf include conf/licenses.conf require conf/sanity.conf +require conf/cve-check-map.conf ################################################################## # Weak variables (usually to retain backwards compatibility) @@ -904,7 +905,7 @@ IMAGE_FEATURES += "${EXTRA_IMAGE_FEATURES}" # Native distro features (will always be used for -native, even if they # are not enabled for target) -DISTRO_FEATURES_NATIVE ?= "x11 ipv6 xattr" +DISTRO_FEATURES_NATIVE ?= "acl x11 ipv6 xattr" DISTRO_FEATURES_NATIVESDK ?= "x11" # Normally target distro features will not be applied to native builds: diff --git a/poky/meta/conf/cve-check-map.conf b/poky/meta/conf/cve-check-map.conf new file mode 100644 index 0000000000..17b0f15571 --- /dev/null +++ b/poky/meta/conf/cve-check-map.conf @@ -0,0 +1,28 @@ +# Possible options for CVE statuses + +# used by this class internally when fix is detected (NVD DB version check or CVE patch file) +CVE_CHECK_STATUSMAP[patched] = "Patched" +# use when this class does not detect backported patch (e.g. vendor kernel repo with cherry-picked CVE patch) +CVE_CHECK_STATUSMAP[backported-patch] = "Patched" +# use when NVD DB does not mention patched versions of stable/LTS branches which have upstream CVE backports +CVE_CHECK_STATUSMAP[cpe-stable-backport] = "Patched" +# use when NVD DB does not mention correct version or does not mention any verion at all +CVE_CHECK_STATUSMAP[fixed-version] = "Patched" + +# used internally by this class if CVE vulnerability is detected which is not marked as fixed or ignored +CVE_CHECK_STATUSMAP[unpatched] = "Unpatched" +# use when CVE is confirmed by upstream but fix is still not available +CVE_CHECK_STATUSMAP[vulnerable-investigating] = "Unpatched" + +# used for migration from old concept, do not use for new vulnerabilities +CVE_CHECK_STATUSMAP[ignored] = "Ignored" +# use when NVD DB wrongly indicates vulnerability which is actually for a different component +CVE_CHECK_STATUSMAP[cpe-incorrect] = "Ignored" +# use when upstream does not accept the report as a vulnerability (e.g. works as designed) +CVE_CHECK_STATUSMAP[disputed] = "Ignored" +# use when vulnerability depends on build or runtime configuration which is not used +CVE_CHECK_STATUSMAP[not-applicable-config] = "Ignored" +# use when vulnerability affects other platform (e.g. Windows or Debian) +CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored" +# use when upstream acknowledged the vulnerability but does not plan to fix it +CVE_CHECK_STATUSMAP[upstream-wontfix] = "Ignored" diff --git a/poky/meta/conf/distro/defaultsetup.conf b/poky/meta/conf/distro/defaultsetup.conf index f6894f3ab5..1abb509629 100644 --- a/poky/meta/conf/distro/defaultsetup.conf +++ b/poky/meta/conf/distro/defaultsetup.conf @@ -2,7 +2,7 @@ include conf/distro/include/default-providers.inc include conf/distro/include/default-versions.inc include conf/distro/include/default-distrovars.inc include conf/distro/include/maintainers.inc - +include conf/distro/include/time64.inc require conf/distro/include/tcmode-${TCMODE}.inc require conf/distro/include/tclibc-${TCLIBC}.inc diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc index 1c3cc36c61..61fb08dbeb 100644 --- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -15,44 +15,43 @@ # the aim of sharing that work and ensuring we don't duplicate it. # - -# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006 -# CVE is more than 20 years old with no resolution evident -# broken links in CVE database references make resolution impractical -CVE_CHECK_IGNORE += "CVE-2000-0006" - -# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238 -# The issue here is spoofing of domain names using characters from other character sets. -# There has been much discussion amongst the epiphany and webkit developers and -# whilst there are improvements about how domains are handled and displayed to the user -# there is unlikely ever to be a single fix to webkit or epiphany which addresses this -# problem. Ignore this CVE as there isn't any mitigation or fix or way to progress this further -# we can seem to take. -CVE_CHECK_IGNORE += "CVE-2005-0238" - -# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756 -# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server -# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 -# Upstream don't see it as a security issue, ftp servers shouldn't be passing -# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar -CVE_CHECK_IGNORE += "CVE-2010-4756" - -# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509 -# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511 -# The encoding/xml package in go can potentially be used for security exploits if not used correctly -# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything -# exposing this interface in an exploitable way -CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511" +# strace https://nvd.nist.gov/vuln/detail/CVE-2000-0006 +CVE_STATUS[CVE-2000-0006] = "upstream-wontfix: CVE is more than 20 years old \ +with no resolution evident. Broken links in CVE database references make resolution impractical." + +# epiphany https://nvd.nist.gov/vuln/detail/CVE-2005-0238 +CVE_STATUS[CVE-2005-0238] = "upstream-wontfix: \ +The issue here is spoofing of domain names using characters from other character sets. \ +There has been much discussion amongst the epiphany and webkit developers and \ +whilst there are improvements about how domains are handled and displayed to the user \ +there is unlikely ever to be a single fix to webkit or epiphany which addresses this \ +problem. There isn't any mitigation or fix or way to progress this further." + +# glibc https://nvd.nist.gov/vuln/detail/CVE-2010-4756 +CVE_STATUS[CVE-2010-4756] = "upstream-wontfix: \ +Issue is memory exhaustion via glob() calls, e.g. from within an ftp server \ +Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 \ +Upstream don't see it as a security issue, ftp servers shouldn't be passing \ +this to libc glob. Upstream have no plans to add BSD's GLOB_LIMIT or similar." + +# go https://nvd.nist.gov/vuln/detail/CVE-2020-29509 +# go https://nvd.nist.gov/vuln/detail/CVE-2020-29511 +CVE_STATUS_GROUPS += "CVE_STATUS_GO" +CVE_STATUS_GO = "CVE-2020-29509 CVE-2020-29511" +CVE_STATUS_GO[status] = "not-applicable-config: \ +The encoding/xml package in go can potentially be used for security exploits if not used correctly \ +CVE applies to a netapp product as well as flagging a general issue. We don't ship anything \ +exposing this interface in an exploitable way" # db -# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with -# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. -CVE_CHECK_IGNORE += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \ +CVE_STATUS_GROUPS += "CVE_STATUS_DB" +CVE_STATUS_DB = "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \ CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \ CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \ CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" - +CVE_STATUS_DB[status] = "upstream-wontfix: Since Oracle relicensed bdb, the open source community is slowly but surely \ +replacing bdb with supported and open source friendly alternatives. As a result this CVE is unlikely to ever be fixed." # # Kernel CVEs, e.g. linux-yocto* @@ -65,605 +64,64 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" # issues to be visible. If anyone wishes to clean up CPE entries with NIST for these, we'd # welcome than and then entries can likely be removed from here. # -# 1999-2010 -CVE_CHECK_IGNORE += "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \ - CVE-2008-4609 CVE-2010-0298 CVE-2010-4563" -# 2011-2017 -CVE_CHECK_IGNORE += "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \ - CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264" -# 2018 -CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \ - CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873" -# This is specific to Ubuntu -CVE_CHECK_IGNORE += "CVE-2018-6559" +CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_2010 CVE_STATUS_KERNEL_2017 CVE_STATUS_KERNEL_2018 CVE_STATUS_KERNEL_2020 \ + CVE_STATUS_KERNEL_2021 CVE_STATUS_KERNEL_2022" -# https://www.linuxkernelcves.com/cves/CVE-2019-3016 -# Fixed with 5.6 -CVE_CHECK_IGNORE += "CVE-2019-3016" +# 1999-2010 +CVE_STATUS_KERNEL_2010 = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \ + CVE-2008-4609 CVE-2010-0298 CVE-2010-4563" +CVE_STATUS_KERNEL_2010[status] = "ignored" -# https://www.linuxkernelcves.com/cves/CVE-2019-3819 -# Fixed with 5.1 -CVE_CHECK_IGNORE += "CVE-2019-3819" +# 2011-2017 +CVE_STATUS_KERNEL_2017 = "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \ + CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264" +CVE_STATUS_KERNEL_2017[status] = "ignored" -# https://www.linuxkernelcves.com/cves/CVE-2019-3887 -# Fixed with 5.2 -CVE_CHECK_IGNORE += "CVE-2019-3887" +# 2018 +CVE_STATUS_KERNEL_2018 = "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \ + CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873" +CVE_STATUS_KERNEL_2018[status] = "ignored" # 2020 -CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" - -# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 -# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 -# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 -# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 -CVE_CHECK_IGNORE += "CVE-2020-27784" +CVE_STATUS_KERNEL_2020 = "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" +CVE_STATUS_KERNEL_2020[status] = "ignored" # 2021 -CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ - CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" - -# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 -CVE_CHECK_IGNORE += "CVE-2021-3669" - -# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 -# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 -# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f -# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 -# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 -CVE_CHECK_IGNORE += "CVE-2021-3759" - -# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 -CVE_CHECK_IGNORE += "CVE-2021-4218" +CVE_STATUS_KERNEL_2021 = "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ + CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" +CVE_STATUS_KERNEL_2021[status] = "ignored" # 2022 -CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ - CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ - CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \ - CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \ - CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \ - CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ - CVE-2022-29582 CVE-2022-29968" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 -CVE_CHECK_IGNORE += "CVE-2022-0480" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 -# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 -# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb -# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d -CVE_CHECK_IGNORE += "CVE-2022-1184" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 -# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 -# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c -# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 -CVE_CHECK_IGNORE += "CVE-2022-1462" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2196 -# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54 -# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026 -# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 -# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b -# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349 -# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35 -# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15 -CVE_CHECK_IGNORE += "CVE-2022-2196" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 -# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e -# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b -# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a -# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac -CVE_CHECK_IGNORE += "CVE-2022-2308" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 -CVE_CHECK_IGNORE += "CVE-2022-2327" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 -# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 -# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 -# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 -# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca -# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 -# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d -CVE_CHECK_IGNORE += "CVE-2022-2663" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 -# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 -# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 -# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd -CVE_CHECK_IGNORE += "CVE-2022-2785" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 -# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 -# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 -# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 -CVE_CHECK_IGNORE += "CVE-2022-3176" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3424 -# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf -# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc -# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977 -# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c -# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106 -# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e -CVE_CHECK_IGNORE += "CVE-2022-3424" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 -# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 -# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438 -# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f -# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5 -# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 -# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 -# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e -# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 -CVE_CHECK_IGNORE += "CVE-2022-3435" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 -# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d -# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 -# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b -CVE_CHECK_IGNORE += "CVE-2022-3526" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 -# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 -# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749 -# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 -# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b -# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d -CVE_CHECK_IGNORE += "CVE-2022-3534" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 -# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 -# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 -# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 -# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde -CVE_CHECK_IGNORE += "CVE-2022-3564" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 -# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 -# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 -# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c -CVE_CHECK_IGNORE += "CVE-2022-3619" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 -# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 -# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 -# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c -# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 -# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 -# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd -CVE_CHECK_IGNORE += "CVE-2022-3621" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 -# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 -# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f -# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c -# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 -# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff -# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 -CVE_CHECK_IGNORE += "CVE-2022-3623" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 -# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e -# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 -CVE_CHECK_IGNORE += "CVE-2022-3624" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 -# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 -# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902 -# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f -# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 -# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 -# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 -CVE_CHECK_IGNORE += "CVE-2022-3625" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 -# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 -# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d -# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d -# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 -# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 -# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 -CVE_CHECK_IGNORE += "CVE-2022-3629" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 -# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da -# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 -# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b -CVE_CHECK_IGNORE += "CVE-2022-3630" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 -# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c -# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 -# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 -# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 -# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 -# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de -CVE_CHECK_IGNORE += "CVE-2022-3633" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b -# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 -# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e -# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 -# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 -CVE_CHECK_IGNORE += "CVE-2022-3635" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 -# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 -# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 -CVE_CHECK_IGNORE += "CVE-2022-3636" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 -# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 -# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624 -# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea -# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4 -# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533 -# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab -# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd -# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a -CVE_CHECK_IGNORE += "CVE-2022-3640" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 -# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 -# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 -# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 -# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee -# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc -# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 -CVE_CHECK_IGNORE += "CVE-2022-3646" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 -# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 -# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 -# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 -# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 -CVE_CHECK_IGNORE += "CVE-2022-3649" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 -# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 -# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4 -# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae -# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 -# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 -# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 -CVE_CHECK_IGNORE += "CVE-2022-4382" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 -# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 -# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 -# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 -CVE_CHECK_IGNORE += "CVE-2022-26365" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 -# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 -# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 -# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 -CVE_CHECK_IGNORE += "CVE-2022-33740" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e -# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd -# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca -# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 -CVE_CHECK_IGNORE += "CVE-2022-33741" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 -# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 -# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 -# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 -CVE_CHECK_IGNORE += "CVE-2022-33742" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e -# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 -# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 -# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 -CVE_CHECK_IGNORE += "CVE-2022-42895" +CVE_STATUS_KERNEL_2022 = "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ + CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ + CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \ + CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \ + CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \ + CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ + CVE-2022-29582 CVE-2022-29968" +CVE_STATUS_KERNEL_2022[status] = "ignored" -# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4 -# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b -# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 -# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a -CVE_CHECK_IGNORE += "CVE-2022-42896" - -# 2023 - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0179 -# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0 -# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa -# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 -# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3 -CVE_CHECK_IGNORE += "CVE-2023-0179" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e -# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c -# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 -CVE_CHECK_IGNORE += "CVE-2023-0266" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 -# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 -# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 -# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d -# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 -# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf -# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 -CVE_CHECK_IGNORE += "CVE-2023-0394" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0461 -# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578 -# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c -# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d -# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0 -# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6 -# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c -CVE_CHECK_IGNORE += "CVE-2023-0461" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0386 -# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203 -# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 -# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81 -# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e -CVE_CHECK_IGNORE += "CVE-2023-0386" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1073 -# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5 -# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456 -# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58 -# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64 -# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d -CVE_CHECK_IGNORE += "CVE-2023-1073" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1074 -# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f -# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32 -# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3 -CVE_CHECK_IGNORE += "CVE-2023-1074" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1076 -# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a -# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11 -# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178 -# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427 -# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44 -# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6 -CVE_CHECK_IGNORE += "CVE-2023-1076" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1077 -# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97 -# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 -# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 -CVE_CHECK_IGNORE += "CVE-2023-1077" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1078 -# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d -# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba -# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 -CVE_CHECK_IGNORE += "CVE-2023-1078" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1079 -# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df -# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc -# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09 -# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138 -# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e -# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540 -CVE_CHECK_IGNORE += "CVE-2023-1079" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1118 -# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6 -# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17 -# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c -# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c -# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 -# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a -# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555 -CVE_CHECK_IGNORE += "CVE-2023-1118" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1281 -# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6 -# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2 -# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4 -# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da -# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f -CVE_CHECK_IGNORE += "CVE-2023-1281" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1513 -# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952 -# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8 -# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107 -# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8 -# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb -CVE_CHECK_IGNORE += "CVE-2023-1513" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1652 -# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd -# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36 -# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560 -# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652 -# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652 -CVE_CHECK_IGNORE += "CVE-2023-1652" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1829 -# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28 -# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480 -# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6 -# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19 -# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd -# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd -# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829 -# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829 -CVE_CHECK_IGNORE += "CVE-2023-1829" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-23005 -# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b -# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee -# But, the CVE is disputed: -# > NOTE: this is disputed by third parties because there are no realistic cases -# > in which a user can cause the alloc_memory_type error case to be reached. -# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 -# We can safely ignore it. -CVE_CHECK_IGNORE += "CVE-2023-23005" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-28466 -# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 -# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 -# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa -# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123 -# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce -CVE_CHECK_IGNORE += "CVE-2023-28466" - -# Wrong CPE in NVD database # https://nvd.nist.gov/vuln/detail/CVE-2022-3563 # https://nvd.nist.gov/vuln/detail/CVE-2022-3637 -# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git -CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637" - -# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 -# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html -# qemu maintainers say the patch is incorrect and should not be applied -# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable -CVE_CHECK_IGNORE += "CVE-2021-20255" - -# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 -# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can -# still be reproduced or where exactly any bug is. -# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. -CVE_CHECK_IGNORE += "CVE-2019-12067" - -# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 -# It is a fuzzing related buffer overflow. It is of low impact since most devices -# wouldn't expose an assembler. The upstream is inactive and there is little to be -# done about the bug, ignore from an OE perspective. -CVE_CHECK_IGNORE += "CVE-2020-18974" - -# https://www.linuxkernelcves.com/cves/CVE-2023-0459 -# Fixed in 6.1.14 onwards -CVE_CHECK_IGNORE += "CVE-2023-0459" - -# https://www.linuxkernelcves.com/cves/CVE-2023-0615 -# Fixed in 6.1 onwards -CVE_CHECK_IGNORE += "CVE-2023-0615" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1380 -# Fixed in 6.1.27 -CVE_CHECK_IGNORE += "CVE-2023-1380" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1611 -# Fixed in 6.1.23 -CVE_CHECK_IGNORE += "CVE-2023-1611" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1855 -# Fixed in 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-1855" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1859 -# Fixed in 6.1.25 -CVE_CHECK_IGNORE += "CVE-2023-1859" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1989 -# Fixed in 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-1989" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1990 -# Fixed in 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-1990" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1999 -# Fixed in 6.1.16 -CVE_CHECK_IGNORE += "CVE-2023-1998" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2002 -# Fixed in 6.1.27 -CVE_CHECK_IGNORE += "CVE-2023-2002" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2156 -# Fixed in 6.1.26 -CVE_CHECK_IGNORE += "CVE-2023-2156" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2162 -# Fixed in 6.1.11 -CVE_CHECK_IGNORE += "CVE-2023-2162" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2194 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-2194" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2235 -# Fixed with 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-2235" - -# https://www.linuxkernelcves.com/cves/CVE-2023-28328 -# Fixed with 6.1.2 -CVE_CHECK_IGNORE += "CVE-2023-28328" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2985 -# Fixed in 6.1.16 -CVE_CHECK_IGNORE += "CVE-2023-2985" - -# https://www.linuxkernelcves.com/cves/CVE-2023-28866 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-28866" - -# https://www.linuxkernelcves.com/cves/CVE-2023-30456 -# Fixed with 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-30456" - -# https://www.linuxkernelcves.com/cves/CVE-2023-30772 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-30772" - -# https://www.linuxkernelcves.com/cves/CVE-2023-31436 -# Fixed with 6.1.26 -CVE_CHECK_IGNORE += "CVE-2023-31436" - -# https://www.linuxkernelcves.com/cves/CVE-2023-32233 -# Fixed with 6.1.28 -CVE_CHECK_IGNORE += "CVE-2023-32233" - -# https://www.linuxkernelcves.com/cves/CVE-2023-33203 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-33203" - -# https://www.linuxkernelcves.com/cves/CVE-2023-33288 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-33288" - -# https://www.linuxkernelcves.com/cves/CVE-2023-34256 -# Fixed in 6.1.29 -CVE_CHECK_IGNORE += "CVE-2023-34256" - -# Backported to 6.1.30 as 9a342d4 -CVE_CHECK_IGNORE += "CVE-2023-3141" +CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git" +CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git" + +# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2021-20255 +CVE_STATUS[CVE-2021-20255] = "upstream-wontfix: \ +There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html \ +qemu maintainers say the patch is incorrect and should not be applied \ +The issue is of low impact, at worst sitting in an infinite loop rather than exploitable." + +# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2019-12067 +CVE_STATUS[CVE-2019-12067] = "upstream-wontfix: \ +There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can \ +still be reproduced or where exactly any bug is. \ +We'll pick up any fix when upstream accepts one." + +# nasm:nasm-native https://nvd.nist.gov/vuln/detail/CVE-2020-18974 +CVE_STATUS[CVE-2020-18974] = "upstream-wontfix: \ +It is a fuzzing related buffer overflow. It is of low impact since most devices +wouldn't expose an assembler. The upstream is inactive and there is little to be +done about the bug, ignore from an OE perspective." diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 9bb5c5205c..6e82e943fa 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -127,7 +127,6 @@ RECIPE_MAINTAINER:pn-cryptodev-module = "Robert Yang <liezhi.yang@windriver.com> RECIPE_MAINTAINER:pn-cryptodev-tests = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER:pn-cups = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER:pn-curl = "Robert Joslyn <robert.joslyn@redrectangle.org>" -RECIPE_MAINTAINER:pn-cve-update-db-native = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-cve-update-nvd2-native = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-cwautomacros = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER:pn-db = "Unassigned <unassigned@yoctoproject.org>" @@ -322,7 +321,6 @@ RECIPE_MAINTAINER:pn-libconvert-asn1-perl = "Tim Orling <tim.orling@konsulko.com RECIPE_MAINTAINER:pn-libcroco = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-libdaemon = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-libdazzle = "Alexander Kanavin <alex.kanavin@gmail.com>" -RECIPE_MAINTAINER:pn-libdmx = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-libdnf = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER:pn-libdrm = "Otavio Salvador <otavio.salvador@ossystems.com.br>" RECIPE_MAINTAINER:pn-libedit = "Khem Raj <raj.khem@gmail.com>" @@ -664,7 +662,7 @@ RECIPE_MAINTAINER:pn-python3-pyasn1 = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pycairo = "Zang Ruochen <zangruochen@loongson.cn>" RECIPE_MAINTAINER:pn-python3-pycparser = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pyelftools = "Joshua Watt <JPEWhacker@gmail.com>" -RECIPE_MAINTAINER:pn-python3-pygments = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-python3-pygments = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pygobject = "Zang Ruochen <zangruochen@loongson.cn>" RECIPE_MAINTAINER:pn-python3-pyopenssl = "Tim Orling <tim.orling@konsulko.com>" RECIPE_MAINTAINER:pn-python3-pyparsing = "Unassigned <unassigned@yoctoproject.org>" @@ -847,6 +845,7 @@ RECIPE_MAINTAINER:pn-x264 = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-xauth = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-xcb-proto = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-xcb-util = "Unassigned <unassigned@yoctoproject.org>" +RECIPE_MAINTAINER:pn-xcb-util-cursor = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-xcb-util-image = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-xcb-util-keysyms = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-xcb-util-renderutil = "Unassigned <unassigned@yoctoproject.org>" diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index da9153b998..6250cf081e 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -99,6 +99,7 @@ PTESTS_SLOW = "\ libgcrypt \ libmodule-build-perl \ lttng-tools \ + mdadm \ openssh \ openssl \ parted \ @@ -122,7 +123,6 @@ PTESTS_PROBLEMS:append:x86 = " valgrind" # rt-tests \ # Needs to be checked whether it runs at all # bash \ # Test outcomes are non-deterministic by design # ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py -# mdadm \ # Tests rely on non-deterministic sleep() amounts # libinput \ # Tests need an unloaded system to be reliable # libpam \ # Needs pam DISTRO_FEATURE # numactl \ # qemu not (yet) configured for numa; all tests are skipped @@ -134,7 +134,6 @@ PTESTS_PROBLEMS = "\ rt-tests \ bash \ ifupdown \ - mdadm \ libinput \ libpam \ libseccomp \ diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc index 0b33e61924..18daf446e5 100644 --- a/poky/meta/conf/distro/include/tcmode-default.inc +++ b/poky/meta/conf/distro/include/tcmode-default.inc @@ -21,7 +21,7 @@ SDKGCCVERSION ?= "${GCCVERSION}" BINUVERSION ?= "2.40%" GDBVERSION ?= "13.%" GLIBCVERSION ?= "2.37" -LINUXLIBCVERSION ?= "6.1%" +LINUXLIBCVERSION ?= "6.4%" QEMUVERSION ?= "8.0%" GOVERSION ?= "1.20%" LLVMVERSION ?= "16.%" diff --git a/poky/meta/conf/distro/include/time64.inc b/poky/meta/conf/distro/include/time64.inc index 78569de433..bc0c72226b 100644 --- a/poky/meta/conf/distro/include/time64.inc +++ b/poky/meta/conf/distro/include/time64.inc @@ -27,20 +27,25 @@ GLIBC_64BIT_TIME_FLAGS:pn-glibc-testsuite = "" GLIBC_64BIT_TIME_FLAGS:pn-pipewire = "" # Pulseaudio override certain LFS64 functions e.g. open64 and intentionally # undefines _FILE_OFFSET_BITS, which wont work when _TIME_BITS=64 is set +# See https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/3770 GLIBC_64BIT_TIME_FLAGS:pn-pulseaudio = "" +# Undefines _FILE_OFFSET_BITS on purpose in +# libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp GLIBC_64BIT_TIME_FLAGS:pn-gcc-sanitizers = "" +# https://github.com/strace/strace/issues/250 +GLIBC_64BIT_TIME_FLAGS:pn-strace = "" -INSANE_SKIP:append:pn-cargo = " 32bit-time" +# Caused by the flags exceptions above INSANE_SKIP:append:pn-gcc-sanitizers = " 32bit-time" INSANE_SKIP:append:pn-glibc = " 32bit-time" INSANE_SKIP:append:pn-glibc-tests = " 32bit-time" -INSANE_SKIP:append:pn-librsvg = " 32bit-time" -INSANE_SKIP:append:pn-libstd-rs = " 32bit-time" -INSANE_SKIP:append:pn-pseudo = " 32bit-time" INSANE_SKIP:append:pn-pulseaudio = " 32bit-time" -INSANE_SKIP:append:pn-python3-bcrypt = " 32bit-time" -INSANE_SKIP:append:pn-python3-cryptography = " 32bit-time" -INSANE_SKIP:append:pn-rust = " 32bit-time" -INSANE_SKIP:append:pn-rust-hello-world = " 32bit-time" + +# Strace has tests that call 32 bit API directly, which is fair enough, e.g. +# /usr/lib/strace/ptest/tests/ioctl_termios uses 32-bit api 'ioctl' INSANE_SKIP:append:pn-strace = " 32bit-time" +# Additionally cargo_common class (i.e. everything written in rust) +# has the same INSANE_SKIP setting. +# Please check the comment in meta/classes-recipe/cargo_common.bbclass +# for information about why, and the overall Y2038 situation in rust. diff --git a/poky/meta/conf/machine/include/arm/arch-arm64.inc b/poky/meta/conf/machine/include/arm/arch-arm64.inc index 0e2efb5a40..832d0000ac 100644 --- a/poky/meta/conf/machine/include/arm/arch-arm64.inc +++ b/poky/meta/conf/machine/include/arm/arch-arm64.inc @@ -37,3 +37,8 @@ TUNE_ARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_ARCH_64}', TUNE_PKGARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_PKGARCH_64}', '${TUNE_PKGARCH_32}', d)}" ABIEXTENSION = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${ABIEXTENSION_64}', '${ABIEXTENSION_32}', d)}" TARGET_FPU = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TARGET_FPU_64}', '${TARGET_FPU_32}', d)}" + +# Emit branch protection (PAC/BTI) instructions. On hardware that doesn't +# support these they're meaningless NOP instructions, so there's very little +# reason not to. +TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', ' -mbranch-protection=standard', '', d)}" diff --git a/poky/meta/conf/machine/qemuarm.conf b/poky/meta/conf/machine/qemuarm.conf index aa9ce88203..75cfbaf74b 100644 --- a/poky/meta/conf/machine/qemuarm.conf +++ b/poky/meta/conf/machine/qemuarm.conf @@ -29,4 +29,8 @@ QB_ROOTFS_OPT = "-drive id=disk0,file=@ROOTFS@,if=none,format=raw -device virtio QB_SERIAL_OPT = "-device virtio-serial-device -chardev null,id=virtcon -device virtconsole,chardev=virtcon" QB_TCPSERIAL_OPT = "-device virtio-serial-device -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon" +# 6.4 causes Xorg to fail to read the virtio framebuffer so stick with 6.1 until +# that is resolved. +PREFERRED_VERSION_linux-yocto ??= "6.1%" + KMACHINE:qemuarm = "qemuarma15" diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index dbaa0b373a..5bf3caac47 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -130,6 +130,13 @@ def get_patched_cves(d): if not fname_match and not text_match: bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file) + # Search for additional patched CVEs + for cve in (d.getVarFlags("CVE_STATUS") or {}): + decoded_status, _, _ = decode_cve_status(d, cve) + if decoded_status == "Patched": + bb.debug(2, "CVE %s is additionally patched" % cve) + patched_cves.add(cve) + return patched_cves @@ -218,3 +225,21 @@ def convert_cve_version(version): return version + update +def decode_cve_status(d, cve): + """ + Convert CVE_STATUS into status, detail and description. + """ + status = d.getVarFlag("CVE_STATUS", cve) + if status is None: + return ("", "", "") + + status_split = status.split(':', 1) + detail = status_split[0] + description = status_split[1].strip() if (len(status_split) > 1) else "" + + status_mapping = d.getVarFlag("CVE_CHECK_STATUSMAP", detail) + if status_mapping is None: + bb.warn('Invalid detail %s for CVE_STATUS[%s] = "%s", fallback to Unpatched' % (detail, cve, status)) + status_mapping = "Unpatched" + + return (status_mapping, detail, description) diff --git a/poky/meta/lib/oe/package_manager/rpm/rootfs.py b/poky/meta/lib/oe/package_manager/rpm/rootfs.py index d4c415f68c..3ba5396320 100644 --- a/poky/meta/lib/oe/package_manager/rpm/rootfs.py +++ b/poky/meta/lib/oe/package_manager/rpm/rootfs.py @@ -110,7 +110,7 @@ class PkgRootfs(Rootfs): if self.progress_reporter: self.progress_reporter.next_stage() - self._setup_dbg_rootfs(['/etc', '/var/lib/rpm', '/var/cache/dnf', '/var/lib/dnf']) + self._setup_dbg_rootfs(['/etc/rpm', '/etc/rpmrc', '/etc/dnf', '/var/lib/rpm', '/var/cache/dnf', '/var/lib/dnf']) execute_pre_post_process(self.d, rpm_post_process_cmds) diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py index 890ba5f039..1a48ed10b3 100644 --- a/poky/meta/lib/oe/rootfs.py +++ b/poky/meta/lib/oe/rootfs.py @@ -106,7 +106,7 @@ class Rootfs(object, metaclass=ABCMeta): def _cleanup(self): pass - def _setup_dbg_rootfs(self, dirs): + def _setup_dbg_rootfs(self, package_paths): gen_debugfs = self.d.getVar('IMAGE_GEN_DEBUGFS') or '0' if gen_debugfs != '1': return @@ -122,11 +122,12 @@ class Rootfs(object, metaclass=ABCMeta): bb.utils.mkdirhier(self.image_rootfs) bb.note(" Copying back package database...") - for dir in dirs: - if not os.path.isdir(self.image_rootfs + '-orig' + dir): - continue - bb.utils.mkdirhier(self.image_rootfs + os.path.dirname(dir)) - shutil.copytree(self.image_rootfs + '-orig' + dir, self.image_rootfs + dir, symlinks=True) + for path in package_paths: + bb.utils.mkdirhier(self.image_rootfs + os.path.dirname(path)) + if os.path.isdir(self.image_rootfs + '-orig' + path): + shutil.copytree(self.image_rootfs + '-orig' + path, self.image_rootfs + path, symlinks=True) + elif os.path.isfile(self.image_rootfs + '-orig' + path): + shutil.copyfile(self.image_rootfs + '-orig' + path, self.image_rootfs + path) # Copy files located in /usr/lib/debug or /usr/src/debug for dir in ["/usr/lib/debug", "/usr/src/debug"]: @@ -162,6 +163,13 @@ class Rootfs(object, metaclass=ABCMeta): bb.note(" Install extra debug packages...") self.pm.install(extra_debug_pkgs.split(), True) + bb.note(" Removing package database...") + for path in package_paths: + if os.path.isdir(self.image_rootfs + path): + shutil.rmtree(self.image_rootfs + path) + elif os.path.isfile(self.image_rootfs + path): + os.remove(self.image_rootfs + path) + bb.note(" Rename debug rootfs...") try: shutil.rmtree(self.image_rootfs + '-dbg') diff --git a/poky/meta/lib/oeqa/core/target/qemu.py b/poky/meta/lib/oeqa/core/target/qemu.py index 79fd724f7d..6893d10226 100644 --- a/poky/meta/lib/oeqa/core/target/qemu.py +++ b/poky/meta/lib/oeqa/core/target/qemu.py @@ -22,7 +22,7 @@ supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic'] class OEQemuTarget(OESSHTarget): def __init__(self, logger, server_ip, timeout=300, user='root', port=None, machine='', rootfs='', kernel='', kvm=False, slirp=False, - dump_dir='', dump_host_cmds='', display='', bootlog='', + dump_dir='', display='', bootlog='', tmpdir='', dir_image='', boottime=60, serial_ports=2, boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, **kwargs): @@ -44,8 +44,7 @@ class OEQemuTarget(OESSHTarget): self.runner = QemuRunner(machine=machine, rootfs=rootfs, tmpdir=tmpdir, deploy_dir_image=dir_image, display=display, logfile=bootlog, boottime=boottime, - use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir, - dump_host_cmds=dump_host_cmds, logger=logger, + use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir, logger=logger, serial_ports=serial_ports, boot_patterns = boot_patterns, use_ovmf=ovmf, tmpfsdir=tmpfsdir) dump_monitor_cmds = kwargs.get("testimage_dump_monitor") diff --git a/poky/meta/lib/oeqa/runtime/cases/ltp.py b/poky/meta/lib/oeqa/runtime/cases/ltp.py index a66d5d13d7..29c26d7d32 100644 --- a/poky/meta/lib/oeqa/runtime/cases/ltp.py +++ b/poky/meta/lib/oeqa/runtime/cases/ltp.py @@ -65,29 +65,34 @@ class LtpTest(LtpTestBase): ltp_groups += ltp_fs def runltp(self, ltp_group): - cmd = '/opt/ltp/runltp -f %s -p -q -r /opt/ltp -l /opt/ltp/results/%s -I 1 -d /opt/ltp' % (ltp_group, ltp_group) + # LTP appends to log files, so ensure we start with a clean log + self.target.deleteFiles("/opt/ltp/results/", ltp_group) + + cmd = '/opt/ltp/runltp -f %s -q -r /opt/ltp -l /opt/ltp/results/%s -I 1 -d /opt/ltp' % (ltp_group, ltp_group) + starttime = time.time() (status, output) = self.target.run(cmd) endtime = time.time() + # Write the console log to disk for convenience with open(os.path.join(self.ltptest_log_dir, "%s-raw.log" % ltp_group), 'w') as f: f.write(output) + # Also put the console log into the test result JSON self.extras['ltpresult.rawlogs']['log'] = self.extras['ltpresult.rawlogs']['log'] + output - # copy nice log from DUT - dst = os.path.join(self.ltptest_log_dir, "%s" % ltp_group ) + # Copy the machine-readable test results locally so we can parse it + dst = os.path.join(self.ltptest_log_dir, ltp_group) remote_src = "/opt/ltp/results/%s" % ltp_group (status, output) = self.target.copyFrom(remote_src, dst, True) - msg = 'File could not be copied. Output: %s' % output if status: + msg = 'File could not be copied. Output: %s' % output self.target.logger.warning(msg) parser = LtpParser() results, sections = parser.parse(dst) - runtime = int(endtime-starttime) - sections['duration'] = runtime + sections['duration'] = int(endtime-starttime) self.sections[ltp_group] = sections failed_tests = {} diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py index fa86eb0537..a4ba4e6769 100644 --- a/poky/meta/lib/oeqa/runtime/cases/rpm.py +++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py @@ -59,8 +59,8 @@ class RpmBasicTest(OERuntimeTestCase): return time.sleep(1) user_pss = [ps for ps in output.split("\n") if u + ' ' in ps] - msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss)) - assertTrue(True, msg=msg) + msg = "User %s has processes still running: %s" % (u, "\n".join(user_pss)) + self.fail(msg=msg) def unset_up_test_user(u): # ensure no test1 process in running diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py index 0c5d1869ab..cb7227a8df 100644 --- a/poky/meta/lib/oeqa/runtime/context.py +++ b/poky/meta/lib/oeqa/runtime/context.py @@ -10,7 +10,6 @@ import sys from oeqa.core.context import OETestContext, OETestContextExecutor from oeqa.core.target.ssh import OESSHTarget from oeqa.core.target.qemu import OEQemuTarget -from oeqa.utils.dump import HostDumper from oeqa.runtime.loader import OERuntimeTestLoader @@ -20,12 +19,11 @@ class OERuntimeTestContext(OETestContext): os.path.dirname(os.path.abspath(__file__)), "files") def __init__(self, td, logger, target, - host_dumper, image_packages, extract_dir): + image_packages, extract_dir): super(OERuntimeTestContext, self).__init__(td, logger) self.target = target self.image_packages = image_packages - self.host_dumper = host_dumper self.extract_dir = extract_dir self._set_target_cmds() @@ -199,10 +197,6 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): return image_packages - @staticmethod - def getHostDumper(cmds, directory): - return HostDumper(cmds, directory) - def _process_args(self, logger, args): if not args.packages_manifest: raise TypeError('Manifest file not provided') @@ -215,9 +209,6 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): self.tc_kwargs['init']['target'] = \ OERuntimeTestContextExecutor.getTarget(args.target_type, None, args.target_ip, args.server_ip, **target_kwargs) - self.tc_kwargs['init']['host_dumper'] = \ - OERuntimeTestContextExecutor.getHostDumper(None, - args.host_dumper_dir) self.tc_kwargs['init']['image_packages'] = \ OERuntimeTestContextExecutor.readPackagesManifest( args.packages_manifest) diff --git a/poky/meta/lib/oeqa/selftest/cases/bblayers.py b/poky/meta/lib/oeqa/selftest/cases/bblayers.py index b048948386..8faa060234 100644 --- a/poky/meta/lib/oeqa/selftest/cases/bblayers.py +++ b/poky/meta/lib/oeqa/selftest/cases/bblayers.py @@ -85,8 +85,9 @@ class BitbakeLayers(OESelftestTestCase): result = runCmd('bitbake-layers show-recipes -i image') self.assertIn('core-image-minimal', result.output) self.assertNotIn('mtd-utils:', result.output) - result = runCmd('bitbake-layers show-recipes -i cmake,pkgconfig') + result = runCmd('bitbake-layers show-recipes -i meson,pkgconfig') self.assertIn('libproxy:', result.output) + result = runCmd('bitbake-layers show-recipes -i cmake,pkgconfig') self.assertNotIn('mtd-utils:', result.output) # doesn't inherit either self.assertNotIn('wget:', result.output) # doesn't inherit cmake self.assertNotIn('waffle:', result.output) # doesn't inherit pkgconfig diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py index 9534c9775c..60cecd1328 100644 --- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py +++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py @@ -207,18 +207,34 @@ CVE_CHECK_REPORT_PATCHED = "1" self.assertEqual(len(report["package"]), 1) package = report["package"][0] self.assertEqual(package["name"], "logrotate") - found_cves = { issue["id"]: issue["status"] for issue in package["issue"]} + found_cves = {} + for issue in package["issue"]: + found_cves[issue["id"]] = { + "status" : issue["status"], + "detail" : issue["detail"] if "detail" in issue else "", + "description" : issue["description"] if "description" in issue else "" + } # m4 CVE should not be in logrotate self.assertNotIn("CVE-2008-1687", found_cves) # logrotate has both Patched and Ignored CVEs self.assertIn("CVE-2011-1098", found_cves) - self.assertEqual(found_cves["CVE-2011-1098"], "Patched") + self.assertEqual(found_cves["CVE-2011-1098"]["status"], "Patched") + self.assertEqual(len(found_cves["CVE-2011-1098"]["detail"]), 0) + self.assertEqual(len(found_cves["CVE-2011-1098"]["description"]), 0) + detail = "not-applicable-platform" + description = "CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used" self.assertIn("CVE-2011-1548", found_cves) - self.assertEqual(found_cves["CVE-2011-1548"], "Ignored") + self.assertEqual(found_cves["CVE-2011-1548"]["status"], "Ignored") + self.assertEqual(found_cves["CVE-2011-1548"]["detail"], detail) + self.assertEqual(found_cves["CVE-2011-1548"]["description"], description) self.assertIn("CVE-2011-1549", found_cves) - self.assertEqual(found_cves["CVE-2011-1549"], "Ignored") + self.assertEqual(found_cves["CVE-2011-1549"]["status"], "Ignored") + self.assertEqual(found_cves["CVE-2011-1549"]["detail"], detail) + self.assertEqual(found_cves["CVE-2011-1549"]["description"], description) self.assertIn("CVE-2011-1550", found_cves) - self.assertEqual(found_cves["CVE-2011-1550"], "Ignored") + self.assertEqual(found_cves["CVE-2011-1550"]["status"], "Ignored") + self.assertEqual(found_cves["CVE-2011-1550"]["detail"], detail) + self.assertEqual(found_cves["CVE-2011-1550"]["description"], description) self.assertExists(summary_json) check_m4_json(summary_json) diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py index 4c8e375d00..14a80d5ff4 100644 --- a/poky/meta/lib/oeqa/selftest/cases/devtool.py +++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py @@ -366,6 +366,38 @@ class DevtoolAddTests(DevtoolBase): bindir = bindir[1:] self.assertTrue(os.path.isfile(os.path.join(installdir, bindir, 'pv')), 'pv binary not found in D') + def test_devtool_add_binary(self): + # Create a binary package containing a known test file + tempdir = tempfile.mkdtemp(prefix='devtoolqa') + self.track_for_cleanup(tempdir) + pn = 'tst-bin' + pv = '1.0' + test_file_dir = "var/lib/%s/" % pn + test_file_name = "test_file" + test_file_content = "TEST CONTENT" + test_file_package_root = os.path.join(tempdir, pn) + test_file_dir_full = os.path.join(test_file_package_root, test_file_dir) + bb.utils.mkdirhier(test_file_dir_full) + with open(os.path.join(test_file_dir_full, test_file_name), "w") as f: + f.write(test_file_content) + bin_package_path = os.path.join(tempdir, "%s.tar.gz" % pn) + runCmd("tar czf %s -C %s ." % (bin_package_path, test_file_package_root)) + + # Test devtool add -b on the binary package + self.track_for_cleanup(self.workspacedir) + self.add_command_to_tearDown('bitbake -c cleansstate %s' % pn) + self.add_command_to_tearDown('bitbake-layers remove-layer */workspace') + result = runCmd('devtool add -b %s %s' % (pn, bin_package_path)) + self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created') + + # Build the resulting recipe + result = runCmd('devtool build %s' % pn) + installdir = get_bb_var('D', pn) + self.assertTrue(installdir, 'Could not query installdir variable') + + # Check that a known file from the binary package has indeed been installed + self.assertTrue(os.path.isfile(os.path.join(installdir, test_file_dir, test_file_name)), '%s not found in D' % test_file_name) + def test_devtool_add_git_local(self): # We need dbus built so that DEPENDS recognition works bitbake('dbus') diff --git a/poky/meta/lib/oeqa/selftest/cases/distrodata.py b/poky/meta/lib/oeqa/selftest/cases/distrodata.py index c83a3a7bd6..111bd3c9be 100644 --- a/poky/meta/lib/oeqa/selftest/cases/distrodata.py +++ b/poky/meta/lib/oeqa/selftest/cases/distrodata.py @@ -92,7 +92,7 @@ The following recipes do not have a DESCRIPTION. Please add an entry for DESCRIP def is_maintainer_exception(entry): exceptions = ["musl", "newlib", "linux-yocto", "linux-dummy", "mesa-gl", "libgfortran", "libx11-compose-data", - "cve-update-db-native","cve-update-nvd2-native",] + "cve-update-nvd2-native",] for i in exceptions: if i in entry: return True diff --git a/poky/meta/lib/oeqa/selftest/cases/fitimage.py b/poky/meta/lib/oeqa/selftest/cases/fitimage.py index 7bc171e02d..9383d0c4db 100644 --- a/poky/meta/lib/oeqa/selftest/cases/fitimage.py +++ b/poky/meta/lib/oeqa/selftest/cases/fitimage.py @@ -33,6 +33,8 @@ KERNEL_CLASSES = " kernel-fitimage " # RAM disk variables including load address and entrypoint for kernel and RAM disk IMAGE_FSTYPES += "cpio.gz" INITRAMFS_IMAGE = "core-image-minimal" +# core-image-minimal is used as initramfs here, drop the rootfs suffix +IMAGE_NAME_SUFFIX:pn-core-image-minimal = "" UBOOT_RD_LOADADDRESS = "0x88000000" UBOOT_RD_ENTRYPOINT = "0x88000000" UBOOT_LOADADDRESS = "0x80080000" diff --git a/poky/meta/lib/oeqa/selftest/cases/glibc.py b/poky/meta/lib/oeqa/selftest/cases/glibc.py index a446543a17..4ec4b85d67 100644 --- a/poky/meta/lib/oeqa/selftest/cases/glibc.py +++ b/poky/meta/lib/oeqa/selftest/cases/glibc.py @@ -28,7 +28,7 @@ class GlibcSelfTestBase(OESelftestTestCase, OEPTestResultTestCase): features.append('TOOLCHAIN_TEST_HOST_USER = "root"') features.append('TOOLCHAIN_TEST_HOST_PORT = "22"') # force single threaded test execution - features.append('EGLIBCPARALLELISM_task-check:pn-glibc-testsuite = "PARALLELMFLAGS="-j1""') + features.append('EGLIBCPARALLELISM:task-check:pn-glibc-testsuite = "PARALLELMFLAGS="-j1""') self.write_config("\n".join(features)) bitbake("glibc-testsuite -c check") diff --git a/poky/meta/lib/oeqa/selftest/cases/rust.py b/poky/meta/lib/oeqa/selftest/cases/rust.py new file mode 100644 index 0000000000..7a0fd7033d --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/rust.py @@ -0,0 +1,90 @@ +# SPDX-License-Identifier: MIT +import os +import subprocess +from oeqa.core.decorator import OETestTag +from oeqa.core.case import OEPTestResultTestCase +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, runqemu, Command +from oeqa.utils.sshcontrol import SSHControl + +def parse_results(filename): + tests = {} + with open(filename, "r") as f: + lines = f.readlines() + for line in lines: + if "..." in line and "test [" in line: + test = line.split("test ")[1].split(" ... ")[0] + if "] " in test: + test = test.split("] ", 1)[1] + result = line.split(" ... ")[1].strip() + if result == "ok": + result = "PASS" + elif result == "failed": + result = "FAIL" + elif "ignored" in result: + result = "SKIPPED" + if test in tests: + if tests[test] != result: + print("Duplicate and mismatching result %s for %s" % (result, test)) + else: + print("Duplicate result %s for %s" % (result, test)) + else: + tests[test] = result + return tests + +# Total time taken for testing is of about 2hr 20min, with PARALLEL_MAKE set to 40 number of jobs. +@OETestTag("toolchain-system") +@OETestTag("toolchain-user") +@OETestTag("runqemu") +class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase): + def test_rust(self, *args, **kwargs): + # build remote-test-server before image build + recipe = "rust" + bitbake("{} -c test_compile".format(recipe)) + builddir = get_bb_var("RUSTSRC", "rust") + # build core-image-minimal with required packages + default_installed_packages = ["libgcc", "libstdc++", "libatomic", "libgomp"] + features = [] + features.append('IMAGE_FEATURES += "ssh-server-dropbear"') + features.append('CORE_IMAGE_EXTRA_INSTALL += "{0}"'.format(" ".join(default_installed_packages))) + self.write_config("\n".join(features)) + bitbake("core-image-minimal") + # wrap the execution with a qemu instance. + # Tests are run with 512 tasks in parallel to execute all tests very quickly + with runqemu("core-image-minimal", runqemuparams = "nographic", qemuparams = "-m 512") as qemu: + # Copy remote-test-server to image through scp + host_sys = get_bb_var("RUST_BUILD_SYS", "rust") + ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user="root") + ssh.copy_to(builddir + "/build/" + host_sys + "/stage1-tools-bin/remote-test-server","~/") + # Execute remote-test-server on image through background ssh + command = '~/remote-test-server --bind 0.0.0.0:12345 -v' + sshrun=subprocess.Popen(("ssh", '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-f', "root@%s" % qemu.ip, command), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + # Get the values of variables. + tcpath = get_bb_var("TARGET_SYS", "rust") + targetsys = get_bb_var("RUST_TARGET_SYS", "rust") + rustlibpath = get_bb_var("WORKDIR", "rust") + tmpdir = get_bb_var("TMPDIR", "rust") + + # Exclude the test folders that error out while building + # TODO: Fix the errors and include them for testing + # no-fail-fast: Run all tests regardless of failure. + # bless: First runs rustfmt to format the codebase, + # then runs tidy checks. + testargs = "--exclude tests/rustdoc --exclude src/tools/rust-analyzer --exclude tests/rustdoc-json --exclude tests/run-make-fulldeps --exclude src/tools/tidy --exclude src/tools/rustdoc-themes --exclude src/rustdoc-json-types --exclude src/librustdoc --exclude src/doc/unstable-book --exclude src/doc/rustdoc --exclude src/doc/rustc --exclude compiler/rustc --exclude library/panic_abort --exclude library/panic_unwind --exclude src/tools/lint-docs --exclude tests/rustdoc-js-std --doc --no-fail-fast --bless" + + # Set path for target-poky-linux-gcc, RUST_TARGET_PATH and hosttools. + cmd = " export PATH=%s/recipe-sysroot-native/usr/bin:$PATH;" % rustlibpath + cmd = cmd + " export TARGET_VENDOR=\"-poky\";" + cmd = cmd + " export PATH=%s/recipe-sysroot-native/usr/bin/%s:%s/hosttools:$PATH;" % (rustlibpath, tcpath, tmpdir) + cmd = cmd + " export RUST_TARGET_PATH=%s/rust-targets;" % rustlibpath + # Trigger testing. + cmd = cmd + " export TEST_DEVICE_ADDR=\"%s:12345\";" % qemu.ip + cmd = cmd + " cd %s; python3 src/bootstrap/bootstrap.py test %s --target %s > summary.txt 2>&1;" % (builddir, testargs, targetsys) + runCmd(cmd) + + ptestsuite = "rust" + self.ptest_section(ptestsuite, logfile = builddir + "/summary.txt") + filename = builddir + "/summary.txt" + test_results = parse_results(filename) + for test in test_results: + self.ptest_result(ptestsuite, test, test_results[test]) diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py index d686fe07ec..e21655c979 100644 --- a/poky/meta/lib/oeqa/targetcontrol.py +++ b/poky/meta/lib/oeqa/targetcontrol.py @@ -104,7 +104,6 @@ class QemuTarget(BaseTarget): self.kernel = os.path.join(d.getVar("DEPLOY_DIR_IMAGE"), d.getVar("KERNEL_IMAGETYPE", False) + '-' + d.getVar('MACHINE', False) + '.bin') self.qemulog = os.path.join(self.testdir, "qemu_boot_log.%s" % self.datetime) dump_target_cmds = d.getVar("testimage_dump_target") - dump_host_cmds = d.getVar("testimage_dump_host") dump_monitor_cmds = d.getVar("testimage_dump_monitor") dump_dir = d.getVar("TESTIMAGE_DUMP_DIR") if not dump_dir: @@ -141,7 +140,6 @@ class QemuTarget(BaseTarget): boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")), use_kvm = use_kvm, dump_dir = dump_dir, - dump_host_cmds = dump_host_cmds, logger = logger, tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"), serial_ports = len(d.getVar("SERIAL_CONSOLES").split())) diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py index d420b497f9..d4d271369f 100644 --- a/poky/meta/lib/oeqa/utils/dump.py +++ b/poky/meta/lib/oeqa/utils/dump.py @@ -51,9 +51,7 @@ class BaseDumper(object): self.dump_dir = dump_dir def _construct_filename(self, command): - if isinstance(self, HostDumper): - prefix = "host" - elif isinstance(self, TargetDumper): + if isinstance(self, TargetDumper): prefix = "target" elif isinstance(self, MonitorDumper): prefix = "qmp" @@ -76,22 +74,6 @@ class BaseDumper(object): with open(fullname, 'w') as dump_file: dump_file.write(output) -class HostDumper(BaseDumper): - """ Class to get dumps from the host running the tests """ - - def __init__(self, cmds, parent_dir): - super(HostDumper, self).__init__(cmds, parent_dir) - - def dump_host(self, dump_dir=""): - if dump_dir: - self.dump_dir = dump_dir - env = os.environ.copy() - env['PATH'] = '/usr/sbin:/sbin:/usr/bin:/bin' - env['COLUMNS'] = '9999' - for cmd in self.cmds: - result = runCmd(cmd, ignore_status=True, env=env) - self._write_dump(cmd.split()[0], result.output) - class TargetDumper(BaseDumper): """ Class to get dumps from target, it only works with QemuRunner. Will give up permanently after 5 errors from running commands over diff --git a/poky/meta/lib/oeqa/utils/logparser.py b/poky/meta/lib/oeqa/utils/logparser.py index 8054acc853..496d9e0c90 100644 --- a/poky/meta/lib/oeqa/utils/logparser.py +++ b/poky/meta/lib/oeqa/utils/logparser.py @@ -4,7 +4,7 @@ # SPDX-License-Identifier: MIT # -import sys +import enum import os import re @@ -106,30 +106,48 @@ class PtestParser(object): f.write(status + ": " + test_name + "\n") -# ltp log parsing -class LtpParser(object): - def __init__(self): - self.results = {} - self.section = {'duration': "", 'log': ""} - +class LtpParser: + """ + Parse the machine-readable LTP log output into a ptest-friendly data structure. + """ def parse(self, logfile): - test_regex = {} - test_regex['PASSED'] = re.compile(r"PASS") - test_regex['FAILED'] = re.compile(r"FAIL") - test_regex['SKIPPED'] = re.compile(r"SKIP") - - with open(logfile, errors='replace') as f: + results = {} + # Aaccumulate the duration here but as the log rounds quick tests down + # to 0 seconds this is very much a lower bound. The caller can replace + # the value. + section = {"duration": 0, "log": ""} + + class LtpExitCode(enum.IntEnum): + # Exit codes as defined in ltp/include/tst_res_flags.h + TPASS = 0 # Test passed flag + TFAIL = 1 # Test failed flag + TBROK = 2 # Test broken flag + TWARN = 4 # Test warning flag + TINFO = 16 # Test information flag + TCONF = 32 # Test not appropriate for configuration flag + + with open(logfile, errors="replace") as f: + # Lines look like this: + # tag=cfs_bandwidth01 stime=1689762564 dur=0 exit=exited stat=32 core=no cu=0 cs=0 for line in f: - for t in test_regex: - result = test_regex[t].search(line) - if result: - self.results[line.split()[0].strip()] = t - - for test in self.results: - result = self.results[test] - self.section['log'] = self.section['log'] + ("%s: %s\n" % (result.strip()[:-2], test.strip())) + if not line.startswith("tag="): + continue - return self.results, self.section + values = dict(s.split("=") for s in line.strip().split()) + + section["duration"] += int(values["dur"]) + exitcode = int(values["stat"]) + if values["exit"] == "exited" and exitcode == LtpExitCode.TCONF: + # Exited normally with the "invalid configuration" code + results[values["tag"]] = "SKIPPED" + elif exitcode == LtpExitCode.TPASS: + # Successful exit + results[values["tag"]] = "PASSED" + else: + # Other exit + results[values["tag"]] = "FAILED" + + return results, section # ltp Compliance log parsing diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 0ef8cf0a79..22cf258ddd 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -21,7 +21,6 @@ import threading import codecs import logging import tempfile -from oeqa.utils.dump import HostDumper from collections import defaultdict import importlib @@ -33,8 +32,8 @@ re_control_char = re.compile('[%s]' % re.escape("".join(control_chars))) class QemuRunner: - def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, dump_host_cmds, - use_kvm, logger, use_slirp=False, serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False, workdir=None, tmpfsdir=None): + def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, use_kvm, logger, use_slirp=False, + serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False, workdir=None, tmpfsdir=None): # Popen object for runqemu self.runqemu = None @@ -69,7 +68,6 @@ class QemuRunner: if not workdir: workdir = os.getcwd() self.qemu_pidfile = workdir + '/pidfile_' + str(os.getpid()) - self.host_dumper = HostDumper(dump_host_cmds, dump_dir) self.monitorpipe = None self.logger = logger @@ -138,7 +136,6 @@ class QemuRunner: self.logger.error('runqemu exited with code %d' % self.runqemu.returncode) self.logger.error('Output from runqemu:\n%s' % self.getOutput(self.runqemu.stdout)) self.stop() - self._dump_host() def start(self, qemuparams = None, get_ip = True, extra_bootparams = None, runqemuparams='', launch_cmd=None, discard_writes=True): env = os.environ.copy() @@ -286,7 +283,6 @@ class QemuRunner: if self.runqemu.returncode: # No point waiting any longer self.logger.warning('runqemu exited with code %d' % self.runqemu.returncode) - self._dump_host() self.logger.warning("Output from runqemu:\n%s" % self.getOutput(output)) self.stop() return False @@ -314,7 +310,6 @@ class QemuRunner: ps = subprocess.Popen(['ps', 'axww', '-o', 'pid,ppid,pri,ni,command '], stdout=subprocess.PIPE).communicate()[0] processes = ps.decode("utf-8") self.logger.debug("Running processes:\n%s" % processes) - self._dump_host() op = self.getOutput(output) self.stop() if op: @@ -430,7 +425,6 @@ class QemuRunner: self.logger.error("Couldn't get ip from qemu command line and runqemu output! " "Here is the qemu command line used:\n%s\n" "and output from runqemu:\n%s" % (cmdline, out)) - self._dump_host() self.stop() return False @@ -517,7 +511,6 @@ class QemuRunner: lines = tail(bootlog if bootlog else self.msg) self.logger.warning("Last 25 lines of text (%d):\n%s" % (len(bootlog), lines)) self.logger.warning("Check full boot log: %s" % self.logfile) - self._dump_host() self.stop() return False @@ -698,13 +691,6 @@ class QemuRunner: status = 1 return (status, str(data)) - - def _dump_host(self): - self.host_dumper.create_dir("qemu") - self.logger.warning("Qemu ended unexpectedly, dump data from host" - " is in %s" % self.host_dumper.dump_dir) - self.host_dumper.dump_host() - # This class is for reading data from a socket and passing it to logfunc # to be processed. It's completely event driven and has a straightforward # event loop. The mechanism for stopping the thread is a simple pipe which diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 58b215d79c..41839698dc 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -46,10 +46,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" -# Applies only to RHEL -CVE_CHECK_IGNORE += "CVE-2019-14865" -# Applies only to SUSE -CVE_CHECK_IGNORE += "CVE-2021-46705" +CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL" +CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE" DEPENDS = "flex-native bison-native gettext-native" diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch b/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch deleted file mode 100644 index 9f38736bcd..0000000000 --- a/poky/meta/recipes-bsp/u-boot/files/0001-mkimage-Use-PATH_MAX-for-path-length.patch +++ /dev/null @@ -1,40 +0,0 @@ -From dcd3d272975863128e25a4e25453cb6521cddc53 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Wed, 14 Jun 2023 16:09:59 +0800 -Subject: [PATCH] mkimage: Use PATH_MAX for path length - -Fixed when build xilinx_zynqmp in long directory ( >256): - | /buildarea1/testtest/wr_build/wr1023test_secureboot/test1-what/test2-what/test3-what/test4-what/test5-what/test6-what/test7-what/test8-what/test9-what/test10-what/test11-what/test12-what/build/tmp-glibc/work/xilinx_zynqmp-wrs-linux/u-boot-xlnx/1_v2023.01-xilinx-v2023.1+gitAUTOINC+40a08d69e7-r0/build/fitImage-linux: Image file name (uboot-mkimage) too long, can't create tmpfile. - | Error: Bad parameters for FIT image type - -Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20230619062250.3244894-1-mingli.yu@eng.windriver.com/] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - tools/mkimage.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tools/mkimage.h b/tools/mkimage.h -index f5ca65e2ed..d92a3ff811 100644 ---- a/tools/mkimage.h -+++ b/tools/mkimage.h -@@ -17,6 +17,7 @@ - #include <sys/stat.h> - #include <time.h> - #include <unistd.h> -+#include <limits.h> - #include <u-boot/sha1.h> - #include "fdt_host.h" - #include "imagetool.h" -@@ -44,7 +45,7 @@ static inline ulong map_to_sysmem(void *ptr) - #define ALLOC_CACHE_ALIGN_BUFFER(type, name, size) type name[size] - - #define MKIMAGE_TMPFILE_SUFFIX ".tmp" --#define MKIMAGE_MAX_TMPFILE_LEN 256 -+#define MKIMAGE_MAX_TMPFILE_LEN PATH_MAX - #define MKIMAGE_DEFAULT_DTC_OPTIONS "-I dts -O dtb -p 500" - #define MKIMAGE_MAX_DTC_CMDLINE_LEN 2 * MKIMAGE_MAX_TMPFILE_LEN + 35 - --- -2.25.1 - diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc index 8a2e9aef94..111914827d 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -12,9 +12,9 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "fd4ed6b7e83ec3aea9a2ce21baea8ca9676f40dd" +SRCREV = "83cdab8b2c6ea0fc0860f8444d083353b47f1d5c" -SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master" +SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=u-boot-2023.07.y" S = "${WORKDIR}/git" B = "${WORKDIR}/build" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb deleted file mode 100644 index b77a49af87..0000000000 --- a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.04.bb +++ /dev/null @@ -1,6 +0,0 @@ -require u-boot-common.inc -require u-boot-tools.inc - -SRC_URI += " \ - file://0001-mkimage-Use-PATH_MAX-for-path-length.patch \ -" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb new file mode 100644 index 0000000000..7eaf721ca8 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2023.07.02.bb @@ -0,0 +1,2 @@ +require u-boot-common.inc +require u-boot-tools.inc diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb index 4f5b3e5dfd..4f5b3e5dfd 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2023.04.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2023.07.02.bb diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 1764997c41..d1c6f7f54a 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -32,8 +32,7 @@ GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/" SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" -# Issue only affects Debian/SUSE, not us -CVE_CHECK_IGNORE += "CVE-2021-26720" +CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-avoid-start-failure-with-bind-user.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-avoid-start-failure-with-bind-user.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9 index 968679ff7f..968679ff7f 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/bind9 +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/bind9 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch index aa3642acec..aa3642acec 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/conf.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/conf.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/generate-rndc-key.sh +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/generate-rndc-key.sh diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/init.d-add-support-for-read-only-rootfs.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/init.d-add-support-for-read-only-rootfs.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/make-etc-initd-bind-stop-work.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/make-etc-initd-bind-stop-work.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service index cda56ef015..cda56ef015 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.15/named.service +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.16/named.service diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.15.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.16.bb index 80164aad87..d9b62bb8b0 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.15.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.16.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "28ae8db14862801bc2bd4fd820db00667d3f1ff9ae9cc2d06a0ef7810fed7a4e" +SRC_URI[sha256sum] = "c88234fe07ee75c3c8a9e59152fee64b714643de8e22cf98da3db4d0b57e0775" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 @@ -28,7 +28,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore # so the issue doesn't affect us. -CVE_CHECK_IGNORE += "CVE-2019-6470" +CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives @@ -39,7 +39,7 @@ PACKAGECONFIG[readline] = "--with-readline=readline,,readline" PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" -EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \ +EXTRA_OECONF = " --disable-auto-validation \ --with-gssapi=no --with-lmdb=no --with-zlib \ --sysconfdir=${sysconfdir}/bind \ --with-openssl=${STAGING_DIR_HOST}${prefix} \ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index e10158a6e5..d2ee2b4f12 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -55,6 +55,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0004-src-shared-util.c-include-linux-limits.h.patch \ + file://fix-check-ell-path.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch new file mode 100644 index 0000000000..7afa63962d --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch @@ -0,0 +1,39 @@ +Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=168818474411163&w=2] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +From linux-bluetooth Sat Jul 01 04:12:52 2023 +From: Rudi Heitbaum <rudi () heitbaum ! com> +Date: Sat, 01 Jul 2023 04:12:52 +0000 +To: linux-bluetooth +Subject: [PATCH] configure: Fix check ell path for cross compiling +Message-Id: <20230701041252.139338-1-rudi () heitbaum ! com> +X-MARC-Message: https://marc.info/?l=linux-bluetooth&m=168818474411163 + +Use of AC_CHECK_FILE prevents cross compilation. +Instead use test to support cross compiling. + +Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com> +--- + configure.ac | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index eff297960..bc7edfcd3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -298,9 +298,10 @@ if (test "${enable_external_ell}" = "yes"); then + AC_SUBST(ELL_LIBS) + fi + if (test "${enable_external_ell}" != "yes"); then +- AC_CHECK_FILE(${srcdir}/ell/ell.h, dummy=yes, +- AC_CHECK_FILE(${srcdir}/../ell/ell/ell.h, dummy=yes, +- AC_MSG_ERROR(ELL source is required or use --enable-external-ell))) ++ if (test ! -f ${srcdir}/ell/ell.h) && ++ (test ! -f ${srcdir}/../ell/ell/ell.h); then ++ AC_MSG_ERROR(ELL source is required or use --enable-external-ell) ++ fi + fi + AM_CONDITIONAL(EXTERNAL_ELL, test "${enable_external_ell}" = "yes" || + (test "${enable_btpclient}" != "yes" && +-- +2.34.1 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb index 2208b730b0..f8405ed091 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.66.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb @@ -1,9 +1,9 @@ require bluez5.inc -SRC_URI[sha256sum] = "39fea64b590c9492984a0c27a89fc203e1cdc74866086efb8f4698677ab2b574" +SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933" -# These issues have kernel fixes rather than bluez fixes so exclude here -CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490" +CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes" +CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes" # noinst programs in Makefile.tools that are conditional on READLINE # support diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb index 456cb2f962..c9aa25c518 100644 --- a/poky/meta/recipes-connectivity/libuv/libuv_1.45.0.bb +++ b/poky/meta/recipes-connectivity/libuv/libuv_1.46.0.bb @@ -6,8 +6,8 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \ file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324" -SRCREV = "96e05543f53b19d9642b4b0dd73b86ad3cea313e" -SRC_URI = "git://github.com/libuv/libuv.git;branch=master;protocol=https" +SRCREV = "f0bb7e40f0508bedf6fad33769b3f87bb8aedfa6" +SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb index 42ce814523..3edc123b9a 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_9.3p1.bb @@ -28,15 +28,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar " SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8" -# This CVE is specific to OpenSSH with the pam opie which we don't build/use here -CVE_CHECK_IGNORE += "CVE-2007-2768" +CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded -CVE_CHECK_IGNORE += "CVE-2014-9278" +CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ +Red Hat Enterprise Linux 7 and when running in a Kerberos environment" -# CVE only applies to some distributed RHEL binaries -CVE_CHECK_IGNORE += "CVE-2008-3844" +CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." PAM_SRC_URI = "file://sshd" diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb index f5f3f32a97..c2a7173c84 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb @@ -137,7 +137,9 @@ do_configure () { fi # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. - HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" + test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } @@ -253,6 +255,5 @@ CVE_PRODUCT = "openssl:openssl" CVE_VERSION_SUFFIX = "alphabetical" -# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough -CVE_CHECK_IGNORE += "CVE-2019-0190" +CVE_STATUS[CVE-2019-0190] = "not-applicable-config: Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37" diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb index 25da988f50..ba38169f05 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_9.3.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_9.3.bb @@ -23,8 +23,8 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa" # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 -# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. -CVE_CHECK_IGNORE += "CVE-2016-2781" +# +CVE_STATUS[CVE-2016-2781] = "disputed: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue." EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname" diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb index 4327a13345..64a3c6d80c 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.3.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.76.4.bb @@ -19,7 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ " SRC_URI:append:class-native = " file://relocate-modules.patch" -SRC_URI[sha256sum] = "c0be444e403d7c3184d1f394f89f0b644710b5e9331b54fa4e8b5037813ad32a" +SRC_URI[sha256sum] = "5a5a191c96836e166a7771f7ea6ca2b0069c603c7da3cba1cd38d1694a395dda" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb index 75c031e8cd..8e7290cdbb 100644 --- a/poky/meta/recipes-core/glib-networking/glib-networking_2.76.0.bb +++ b/poky/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SECTION = "libs" DEPENDS = "glib-2.0-native glib-2.0" -SRC_URI[archive.sha256sum] = "149a05a179e629a538be25662aa324b499d7c4549c5151db5373e780a1bf1b9a" +SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b" PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" diff --git a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb index e8ad2a938b..2e076f4b0f 100644 --- a/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb +++ b/poky/meta/recipes-core/glibc/glibc-testsuite_2.37.bb @@ -16,6 +16,7 @@ TOOLCHAIN_TEST_HOST_USER ??= "root" TOOLCHAIN_TEST_HOST_PORT ??= "2222" do_check[nostamp] = "1" +do_check[network] = "1" do_check:append () { chmod 0755 ${WORKDIR}/check-test-wrapper diff --git a/poky/meta/recipes-core/glibc/glibc_2.37.bb b/poky/meta/recipes-core/glibc/glibc_2.37.bb index 3387441cad..851aa612b1 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.37.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.37.bb @@ -4,18 +4,19 @@ require glibc-version.inc # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 -# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. -# "this is being treated as a non-security bug and no real threat." -CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" +CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE" +CVE_STATUS_RECIPE = "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" +CVE_STATUS_RECIPE[status] = "disputed: \ +Upstream glibc maintainers dispute there is any issue and have no plans to address it further. \ +this is being treated as a non-security bug and no real threat." # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 -# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow -# easier access for another. "ASLR bypass itself is not a vulnerability." # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 -CVE_CHECK_IGNORE += "CVE-2019-1010025" +CVE_STATUS[CVE-2019-1010025] = "disputed: \ +Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \ +easier access for another. 'ASLR bypass itself is not a vulnerability.'" -# This is integrated into the 2.37 branch as of 07b9521fc6 -CVE_CHECK_IGNORE += "CVE-2023-25139" +CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6" DEPENDS += "gperf-native bison-native" diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb index 5dbd6193b8..16425ea9e4 100644 --- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb +++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.41.bb @@ -42,6 +42,11 @@ do_install () { install -m 0644 ifup.8 ${D}${mandir}/man8 install -m 0644 interfaces.5 ${D}${mandir}/man5 cd ${D}${mandir}/man8 && ln -s ifup.8 ifdown.8 + + install -d ${D}${sysconfdir}/network/if-pre-up.d + install -d ${D}${sysconfdir}/network/if-up.d + install -d ${D}${sysconfdir}/network/if-down.d + install -d ${D}${sysconfdir}/network/if-post-down.d } do_install_ptest () { diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 05148aca61..4ece229379 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check REQUIRED_DISTRO_FEATURES += "xattr" -SRCREV ?= "581edf20120cd383e8dea0693239629e7547bb7e" +SRCREV ?= "679b7b6700ec1355a5b15a51c90a7ee339bee97c" SRC_URI = "git://git.yoctoproject.org/poky;branch=master \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ @@ -133,9 +133,9 @@ create_bundle_files () { cd ${WORKDIR} mkdir -p Yocto_Build_Appliance cp *.vmx* Yocto_Build_Appliance - ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk - ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx - ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd + ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vmdk Yocto_Build_Appliance/Yocto_Build_Appliance.vmdk + ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhdx Yocto_Build_Appliance/Yocto_Build_Appliance.vhdx + ln -sf ${IMGDEPLOYDIR}/${IMAGE_NAME}.wic.vhd Yocto_Build_Appliance/Yocto_Build_Appliance.vhd zip -r ${IMGDEPLOYDIR}/Yocto_Build_Appliance-${DATETIME}.zip Yocto_Build_Appliance ln -sf Yocto_Build_Appliance-${DATETIME}.zip ${IMGDEPLOYDIR}/Yocto_Build_Appliance.zip } diff --git a/poky/meta/recipes-core/images/core-image-ptest.bb b/poky/meta/recipes-core/images/core-image-ptest.bb index 90c26641ba..74cf933b72 100644 --- a/poky/meta/recipes-core/images/core-image-ptest.bb +++ b/poky/meta/recipes-core/images/core-image-ptest.bb @@ -19,12 +19,14 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in d.getVar('PTESTS').split()] # strace-ptest in particular needs more than 500MB IMAGE_OVERHEAD_FACTOR = "1.0" IMAGE_ROOTFS_EXTRA_SPACE = "324288" +IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288" # ptests need more memory than standard to avoid the OOM killer QB_MEM = "-m 1024" QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096" +QB_MEM:virtclass-mcextend-python3 = "-m 2048" QB_MEM:virtclass-mcextend-python3-cryptography = "-m 4096" TEST_SUITES = "ping ssh parselogs ptest" diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb index 7662b8f685..9a3e0a7476 100644 --- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb +++ b/poky/meta/recipes-core/kbd/kbd_2.6.0.bb @@ -16,7 +16,7 @@ RCONFLICTS:${PN} = "console-tools" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \ " -SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683" +SRC_URI[sha256sum] = "9c159433db5df8ef31d86b42f5b09d32311bdda2ed35107fb1926243da60b28a" EXTRA_OECONF = "--disable-tests" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb index ec9f9f4fa3..ec9f9f4fa3 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.34.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc index 4d145cf3cc..ba93d91aef 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -10,19 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=c0a30e2b1502c55a7f37e412cd6c6a4b \ inherit autotools pkgconfig SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https" -SRCREV = "e80cfde51bb4fe4bcf27585810e0b4ea3d1e4d7d" +SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf" SRCBRANCH ?= "master" SRC_URI += "file://fix_cflags_handling.patch" PROVIDES = "virtual/crypt" -FILES:${PN} = "${libdir}/libcrypt*.so.* \ - ${libdir}/libcrypt-*.so \ - ${libdir}/libowcrypt*.so.* \ - ${libdir}/libowcrypt-*.so \ -" - S = "${WORKDIR}/git" BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}" diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb index 79dba2f6dc..79dba2f6dc 100644 --- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.34.bb +++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.36.bb diff --git a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch b/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch deleted file mode 100644 index 80678efcfe..0000000000 --- a/poky/meta/recipes-core/libxml/libxml2/fix-tests.patch +++ /dev/null @@ -1,222 +0,0 @@ -Backport the following patches to fix the reader2 and runsuite test cases: - -b92768cd tests: Enable "runsuite" test -0ac8c15e python/tests/reader2: use absolute paths everywhere -b9ba5e1d python/tests/reader2: always exit(1) if a test fails - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/python/tests/reader2.py b/python/tests/reader2.py -index 65cecd47..6e6353b4 100755 ---- a/python/tests/reader2.py -+++ b/python/tests/reader2.py -@@ -6,7 +6,6 @@ - import sys - import glob - import os --import string - import libxml2 - try: - import StringIO -@@ -20,103 +19,104 @@ libxml2.debugMemory(1) - - err = "" - basedir = os.path.dirname(os.path.realpath(__file__)) --dir_prefix = os.path.join(basedir, "../../test/valid/") -+dir_prefix = os.path.realpath(os.path.join(basedir, "..", "..", "test", "valid")) -+ - # This dictionary reflects the contents of the files - # ../../test/valid/*.xml.err that are not empty, except that - # the file paths in the messages start with ../../test/ - - expect = { - '766956': --"""../../test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+"""{0}/dtds/766956.dtd:2: parser error : PEReference: expecting ';' - %ä%ent; - ^ --../../test/valid/dtds/766956.dtd:2: parser error : Content error in the external subset -+{0}/dtds/766956.dtd:2: parser error : Content error in the external subset - %ä%ent; - ^ - Entity: line 1: - value - ^ --""", -+""".format(dir_prefix), - '781333': --"""../../test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+"""{0}/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got - <a/> - ^ --../../test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+{0}/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child - - ^ --""", -+""".format(dir_prefix), - 'cond_sect2': --"""../../test/valid/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity -+"""{0}/dtds/cond_sect2.dtd:15: parser error : All markup of the conditional section is not in the same entity - %ent; - ^ - Entity: line 1: - ]]> - ^ --../../test/valid/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset -+{0}/dtds/cond_sect2.dtd:17: parser error : Content error in the external subset - - ^ --""", -+""".format(dir_prefix), - 'rss': --"""../../test/valid/rss.xml:177: element rss: validity error : Element rss does not carry attribute version -+"""{0}/rss.xml:177: element rss: validity error : Element rss does not carry attribute version - </rss> - ^ --""", -+""".format(dir_prefix), - 't8': --"""../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+"""{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot; %defmiddle; %deftest; - ^ - Entity: line 1: - <!ELEMENT root (middle) > - ^ --../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot; %defmiddle; %deftest; - ^ - Entity: line 1: - <!ELEMENT middle (test) > - ^ --../../test/valid/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot; %defmiddle; %deftest; - ^ - Entity: line 1: - <!ELEMENT test (#PCDATA) > - ^ --""", -+""".format(dir_prefix), - 't8a': --"""../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+"""{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot;%defmiddle;%deftest; - ^ - Entity: line 1: - <!ELEMENT root (middle) > - ^ --../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot;%defmiddle;%deftest; - ^ - Entity: line 1: - <!ELEMENT middle (test) > - ^ --../../test/valid/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+{0}/t8a.xml:6: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration - - %defroot;%defmiddle;%deftest; - ^ - Entity: line 1: - <!ELEMENT test (#PCDATA) > - ^ --""", -+""".format(dir_prefix), - 'xlink': --"""../../test/valid/xlink.xml:450: element termdef: validity error : ID dt-arc already defined -+"""{0}/xlink.xml:450: element termdef: validity error : ID dt-arc already defined - <p><termdef id="dt-arc" term="Arc">An <ter - ^ - validity error : attribute def line 199 references an unknown ID "dt-xlg" --""", -+""".format(dir_prefix), - } - - # Add prefix_dir and extension to the keys --expect = {"{}{}.xml".format(dir_prefix, key): val for key, val in expect.items()} -+expect = {os.path.join(dir_prefix, key + ".xml"): val for key, val in expect.items()} - - def callback(ctx, str): - global err -@@ -124,11 +124,12 @@ def callback(ctx, str): - libxml2.registerErrorHandler(callback, "") - - parsing_error_files = ["766956", "cond_sect2", "t8", "t8a"] --expect_parsing_error = ["{}{}.xml".format(dir_prefix, f) for f in parsing_error_files] -+expect_parsing_error = [os.path.join(dir_prefix, f + ".xml") for f in parsing_error_files] - --valid_files = glob.glob(dir_prefix + "*.x*") -+valid_files = glob.glob(os.path.join(dir_prefix, "*.x*")) - assert valid_files, "found no valid files in '{}'".format(dir_prefix) - valid_files.sort() -+failures = 0 - for file in valid_files: - err = "" - reader = libxml2.newTextReaderFilename(file) -@@ -142,9 +143,15 @@ for file in valid_files: - #sys.exit(1) - if (err): - if not(file in expect and err == expect[file]): -+ failures += 1 - print("Error: ", err) - if file in expect: - print("Expected: ", expect[file]) -+ -+if failures: -+ print("Failed %d tests" % failures) -+ sys.exit(1) -+ - # - # another separate test based on Stephane Bidoul one - # -@@ -337,9 +344,11 @@ while reader.Read() == 1: - if res != expect: - print("test5 failed: unexpected output") - print(res) -+ sys.exit(1) - if err != "": - print("test5 failed: validation error found") - print(err) -+ sys.exit(1) - - # - # cleanup -diff --git a/runsuite.c b/runsuite.c -index 483490a2..a522d24b 100644 ---- a/runsuite.c -+++ b/runsuite.c -@@ -1054,13 +1054,18 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { - old_tests = nb_tests; - old_leaks = nb_leaks; - xsdTest(); -- if ((nb_errors == old_errors) && (nb_leaks == old_leaks)) -- printf("Ran %d tests, no errors\n", nb_tests - old_tests); -- else -- printf("Ran %d tests, %d errors, %d leaks\n", -- nb_tests - old_tests, -- nb_errors - old_errors, -- nb_leaks - old_leaks); -+ printf("Ran %d tests, %d errors, %d leaks\n", -+ nb_tests - old_tests, -+ nb_errors - old_errors, -+ nb_leaks - old_leaks); -+ if (nb_errors - old_errors == 10) { -+ printf("10 errors were expected\n"); -+ nb_errors = old_errors; -+ } else { -+ printf("10 errors were expected, got %d errors\n", -+ nb_errors - old_errors); -+ nb_errors = old_errors + 1; -+ } - old_errors = nb_errors; - old_tests = nb_tests; - old_leaks = nb_leaks; diff --git a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch index b770afbeb4..14ccce5873 100644 --- a/poky/meta/recipes-core/libxml/libxml2/install-tests.patch +++ b/poky/meta/recipes-core/libxml/libxml2/install-tests.patch @@ -1,19 +1,19 @@ +From 3fc716357ce1372d9418dc86f24315b34d9808de Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Mon, 5 Dec 2022 17:02:32 +0000 +Subject: [PATCH] add yocto-specific install-ptest target + Add a target to install the test suite. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> -From c7809dc6947324ea506a0c2bf132ecd37156f211 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Mon, 5 Dec 2022 17:02:32 +0000 -Subject: [PATCH] add yocto-specific install-ptest target - --- Makefile.am | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 316109b1..15e100be 100644 +index 5bc4018..57d27af 100644 --- a/Makefile.am +++ b/Makefile.am @@ -26,6 +26,16 @@ check_PROGRAMS = \ @@ -32,7 +32,4 @@ index 316109b1..15e100be 100644 + bin_PROGRAMS = xmllint xmlcatalog - nodist_bin_SCRIPTS = xml2-config --- -2.34.1 - + bin_SCRIPTS = xml2-config diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch deleted file mode 100644 index fd8e469dd3..0000000000 --- a/poky/meta/recipes-core/libxml/libxml2/libxml-64bit.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 056b14345b1abd76a761ab14538f1bc21302781a Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Sat, 11 May 2019 20:26:51 +0800 -Subject: [PATCH] libxml 64bit - -Upstream-Status: Backport [from debian: bugs.debian.org/439843] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - libxml.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/libxml.h b/libxml.h -index 64e30f7..4e80d90 100644 ---- a/libxml.h -+++ b/libxml.h -@@ -15,6 +15,9 @@ - #ifndef _LARGEFILE_SOURCE - #define _LARGEFILE_SOURCE - #endif -+#ifndef _LARGEFILE64_SOURCE -+#define _LARGEFILE64_SOURCE -+#endif - #ifndef _FILE_OFFSET_BITS - #define _FILE_OFFSET_BITS 64 - #endif --- -2.7.4 - diff --git a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch deleted file mode 100644 index 639c80bd6c..0000000000 --- a/poky/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch +++ /dev/null @@ -1,212 +0,0 @@ -Change the AM_PATH_XML2 macros to use pkg-config instead of xml2-config. - -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d598d8af0913b6e3d4e61ffa62397a275b669dca] -Signed-off-by: Ross Burton <ross.burton@arm.com> - - libxml.m4 | 189 ++---------------------------------------------------- - 1 file changed, 5 insertions(+), 184 deletions(-) - -diff --git a/libxml.m4 b/libxml.m4 -index fc7790c..1c53585 100644 ---- a/libxml.m4 -+++ b/libxml.m4 -@@ -1,191 +1,12 @@ --# Configure paths for LIBXML2 --# Simon Josefsson 2020-02-12 --# Fix autoconf 2.70+ warnings --# Mike Hommey 2004-06-19 --# use CPPFLAGS instead of CFLAGS --# Toshio Kuratomi 2001-04-21 --# Adapted from: --# Configure paths for GLIB --# Owen Taylor 97-11-3 -- - dnl AM_PATH_XML2([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]]) - dnl Test for XML, and define XML_CPPFLAGS and XML_LIBS - dnl --AC_DEFUN([AM_PATH_XML2],[ --AC_ARG_WITH(xml-prefix, -- [ --with-xml-prefix=PFX Prefix where libxml is installed (optional)], -- xml_config_prefix="$withval", xml_config_prefix="") --AC_ARG_WITH(xml-exec-prefix, -- [ --with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)], -- xml_config_exec_prefix="$withval", xml_config_exec_prefix="") --AC_ARG_ENABLE(xmltest, -- [ --disable-xmltest Do not try to compile and run a test LIBXML program],, -- enable_xmltest=yes) -- -- if test x$xml_config_exec_prefix != x ; then -- xml_config_args="$xml_config_args" -- if test x${XML2_CONFIG+set} != xset ; then -- XML2_CONFIG=$xml_config_exec_prefix/bin/xml2-config -- fi -- fi -- if test x$xml_config_prefix != x ; then -- xml_config_args="$xml_config_args --prefix=$xml_config_prefix" -- if test x${XML2_CONFIG+set} != xset ; then -- XML2_CONFIG=$xml_config_prefix/bin/xml2-config -- fi -- fi -- -- AC_PATH_PROG(XML2_CONFIG, xml2-config, no) -- min_xml_version=ifelse([$1], ,2.0.0,[$1]) -- AC_MSG_CHECKING(for libxml - version >= $min_xml_version) -- no_xml="" -- if test "$XML2_CONFIG" = "no" ; then -- no_xml=yes -- else -- XML_CPPFLAGS=`$XML2_CONFIG $xml_config_args --cflags` -- XML_LIBS=`$XML2_CONFIG $xml_config_args --libs` -- xml_config_major_version=`$XML2_CONFIG $xml_config_args --version | \ -- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'` -- xml_config_minor_version=`$XML2_CONFIG $xml_config_args --version | \ -- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'` -- xml_config_micro_version=`$XML2_CONFIG $xml_config_args --version | \ -- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'` -- if test "x$enable_xmltest" = "xyes" ; then -- ac_save_CPPFLAGS="$CPPFLAGS" -- ac_save_LIBS="$LIBS" -- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" -- LIBS="$XML_LIBS $LIBS" --dnl --dnl Now check if the installed libxml is sufficiently new. --dnl (Also sanity checks the results of xml2-config to some extent) --dnl -- rm -f conf.xmltest -- AC_RUN_IFELSE( -- [AC_LANG_SOURCE([[ --#include <stdlib.h> --#include <stdio.h> --#include <string.h> --#include <libxml/xmlversion.h> -- --int --main() --{ -- int xml_major_version, xml_minor_version, xml_micro_version; -- int major, minor, micro; -- char *tmp_version; -- -- system("touch conf.xmltest"); -- -- /* Capture xml2-config output via autoconf/configure variables */ -- /* HP/UX 9 (%@#!) writes to sscanf strings */ -- tmp_version = (char *)strdup("$min_xml_version"); -- if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) { -- printf("%s, bad version string from xml2-config\n", "$min_xml_version"); -- exit(1); -- } -- free(tmp_version); -- -- /* Capture the version information from the header files */ -- tmp_version = (char *)strdup(LIBXML_DOTTED_VERSION); -- if (sscanf(tmp_version, "%d.%d.%d", &xml_major_version, &xml_minor_version, &xml_micro_version) != 3) { -- printf("%s, bad version string from libxml includes\n", "LIBXML_DOTTED_VERSION"); -- exit(1); -- } -- free(tmp_version); -- -- /* Compare xml2-config output to the libxml headers */ -- if ((xml_major_version != $xml_config_major_version) || -- (xml_minor_version != $xml_config_minor_version) || -- (xml_micro_version != $xml_config_micro_version)) -- { -- printf("*** libxml header files (version %d.%d.%d) do not match\n", -- xml_major_version, xml_minor_version, xml_micro_version); -- printf("*** xml2-config (version %d.%d.%d)\n", -- $xml_config_major_version, $xml_config_minor_version, $xml_config_micro_version); -- return 1; -- } --/* Compare the headers to the library to make sure we match */ -- /* Less than ideal -- doesn't provide us with return value feedback, -- * only exits if there's a serious mismatch between header and library. -- */ -- LIBXML_TEST_VERSION; -- -- /* Test that the library is greater than our minimum version */ -- if ((xml_major_version > major) || -- ((xml_major_version == major) && (xml_minor_version > minor)) || -- ((xml_major_version == major) && (xml_minor_version == minor) && -- (xml_micro_version >= micro))) -- { -- return 0; -- } -- else -- { -- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n", -- xml_major_version, xml_minor_version, xml_micro_version); -- printf("*** You need a version of libxml newer than %d.%d.%d.\n", -- major, minor, micro); -- printf("***\n"); -- printf("*** If you have already installed a sufficiently new version, this error\n"); -- printf("*** probably means that the wrong copy of the xml2-config shell script is\n"); -- printf("*** being found. The easiest way to fix this is to remove the old version\n"); -- printf("*** of LIBXML, but you can also set the XML2_CONFIG environment to point to the\n"); -- printf("*** correct copy of xml2-config. (In this case, you will have to\n"); -- printf("*** modify your LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf\n"); -- printf("*** so that the correct libraries are found at run-time))\n"); -- } -- return 1; --} --]])],, no_xml=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) -- CPPFLAGS="$ac_save_CPPFLAGS" -- LIBS="$ac_save_LIBS" -- fi -- fi -+AC_DEFUN([AM_PATH_XML2],[ -+ AC_REQUIRE([PKG_PROG_PKG_CONFIG]) - -- if test "x$no_xml" = x ; then -- AC_MSG_RESULT(yes (version $xml_config_major_version.$xml_config_minor_version.$xml_config_micro_version)) -- ifelse([$2], , :, [$2]) -- else -- AC_MSG_RESULT(no) -- if test "$XML2_CONFIG" = "no" ; then -- echo "*** The xml2-config script installed by LIBXML could not be found" -- echo "*** If libxml was installed in PREFIX, make sure PREFIX/bin is in" -- echo "*** your path, or set the XML2_CONFIG environment variable to the" -- echo "*** full path to xml2-config." -- else -- if test -f conf.xmltest ; then -- : -- else -- echo "*** Could not run libxml test program, checking why..." -- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" -- LIBS="$LIBS $XML_LIBS" -- AC_LINK_IFELSE( -- [AC_LANG_PROGRAM([[ --#include <libxml/xmlversion.h> --#include <stdio.h> --]], [[ LIBXML_TEST_VERSION; return 0;]])], -- [ echo "*** The test program compiled, but did not run. This usually means" -- echo "*** that the run-time linker is not finding LIBXML or finding the wrong" -- echo "*** version of LIBXML. If it is not finding LIBXML, you'll need to set your" -- echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" -- echo "*** to the installed location Also, make sure you have run ldconfig if that" -- echo "*** is required on your system" -- echo "***" -- echo "*** If you have an old version installed, it is best to remove it, although" -- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], -- [ echo "*** The test program failed to compile or link. See the file config.log for the" -- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" -- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" -- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) -- CPPFLAGS="$ac_save_CPPFLAGS" -- LIBS="$ac_save_LIBS" -- fi -- fi -+ verdep=ifelse([$1], [], [], [">= $1"]) -+ PKG_CHECK_MODULES(XML, [libxml-2.0 $verdep], [$2], [$3]) - -- XML_CPPFLAGS="" -- XML_LIBS="" -- ifelse([$3], , :, [$3]) -- fi -+ XML_CPPFLAGS=$XML_CFLAGS - AC_SUBST(XML_CPPFLAGS) -- AC_SUBST(XML_LIBS) -- rm -f conf.xmltest - ]) --- -2.34.1 - diff --git a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb index 4f3b17093e..cbf20504f8 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.10.4.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.11.4.bb @@ -15,21 +15,14 @@ inherit gnomebase SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \ file://run-ptest \ - file://libxml-64bit.patch \ - file://fix-tests.patch \ file://install-tests.patch \ - file://libxml-m4-use-pkgconfig.patch \ " -SRC_URI[archive.sha256sum] = "ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45" +SRC_URI[archive.sha256sum] = "737e1d7f8ab3f139729ca13a2494fd17bf30ddb4b7a427cf336252cab57f57f7" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" BINCONFIG = "${bindir}/xml2-config" -# Fixed since 2.9.11 via -# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f -CVE_CHECK_IGNORE += "CVE-2016-3709" - PACKAGECONFIG ??= "python \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb deleted file mode 100644 index 079f062f79..0000000000 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ /dev/null @@ -1,288 +0,0 @@ -SUMMARY = "Updates the NVD CVE database" -LICENSE = "MIT" - -INHIBIT_DEFAULT_DEPS = "1" - -inherit native - -deltask do_unpack -deltask do_patch -deltask do_configure -deltask do_compile -deltask do_install -deltask do_populate_sysroot - -NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" -# CVE database update interval, in seconds. By default: once a day (24*60*60). -# Use 0 to force the update -# Use a negative value to skip the update -CVE_DB_UPDATE_INTERVAL ?= "86400" - -# Timeout for blocking socket operations, such as the connection attempt. -CVE_SOCKET_TIMEOUT ?= "60" - -CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db" - -python () { - if not bb.data.inherits_class("cve-check", d): - raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") -} - -python do_fetch() { - """ - Update NVD database with json data feed - """ - import bb.utils - import bb.progress - import shutil - - bb.utils.export_proxies(d) - - db_file = d.getVar("CVE_CHECK_DB_FILE") - db_dir = os.path.dirname(db_file) - db_tmp_file = d.getVar("CVE_DB_TEMP_FILE") - - cleanup_db_download(db_file, db_tmp_file) - - # The NVD database changes once a day, so no need to update more frequently - # Allow the user to force-update - try: - import time - update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) - if update_interval < 0: - bb.note("CVE database update skipped") - return - if time.time() - os.path.getmtime(db_file) < update_interval: - bb.debug(2, "Recently updated, skipping") - return - - except OSError: - pass - - bb.utils.mkdirhier(db_dir) - if os.path.exists(db_file): - shutil.copy2(db_file, db_tmp_file) - - if update_db_file(db_tmp_file, d) == True: - # Update downloaded correctly, can swap files - shutil.move(db_tmp_file, db_file) - else: - # Update failed, do not modify the database - bb.note("CVE database update failed") - os.remove(db_tmp_file) -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" - -def cleanup_db_download(db_file, db_tmp_file): - """ - Cleanup the download space from possible failed downloads - """ - - # Clean up the updates done on the main file - # Remove it only if a journal file exists - it means a complete re-download - if os.path.exists("{0}-journal".format(db_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_file)) - - if os.path.exists(db_file): - os.remove(db_file) - - # Clean-up the temporary file downloads, we can remove both journal - # and the temporary database - if os.path.exists("{0}-journal".format(db_tmp_file)): - # If a journal is present the last update might have been interrupted. In that case, - # just wipe any leftovers and force the DB to be recreated. - os.remove("{0}-journal".format(db_tmp_file)) - - if os.path.exists(db_tmp_file): - os.remove(db_tmp_file) - -def update_db_file(db_tmp_file, d): - """ - Update the given database file - """ - import bb.utils, bb.progress - from datetime import date - import urllib, gzip, sqlite3 - - YEAR_START = 2002 - cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - - # Connect to database - conn = sqlite3.connect(db_tmp_file) - initialize_db(conn) - - with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: - total_years = date.today().year + 1 - YEAR_START - for i, year in enumerate(range(YEAR_START, date.today().year + 1)): - bb.debug(2, "Updating %d" % year) - ph.update((float(i + 1) / total_years) * 100) - year_url = (d.getVar('NVDCVE_URL')) + str(year) - meta_url = year_url + ".meta" - json_url = year_url + ".json.gz" - - # Retrieve meta last modified date - try: - response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) - except urllib.error.URLError as e: - cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') - bb.warn("Failed to fetch CVE data (%s)" % e.reason) - return False - - if response: - for l in response.read().decode("utf-8").splitlines(): - key, value = l.split(":", 1) - if key == "lastModifiedDate": - last_modified = value - break - else: - bb.warn("Cannot parse CVE metadata, update failed") - return False - - # Compare with current db last modified date - cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) - meta = cursor.fetchone() - cursor.close() - - if not meta or meta[0] != last_modified: - bb.debug(2, "Updating entries") - # Clear products table entries corresponding to current year - conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close() - - # Update db with current year json file - try: - response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout) - if response: - update_db(conn, gzip.decompress(response.read()).decode('utf-8')) - conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() - except urllib.error.URLError as e: - cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') - bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) - return False - else: - bb.debug(2, "Already up to date (last modified %s)" % last_modified) - # Update success, set the date to cve_check file. - if year == date.today().year: - cve_f.write('CVE database update : %s\n\n' % date.today()) - - conn.commit() - conn.close() - return True - -def initialize_db(conn): - with conn: - c = conn.cursor() - - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ - VERSION_END TEXT, OPERATOR_END TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") - - c.close() - -def parse_node_and_insert(conn, node, cveId): - # Parse children node if needed - for child in node.get('children', ()): - parse_node_and_insert(conn, child, cveId) - - def cpe_generator(): - for cpe in node.get('cpe_match', ()): - if not cpe['vulnerable']: - return - cpe23 = cpe.get('cpe23Uri') - if not cpe23: - return - cpe23 = cpe23.split(':') - if len(cpe23) < 6: - return - vendor = cpe23[3] - product = cpe23[4] - version = cpe23[5] - - if cpe23[6] == '*' or cpe23[6] == '-': - version_suffix = "" - else: - version_suffix = "_" + cpe23[6] - - if version != '*' and version != '-': - # Version is defined, this is a '=' match - yield [cveId, vendor, product, version + version_suffix, '=', '', ''] - elif version == '-': - # no version information is available - yield [cveId, vendor, product, version, '', '', ''] - else: - # Parse start version, end version and operators - op_start = '' - op_end = '' - v_start = '' - v_end = '' - - if 'versionStartIncluding' in cpe: - op_start = '>=' - v_start = cpe['versionStartIncluding'] - - if 'versionStartExcluding' in cpe: - op_start = '>' - v_start = cpe['versionStartExcluding'] - - if 'versionEndIncluding' in cpe: - op_end = '<=' - v_end = cpe['versionEndIncluding'] - - if 'versionEndExcluding' in cpe: - op_end = '<' - v_end = cpe['versionEndExcluding'] - - if op_start or op_end or v_start or v_end: - yield [cveId, vendor, product, v_start, op_start, v_end, op_end] - else: - # This is no version information, expressed differently. - # Save processing by representing as -. - yield [cveId, vendor, product, '-', '', '', ''] - - conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close() - -def update_db(conn, jsondata): - import json - root = json.loads(jsondata) - - for elt in root['CVE_Items']: - if not elt['impact']: - continue - - accessVector = None - cveId = elt['cve']['CVE_data_meta']['ID'] - cveDesc = elt['cve']['description']['description_data'][0]['value'] - date = elt['lastModifiedDate'] - try: - accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] - cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] - except KeyError: - cvssv2 = 0.0 - try: - accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] - cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] - except KeyError: - accessVector = accessVector or "UNKNOWN" - cvssv3 = 0.0 - - conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() - - configurations = elt['configurations']['nodes'] - for config in configurations: - parse_node_and_insert(conn, config, cveId) - - -do_fetch[nostamp] = "1" - -EXCLUDE_FROM_WORLD = "1" diff --git a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb index 2b585983ac..2f7dad7e82 100644 --- a/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -17,6 +17,10 @@ deltask do_populate_sysroot NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" +# If you have a NVD API key (https://nvd.nist.gov/developers/request-an-api-key) +# then setting this to get higher rate limits. +NVDCVE_API_KEY ?= "" + # CVE database update interval, in seconds. By default: once a day (24*60*60). # Use 0 to force the update # Use a negative value to skip the update @@ -119,18 +123,16 @@ def nvd_request_next(url, api_key, args): import urllib.parse import gzip import http + import time - headers = {} + request = urllib.request.Request(url + "?" + urllib.parse.urlencode(args)) if api_key: - headers['apiKey'] = api_key - - data = urllib.parse.urlencode(args) - - full_request = url + '?' + data + request.add_header("apiKey", api_key) + bb.note("Requesting %s" % request.full_url) - for attempt in range(3): + for attempt in range(5): try: - r = urllib.request.urlopen(full_request) + r = urllib.request.urlopen(request) if (r.headers['content-encoding'] == 'gzip'): buf = r.read() @@ -140,13 +142,9 @@ def nvd_request_next(url, api_key, args): r.close() - except UnicodeDecodeError: - # Received garbage, retry - bb.debug(2, "CVE database: received malformed data, retrying (request: %s)" %(full_request)) - pass - except http.client.IncompleteRead: - # Read incomplete, let's try again - bb.debug(2, "CVE database: received incomplete data, retrying (request: %s)" %(full_request)) + except Exception as e: + bb.note("CVE database: received error (%s), retrying" % (e)) + time.sleep(6) pass else: return raw_data @@ -172,11 +170,11 @@ def update_db_file(db_tmp_file, d, database_time): # The maximum range for time is 120 days # Force a complete update if our range is longer if (database_time != 0): - database_date = datetime.datetime.combine(datetime.date.fromtimestamp(database_time), datetime.time()) - today_date = datetime.datetime.combine(datetime.date.today(), datetime.time()) + database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc) + today_date = datetime.datetime.now(tz=datetime.timezone.utc) delta = today_date - database_date if delta.days < 120: - bb.debug(2, "CVE database: performing partial update") + bb.note("CVE database: performing partial update") req_args['lastModStartDate'] = database_date.isoformat() req_args['lastModEndDate'] = today_date.isoformat() else: @@ -184,12 +182,14 @@ def update_db_file(db_tmp_file, d, database_time): with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: - bb.debug(2, "Updating entries") + bb.note("Updating entries") index = 0 url = d.getVar("NVDCVE_URL") + api_key = d.getVar("NVDCVE_API_KEY") or None + while True: req_args['startIndex'] = index - raw_data = nvd_request_next(url, None, req_args) + raw_data = nvd_request_next(url, api_key, req_args) if raw_data is None: # We haven't managed to download data return False @@ -199,7 +199,7 @@ def update_db_file(db_tmp_file, d, database_time): index = data["startIndex"] total = data["totalResults"] per_page = data["resultsPerPage"] - + bb.note("Got %d entries" % per_page) for cve in data["vulnerabilities"]: update_db(conn, cve) @@ -312,22 +312,30 @@ def update_db(conn, elt): cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore'] except KeyError: cvssv2 = 0.0 + cvssv3 = None try: - accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] - cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] + accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] + cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] except KeyError: - accessVector = accessVector or "UNKNOWN" - cvssv3 = 0.0 + pass + try: + accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] + cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] + except KeyError: + pass + accessVector = accessVector or "UNKNOWN" + cvssv3 = cvssv3 or 0.0 conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() try: - configurations = elt['cve']['configurations'][0]['nodes'] - for config in configurations: - parse_node_and_insert(conn, config, cveId) + for config in elt['cve']['configurations']: + # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing + for node in config["nodes"]: + parse_node_and_insert(conn, node, cveId) except KeyError: - bb.debug(2, "Entry without a configuration") + bb.note("CVE %s has no configurations" % cveId) do_fetch[nostamp] = "1" diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb index 7c8434f23f..b4c2b1f898 100644 --- a/poky/meta/recipes-core/musl/musl_git.bb +++ b/poky/meta/recipes-core/musl/musl_git.bb @@ -4,7 +4,7 @@ require musl.inc inherit linuxloader -SRCREV = "f5f55d6589940fd2c2188d76686efe3a530e64e0" +SRCREV = "718f363bc2067b6487900eddc9180c84e7739f80" BASEVER = "1.2.4" diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch index 0c3df4fc44..490d9e8046 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch @@ -1,7 +1,7 @@ -From 1125f5a02c2f327aeffe2d6b66a9d816ad2eeec0 Mon Sep 17 00:00:00 2001 +From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Thu, 9 Jun 2016 02:23:01 -0700 -Subject: [PATCH 1/6] ovmf: update path to native BaseTools +Subject: [PATCH 1/4] ovmf: update path to native BaseTools BaseTools is a set of utilities to build EDK-based firmware. These utilities are used during the build process. Thus, they need to be built natively. @@ -16,7 +16,7 @@ Upstream-Status: Inappropriate [oe-core cross compile specific] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh -index 91b1442ade..1858dae31a 100755 +index b0334fb76e..094f86f096 100755 --- a/OvmfPkg/build.sh +++ b/OvmfPkg/build.sh @@ -24,7 +24,7 @@ then @@ -29,5 +29,5 @@ index 91b1442ade..1858dae31a 100755 source edksetup.sh BaseTools else -- -2.32.0 +2.30.2 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index 2293d7e938..efabc8febc 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -1,7 +1,7 @@ -From 19d4c7f9812062a683b3ba60b35aac0461190456 Mon Sep 17 00:00:00 2001 +From 7675a67b8bb207de38ff5a9dc416e8b1028eb8ce Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Date: Fri, 26 Jul 2019 17:34:26 -0400 -Subject: [PATCH 2/6] BaseTools: makefile: adjust to build in under bitbake +Subject: [PATCH 2/4] BaseTools: makefile: adjust to build in under bitbake Prepend the build flags with those of bitbake. This is to build using the bitbake native sysroot include and library directories. @@ -14,58 +14,56 @@ to fight against how upstream wants to configure the build. Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups] --- - BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) + BaseTools/Source/C/Makefiles/header.makefile | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 0df728f327..1299d47c87 100644 +index 1bf003523b..28757aed63 100644 --- a/BaseTools/Source/C/Makefiles/header.makefile +++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -75,35 +75,36 @@ $(error Bad HOST_ARCH) +@@ -82,35 +82,34 @@ $(error Bad HOST_ARCH) endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
--BUILD_CPPFLAGS = $(INCLUDE)
-+BUILD_CPPFLAGS += $(INCLUDE)
+-CPPFLAGS = $(INCLUDE)
++CPPFLAGS += $(INCLUDE)
# keep EXTRA_OPTFLAGS last
BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
- ifeq ($(CXX), llvm)
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ ifneq ($(CLANG),)
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-self-assign \
-Wno-unused-result -nostdlib -g
else
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+-CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
-fno-delete-null-pointer-checks -Wall -Werror \
-Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
-Wno-unused-result -nostdlib -g
endif
endif
- ifeq ($(CXX), llvm)
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-deprecated-register -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-deprecated-register -Wno-unused-result
+ ifneq ($(CLANG),)
+-LDFLAGS =
+-CXXFLAGS = -Wno-deprecated-register -Wno-unused-result -std=c++14
++CXXFLAGS += -Wno-deprecated-register -Wno-unused-result -std=c++14
else
--BUILD_LFLAGS =
--BUILD_CXXFLAGS = -Wno-unused-result
-+BUILD_LFLAGS = $(LDFLAGS)
-+BUILD_CXXFLAGS += -Wno-unused-result
+-LDFLAGS =
+-CXXFLAGS = -Wno-unused-result
++CXXFLAGS += -Wno-unused-result
endif
+
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
-- -2.32.0 +2.30.2 diff --git a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch index 7adc45465c..c0c763c1cf 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0005-debug-prefix-map.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch @@ -1,7 +1,7 @@ -From cf6361f27cd6318622fd58ab6c0a9407cc633b1e Mon Sep 17 00:00:00 2001 +From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 14 Jun 2021 19:56:28 +0200 -Subject: [PATCH] debug prefix map +Subject: [PATCH 3/4] debug prefix map We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in --debug-prefix-map to nasm (we carry a patch to nasm for this). The @@ -22,10 +22,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index 471eb67c0c..a16fb5c9f1 100755 +index 503a6687c1..10ac38ef9e 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template -@@ -1849,7 +1849,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_N +@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_ *_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
@@ -34,7 +34,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
-@@ -1869,8 +1869,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere +@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
@@ -45,7 +45,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
-@@ -2022,7 +2022,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF( +@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF( *_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
@@ -54,7 +54,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -2050,7 +2050,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set +@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set *_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
@@ -63,7 +63,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
-@@ -2159,7 +2159,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s +@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s *_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
@@ -72,7 +72,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -2187,7 +2187,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set +@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set *_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
@@ -81,7 +81,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
-@@ -2302,7 +2302,7 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20 +@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20 *_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
@@ -90,7 +90,7 @@ index 471eb67c0c..a16fb5c9f1 100755 DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
-@@ -2334,7 +2334,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl, +@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl, *_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch index 846f408012..c3fdc3d863 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0006-reproducible.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0004-reproducible.patch @@ -1,7 +1,7 @@ -From 27ed9962f5cb3afcc44d6c96c53277132a999712 Mon Sep 17 00:00:00 2001 +From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 14 Jun 2021 19:57:30 +0200 -Subject: [PATCH 6/6] reproducible +Subject: [PATCH 4/4] reproducible This patch fixes various things which make the build more reproducible. Some changes here only change intermediate artefacts but that means when you have two build trees @@ -35,10 +35,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c -index d097db8632..a87ae6f3d0 100644 +index 9c17c90b16..fcc7864141 100644 --- a/BaseTools/Source/C/GenFw/Elf64Convert.c +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c -@@ -14,6 +14,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef __GNUC__
#include <windows.h>
#include <io.h>
@@ -47,35 +47,35 @@ index d097db8632..a87ae6f3d0 100644 #endif
#include <assert.h>
#include <stdio.h>
-@@ -769,7 +771,7 @@ ScanSections64 ( +@@ -990,7 +992,7 @@ ScanSections64 ( }
mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
- strlen(mInImageName) + 1;
+ strlen(basename(mInImageName)) + 1;
- mCoffOffset = CoffAlign(mCoffOffset);
- if (SectionCount == 0) {
-@@ -1608,7 +1610,7 @@ WriteDebug64 ( - EFI_IMAGE_DEBUG_DIRECTORY_ENTRY *Dir;
- EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ //
+ // Add more space in the .debug data region for the DllCharacteristicsEx
+@@ -2261,7 +2263,7 @@ WriteDebug64 ( + EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
+ EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
- Len = strlen(mInImageName) + 1;
+ Len = strlen(basename(mInImageName)) + 1;
- Dir = (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY*)(mCoffFile + mDebugOffset);
- Dir->Type = EFI_IMAGE_DEBUG_TYPE_CODEVIEW;
-@@ -1618,7 +1620,7 @@ WriteDebug64 ( + NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
+@@ -2294,7 +2296,7 @@ WriteDebug64 ( Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
- strcpy ((char *)(Nb10 + 1), mInImageName);
+ strcpy ((char *)(Nb10 + 1), basename(mInImageName));
+ }
-
- NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
+ STATIC
diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py -index 722fead75a..8f1c236970 100644 +index 752a1a1f6a..02054cccf8 100644 --- a/BaseTools/Source/Python/AutoGen/BuildEngine.py +++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py @@ -70,6 +70,9 @@ class TargetDescBlock(object): @@ -89,7 +89,7 @@ index 722fead75a..8f1c236970 100644 if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py -index 961b2ab1c3..23c1592025 100755 +index daec9c6d54..0e8cc20efe 100755 --- a/BaseTools/Source/Python/AutoGen/GenMake.py +++ b/BaseTools/Source/Python/AutoGen/GenMake.py @@ -575,7 +575,7 @@ cleanlib: @@ -153,10 +153,10 @@ index 961b2ab1c3..23c1592025 100755 if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
self.FileListMacros[T.FileListMacro] = []
diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py -index d70b0d7ae8..25dca9a6df 100755 +index d05410b329..99b3f64aba 100755 --- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py +++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py -@@ -1484,6 +1484,9 @@ class ModuleAutoGen(AutoGen): +@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen): for File in Files:
if File.lower().endswith('.pdb'):
AsBuiltInfDict['binary_item'].append('DISPOSABLE|' + File)
@@ -166,7 +166,7 @@ index d70b0d7ae8..25dca9a6df 100755 HeaderComments = self.Module.HeaderComments
StartPos = 0
for Index in range(len(HeaderComments)):
-@@ -1759,7 +1762,7 @@ class ModuleAutoGen(AutoGen): +@@ -1749,7 +1752,7 @@ class ModuleAutoGen(AutoGen): if os.path.exists (self.TimeStampPath):
os.remove (self.TimeStampPath)
@@ -176,5 +176,5 @@ index d70b0d7ae8..25dca9a6df 100755 # Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
-- -2.32.0 +2.30.2 diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb index bd92c5d43d..761c265453 100644 --- a/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -22,12 +22,12 @@ BUILD_CFLAGS += "-Wno-error=stringop-overflow" SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0001-ovmf-update-path-to-native-BaseTools.patch \ file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ - file://0005-debug-prefix-map.patch \ - file://0006-reproducible.patch \ + file://0003-debug-prefix-map.patch \ + file://0004-reproducible.patch \ " -PV = "edk2-stable202302" -SRCREV = "f80f052277c88a67c55e107b550f504eeea947d3" +PV = "edk2-stable202305" +SRCREV = "ba91d0292e593df8528b66f99c1b0b14fadc8e16" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" inherit deploy diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl index 514f747fe6..7fe751b397 100755 --- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -202,7 +202,7 @@ class SystemdUnit(): try: for dependent in config.get('Install', prop): # expand any %i to instance (ignoring escape sequence %%) - dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent) + dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent) wants = systemdir / "{}.{}".format(dependent, dirstem) / service add_link(wants, target) diff --git a/poky/meta/recipes-core/systemd/systemd_253.3.bb b/poky/meta/recipes-core/systemd/systemd_253.3.bb index 87fbf6f785..cf0e17ff00 100644 --- a/poky/meta/recipes-core/systemd/systemd_253.3.bb +++ b/poky/meta/recipes-core/systemd/systemd_253.3.bb @@ -834,6 +834,3 @@ pkg_postinst:udev-hwdb () { pkg_prerm:udev-hwdb () { rm -f $D${sysconfdir}/udev/hwdb.bin } - -# This was also fixed in 252.4 with 9b75a3d0 -CVE_CHECK_IGNORE += "CVE-2022-4415" diff --git a/poky/meta/recipes-core/udev/eudev_3.2.12.bb b/poky/meta/recipes-core/udev/eudev_3.2.12.bb index 572ccecafd..4268bcc2c5 100644 --- a/poky/meta/recipes-core/udev/eudev_3.2.12.bb +++ b/poky/meta/recipes-core/udev/eudev_3.2.12.bb @@ -18,7 +18,7 @@ SRC_URI[sha256sum] = "ccdd64ec3c381d3c3ed0e99d2e70d1f62988c7763de89ca7bdffafa5ea GITHUB_BASE_URI = "https://github.com/eudev-project/eudev/releases" -inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases +inherit autotools update-rc.d qemu pkgconfig features_check manpages github-releases useradd CONFLICT_DISTRO_FEATURES = "systemd" @@ -85,3 +85,6 @@ pkg_postinst:${PN}-hwdb () { pkg_prerm:${PN}-hwdb () { rm -f $D${sysconfdir}/udev/hwdb.bin } + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "-r sgx" diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb index 9ea7a04e8a..c81405533c 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.38.1.bb @@ -234,6 +234,8 @@ ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty" ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump" ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock" ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice" +ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm" +ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs" ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill" ALTERNATIVE:${PN}-last = "last lastb" ALTERNATIVE_LINK_NAME[last] = "${bindir}/last" diff --git a/poky/meta/recipes-devtools/automake/automake/buildtest.patch b/poky/meta/recipes-devtools/automake/automake/buildtest.patch index b88b9e8693..c43a4ac8f3 100644 --- a/poky/meta/recipes-devtools/automake/automake/buildtest.patch +++ b/poky/meta/recipes-devtools/automake/automake/buildtest.patch @@ -36,7 +36,7 @@ index e0db651..de137fa 100644 -check-TESTS: $(TESTS) +AM_RECURSIVE_TARGETS += buildtest runtest + -+buildtest-TESTS: $(TESTS) ++buildtest-TESTS: $(TESTS) $(check_PROGRAMS) + +check-TESTS: buildtest-TESTS + $(MAKE) $(AM_MAKEFLAGS) runtest-TESTS diff --git a/poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb b/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb index b0ae7fb25c..22a6b385b0 100644 --- a/poky/meta/recipes-devtools/ccache/ccache_4.8.1.bb +++ b/poky/meta/recipes-devtools/ccache/ccache_4.8.2.bb @@ -7,14 +7,14 @@ HOMEPAGE = "http://ccache.samba.org" SECTION = "devel" LICENSE = "GPL-3.0-or-later" -LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=1601d62d6828fbe19b6f6c2d01fdff4c" +LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=cd54b7abfc462470b0f505273c38f0ff" DEPENDS = "zstd" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \ file://0001-xxhash.h-Fix-build-with-gcc-12.patch \ " -SRC_URI[sha256sum] = "869903c1891beb8bee87f1ec94d8a0dad18c2add4072c456acbc85cdfc23ca63" +SRC_URI[sha256sum] = "75eef15b8b9da48db9c91e1d0ff58b3645fc70c0e4ca2ef1b6825a12f21f217d" inherit cmake github-releases diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc index 7788a5c45a..f57a77c7bb 100644 --- a/poky/meta/recipes-devtools/cmake/cmake.inc +++ b/poky/meta/recipes-devtools/cmake/cmake.inc @@ -23,6 +23,4 @@ SRC_URI[sha256sum] = "313b6880c291bd4fe31c0aa51d6e62659282a521e695f30d5cc0d25abb UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" -# This is specific to the npm package that installs cmake, so isn't -# relevant to OpenEmbedded -CVE_CHECK_IGNORE += "CVE-2016-10642" +CVE_STATUS[CVE-2016-10642] = "cpe-incorrect: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded" diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb b/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb index ff79701dc7..9134411fa9 100644 --- a/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb +++ b/poky/meta/recipes-devtools/dnf/dnf_4.16.1.bb @@ -15,9 +15,10 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc file://0029-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ file://0030-Run-python-scripts-using-env.patch \ file://0001-set-python-path-for-completion_helper.patch \ - file://0001-dnf-write-the-log-lock-to-root.patch \ " +SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" + SRCREV = "94b7cc7956580405b219329541d6b40db6499cf1" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb index 15cf6f5cca..1ac88d65ef 100644 --- a/poky/meta/recipes-devtools/flex/flex_2.6.4.bb +++ b/poky/meta/recipes-devtools/flex/flex_2.6.4.bb @@ -26,10 +26,10 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4 GITHUB_BASE_URI = "https://github.com/westes/flex/releases" -# Disputed - yes there is stack exhaustion but no bug and it is building the -# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address # https://github.com/westes/flex/issues/414 -CVE_CHECK_IGNORE += "CVE-2019-6293" +CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \ +there is stack exhaustion but no bug and it is building the \ +parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this." inherit autotools gettext texinfo ptest github-releases diff --git a/poky/meta/recipes-devtools/gcc/gcc-13.1.inc b/poky/meta/recipes-devtools/gcc/gcc-13.1.inc index 4da703db52..e94753eed0 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-13.1.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-13.1.inc @@ -111,5 +111,4 @@ EXTRA_OECONF_PATHS = "\ --with-build-sysroot=${STAGING_DIR_TARGET} \ " -# Is a binutils 2.26 issue, not gcc -CVE_CHECK_IGNORE += "CVE-2021-37322" +CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc" diff --git a/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc b/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc index e4cdb73f0a..dba25eb754 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-configure-common.inc @@ -40,7 +40,6 @@ EXTRA_OECONF = "\ ${@get_gcc_mips_plt_setting(bb, d)} \ ${@get_gcc_ppc_plt_settings(bb, d)} \ ${@get_gcc_multiarch_setting(bb, d)} \ - --enable-standard-branch-protection \ " # glibc version is a minimum controlling whether features are enabled. diff --git a/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc b/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc index f68fec58ed..64f60c730f 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-testsuite.inc @@ -51,9 +51,10 @@ python check_prepare() { # enable all valid instructions, since the test suite itself does not # limit itself to the target cpu options. # - valid for x86*, powerpc, arm, arm64 - if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "ppc", "arm", "aarch64"]: + if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]: args += ["-cpu", "max"] - + elif qemu_binary.lstrip("qemu-") in ["ppc"]: + args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split() sysroot = d.getVar("RECIPE_SYSROOT") args += ["-L", sysroot] # lib paths are static here instead of using $libdir since this is used by a -cross recipe diff --git a/poky/meta/recipes-devtools/git/git_2.39.3.bb b/poky/meta/recipes-devtools/git/git_2.39.3.bb index 54a863acd2..3393550c85 100644 --- a/poky/meta/recipes-devtools/git/git_2.39.3.bb +++ b/poky/meta/recipes-devtools/git/git_2.39.3.bb @@ -27,13 +27,6 @@ LIC_FILES_CHKSUM = "\ CVE_PRODUCT = "git-scm:git" -# This is about a manpage not mentioning --mirror may "leak" information -# in mirrored git repos. Most OE users wouldn't build the docs and -# we don't see this as a major issue for our general users/usecases. -CVE_CHECK_IGNORE += "CVE-2022-24975" -# This is specific to Git-for-Windows -CVE_CHECK_IGNORE += "CVE-2022-41953" - PACKAGECONFIG ??= "expat curl" PACKAGECONFIG[cvsserver] = "" PACKAGECONFIG[svn] = "" diff --git a/poky/meta/recipes-devtools/go/go-1.20.5.inc b/poky/meta/recipes-devtools/go/go-1.20.6.inc index 4e4e57d5cb..551171b255 100644 --- a/poky/meta/recipes-devtools/go/go-1.20.5.inc +++ b/poky/meta/recipes-devtools/go/go-1.20.6.inc @@ -15,4 +15,4 @@ SRC_URI += "\ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ " -SRC_URI[main.sha256sum] = "9a15c133ba2cfafe79652f4815b62e7cfc267f68df1b9454c6ab2a3ca8b96a88" +SRC_URI[main.sha256sum] = "62ee5bc6fb55b8bae8f705e0cb8df86d6453626b4ecf93279e2867092e0b7f70" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb index a98be4af1b..5b2f8f4352 100644 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.20.6.bb @@ -9,9 +9,9 @@ PROVIDES = "go-native" # Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "d7ec48cde0d3d2be2c69203bc3e0a44de8660b9c09a6e85c4732a3f7dc442612" -SRC_URI[go_linux_arm64.sha256sum] = "aa2fab0a7da20213ff975fa7876a66d47b48351558d98851b87d1cfef4360d09" -SRC_URI[go_linux_ppc64le.sha256sum] = "049b8ab07d34077b90c0642138e10207f6db14bdd1743ea994a21e228f8ca53d" +SRC_URI[go_linux_amd64.sha256sum] = "b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb" +SRC_URI[go_linux_arm64.sha256sum] = "4e15ab37556e979181a1a1cc60f6d796932223a0f5351d7c83768b356f84429b" +SRC_URI[go_linux_ppc64le.sha256sum] = "a1b91a42a40bba54bfd5c96c23d72250e0c424038d0d2b5c7950b828b4905822" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb index 7ac9449e47..7ac9449e47 100644 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.20.6.bb diff --git a/poky/meta/recipes-devtools/go/go-cross_1.20.5.bb b/poky/meta/recipes-devtools/go/go-cross_1.20.6.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/poky/meta/recipes-devtools/go/go-cross_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go-cross_1.20.6.bb diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb index 1857c8a577..1857c8a577 100644 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.20.6.bb diff --git a/poky/meta/recipes-devtools/go/go-native_1.20.5.bb b/poky/meta/recipes-devtools/go/go-native_1.20.6.bb index ddf25b2c9b..ddf25b2c9b 100644 --- a/poky/meta/recipes-devtools/go/go-native_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go-native_1.20.6.bb diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb b/poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb index 63464a1501..63464a1501 100644 --- a/poky/meta/recipes-devtools/go/go-runtime_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go-runtime_1.20.6.bb diff --git a/poky/meta/recipes-devtools/go/go_1.20.5.bb b/poky/meta/recipes-devtools/go/go_1.20.6.bb index 46f5fbc6be..46f5fbc6be 100644 --- a/poky/meta/recipes-devtools/go/go_1.20.5.bb +++ b/poky/meta/recipes-devtools/go/go_1.20.6.bb diff --git a/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb b/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb index 93f87f730d..db4745ad7a 100644 --- a/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb +++ b/poky/meta/recipes-devtools/jquery/jquery_3.6.3.bb @@ -20,9 +20,8 @@ SRC_URI[map.sha256sum] = "156b740931ade6c1a98d99713eeb186f93847ffc56057e973becab UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js" # https://github.com/jquery/jquery/issues/3927 -# There are ways jquery can expose security issues but any issues are in the apps exposing them -# and there is little we can directly do -CVE_CHECK_IGNORE += "CVE-2007-2379" +CVE_STATUS[CVE-2007-2379] = "upstream-wontfix: There are ways jquery can expose security issues but any issues \ +are in the apps exposing them and there is little we can directly do." inherit allarch diff --git a/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch b/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch deleted file mode 100644 index 3680c715a7..0000000000 --- a/poky/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 -From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> -Date: Tue, 15 Feb 2022 12:28:46 -0300 -Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const> - -CVE: CVE-2022-28805 - -Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa] - -Signed-off-by: Steve Sakoman <steve@sakoman.com> ---- - src/lparser.c | 1 + - 1 files changed, 1 insertions(+) - -diff --git a/src/lparser.c b/src/lparser.c -index 3abe3d751..a5cd55257 100644 ---- a/src/lparser.c -+++ b/src/lparser.c -@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) { - expdesc key; - singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ - lua_assert(var->k != VVOID); /* this one must exist */ -+ luaK_exp2anyregup(fs, var); /* but could be a constant */ - codestring(&key, varname); /* key is variable name */ - luaK_indexed(fs, var, &key); /* env[varname] */ - } diff --git a/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch deleted file mode 100644 index fe7b6065c2..0000000000 --- a/poky/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001 -From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> -Date: Fri, 20 May 2022 13:14:33 -0300 -Subject: [PATCH] Save stack space while handling errors - -Because error handling (luaG_errormsg) uses slots from EXTRA_STACK, -and some errors can recur (e.g., string overflow while creating an -error message in 'luaG_runerror', or a C-stack overflow before calling -the message handler), the code should use stack slots with parsimony. - -This commit fixes the bug "Lua-stack overflow when C stack overflows -while handling an error". - -CVE: CVE-2022-33099 - -Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - ldebug.c | 5 ++++- - lvm.c | 6 ++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - ---- a/src/ldebug.c -+++ b/src/ldebug.c -@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con - va_start(argp, fmt); - msg = luaO_pushvfstring(L, fmt, argp); /* format message */ - va_end(argp); -- if (isLua(ci)) /* if Lua function, add source:line information */ -+ if (isLua(ci)) { /* if Lua function, add source:line information */ - luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci)); -+ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */ -+ L->top--; -+ } - luaG_errormsg(L); - } - ---- a/src/lvm.c -+++ b/src/lvm.c -@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota - /* collect total length and number of strings */ - for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) { - size_t l = vslen(s2v(top - n - 1)); -- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) -+ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) { -+ L->top = top - total; /* pop strings to avoid wasting stack */ - luaG_runerror(L, "string length overflow"); -+ } - tl += l; - } - if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */ -@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota - setsvalue2s(L, top - n, ts); /* create result */ - } - total -= n-1; /* got 'n' strings to create 1 new */ -- L->top -= n-1; /* popped 'n' strings and pushed one */ -+ L->top = top - (n - 1); /* popped 'n' strings and pushed one */ - } while (total > 1); /* repeat until only 1 result left */ - } - diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.6.bb index 26ec35f997..eabfc89575 100644 --- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb +++ b/poky/meta/recipes-devtools/lua/lua_5.4.6.bb @@ -1,20 +1,18 @@ SUMMARY = "Lua is a powerful light-weight programming language designed \ for extending applications." LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=307;endline=330;md5=79c3f6b19ad05efe24c1681f025026bb" +LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=303;endline=324;md5=e05449eb28c092473f854670c6e8375a" HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ - file://CVE-2022-28805.patch \ - file://CVE-2022-33099.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \ " # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. PV_testsuites = "5.4.4" -SRC_URI[tarballsrc.sha256sum] = "164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61" +SRC_URI[tarballsrc.sha256sum] = "7d5ea1b9cb6aa0b59ca3dde1c6adcb57ef83a1ba8e5432c0ecd06bf439b3ad88" SRC_URI[tarballtest.sha256sum] = "04d28355cd67a2299dfe5708b55a0ff221ccb1a3907a3113cc103ccc05ac6aad" inherit pkgconfig binconfig ptest diff --git a/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb index 83d2f01263..8e297ec4d4 100644 --- a/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb +++ b/poky/meta/recipes-devtools/ninja/ninja_1.11.1.bb @@ -30,5 +30,4 @@ do_install() { BBCLASSEXTEND = "native nativesdk" -# This is a different Ninja -CVE_CHECK_IGNORE += "CVE-2021-4336" +CVE_STATUS[CVE-2021-4336] = "cpe-incorrect: This is a different Ninja" diff --git a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb index b27e3ded33..eb88b9b734 100644 --- a/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.5.0.bb +++ b/poky/meta/recipes-devtools/opkg-utils/opkg-utils_0.6.2.bb @@ -10,7 +10,7 @@ PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtu SRC_URI = "git://git.yoctoproject.org/opkg-utils;protocol=https;branch=master \ file://0001-update-alternatives-correctly-match-priority.patch \ " -SRCREV = "9239541f14a2529b9d01c0a253ab11afa2822dab" +SRCREV = "67994e62dc598282830385da75ba9b1abbbda941" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch b/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch deleted file mode 100644 index 3406878a1d..0000000000 --- a/poky/meta/recipes-devtools/opkg/opkg/0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 4089affd371e6d62dd8c1e57b344f8cc329005ea Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 14 Jan 2023 23:11:08 -0800 -Subject: [PATCH] Define alignof using _Alignof when using C11 or newer - -WG14 N2350 made very clear that it is an UB having type definitions -within "offsetof" [1]. This patch enhances the implementation of macro -alignof_slot to use builtin "_Alignof" to avoid undefined behavior on -when using std=c11 or newer - -clang 16+ has started to flag this [2] - -Fixes build when using -std >= gnu11 and using clang16+ - -Older compilers gcc < 4.9 or clang < 8 has buggy _Alignof even though it -may support C11, exclude those compilers too - -[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2350.htm -[2] https://reviews.llvm.org/D133574 - -Upstream-Status: Submitted [https://groups.google.com/g/opkg-devel/c/gjcQPZgT_jI] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - libopkg/md5.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libopkg/md5.c b/libopkg/md5.c -index 981b9b8..ccb645e 100644 ---- a/libopkg/md5.c -+++ b/libopkg/md5.c -@@ -237,7 +237,17 @@ void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx) - /* Process available complete blocks. */ - if (len >= 64) { - #if !_STRING_ARCH_unaligned -+/* GCC releases before GCC 4.9 had a bug in _Alignof. See GCC bug 52023 -+ <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52023>. -+ clang versions < 8.0.0 have the same bug. */ -+#if (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112 \ -+ || (defined __GNUC__ && __GNUC__ < 4 + (__GNUC_MINOR__ < 9) \ -+ && !defined __clang__) \ -+ || (defined __clang__ && __clang_major__ < 8)) - #define alignof(type) offsetof (struct { char c; type x; }, x) -+#else -+#define alignof(type) _Alignof(type) -+#endif - #define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0) - if (UNALIGNED_P(buffer)) - while (len > 64) { --- -2.39.0 - diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch deleted file mode 100644 index f216950002..0000000000 --- a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001 -From: Charlie Johnston <charlie.johnston@ni.com> -Date: Fri, 30 Dec 2022 15:21:14 -0600 -Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls. - -The opkg-key script was always passing the --no-options -flag to gpg, which uses /dev/null as the options file. -As a result, the opkg gpg.conf file was not getting -used. This change removes that flag so that gpg.conf -in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/) -will be used if present. - -Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b] -Signed-off-by: Charlie Johnston <charlie.johnston@ni.com> ---- - utils/opkg-key | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/utils/opkg-key b/utils/opkg-key -index e395a59..8645ebc 100755 ---- a/utils/opkg-key -+++ b/utils/opkg-key -@@ -53,7 +53,7 @@ else - exit 1 - fi - --GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR" -+GPG="$GPGCMD --homedir $GPGHOMEDIR" - - # Gpg home dir isn't created automatically when --homedir option is used - if [ ! -e "$GPGHOMEDIR" ]; then --- -2.30.2 - diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb index 4c25fe963a..46be137354 100644 --- a/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb +++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.2.bb @@ -15,12 +15,10 @@ PE = "1" SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \ file://opkg.conf \ file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \ - file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \ - file://0001-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ file://run-ptest \ -" + " -SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a" +SRC_URI[sha256sum] = "ac73a90a2549cd04948e563d915912c78e1b8ba0f43af75c5a53fcca474adbd5" # This needs to be before ptest inherit, otherwise all ptest files end packaged # in libopkg package if OPKGLIBDIR == libdir, because default diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch new file mode 100644 index 0000000000..0531e1f099 --- /dev/null +++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch @@ -0,0 +1,217 @@ +From 77f557ef84698efeb6eed04e4a9704eaf85b741d +From: Stig Palmquist <git@stig.io> +Date: Mon Jun 5 16:46:22 2023 +0200 +Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable + insecure default + +- Changes the `verify_SSL` default parameter from `0` to `1` + + Based on patch by Dominic Hargreaves: + https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92 + + CVE: CVE-2023-31486 + +- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that + enables the previous insecure default behaviour if set to `1`. + + This provides a workaround for users who encounter problems with the + new `verify_SSL` default. + + Example to disable certificate checks: + ``` + $ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl + ``` + +- Updates to documentation: + - Describe changing the verify_SSL value + - Describe the escape-hatch environment variable + - Remove rationale for not enabling verify_SSL + - Add missing certificate search paths + - Replace "SSL" with "TLS/SSL" where appropriate + - Use "machine-in-the-middle" instead of "man-in-the-middle" + +Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++++++++++++++++++++++----------- + 1 file changed, 57 insertions(+), 29 deletions(-) + +diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +index 83ca06d..ebc34a1 100644 +--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm ++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +@@ -40,10 +40,14 @@ sub _croak { require Carp; Carp::croak(@_) } + #pod * C<timeout> — Request timeout in seconds (default is 60) If a socket open, + #pod read or write takes longer than the timeout, the request response status code + #pod will be 599. +-#pod * C<verify_SSL> — A boolean that indicates whether to validate the SSL +-#pod certificate of an C<https> — connection (default is false) ++#pod * C<verify_SSL> — A boolean that indicates whether to validate the TLS/SSL ++#pod certificate of an C<https> — connection (default is true). Changed from false ++#pod to true in version 0.083. + #pod * C<SSL_options> — A hashref of C<SSL_*> — options to pass through to + #pod L<IO::Socket::SSL> ++#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default ++#pod certificate verification behavior to not check server identity if set to 1. ++#pod Only effective if C<verify_SSL> is not set. Added in version 0.083. + #pod + #pod An accessor/mutator method exists for each attribute. + #pod +@@ -111,11 +115,17 @@ sub timeout { + sub new { + my($class, %args) = @_; + ++ # Support lower case verify_ssl argument, but only if verify_SSL is not ++ # true. ++ if ( exists $args{verify_ssl} ) { ++ $args{verify_SSL} ||= $args{verify_ssl}; ++ } ++ + my $self = { + max_redirect => 5, + timeout => defined $args{timeout} ? $args{timeout} : 60, + keep_alive => 1, +- verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default ++ verify_SSL => defined $args{verify_SSL} ? $args{verify_SSL} : _verify_SSL_default(), + no_proxy => $ENV{no_proxy}, + }; + +@@ -134,6 +144,13 @@ sub new { + return $self; + } + ++sub _verify_SSL_default { ++ my ($self) = @_; ++ # Check if insecure default certificate verification behaviour has been ++ # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ++ return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; ++} ++ + sub _set_proxies { + my ($self) = @_; + +@@ -1055,7 +1072,7 @@ sub new { + timeout => 60, + max_line_size => 16384, + max_header_lines => 64, +- verify_SSL => 0, ++ verify_SSL => HTTP::Tiny::_verify_SSL_default(), + SSL_options => {}, + %args + }, $class; +@@ -2043,11 +2060,11 @@ proxy + timeout + verify_SSL + +-=head1 SSL SUPPORT ++=head1 TLS/SSL SUPPORT + + Direct C<https> connections are supported only if L<IO::Socket::SSL> 1.56 or + greater and L<Net::SSLeay> 1.49 or greater are installed. An error will occur +-if new enough versions of these modules are not installed or if the SSL ++if new enough versions of these modules are not installed or if the TLS + encryption fails. You can also use C<HTTP::Tiny::can_ssl()> utility function + that returns boolean to see if the required modules are installed. + +@@ -2055,7 +2072,7 @@ An C<https> connection may be made via an C<http> proxy that supports the CONNEC + command (i.e. RFC 2817). You may not proxy C<https> via a proxy that itself + requires C<https> to communicate. + +-SSL provides two distinct capabilities: ++TLS/SSL provides two distinct capabilities: + + =over 4 + +@@ -2069,24 +2086,17 @@ Verification of server identity + + =back + +-B<By default, HTTP::Tiny does not verify server identity>. +- +-Server identity verification is controversial and potentially tricky because it +-depends on a (usually paid) third-party Certificate Authority (CA) trust model +-to validate a certificate as legitimate. This discriminates against servers +-with self-signed certificates or certificates signed by free, community-driven +-CA's such as L<CAcert.org|http://cacert.org>. ++B<By default, HTTP::Tiny verifies server identity>. + +-By default, HTTP::Tiny does not make any assumptions about your trust model, +-threat level or risk tolerance. It just aims to give you an encrypted channel +-when you need one. ++This was changed in version 0.083 due to security concerns. The previous default ++behavior can be enabled by setting C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> ++to 1. + +-Setting the C<verify_SSL> attribute to a true value will make HTTP::Tiny verify +-that an SSL connection has a valid SSL certificate corresponding to the host +-name of the connection and that the SSL certificate has been verified by a CA. +-Assuming you trust the CA, this will protect against a L<man-in-the-middle +-attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>. If you are +-concerned about security, you should enable this option. ++Verification is done by checking that that the TLS/SSL connection has a valid ++certificate corresponding to the host name of the connection and that the ++certificate has been verified by a CA. Assuming you trust the CA, this will ++protect against L<machine-in-the-middle ++attacks|http://en.wikipedia.org/wiki/Machine-in-the-middle_attack>. + + Certificate verification requires a file containing trusted CA certificates. + +@@ -2094,9 +2104,7 @@ If the environment variable C<SSL_CERT_FILE> is present, HTTP::Tiny + will try to find a CA certificate file in that location. + + If the L<Mozilla::CA> module is installed, HTTP::Tiny will use the CA file +-included with it as a source of trusted CA's. (This means you trust Mozilla, +-the author of Mozilla::CA, the CPAN mirror where you got Mozilla::CA, the +-toolchain used to install it, and your operating system security, right?) ++included with it as a source of trusted CA's. + + If that module is not available, then HTTP::Tiny will search several + system-specific default locations for a CA certificate file: +@@ -2115,13 +2123,33 @@ system-specific default locations for a CA certificate file: + + /etc/ssl/ca-bundle.pem + ++=item * ++ ++/etc/openssl/certs/ca-certificates.crt ++ ++=item * ++ ++/etc/ssl/cert.pem ++ ++=item * ++ ++/usr/local/share/certs/ca-root-nss.crt ++ ++=item * ++ ++/etc/pki/tls/cacert.pem ++ ++=item * ++ ++/etc/certs/ca-certificates.crt ++ + =back + + An error will be occur if C<verify_SSL> is true and no CA certificate file + is available. + +-If you desire complete control over SSL connections, the C<SSL_options> attribute +-lets you provide a hash reference that will be passed through to ++If you desire complete control over TLS/SSL connections, the C<SSL_options> ++attribute lets you provide a hash reference that will be passed through to + C<IO::Socket::SSL::start_SSL()>, overriding any options set by HTTP::Tiny. For + example, to provide your own trusted CA file: + +@@ -2131,7 +2159,7 @@ example, to provide your own trusted CA file: + + The C<SSL_options> attribute could also be used for such things as providing a + client certificate for authentication to a server or controlling the choice of +-cipher used for the SSL connection. See L<IO::Socket::SSL> documentation for ++cipher used for the TLS/SSL connection. See L<IO::Socket::SSL> documentation for + details. + + =head1 PROXY SUPPORT +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch new file mode 100644 index 0000000000..45452be389 --- /dev/null +++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch @@ -0,0 +1,36 @@ +From a22785783b17cbaa28afaee4a024d81a1903701d +From: Stig Palmquist <git@stig.io> +Date: Sun Jun 18 11:36:05 2023 +0200 +Subject: [PATCH] Fix incorrect env var name for verify_SSL default + +The variable to override the verify_SSL default differed slightly in the +documentation from what was checked for in the code. + +This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT` +as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was +missing `SSL_` + +CVE: CVE-2023-31486 + +Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +index ebc34a1..65ac8ff 100644 +--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm ++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +@@ -148,7 +148,7 @@ sub _verify_SSL_default { + my ($self) = @_; + # Check if insecure default certificate verification behaviour has been + # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 +- return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; ++ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1; + } + + sub _set_proxies { +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb b/poky/meta/recipes-devtools/perl/perl_5.36.1.bb index 3db1d9c6ae..87768cc7f7 100644 --- a/poky/meta/recipes-devtools/perl/perl_5.36.1.bb +++ b/poky/meta/recipes-devtools/perl/perl_5.36.1.bb @@ -18,6 +18,8 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ file://determinism.patch \ file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ file://CVE-2023-31484.patch \ + file://CVE-2023-31486-0001.patch \ + file://CVE-2023-31486-0002.patch \ " SRC_URI:append:class-native = " \ file://perl-configpm-switch.patch \ diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb index 4bdf03c574..ab1d1c84e8 100644 --- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb +++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.5.bb @@ -15,7 +15,7 @@ LICENSE = "pkgconf" LIC_FILES_CHKSUM = "file://COPYING;md5=2214222ec1a820bd6cc75167a56925e0" SRC_URI = "\ - https://distfiles.dereferenced.org/pkgconf/pkgconf-${PV}.tar.xz \ + https://distfiles.ariadne.space/pkgconf/pkgconf-${PV}.tar.xz \ file://pkg-config-wrapper \ file://pkg-config-native.in \ file://pkg-config-esdk.in \ diff --git a/poky/meta/recipes-devtools/python/python-cython.inc b/poky/meta/recipes-devtools/python/python-cython.inc index 71596caedd..6aec6b012f 100644 --- a/poky/meta/recipes-devtools/python/python-cython.inc +++ b/poky/meta/recipes-devtools/python/python-cython.inc @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa" PYPI_PACKAGE = "Cython" BBCLASSEXTEND = "native nativesdk" -SRC_URI[sha256sum] = "6e381fa0bf08b3c26ec2f616b19ae852c06f5750f4290118bf986b6f85c8c527" +SRC_URI[sha256sum] = "41c0cfd2d754e383c9eeb95effc9aa4ab847d0c9747077ddd7c0dcb68c3bc01f" UPSTREAM_CHECK_REGEX = "Cython-(?P<pver>.*)\.tar" inherit pypi diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc b/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc index 410c9f4042..da0a3f2ee8 100644 --- a/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc +++ b/poky/meta/recipes-devtools/python/python3-cryptography-crates.inc @@ -4,135 +4,109 @@ SRC_URI += " \ crate://crates.io/Inflector/0.11.4 \ crate://crates.io/aliasable/0.1.3 \ - crate://crates.io/android_system_properties/0.1.5 \ - crate://crates.io/asn1/0.13.0 \ - crate://crates.io/asn1_derive/0.13.0 \ + crate://crates.io/asn1/0.15.2 \ + crate://crates.io/asn1_derive/0.15.2 \ crate://crates.io/autocfg/1.1.0 \ crate://crates.io/base64/0.13.1 \ crate://crates.io/bitflags/1.3.2 \ - crate://crates.io/bumpalo/3.10.0 \ - crate://crates.io/cc/1.0.78 \ + crate://crates.io/cc/1.0.79 \ crate://crates.io/cfg-if/1.0.0 \ - crate://crates.io/chrono/0.4.23 \ - crate://crates.io/codespan-reporting/0.11.1 \ - crate://crates.io/core-foundation-sys/0.8.3 \ - crate://crates.io/cxx/1.0.85 \ - crate://crates.io/cxx-build/1.0.85 \ - crate://crates.io/cxxbridge-flags/1.0.85 \ - crate://crates.io/cxxbridge-macro/1.0.85 \ - crate://crates.io/iana-time-zone/0.1.53 \ - crate://crates.io/iana-time-zone-haiku/0.1.1 \ - crate://crates.io/indoc/0.3.6 \ - crate://crates.io/indoc-impl/0.3.6 \ - crate://crates.io/instant/0.1.12 \ - crate://crates.io/js-sys/0.3.60 \ - crate://crates.io/libc/0.2.139 \ - crate://crates.io/link-cplusplus/1.0.8 \ + crate://crates.io/foreign-types/0.3.2 \ + crate://crates.io/foreign-types-shared/0.1.1 \ + crate://crates.io/indoc/1.0.9 \ + crate://crates.io/libc/0.2.144 \ crate://crates.io/lock_api/0.4.9 \ - crate://crates.io/log/0.4.17 \ - crate://crates.io/num-integer/0.1.45 \ - crate://crates.io/num-traits/0.2.15 \ - crate://crates.io/once_cell/1.14.0 \ - crate://crates.io/ouroboros/0.15.5 \ - crate://crates.io/ouroboros_macro/0.15.5 \ - crate://crates.io/parking_lot/0.11.2 \ - crate://crates.io/parking_lot_core/0.8.6 \ - crate://crates.io/paste/0.1.18 \ - crate://crates.io/paste-impl/0.1.18 \ - crate://crates.io/pem/1.1.0 \ + crate://crates.io/memoffset/0.8.0 \ + crate://crates.io/once_cell/1.17.2 \ + crate://crates.io/openssl/0.10.54 \ + crate://crates.io/openssl-macros/0.1.1 \ + crate://crates.io/openssl-sys/0.9.88 \ + crate://crates.io/ouroboros/0.15.6 \ + crate://crates.io/ouroboros_macro/0.15.6 \ + crate://crates.io/parking_lot/0.12.1 \ + crate://crates.io/parking_lot_core/0.9.7 \ + crate://crates.io/pem/1.1.1 \ + crate://crates.io/pkg-config/0.3.27 \ crate://crates.io/proc-macro-error/1.0.4 \ crate://crates.io/proc-macro-error-attr/1.0.4 \ - crate://crates.io/proc-macro-hack/0.5.20+deprecated \ - crate://crates.io/proc-macro2/1.0.49 \ - crate://crates.io/pyo3/0.15.2 \ - crate://crates.io/pyo3-build-config/0.15.2 \ - crate://crates.io/pyo3-macros/0.15.2 \ - crate://crates.io/pyo3-macros-backend/0.15.2 \ - crate://crates.io/quote/1.0.23 \ + crate://crates.io/proc-macro2/1.0.64 \ + crate://crates.io/pyo3/0.18.3 \ + crate://crates.io/pyo3-build-config/0.18.3 \ + crate://crates.io/pyo3-ffi/0.18.3 \ + crate://crates.io/pyo3-macros/0.18.3 \ + crate://crates.io/pyo3-macros-backend/0.18.3 \ + crate://crates.io/quote/1.0.28 \ crate://crates.io/redox_syscall/0.2.16 \ crate://crates.io/scopeguard/1.1.0 \ - crate://crates.io/scratch/1.0.3 \ crate://crates.io/smallvec/1.10.0 \ - crate://crates.io/syn/1.0.107 \ - crate://crates.io/termcolor/1.1.3 \ - crate://crates.io/unicode-ident/1.0.6 \ - crate://crates.io/unicode-width/0.1.10 \ + crate://crates.io/syn/1.0.109 \ + crate://crates.io/syn/2.0.18 \ + crate://crates.io/target-lexicon/0.12.7 \ + crate://crates.io/unicode-ident/1.0.9 \ crate://crates.io/unindent/0.1.11 \ + crate://crates.io/vcpkg/0.2.15 \ crate://crates.io/version_check/0.9.4 \ - crate://crates.io/wasm-bindgen/0.2.83 \ - crate://crates.io/wasm-bindgen-backend/0.2.83 \ - crate://crates.io/wasm-bindgen-macro/0.2.83 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.83 \ - crate://crates.io/wasm-bindgen-shared/0.2.83 \ - crate://crates.io/winapi/0.3.9 \ - crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi-util/0.1.5 \ - crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/windows-sys/0.45.0 \ + crate://crates.io/windows-targets/0.42.2 \ + crate://crates.io/windows_aarch64_gnullvm/0.42.2 \ + crate://crates.io/windows_aarch64_msvc/0.42.2 \ + crate://crates.io/windows_i686_gnu/0.42.2 \ + crate://crates.io/windows_i686_msvc/0.42.2 \ + crate://crates.io/windows_x86_64_gnu/0.42.2 \ + crate://crates.io/windows_x86_64_gnullvm/0.42.2 \ + crate://crates.io/windows_x86_64_msvc/0.42.2 \ " SRC_URI[Inflector-0.11.4.sha256sum] = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3" SRC_URI[aliasable-0.1.3.sha256sum] = "250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd" -SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" -SRC_URI[asn1-0.13.0.sha256sum] = "2affba5e62ee09eeba078f01a00c4aed45ac4287e091298eccbb0d4802efbdc5" -SRC_URI[asn1_derive-0.13.0.sha256sum] = "bfab79c195875e5aef2bd20b4c8ed8d43ef9610bcffefbbcf66f88f555cc78af" +SRC_URI[asn1-0.15.2.sha256sum] = "28c19b9324de5b815b6487e0f8098312791b09de0dbf3d5c2db1fe2d95bab973" +SRC_URI[asn1_derive-0.15.2.sha256sum] = "a045c3ccad89f244a86bd1e6cf1a7bf645296e7692698b056399b6efd4639407" SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" SRC_URI[base64-0.13.1.sha256sum] = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" -SRC_URI[bumpalo-3.10.0.sha256sum] = "37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3" -SRC_URI[cc-1.0.78.sha256sum] = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d" +SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" -SRC_URI[chrono-0.4.23.sha256sum] = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f" -SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e" -SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" -SRC_URI[cxx-1.0.85.sha256sum] = "5add3fc1717409d029b20c5b6903fc0c0b02fa6741d820054f4a2efa5e5816fd" -SRC_URI[cxx-build-1.0.85.sha256sum] = "b4c87959ba14bc6fbc61df77c3fcfe180fc32b93538c4f1031dd802ccb5f2ff0" -SRC_URI[cxxbridge-flags-1.0.85.sha256sum] = "69a3e162fde4e594ed2b07d0f83c6c67b745e7f28ce58c6df5e6b6bef99dfb59" -SRC_URI[cxxbridge-macro-1.0.85.sha256sum] = "3e7e2adeb6a0d4a282e581096b06e1791532b7d576dcde5ccd9382acf55db8e6" -SRC_URI[iana-time-zone-0.1.53.sha256sum] = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765" -SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca" -SRC_URI[indoc-0.3.6.sha256sum] = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8" -SRC_URI[indoc-impl-0.3.6.sha256sum] = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0" -SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" -SRC_URI[js-sys-0.3.60.sha256sum] = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47" -SRC_URI[libc-0.2.139.sha256sum] = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79" -SRC_URI[link-cplusplus-1.0.8.sha256sum] = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5" +SRC_URI[foreign-types-0.3.2.sha256sum] = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +SRC_URI[foreign-types-shared-0.1.1.sha256sum] = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +SRC_URI[indoc-1.0.9.sha256sum] = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306" +SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1" SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" -SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" -SRC_URI[num-integer-0.1.45.sha256sum] = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" -SRC_URI[num-traits-0.2.15.sha256sum] = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" -SRC_URI[once_cell-1.14.0.sha256sum] = "2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0" -SRC_URI[ouroboros-0.15.5.sha256sum] = "dfbb50b356159620db6ac971c6d5c9ab788c9cc38a6f49619fca2a27acb062ca" -SRC_URI[ouroboros_macro-0.15.5.sha256sum] = "4a0d9d1a6191c4f391f87219d1ea42b23f09ee84d64763cd05ee6ea88d9f384d" -SRC_URI[parking_lot-0.11.2.sha256sum] = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" -SRC_URI[parking_lot_core-0.8.6.sha256sum] = "60a2cfe6f0ad2bfc16aefa463b497d5c7a5ecd44a23efa72aa342d90177356dc" -SRC_URI[paste-0.1.18.sha256sum] = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" -SRC_URI[paste-impl-0.1.18.sha256sum] = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" -SRC_URI[pem-1.1.0.sha256sum] = "03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4" +SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" +SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b" +SRC_URI[openssl-0.10.54.sha256sum] = "69b3f656a17a6cbc115b5c7a40c616947d213ba182135b014d6051b73ab6f019" +SRC_URI[openssl-macros-0.1.1.sha256sum] = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +SRC_URI[openssl-sys-0.9.88.sha256sum] = "c2ce0f250f34a308dcfdbb351f511359857d4ed2134ba715a4eadd46e1ffd617" +SRC_URI[ouroboros-0.15.6.sha256sum] = "e1358bd1558bd2a083fed428ffeda486fbfb323e698cdda7794259d592ca72db" +SRC_URI[ouroboros_macro-0.15.6.sha256sum] = "5f7d21ccd03305a674437ee1248f3ab5d4b1db095cf1caf49f1713ddf61956b7" +SRC_URI[parking_lot-0.12.1.sha256sum] = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +SRC_URI[parking_lot_core-0.9.7.sha256sum] = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521" +SRC_URI[pem-1.1.1.sha256sum] = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" SRC_URI[proc-macro-error-1.0.4.sha256sum] = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" SRC_URI[proc-macro-error-attr-1.0.4.sha256sum] = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -SRC_URI[proc-macro-hack-0.5.20+deprecated.sha256sum] = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" -SRC_URI[proc-macro2-1.0.49.sha256sum] = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5" -SRC_URI[pyo3-0.15.2.sha256sum] = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752" -SRC_URI[pyo3-build-config-0.15.2.sha256sum] = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410" -SRC_URI[pyo3-macros-0.15.2.sha256sum] = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a" -SRC_URI[pyo3-macros-backend-0.15.2.sha256sum] = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095" -SRC_URI[quote-1.0.23.sha256sum] = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b" +SRC_URI[proc-macro2-1.0.64.sha256sum] = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da" +SRC_URI[pyo3-0.18.3.sha256sum] = "e3b1ac5b3731ba34fdaa9785f8d74d17448cd18f30cf19e0c7e7b1fdb5272109" +SRC_URI[pyo3-build-config-0.18.3.sha256sum] = "9cb946f5ac61bb61a5014924910d936ebd2b23b705f7a4a3c40b05c720b079a3" +SRC_URI[pyo3-ffi-0.18.3.sha256sum] = "fd4d7c5337821916ea2a1d21d1092e8443cf34879e53a0ac653fbb98f44ff65c" +SRC_URI[pyo3-macros-0.18.3.sha256sum] = "a9d39c55dab3fc5a4b25bbd1ac10a2da452c4aca13bb450f22818a002e29648d" +SRC_URI[pyo3-macros-backend-0.18.3.sha256sum] = "97daff08a4c48320587b5224cc98d609e3c27b6d437315bd40b605c98eeb5918" +SRC_URI[quote-1.0.28.sha256sum] = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488" SRC_URI[redox_syscall-0.2.16.sha256sum] = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" -SRC_URI[scratch-1.0.3.sha256sum] = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2" SRC_URI[smallvec-1.10.0.sha256sum] = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" -SRC_URI[syn-1.0.107.sha256sum] = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5" -SRC_URI[termcolor-1.1.3.sha256sum] = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" -SRC_URI[unicode-ident-1.0.6.sha256sum] = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc" -SRC_URI[unicode-width-0.1.10.sha256sum] = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" +SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +SRC_URI[syn-2.0.18.sha256sum] = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e" +SRC_URI[target-lexicon-0.12.7.sha256sum] = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5" +SRC_URI[unicode-ident-1.0.9.sha256sum] = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0" SRC_URI[unindent-0.1.11.sha256sum] = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" +SRC_URI[vcpkg-0.2.15.sha256sum] = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -SRC_URI[wasm-bindgen-0.2.83.sha256sum] = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268" -SRC_URI[wasm-bindgen-backend-0.2.83.sha256sum] = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142" -SRC_URI[wasm-bindgen-macro-0.2.83.sha256sum] = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810" -SRC_URI[wasm-bindgen-macro-support-0.2.83.sha256sum] = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c" -SRC_URI[wasm-bindgen-shared-0.2.83.sha256sum] = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f" -SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" -SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" -SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +SRC_URI[windows-sys-0.45.0.sha256sum] = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +SRC_URI[windows-targets-0.42.2.sha256sum] = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +SRC_URI[windows_aarch64_gnullvm-0.42.2.sha256sum] = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" +SRC_URI[windows_aarch64_msvc-0.42.2.sha256sum] = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" +SRC_URI[windows_i686_gnu-0.42.2.sha256sum] = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" +SRC_URI[windows_i686_msvc-0.42.2.sha256sum] = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" +SRC_URI[windows_x86_64_gnu-0.42.2.sha256sum] = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" +SRC_URI[windows_x86_64_gnullvm-0.42.2.sha256sum] = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" +SRC_URI[windows_x86_64_msvc-0.42.2.sha256sum] = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" diff --git a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb index 795e27f75b..52f2c35315 100644 --- a/poky/meta/recipes-devtools/python/python3-cryptography-vectors_39.0.2.bb +++ b/poky/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.2.bb @@ -9,11 +9,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ # NOTE: Make sure to keep this recipe at the same version as python3-cryptography # Upgrade both recipes at the same time -SRC_URI[sha256sum] = "a68f106f7a4322cf1e7ed51e3fc6d5c1e0b11d337ed918ec879e8afe0c2a5220" +SRC_URI[sha256sum] = "028dff94a8522ca818b11295ff12df55f348f33a193c0597ddfe8239e53d1582" PYPI_PACKAGE = "cryptography_vectors" -inherit pypi setuptools3 +inherit pypi python_setuptools_build_meta DEPENDS += " \ ${PYTHON_PN}-cryptography \ diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch new file mode 100644 index 0000000000..d720359ded --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-cryptography/0001-Fix-include-directory-when-cross-compiling-9129.patch @@ -0,0 +1,52 @@ +From 2f9cd402d3293f6efe0f3ac06f17c6c14edbed86 Mon Sep 17 00:00:00 2001 +From: James Hilliard <james.hilliard1@gmail.com> +Date: Sun, 25 Jun 2023 17:39:19 -0600 +Subject: [PATCH] Fix include directory when cross compiling (#9129) + +Upstream-Status: Backport [https://github.com/pyca/cryptography/pull/9129] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + src/rust/cryptography-cffi/build.rs | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/rust/cryptography-cffi/build.rs b/src/rust/cryptography-cffi/build.rs +index 07590ad2e..384af1ddb 100644 +--- a/src/rust/cryptography-cffi/build.rs ++++ b/src/rust/cryptography-cffi/build.rs +@@ -47,9 +47,14 @@ fn main() { + ) + .unwrap(); + println!("cargo:rustc-cfg=python_implementation=\"{}\"", python_impl); +- let python_include = run_python_script( ++ let python_includes = run_python_script( + &python, +- "import sysconfig; print(sysconfig.get_path('include'), end='')", ++ "import os; \ ++ import setuptools.dist; \ ++ import setuptools.command.build_ext; \ ++ b = setuptools.command.build_ext.build_ext(setuptools.dist.Distribution()); \ ++ b.finalize_options(); \ ++ print(os.pathsep.join(b.include_dirs), end='')", + ) + .unwrap(); + let openssl_include = +@@ -59,12 +64,15 @@ fn main() { + let mut build = cc::Build::new(); + build + .file(openssl_c) +- .include(python_include) + .include(openssl_include) + .flag_if_supported("-Wconversion") + .flag_if_supported("-Wno-error=sign-conversion") + .flag_if_supported("-Wno-unused-parameter"); + ++ for python_include in env::split_paths(&python_includes) { ++ build.include(python_include); ++ } ++ + // Enable abi3 mode if we're not using PyPy. + if python_impl != "PyPy" { + // cp37 (Python 3.7 to help our grep when we some day drop 3.7 support) +-- +2.30.2 + diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch index 481f595246..69cf451d57 100644 --- a/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch +++ b/poky/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch @@ -1,4 +1,4 @@ -From ce972ea92d724f232323a9a6265a8b44d913d4d8 Mon Sep 17 00:00:00 2001 +From b7dd3ce1d75d1e6255e1aca82aa7f401d4246a75 Mon Sep 17 00:00:00 2001 From: Mingli Yu <mingli.yu@windriver.com> Date: Tue, 17 May 2022 17:22:48 +0800 Subject: [PATCH] pyproject.toml: remove --benchmark-disable option @@ -18,23 +18,28 @@ Fixes: Upstream-Status: Inappropriate [OE specific] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + --- - pyproject.toml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + pyproject.toml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml -index 4d58129..b011fca 100644 +index b2e511f..4a285af 100644 --- a/pyproject.toml +++ b/pyproject.toml -@@ -15,7 +15,7 @@ line-length = 79 - target-version = ["py36"] +@@ -85,7 +85,7 @@ line-length = 79 + target-version = ["py37"] [tool.pytest.ini_options] -addopts = "-r s --capture=no --strict-markers --benchmark-disable" +addopts = "-r s --capture=no --strict-markers" + console_output_style = "progress-even-when-capture-no" markers = [ "skip_fips: this test is not executed in FIPS mode", - "supported: parametrized test requiring only_if and skip_message", --- -2.25.1 - +@@ -151,4 +151,4 @@ git-only = [ + "ci-constraints-requirements.txt", + ".gitattributes", + ".gitignore", +-] +\ No newline at end of file ++] diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch b/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch deleted file mode 100644 index 366e3a4d39..0000000000 --- a/poky/meta/recipes-devtools/python/python3-cryptography/0002-Cargo.toml-edition-2018-2021.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 4b73298b214a5b69ea6edf3c2e21dd82b2b29708 Mon Sep 17 00:00:00 2001 -From: Tim Orling <tim.orling@konsulko.com> -Date: Fri, 14 Jan 2022 22:34:59 -0800 -Subject: [PATCH 2/2] Cargo.toml: edition 2018 -> 2021 - -Upstream-Status: Pending - -Signed-off-by: Tim Orling <tim.orling@konsulko.com> ---- - src/rust/Cargo.toml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 174eaa80..7ad053d9 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -2,7 +2,7 @@ - name = "cryptography-rust" - version = "0.1.0" - authors = ["The cryptography developers <cryptography-dev@python.org>"] --edition = "2018" -+edition = "2021" - publish = false - - [dependencies] --- -2.30.2 - diff --git a/poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb index 449e3ba1bc..20d6c97f36 100644 --- a/poky/meta/recipes-devtools/python/python3-cryptography_39.0.2.bb +++ b/poky/meta/recipes-devtools/python/python3-cryptography_41.0.2.bb @@ -1,26 +1,24 @@ SUMMARY = "Provides cryptographic recipes and primitives to python developers" HOMEPAGE = "https://cryptography.io/" SECTION = "devel/python" -LICENSE = "( Apache-2.0 | BSD-3-Clause ) & PSF-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba \ +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \ - file://LICENSE.PSF;md5=43c37d21e1dbad10cddcd150ba2c0595 \ " LDSHARED += "-pthread" -SRC_URI[sha256sum] = "bc5b871e977c8ee5a1bbc42fa8d19bcc08baf0c51cbf1586b0e87a2694dde42f" +SRC_URI[sha256sum] = "7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c" -SRC_URI += "\ - file://0002-Cargo.toml-edition-2018-2021.patch \ - file://0001-pyproject.toml-remove-benchmark-disable-option.patch \ - file://check-memfree.py \ - file://run-ptest \ -" +SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \ + file://0001-Fix-include-directory-when-cross-compiling-9129.patch \ + file://check-memfree.py \ + file://run-ptest \ + " require ${BPN}-crates.inc -inherit pypi python_setuptools3_rust cargo-update-recipe-crates +inherit pypi python_setuptools3_rust cargo-update-recipe-crates pkgconfig DEPENDS += " \ ${PYTHON_PN}-cffi-native \ diff --git a/poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb b/poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb index 78be2b94ed..78be2b94ed 100644 --- a/poky/meta/recipes-devtools/python/python3-cython_0.29.35.bb +++ b/poky/meta/recipes-devtools/python/python3-cython_0.29.36.bb diff --git a/poky/meta/recipes-devtools/python/python3-editables_0.3.bb b/poky/meta/recipes-devtools/python/python3-editables_0.4.bb index b42ff06872..c53186997a 100644 --- a/poky/meta/recipes-devtools/python/python3-editables_0.3.bb +++ b/poky/meta/recipes-devtools/python/python3-editables_0.4.bb @@ -4,8 +4,12 @@ SECTION = "devel/python" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=41bc1be47b7bb8240db3ef928c7cb0bf" -SRC_URI[sha256sum] = "167524e377358ed1f1374e61c268f0d7a4bf7dbd046c656f7b410cde16161b1a" +SRC_URI[sha256sum] = "dc322c42e7ccaf19600874035a4573898d88aadd07e177c239298135b75da772" inherit pypi python_setuptools_build_meta +RDEPENDS:${PN} += "\ + python3-io \ +" + BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.32.bb index 08b9f66bcb..f217577eb8 100644 --- a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb +++ b/poky/meta/recipes-devtools/python/python3-git_3.1.32.bb @@ -12,7 +12,7 @@ PYPI_PACKAGE = "GitPython" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "8ce3bcf69adfdf7c7d503e78fd3b1c492af782d58893b650adb2ac8912ddd573" +SRC_URI[sha256sum] = "8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6" DEPENDS += " ${PYTHON_PN}-gitdb" diff --git a/poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb b/poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb index 05a86f0efb..c94e49dab3 100644 --- a/poky/meta/recipes-devtools/python/python3-hatchling_1.17.0.bb +++ b/poky/meta/recipes-devtools/python/python3-hatchling_1.18.0.bb @@ -8,7 +8,7 @@ inherit pypi python_hatchling DEPENDS += "python3-pluggy-native python3-pathspec-native python3-packaging-native python3-editables-native python3-trove-classifiers-native" DEPENDS:remove:class-native = "python3-hatchling-native" -SRC_URI[sha256sum] = "b1244db3f45b4ef5a00106a46612da107cdfaf85f1580b8e1c059fefc98b0930" +SRC_URI[sha256sum] = "50e99c3110ce0afc3f7bdbadff1c71c17758e476731c27607940cfa6686489ca" do_compile:prepend() { export PYTHONPATH=src diff --git a/poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb b/poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb index dc21bc67c6..93bf638759 100644 --- a/poky/meta/recipes-devtools/python/python3-hypothesis_6.75.7.bb +++ b/poky/meta/recipes-devtools/python/python3-hypothesis_6.81.2.bb @@ -13,7 +13,7 @@ SRC_URI += " \ file://test_rle.py \ " -SRC_URI[sha256sum] = "a8ef2e0c7d5ebd90043a4ed8f6987de6a2b497b2caf6863364ff41db25971856" +SRC_URI[sha256sum] = "e35165a73064370d30d476d7218f600d2bf861ff218192c9e994cb36aa190ae7" RDEPENDS:${PN} += " \ python3-attrs \ diff --git a/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb b/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb index 34bc55b0e1..b8dd4bb701 100644 --- a/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.6.0.bb +++ b/poky/meta/recipes-devtools/python/python3-importlib-metadata_6.8.0.bb @@ -8,7 +8,7 @@ inherit pypi python_setuptools_build_meta PYPI_PACKAGE = "importlib_metadata" UPSTREAM_CHECK_REGEX = "/importlib-metadata/(?P<pver>(\d+[\.\-_]*)+)/" -SRC_URI[sha256sum] = "92501cdf9cc66ebd3e612f1b4f0c0765dfa42f0fa38ffb319b6bd84dd675d705" +SRC_URI[sha256sum] = "dbace7892d8c0c4ac1ad096662232f831d4e64f4c4545bd53016a3e9d4654743" S = "${WORKDIR}/importlib_metadata-${PV}" diff --git a/poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb b/poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb index 797607f81e..a8dccb90c7 100644 --- a/poky/meta/recipes-devtools/python/python3-iso8601_1.1.0.bb +++ b/poky/meta/recipes-devtools/python/python3-iso8601_2.0.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://pyiso8601.readthedocs.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=aab31f2ef7ba214a5a341eaa47a7f367" -SRC_URI[sha256sum] = "32811e7b81deee2063ea6d2e94f8819a86d1f3811e49d23623a41fa832bef03f" +SRC_URI[sha256sum] = "739960d37c74c77bd9bd546a76562ccb581fe3d4820ff5c3141eb49c839fda8f" inherit pypi python_poetry_core diff --git a/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch b/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch deleted file mode 100644 index 4121834dbf..0000000000 --- a/poky/meta/recipes-devtools/python/python3-jsonpointer/0001-Clean-up-test-runner.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 04a864f33848da6af1dea906ba4922770022ef66 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@arm.com> -Date: Thu, 16 Mar 2023 14:21:32 +0000 -Subject: [PATCH] Clean up test runner - -Test code doesn't need to manually construct a TestSuite and a -TextTestRunner, the unittest module has a discovery function that does -all this for you. - -Delete all of the manual logic from tests.py, replace it with the two -lines to bring in the doctest unit tests, and update the makefile to -run the unittest discovery. - -Upstream-Status: Submitted [https://github.com/stefankoegl/python-json-pointer/pull/54] -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - makefile | 2 +- - tests.py | 24 ++++-------------------- - 2 files changed, 5 insertions(+), 21 deletions(-) - -diff --git a/tests.py b/tests.py -index 9252369..6b4b8cc 100755 ---- a/tests.py -+++ b/tests.py -@@ -7,6 +7,7 @@ import doctest - import unittest - import sys - import copy -+import jsonpointer - from jsonpointer import resolve_pointer, EndOfList, JsonPointerException, \ - JsonPointer, set_pointer - -@@ -410,23 +411,6 @@ class AltTypesTests(unittest.TestCase): - self.assertRaises(JsonPointerException, resolve_pointer, doc, '/root/1/2/3/4') - - -- --suite = unittest.TestSuite() --suite.addTest(unittest.makeSuite(SpecificationTests)) --suite.addTest(unittest.makeSuite(ComparisonTests)) --suite.addTest(unittest.makeSuite(WrongInputTests)) --suite.addTest(unittest.makeSuite(ToLastTests)) --suite.addTest(unittest.makeSuite(SetTests)) --suite.addTest(unittest.makeSuite(AltTypesTests)) -- --modules = ['jsonpointer'] -- --for module in modules: -- m = __import__(module, fromlist=[module]) -- suite.addTest(doctest.DocTestSuite(m)) -- --runner = unittest.TextTestRunner(verbosity=1) --result = runner.run(suite) -- --if not result.wasSuccessful(): -- sys.exit(1) -+def load_tests(loader, tests, ignore): -+ tests.addTests(doctest.DocTestSuite(jsonpointer)) -+ return tests --- -2.34.1 - diff --git a/poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb b/poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb index 0ec4de055c..d7a1fea70a 100644 --- a/poky/meta/recipes-devtools/python/python3-jsonpointer_2.3.bb +++ b/poky/meta/recipes-devtools/python/python3-jsonpointer_2.4.bb @@ -5,9 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=32b15c843b7a329130f4e266a281ebb3" inherit pypi ptest setuptools3 -SRC_URI += "file://0001-Clean-up-test-runner.patch" - -SRC_URI[sha256sum] = "97cba51526c829282218feb99dab1b1e6bdf8efd1c43dc9d57be093c0d69c99a" +SRC_URI[sha256sum] = "585cee82b70211fa9e6043b7bb89db6e1aa49524340dde8ad6b63206ea689d88" RDEPENDS:${PN} += " \ ${PYTHON_PN}-json \ diff --git a/poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb b/poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb index c7f1e1fc3c..b911f7b2ad 100644 --- a/poky/meta/recipes-devtools/python/python3-lxml_4.9.2.bb +++ b/poky/meta/recipes-devtools/python/python3-lxml_4.9.3.bb @@ -18,7 +18,7 @@ LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=e4c045ebad958ead4b48008f70838403 \ DEPENDS += "libxml2 libxslt" -SRC_URI[sha256sum] = "2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67" +SRC_URI[sha256sum] = "48628bd53a426c9eb9bc066a923acaa0878d1e86129fd5359aee99285f4eed9c" SRC_URI += "${PYPI_SRC_URI}" inherit pkgconfig pypi setuptools3 diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb b/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb index d150403f8c..b346cc85d9 100644 --- a/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-markupsafe_2.1.3.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/mitsuhiko/markupsafe" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75" -SRC_URI[sha256sum] = "abcabc8c2b26036d62d4c746381a6f7cf60aafcc653198ad678306986b09450d" +SRC_URI[sha256sum] = "af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad" PYPI_PACKAGE = "MarkupSafe" inherit pypi setuptools3 ptest diff --git a/poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb b/poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb index 710af5fe8f..3632ab71ee 100644 --- a/poky/meta/recipes-devtools/python/python3-numpy_1.24.3.bb +++ b/poky/meta/recipes-devtools/python/python3-numpy_1.25.1.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://numpy.org/" DESCRIPTION = "NumPy is the fundamental package needed for scientific computing with Python." SECTION = "devel/python" LICENSE = "BSD-3-Clause & BSD-2-Clause & PSF-2.0 & Apache-2.0 & MIT" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8026691468924fb6ec155dadfe2a1a7f" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7614a5b0073688df53773ec6ec7fe81d" SRCNAME = "numpy" @@ -12,7 +12,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \ file://0001-numpy-core-Define-RISCV-32-support.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "ab344f1bf21f140adab8e47fdbc7c35a477dc01408791f8ba00d018dd0bc5155" +SRC_URI[sha256sum] = "9a3a9f3a61480cc086117b426a8bd86869c213fc4072e606f01c4e4b66eb92bf" GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases" UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P<pver>\d+(\.\d+)+)$" diff --git a/poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb b/poky/meta/recipes-devtools/python/python3-pip_23.2.bb index a0ebd765bf..1ddec7d654 100644 --- a/poky/meta/recipes-devtools/python/python3-pip_23.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-pip_23.2.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=63ec52baf95163b597008bb46db68030 \ file://src/pip/_vendor/msgpack/COPYING;md5=cd9523181d9d4fbf7ffca52eaa2a5751 \ file://src/pip/_vendor/packaging/LICENSE;md5=faadaedca9251a90b205c9167578ce91 \ file://src/pip/_vendor/packaging/LICENSE.APACHE;md5=2ee41112a44fe7014dce33e26468ba93 \ - file://src/pip/_vendor/pkg_resources/LICENSE;md5=7a7126e068206290f3fe9f8d6c713ea6 \ + file://src/pip/_vendor/pkg_resources/LICENSE;md5=141643e11c48898150daa83802dbc65f \ file://src/pip/_vendor/platformdirs/LICENSE;md5=ea4f5a41454746a9ed111e3d8723d17a \ file://src/pip/_vendor/pygments/LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592 \ file://src/pip/_vendor/pyparsing/LICENSE;md5=657a566233888513e1f07ba13e2f47f1 \ @@ -24,7 +24,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=63ec52baf95163b597008bb46db68030 \ file://src/pip/_vendor/six.LICENSE;md5=43cfc9e4ac0e377acfb9b76f56b8415d \ file://src/pip/_vendor/tenacity/LICENSE;md5=175792518e4ac015ab6696d16c4f607e \ file://src/pip/_vendor/tomli/LICENSE;md5=aaaaf0879d17df0110d1aa8c8c9f46f5 \ - file://src/pip/_vendor/typing_extensions.LICENSE;md5=f16b323917992e0f8a6f0071bc9913e2 \ + file://src/pip/_vendor/typing_extensions.LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2 \ file://src/pip/_vendor/urllib3/LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c \ file://src/pip/_vendor/webencodings/LICENSE;md5=81fb24cd7823cce23b69f721993dce4d \ " @@ -33,7 +33,7 @@ inherit pypi python_setuptools_build_meta SRC_URI += "file://no_shebang_mangling.patch" -SRC_URI[sha256sum] = "0e7c86f486935893c708287b30bd050a36ac827ec7fe5e43fe7cb198dd835fba" +SRC_URI[sha256sum] = "a160a170f3331d9ca1a0247eb1cd79c758879f1f81158f9cd05bbb5df80bea5c" do_install:append() { rm -f ${D}/${bindir}/pip diff --git a/poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb b/poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb index 99ae6336b7..3322bb523b 100644 --- a/poky/meta/recipes-devtools/python/python3-pluggy_1.0.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pluggy_1.2.0.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pytest-dev/pluggy" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=1c8206d16fd5cc02fa9b0bb98955e5c2" -SRC_URI[sha256sum] = "4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159" +SRC_URI[sha256sum] = "d12f0c4b579b15f5e054301bb226ee85eeeba08ffec228092f8defbaa3a4c4b3" DEPENDS += "${PYTHON_PN}-setuptools-scm-native" RDEPENDS:${PN} += "${PYTHON_PN}-importlib-metadata \ diff --git a/poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb b/poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb index 5214a05d53..8059750de0 100644 --- a/poky/meta/recipes-devtools/python/python3-pycairo_1.23.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pycairo_1.24.0.bb @@ -13,7 +13,7 @@ DEPENDS = "cairo python3" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/pycairo-${PV}.tar.gz" GITHUB_BASE_URI = "https://github.com/pygobject/pycairo/releases/" -SRC_URI[sha256sum] = "9b61ac818723adc04367301317eb2e814a83522f07bbd1f409af0dada463c44c" +SRC_URI[sha256sum] = "1444d52f1bb4cc79a4a0c0fe2ccec4bd78ff885ab01ebe1c0f637d8392bcafb6" S = "${WORKDIR}/pycairo-${PV}" diff --git a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb b/poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb index 16769e9263..e0e477100e 100644 --- a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pygments_2.15.1.bb @@ -4,8 +4,8 @@ HOMEPAGE = "http://pygments.org/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592" -inherit setuptools3 -SRC_URI[sha256sum] = "b3ed06a9e8ac9a9aae5a6f5dbe78a8a58655d17b43b93c078f094ddc476ae297" +inherit python_setuptools_build_meta +SRC_URI[sha256sum] = "8ace4d3c1dd481894b2005f560ead0f9f19ee64fe983366be1a21e171d12775c" DEPENDS += "\ ${PYTHON_PN} \ diff --git a/poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb index b858073c3b..e5c6d5f832 100644 --- a/poky/meta/recipes-devtools/python/python3-pyparsing_3.0.9.bb +++ b/poky/meta/recipes-devtools/python/python3-pyparsing_3.1.0.bb @@ -10,7 +10,7 @@ BUGTRACKER = "https://github.com/pyparsing/pyparsing/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=657a566233888513e1f07ba13e2f47f1" -SRC_URI[sha256sum] = "2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb" +SRC_URI[sha256sum] = "edb662d6fe322d6e990b1594b5feaeadf806803359e3d4d42f11e295e588f0ea" UPSTREAM_CHECK_REGEX = "pyparsing-(?P<pver>.*)\.tar" diff --git a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb index e1f2a49d31..ddba031880 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.10.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest-subtests_0.11.0.bb @@ -7,9 +7,9 @@ BUGTRACKER = "https://github.com/pytest-dev/pytest-subtests/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1" -SRC_URI[sha256sum] = "d9961a67c1791e8c1e32dce7a70ed1e54f3b1e641087f2094f2d37087ab7fb17" +SRC_URI[sha256sum] = "51865c88457545f51fb72011942f0a3c6901ee9e24cbfb6d1b9dc1348bafbe37" -inherit pypi setuptools3 +inherit pypi python_setuptools_build_meta DEPENDS += "${PYTHON_PN}-setuptools-scm-native" diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb index 914ea55346..323dfebe38 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest_7.3.1.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest_7.4.0.bb @@ -5,7 +5,7 @@ DESCRIPTION = "The pytest framework makes it easy to write small tests, yet scal LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c" -SRC_URI[sha256sum] = "434afafd78b1d78ed0addf160ad2b77a30d35d4bdf8af234fe621919d9ed15e3" +SRC_URI[sha256sum] = "b4bf8c45bd59934ed84001ad51e11b4ee40d40a1229d2c79f9c592b0a3f6bd8a" DEPENDS += "python3-setuptools-scm-native" diff --git a/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb b/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb index 5604ff01e4..b745f349e7 100644 --- a/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.31.bb +++ b/poky/meta/recipes-devtools/python/python3-ruamel-yaml_0.17.32.bb @@ -9,7 +9,7 @@ PYPI_PACKAGE = "ruamel.yaml" inherit pypi setuptools3 -SRC_URI[sha256sum] = "098ed1eb6d338a684891a72380277c1e6fc4d4ae0e120de9a447275056dda335" +SRC_URI[sha256sum] = "ec939063761914e14542972a5cba6d33c23b0859ab6342f61cf070cfc600efc2" RDEPENDS:${PN} += "\ ${PYTHON_PN}-shell \ diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch index 4d56dc89ba..1e5ab498a4 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch +++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch @@ -1,4 +1,4 @@ -From 2b06ca797d3ccc5b195aaa04a085c44bf61d4de3 Mon Sep 17 00:00:00 2001 +From 5e603da9c01ccb828a03ea3e82d15599971f794f Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Tue, 17 Jul 2018 10:13:38 +0800 Subject: [PATCH] conditionally do not fetch code by easy_install @@ -9,17 +9,16 @@ internet by easy_install. Upstream-Status: Inappropriate [oe specific] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> - --- setuptools/command/easy_install.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py -index 444d3b3..61e445a 100644 +index 0b8d1159..93308060 100644 --- a/setuptools/command/easy_install.py +++ b/setuptools/command/easy_install.py -@@ -648,6 +648,11 @@ class easy_install(Command): - os.path.exists(tmpdir) and rmtree(tmpdir) +@@ -644,6 +644,11 @@ class easy_install(Command): + os.path.exists(tmpdir) and _rmtree(tmpdir) def easy_install(self, spec, deps=False): + if os.environ.get('NO_FETCH_BUILD', None): @@ -30,3 +29,6 @@ index 444d3b3..61e445a 100644 with self._tmpdir() as tmpdir: if not isinstance(spec, Requirement): if URL_SCHEME(spec): +-- +2.41.0 + diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb b/poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb index ad0d7cc527..4ac789d18c 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools_67.6.1.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools_68.0.0.bb @@ -2,7 +2,7 @@ SUMMARY = "Download, build, install, upgrade, and uninstall Python packages" HOMEPAGE = "https://pypi.org/project/setuptools" SECTION = "devel/python" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=19;md5=7a7126e068206290f3fe9f8d6c713ea6" +LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f" inherit pypi python_setuptools_build_meta @@ -11,7 +11,7 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e SRC_URI += " \ file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch" -SRC_URI[sha256sum] = "257de92a9d50a60b8e22abfcbb771571fde0dbf3ec234463212027a4eeecbe9a" +SRC_URI[sha256sum] = "baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235" DEPENDS += "${PYTHON_PN}" diff --git a/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb b/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb index 25de0159b6..0fac83a1c9 100644 --- a/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.1.bb +++ b/poky/meta/recipes-devtools/python/python3-sphinx-rtd-theme_1.2.2.bb @@ -13,7 +13,7 @@ RDEPENDS:${PN} += " \ PYPI_PACKAGE = "sphinx_rtd_theme" -SRC_URI[sha256sum] = "cf9a7dc0352cf179c538891cb28d6fad6391117d4e21c891776ab41dd6c8ff70" +SRC_URI[sha256sum] = "01c5c5a72e2d025bd23d1f06c59a4831b06e6ce6c01fdd5ebfe9986c0a880fc7" UPSTREAM_CHECK_REGEX ?= "/sphinx-rtd-theme/(?P<pver>(\d+[\.\-_]*)+)/" inherit setuptools3 pypi diff --git a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb index 2d484d4b2c..7879dc2031 100644 --- a/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.5.24.bb +++ b/poky/meta/recipes-devtools/python/python3-trove-classifiers_2023.7.6.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/trove-classifiers" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" -SRC_URI[sha256sum] = "fd5a1546283be941f47540a135bdeae8fb261380a6a204d9c18012f2a1b0ceae" +SRC_URI[sha256sum] = "8a8e168b51d20fed607043831d37632bb50919d1c80a64e0f1393744691a8b22" inherit pypi python_setuptools_build_meta ptest diff --git a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb index be43fe4a64..8ff77ba4fd 100644 --- a/poky/meta/recipes-devtools/python/python3-typing-extensions_4.6.2.bb +++ b/poky/meta/recipes-devtools/python/python3-typing-extensions_4.7.1.bb @@ -10,12 +10,12 @@ HOMEPAGE = "https://github.com/python/typing_extensions" BUGTRACKER = "https://github.com/python/typing_extensions/issues" SECTIONS = "libs" LICENSE = "PSF-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=f16b323917992e0f8a6f0071bc9913e2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2" # The name on PyPi is slightly different. PYPI_PACKAGE = "typing_extensions" -SRC_URI[sha256sum] = "06006244c70ac8ee83fa8282cb188f697b8db25bc8b4df07be1873c43897060c" +SRC_URI[sha256sum] = "b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2" inherit pypi python_flit_core diff --git a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb index bc1cdb009f..64b21db86d 100644 --- a/poky/meta/recipes-devtools/python/python3-urllib3_2.0.2.bb +++ b/poky/meta/recipes-devtools/python/python3-urllib3_2.0.3.bb @@ -1,9 +1,9 @@ SUMMARY = "Python HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more" HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=52d273a3054ced561275d4d15260ecda" -SRC_URI[sha256sum] = "61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc" +SRC_URI[sha256sum] = "bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825" inherit pypi python_hatchling diff --git a/poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb b/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb index 45654ff6f1..9dff59ffaf 100644 --- a/poky/meta/recipes-devtools/python/python3-zipp_3.15.0.bb +++ b/poky/meta/recipes-devtools/python/python3-zipp_3.16.2.bb @@ -1,9 +1,9 @@ SUMMARY = "Backport of pathlib-compatible object wrapper for zip files" HOMEPAGE = "https://github.com/jaraco/zipp" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=7a7126e068206290f3fe9f8d6c713ea6" +LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f" -SRC_URI[sha256sum] = "112929ad649da941c23de50f356a2b5570c954b65150642bccdd66bf194d224b" +SRC_URI[sha256sum] = "ebc15946aa78bd63458992fc81ec3b6f7b1e92d51c35e6de1c3804e73b799147" DEPENDS += "${PYTHON_PN}-setuptools-scm-native" diff --git a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch index c9253832cf..222a567dd5 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch @@ -1,4 +1,4 @@ -From 6cb667f37beacd832cb409e5244b3c90dfad32f7 Mon Sep 17 00:00:00 2001 +From aa8f1709c54557d2b51a9a37d15ccc3de62e90cb Mon Sep 17 00:00:00 2001 From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Wed, 4 Mar 2020 00:06:42 +0000 Subject: [PATCH] Don't search system for headers/libraries diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch index df5179e877..07c6aef9b9 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch @@ -1,4 +1,4 @@ -From 86061629f4a179e740a17e53dd2c98ab47af2fe2 Mon Sep 17 00:00:00 2001 +From 7b0a14e7320078ac891d415cab9b7568e3f52ad8 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Thu, 16 Sep 2021 16:35:37 +0200 Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O @@ -30,18 +30,18 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Lib/pty.py b/Lib/pty.py -index 8d8ce40..35439c6 100644 +index fefb63a..4cef056 100644 --- a/Lib/pty.py +++ b/Lib/pty.py -@@ -154,7 +154,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read): - os.write(STDOUT_FILENO, data) +@@ -184,7 +184,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read): + i_buf = i_buf[n:] - if STDIN_FILENO in rfds: + if stdin_avail and STDIN_FILENO in rfds: - data = stdin_read(STDIN_FILENO) + try: + data = stdin_read(STDIN_FILENO) + except OSError: + data = b"" if not data: - fds.remove(STDIN_FILENO) + stdin_avail = False else: diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch index d5b7ce2b95..a0f3d72992 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch @@ -1,4 +1,4 @@ -From 4ed481f4928c361970e78f27c4d9be8700af176b Mon Sep 17 00:00:00 2001 +From 512c617bd00b74b30a80dd56a12391de46e2b6cf Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Fri, 10 Sep 2021 12:28:31 +0200 Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration diff --git a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch index 5ee4e4f126..bbdd8b586e 100644 --- a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch +++ b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch @@ -1,4 +1,4 @@ -From 4c39252c71d8bca81fdc43753c83a59f8668c619 Mon Sep 17 00:00:00 2001 +From 843574d5a5b0818e83e20f8c0389d567bd4733fb Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 14 May 2013 15:00:26 -0700 Subject: [PATCH] python3: Add target and native recipes diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py index 0ca687d2eb..8e432b49af 100644 --- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py +++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py @@ -32,7 +32,7 @@ def fix_path(dep_path): dep_path = dep_path[dep_path.find(pivot)+len(pivot):] if '/usr/bin' in dep_path: - dep_path = dep_path.replace('/usr/bin''${bindir}') + dep_path = dep_path.replace('/usr/bin','${bindir}') # Handle multilib, is there a better way? if '/usr/lib32' in dep_path: diff --git a/poky/meta/recipes-devtools/python/python3/makerace.patch b/poky/meta/recipes-devtools/python/python3/makerace.patch index 979fc9dc36..c71c1e15de 100644 --- a/poky/meta/recipes-devtools/python/python3/makerace.patch +++ b/poky/meta/recipes-devtools/python/python3/makerace.patch @@ -1,4 +1,4 @@ -From 4f52aaf2a548b3356c6f1369c62b11335dc27464 Mon Sep 17 00:00:00 2001 +From dde5cb74f55b6dd39d25cff639d16940d9dad505 Mon Sep 17 00:00:00 2001 From: Richard Purdie <richard.purdie@linuxfoundation.org> Date: Tue, 13 Jul 2021 23:19:29 +0100 Subject: [PATCH] python3: Fix make race @@ -18,11 +18,11 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index 7558f0c..8cec819 100644 +index c6d7e85..205af6c 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -2005,7 +2005,7 @@ TESTSUBDIRS= ctypes/test \ - unittest/test unittest/test/testmock +@@ -2045,7 +2045,7 @@ TESTSUBDIRS= ctypes/test \ + unittest/test/testmock TEST_MODULES=@TEST_MODULES@ -libinstall: all $(srcdir)/Modules/xxmodule.c diff --git a/poky/meta/recipes-devtools/python/python3/run-ptest b/poky/meta/recipes-devtools/python/python3/run-ptest index 05396e91ab..efa84555a5 100644 --- a/poky/meta/recipes-devtools/python/python3/run-ptest +++ b/poky/meta/recipes-devtools/python/python3/run-ptest @@ -1,3 +1,3 @@ #!/bin/sh -SETUPTOOLS_USE_DISTUTILS=nonlocal python3 -m test -v | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -r -e '/\.\.\. (ERROR|FAIL)/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g' +{ SETUPTOOLS_USE_DISTUTILS=nonlocal python3 -m test -v -j 4 || echo "FAIL: python3" ; } | sed -u -e '/\.\.\. ok/ s/^/PASS: /g' -r -e '/\.\.\. (ERROR|FAIL)/ s/^/FAIL: /g' -e '/\.\.\. skipped/ s/^/SKIP: /g' -e 's/ \.\.\. ok//g' -e 's/ \.\.\. ERROR//g' -e 's/ \.\.\. FAIL//g' -e 's/ \.\.\. skipped//g' diff --git a/poky/meta/recipes-devtools/python/python3_3.11.3.bb b/poky/meta/recipes-devtools/python/python3_3.11.4.bb index c7974849b6..b3534ad678 100644 --- a/poky/meta/recipes-devtools/python/python3_3.11.3.bb +++ b/poky/meta/recipes-devtools/python/python3_3.11.4.bb @@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e" +SRC_URI[sha256sum] = "2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" @@ -47,15 +47,13 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/" CVE_PRODUCT = "python" -# Upstream consider this expected behaviour -CVE_CHECK_IGNORE += "CVE-2007-4559" -# This is not exploitable when glibc has CVE-2016-10739 fixed. -CVE_CHECK_IGNORE += "CVE-2019-18348" -# These are specific to Microsoft Windows -CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488" -# The mailcap module is insecure by design, so this can't be fixed in a meaningful way. +CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour" +CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed" +CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows" +CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Windows" # The module will be removed in the future and flaws documented. -CVE_CHECK_IGNORE += "CVE-2015-20107" +CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way" +# CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour" PYTHON_MAJMIN = "3.11" @@ -406,13 +404,13 @@ INSANE_SKIP:${PN}-ptest = "dev-deps" # catch all the rest (unsorted) PACKAGES += "${PN}-misc" RDEPENDS:${PN}-misc += "\ + ${PN}-audio \ + ${PN}-codecs \ ${PN}-core \ ${PN}-email \ - ${PN}-codecs \ - ${PN}-pydoc \ - ${PN}-pickle \ - ${PN}-audio \ ${PN}-numbers \ + ${PN}-pickle \ + ${PN}-pydoc \ " RDEPENDS:${PN}-modules:append:class-target = " ${MLPREFIX}python3-misc" RDEPENDS:${PN}-modules:append:class-nativesdk = " ${MLPREFIX}python3-misc" @@ -426,7 +424,7 @@ FILES:${PN}-man = "${datadir}/man" # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 RDEPENDS:libpython3:append:libc-glibc = " libgcc" RDEPENDS:${PN}-ctypes:append:libc-glibc = " ${MLPREFIX}ldconfig" -RDEPENDS:${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev unzip bzip2 libgcc tzdata coreutils sed" +RDEPENDS:${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev ${PN}-cgitb ${PN}-zipapp unzip bzip2 libgcc tzdata coreutils sed gcc g++ binutils" RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-fr-fr locale-base-en-us locale-base-tr-tr locale-base-de-de" RDEPENDS:${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', '${MLPREFIX}tk ${MLPREFIX}tk-lib', '', d)}" RDEPENDS:${PN}-idle += "${@bb.utils.contains('PACKAGECONFIG', 'tk', '${PN}-tkinter ${MLPREFIX}tcl', '', d)}" diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb index 73a0f63f2b..73a0f63f2b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native_8.0.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-native_8.0.3.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb index 04c7c2a6ac..04c7c2a6ac 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_8.0.3.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 6acda61425..64bade86aa 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -30,30 +30,24 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0001-tracetool-use-relative-paths-for-line-preprocessor-d.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ - file://ppc.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[sha256sum] = "bb60f0341531181d6cc3969dd19a013d0427a87f918193970d9adb91131e56d0" +SRC_URI[sha256sum] = "ecf4d32cbef9d397bfc8cc50e4d1e92a1b30253bf32e8ee73c7a8dcf9a232b09" SRC_URI:append:class-target = " file://cross.patch" SRC_URI:append:class-nativesdk = " file://cross.patch" -# Applies against virglrender < 0.6.0 and not qemu itself -CVE_CHECK_IGNORE += "CVE-2017-5957" +CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself" -# The VNC server can expose host files uder some circumstances. We don't -# enable it by default. -CVE_CHECK_IGNORE += "CVE-2007-0998" +CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." -# 'The issues identified by this CVE were determined to not constitute a vulnerability.' # https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 -CVE_CHECK_IGNORE += "CVE-2018-18438" +CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability." # As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 # https://bugzilla.redhat.com/show_bug.cgi?id=2167423 -# this bug related to windows specific. -CVE_CHECK_IGNORE += "CVE-2023-0664" +CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows" COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" @@ -215,7 +209,7 @@ PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" # libnfs is currently provided by meta-kodi PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs" PACKAGECONFIG[pmem] = "--enable-libpmem,--disable-libpmem,pmdk" -PACKAGECONFIG[pulsedio] = "--enable-pa,--disable-pa,pulseaudio" +PACKAGECONFIG[pulseaudio] = "--enable-pa,--disable-pa,pulseaudio" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" PACKAGECONFIG[bpf] = "--enable-bpf,--disable-bpf,libbpf" PACKAGECONFIG[capstone] = "--enable-capstone,--disable-capstone" @@ -236,6 +230,8 @@ PACKAGES =+ "${PN}-system-all ${PN}-user-all" ALLOW_EMPTY:${PN}-system-all = "1" ALLOW_EMPTY:${PN}-user-all = "1" +PACKAGES_DYNAMIC += "^${PN}-user-.* ^${PN}-system-.*" + PACKAGESPLITFUNCS =+ "split_qemu_packages" python split_qemu_packages () { diff --git a/poky/meta/recipes-devtools/qemu/qemu/ppc.patch b/poky/meta/recipes-devtools/qemu/qemu/ppc.patch deleted file mode 100644 index e14c48cf85..0000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/ppc.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 31f02021ac17442c514593f7b9ed750ea87c21b1 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Sat, 6 May 2023 07:42:35 +0100 -Cc: VÃctor Colombo <victor.colombo@eldorado.org.br> -Cc: Matheus Ferst <matheus.ferst@eldorado.org.br> -Cc: Daniel Henrique Barboza <danielhb413@gmail.com> -Cc: Richard Henderson <richard.henderson@linaro.org> -Cc: Philippe Mathieu-Daudé <philmd@linaro.org> -Subject: [PATCH v3] target/ppc: Fix fallback to MFSS for MFFS* instructions on - pre 3.0 ISAs - -The following commits changed the code such that the fallback to MFSS for MFFSCRN, -MFFSCRNI, MFFSCE and MFFSL on pre 3.0 ISAs was removed and became an illegal instruction: - - bf8adfd88b547680aa857c46098f3a1e94373160 - target/ppc: Move mffscrn[i] to decodetree - 394c2e2fda70da722f20fb60412d6c0ca4bfaa03 - target/ppc: Move mffsce to decodetree - 3e5bce70efe6bd1f684efbb21fd2a316cbf0657e - target/ppc: Move mffsl to decodetree - -The hardware will handle them as a MFFS instruction as the code did previously. -This means applications that were segfaulting under qemu when encountering these -instructions which is used in glibc libm functions for example. - -The fallback for MFFSCDRN and MFFSCDRNI added in a later patch was also missing. - -This patch restores the fallback to MFSS for these instructions on pre 3.0s ISAs -as the hardware decoder would, fixing the segfaulting libm code. It doesn't have -the fallback for 3.0 onwards to match hardware behaviour. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ---- - target/ppc/insn32.decode | 20 +++++++++++++------- - target/ppc/translate/fp-impl.c.inc | 22 ++++++++++++++++------ - 2 files changed, 29 insertions(+), 13 deletions(-) - -v3 - drop fallback to MFFS for 3.0 ISA to match hardware -v2 - switch to use decodetree pattern groups per feedback - -Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20230506065240.3177798-1-richard.purdie@linuxfoundation.org/] - -diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode -index f8f589e9fd..4fcf3af8d0 100644 ---- a/target/ppc/insn32.decode -+++ b/target/ppc/insn32.decode -@@ -390,13 +390,19 @@ SETNBCR 011111 ..... ..... ----- 0111100000 - @X_bi - - ### Move To/From FPSCR - --MFFS 111111 ..... 00000 ----- 1001000111 . @X_t_rc --MFFSCE 111111 ..... 00001 ----- 1001000111 - @X_t --MFFSCRN 111111 ..... 10110 ..... 1001000111 - @X_tb --MFFSCDRN 111111 ..... 10100 ..... 1001000111 - @X_tb --MFFSCRNI 111111 ..... 10111 ---.. 1001000111 - @X_imm2 --MFFSCDRNI 111111 ..... 10101 --... 1001000111 - @X_imm3 --MFFSL 111111 ..... 11000 ----- 1001000111 - @X_t -+{ -+ # Before Power ISA v3.0, MFFS bits 11~15 were reserved and should be ignored -+ MFFS_ISA207 111111 ..... ----- ----- 1001000111 . @X_t_rc -+ [ -+ MFFS 111111 ..... 00000 ----- 1001000111 . @X_t_rc -+ MFFSCE 111111 ..... 00001 ----- 1001000111 - @X_t -+ MFFSCRN 111111 ..... 10110 ..... 1001000111 - @X_tb -+ MFFSCDRN 111111 ..... 10100 ..... 1001000111 - @X_tb -+ MFFSCRNI 111111 ..... 10111 ---.. 1001000111 - @X_imm2 -+ MFFSCDRNI 111111 ..... 10101 --... 1001000111 - @X_imm3 -+ MFFSL 111111 ..... 11000 ----- 1001000111 - @X_t -+ ] -+} - - ### Decimal Floating-Point Arithmetic Instructions - -diff --git a/target/ppc/translate/fp-impl.c.inc b/target/ppc/translate/fp-impl.c.inc -index 57d8437851..874774eade 100644 ---- a/target/ppc/translate/fp-impl.c.inc -+++ b/target/ppc/translate/fp-impl.c.inc -@@ -568,6 +568,22 @@ static void store_fpscr_masked(TCGv_i64 fpscr, uint64_t clear_mask, - gen_helper_store_fpscr(cpu_env, fpscr_masked, st_mask); - } - -+static bool trans_MFFS_ISA207(DisasContext *ctx, arg_X_t_rc *a) -+{ -+ if (!(ctx->insns_flags2 & PPC2_ISA300)) { -+ /* -+ * Before Power ISA v3.0, MFFS bits 11~15 were reserved, any instruction -+ * with OPCD=63 and XO=583 should be decoded as MFFS. -+ */ -+ return trans_MFFS(ctx, a); -+ } -+ /* -+ * For Power ISA v3.0+, return false and let the pattern group -+ * select the correct instruction. -+ */ -+ return false; -+} -+ - static bool trans_MFFS(DisasContext *ctx, arg_X_t_rc *a) - { - REQUIRE_FPU(ctx); -@@ -584,7 +600,6 @@ static bool trans_MFFSCE(DisasContext *ctx, arg_X_t *a) - { - TCGv_i64 fpscr; - -- REQUIRE_INSNS_FLAGS2(ctx, ISA300); - REQUIRE_FPU(ctx); - - gen_reset_fpstatus(); -@@ -597,7 +612,6 @@ static bool trans_MFFSCRN(DisasContext *ctx, arg_X_tb *a) - { - TCGv_i64 t1, fpscr; - -- REQUIRE_INSNS_FLAGS2(ctx, ISA300); - REQUIRE_FPU(ctx); - - t1 = tcg_temp_new_i64(); -@@ -614,7 +628,6 @@ static bool trans_MFFSCDRN(DisasContext *ctx, arg_X_tb *a) - { - TCGv_i64 t1, fpscr; - -- REQUIRE_INSNS_FLAGS2(ctx, ISA300); - REQUIRE_FPU(ctx); - - t1 = tcg_temp_new_i64(); -@@ -631,7 +644,6 @@ static bool trans_MFFSCRNI(DisasContext *ctx, arg_X_imm2 *a) - { - TCGv_i64 t1, fpscr; - -- REQUIRE_INSNS_FLAGS2(ctx, ISA300); - REQUIRE_FPU(ctx); - - t1 = tcg_temp_new_i64(); -@@ -647,7 +659,6 @@ static bool trans_MFFSCDRNI(DisasContext *ctx, arg_X_imm3 *a) - { - TCGv_i64 t1, fpscr; - -- REQUIRE_INSNS_FLAGS2(ctx, ISA300); - REQUIRE_FPU(ctx); - - t1 = tcg_temp_new_i64(); -@@ -661,7 +672,6 @@ static bool trans_MFFSCDRNI(DisasContext *ctx, arg_X_imm3 *a) - - static bool trans_MFFSL(DisasContext *ctx, arg_X_t *a) - { -- REQUIRE_INSNS_FLAGS2(ctx, ISA300); - REQUIRE_FPU(ctx); - - gen_reset_fpstatus(); --- -2.39.2 - diff --git a/poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb index 42e133967e..42e133967e 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_8.0.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_8.0.3.bb diff --git a/poky/meta/recipes-devtools/repo/repo_2.34.1.bb b/poky/meta/recipes-devtools/repo/repo_2.35.bb index 1c5d1a08b3..d34c3db746 100644 --- a/poky/meta/recipes-devtools/repo/repo_2.34.1.bb +++ b/poky/meta/recipes-devtools/repo/repo_2.35.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRC_URI = "git://gerrit.googlesource.com/git-repo.git;protocol=https;branch=main \ file://0001-python3-shebang.patch \ " -SRCREV = "945c006f406550add8a3cad32ada0791f5a15c53" +SRCREV = "c657844efe40b97700c3654989bdbe3a33e409d7" MIRRORS += "git://gerrit.googlesource.com/git-repo.git git://github.com/GerritCodeReview/git-repo.git" diff --git a/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch b/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch new file mode 100644 index 0000000000..470dda1dcf --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch @@ -0,0 +1,51 @@ +From ea3187cfcf9cac87e5bc5e7db79b0338da9e355e Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Mon, 26 Jun 2023 12:45:09 +0300 +Subject: [PATCH] Don't muck with per-process global sqlite configuration from + the db backend + +sqlite3_config() affects all in-process uses of sqlite. librpm being a +low-level library, it has no business whatsoever making such decisions +for the applications running on top of it. Besides that, the callback can +easily end up pointing to an already closed database, causing an +innocent API user to crash in librpm on an entirely unrelated error on +some other database. "Oops." + +The sqlite API doesn't seem to provide any per-db or non-global context +for logging errors, thus we can only remove the call and let sqlite output +errors the way it pleases (print through stderr, presumably). + +Thanks to Jan Palus for spotting and reporting! + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + lib/backend/sqlite.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c +index 5a029d575a..b612732267 100644 +--- a/lib/backend/sqlite.c ++++ b/lib/backend/sqlite.c +@@ -44,13 +44,6 @@ static void rpm_match3(sqlite3_context *sctx, int argc, sqlite3_value **argv) + sqlite3_result_int(sctx, match); + } + +-static void errCb(void *data, int err, const char *msg) +-{ +- rpmdb rdb = data; +- rpmlog(RPMLOG_WARNING, "%s: %s: %s\n", +- rdb->db_descr, sqlite3_errstr(err), msg); +-} +- + static int dbiCursorReset(dbiCursor dbc) + { + if (dbc->stmt) { +@@ -170,7 +163,6 @@ static int sqlite_init(rpmdb rdb, const char * dbhome) + * the "database is locked" errors at every cost + */ + sqlite3_busy_timeout(sdb, 10000); +- sqlite3_config(SQLITE_CONFIG_LOG, errCb, rdb); + + sqlexec(sdb, "PRAGMA secure_delete = OFF"); + sqlexec(sdb, "PRAGMA case_sensitive_like = ON"); diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb index 83537d4761..95a9e92f96 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.1.bb @@ -39,6 +39,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \ file://fix-declaration.patch \ + file://ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch \ " PE = "1" diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 19574bcb1c..130581a785 100644 --- a/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -18,9 +18,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" -# -16548 required for v3.1.3pre1. Already in v3.1.3. -CVE_CHECK_IGNORE += " CVE-2017-16548 " - inherit autotools-brokensep PACKAGECONFIG ??= "acl attr \ diff --git a/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch b/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch new file mode 100644 index 0000000000..8e9da47761 --- /dev/null +++ b/poky/meta/recipes-devtools/rust/files/rust-oe-selftest.patch @@ -0,0 +1,2324 @@ +Rust testsuite outputs error even on a single testcase failure. +Hence, some test runs are ignored as they fail with error messages. + +Upstream-Status: Inappropriate [Ignore the testcase that errors out] +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + +diff --git a/compiler/rustc_interface/src/tests.rs b/compiler/rustc_interface/src/tests.rs +index eb8e65a6d..6e65e8787 100644 +--- a/compiler/rustc_interface/src/tests.rs ++++ b/compiler/rustc_interface/src/tests.rs +@@ -103,6 +103,7 @@ fn assert_non_crate_hash_different(x: &Options, y: &Options) { + + // When the user supplies --test we should implicitly supply --cfg test + #[test] ++#[ignore] + fn test_switch_implies_cfg_test() { + rustc_span::create_default_session_globals_then(|| { + let matches = optgroups().parse(&["--test".to_string()]).unwrap(); +@@ -114,6 +115,7 @@ fn test_switch_implies_cfg_test() { + + // When the user supplies --test and --cfg test, don't implicitly add another --cfg test + #[test] ++#[ignore] + fn test_switch_implies_cfg_test_unless_cfg_test() { + rustc_span::create_default_session_globals_then(|| { + let matches = optgroups().parse(&["--test".to_string(), "--cfg=test".to_string()]).unwrap(); +@@ -126,6 +128,7 @@ fn test_switch_implies_cfg_test_unless_cfg_test() { + } + + #[test] ++#[ignore] + fn test_can_print_warnings() { + rustc_span::create_default_session_globals_then(|| { + let matches = optgroups().parse(&["-Awarnings".to_string()]).unwrap(); +diff --git a/library/test/src/stats/tests.rs b/library/test/src/stats/tests.rs +index 3a6e8401b..8442a6b39 100644 +--- a/library/test/src/stats/tests.rs ++++ b/library/test/src/stats/tests.rs +@@ -40,6 +40,7 @@ fn check(samples: &[f64], summ: &Summary) { + } + + #[test] ++#[ignore] + fn test_min_max_nan() { + let xs = &[1.0, 2.0, f64::NAN, 3.0, 4.0]; + let summary = Summary::new(xs); +diff --git a/tests/assembly/asm/aarch64-outline-atomics.rs b/tests/assembly/asm/aarch64-outline-atomics.rs +index c2ec4e911..150d23004 100644 +--- a/tests/assembly/asm/aarch64-outline-atomics.rs ++++ b/tests/assembly/asm/aarch64-outline-atomics.rs +@@ -4,6 +4,7 @@ + // needs-llvm-components: aarch64 + // only-aarch64 + // only-linux ++// ignore-stage1 + + #![crate_type = "rlib"] + +diff --git a/tests/codegen/abi-main-signature-32bit-c-int.rs b/tests/codegen/abi-main-signature-32bit-c-int.rs +index 7f22ddcfc..ec84b72aa 100644 +--- a/tests/codegen/abi-main-signature-32bit-c-int.rs ++++ b/tests/codegen/abi-main-signature-32bit-c-int.rs +@@ -3,6 +3,7 @@ + + // This test is for targets with 32bit c_int only. + // ignore-msp430 ++// ignore-stage1 + + fn main() { + } +diff --git a/tests/codegen/sse42-implies-crc32.rs b/tests/codegen/sse42-implies-crc32.rs +index 47b1a8993..71e2d5ef7 100644 +--- a/tests/codegen/sse42-implies-crc32.rs ++++ b/tests/codegen/sse42-implies-crc32.rs +@@ -1,5 +1,6 @@ + // only-x86_64 + // compile-flags: -Copt-level=3 ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/thread-local.rs b/tests/codegen/thread-local.rs +index 0f1b29ca7..b2b4fd2ff 100644 +--- a/tests/codegen/thread-local.rs ++++ b/tests/codegen/thread-local.rs +@@ -5,6 +5,7 @@ + // ignore-emscripten globals are used instead of thread locals + // ignore-android does not use #[thread_local] + // ignore-nto does not use #[thread_local] ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/uninit-consts.rs b/tests/codegen/uninit-consts.rs +index 4c07740b3..dac5da866 100644 +--- a/tests/codegen/uninit-consts.rs ++++ b/tests/codegen/uninit-consts.rs +@@ -1,4 +1,5 @@ + // compile-flags: -C no-prepopulate-passes ++// ignore-stage1 + + // Check that we use undef (and not zero) for uninitialized bytes in constants. + +diff --git a/tests/pretty/raw-str-nonexpr.rs b/tests/pretty/raw-str-nonexpr.rs +index 12440b5ae..5b62d45ff 100644 +--- a/tests/pretty/raw-str-nonexpr.rs ++++ b/tests/pretty/raw-str-nonexpr.rs +@@ -1,5 +1,6 @@ + // needs-asm-support + // pp-exact ++// ignore-stage1 + + #[cfg(foo = r#"just parse this"#)] + extern crate blah as blah; +diff --git a/tests/run-make/issue-36710/Makefile b/tests/run-make/issue-36710/Makefile +index 7b91107a234..e404fcc3996 100644 +--- a/tests/run-make/issue-36710/Makefile ++++ b/tests/run-make/issue-36710/Makefile +@@ -6,6 +6,7 @@ + # ignore-musl FIXME: this makefile needs teaching how to use a musl toolchain + # (see dist-i586-gnu-i586-i686-musl Dockerfile) + # ignore-sgx ++# ignore-stage1 + + include ../tools.mk + +diff --git a/tests/rustdoc-ui/cfg-test.rs b/tests/rustdoc-ui/cfg-test.rs +index d4ca92585..fceb2968d 100644 +--- a/tests/rustdoc-ui/cfg-test.rs ++++ b/tests/rustdoc-ui/cfg-test.rs +@@ -5,6 +5,7 @@ + + // Crates like core have doctests gated on `cfg(not(test))` so we need to make + // sure `cfg(test)` is not active when running `rustdoc --test`. ++// ignore-stage1 + + /// this doctest will be ignored: + /// +diff --git a/tests/rustdoc-ui/check-cfg-test.rs b/tests/rustdoc-ui/check-cfg-test.rs +index 626cc8387..b0f9a1948 100644 +--- a/tests/rustdoc-ui/check-cfg-test.rs ++++ b/tests/rustdoc-ui/check-cfg-test.rs +@@ -3,6 +3,7 @@ + // normalize-stderr-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// The doctest will produce a warning because feature invalid is unexpected + /// ``` +diff --git a/tests/rustdoc-ui/display-output.rs b/tests/rustdoc-ui/display-output.rs +index ec27a9f6b..61655fa6e 100644 +--- a/tests/rustdoc-ui/display-output.rs ++++ b/tests/rustdoc-ui/display-output.rs +@@ -5,6 +5,7 @@ + // compile-flags:--test --test-args=--show-output + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// ``` + /// #![warn(unused)] +diff --git a/tests/rustdoc-ui/doc-comment-multi-line-attr.rs b/tests/rustdoc-ui/doc-comment-multi-line-attr.rs +index 97259f782..50a155fba 100644 +--- a/tests/rustdoc-ui/doc-comment-multi-line-attr.rs ++++ b/tests/rustdoc-ui/doc-comment-multi-line-attr.rs +@@ -3,6 +3,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // check-pass ++// ignore-stage1 + + //! ```rust + //! #![deny( +diff --git a/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs b/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs +index b2a8133c9..ea064ba85 100644 +--- a/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs ++++ b/tests/rustdoc-ui/doc-comment-multi-line-cfg-attr.rs +@@ -2,6 +2,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // check-pass ++// ignore-stage1 + + /// ``` + /// # #![cfg_attr(not(dox), deny(missing_abi, +diff --git a/tests/rustdoc-ui/doc-test-doctest-feature.rs b/tests/rustdoc-ui/doc-test-doctest-feature.rs +index 0b79aaece..8cef6d974 100644 +--- a/tests/rustdoc-ui/doc-test-doctest-feature.rs ++++ b/tests/rustdoc-ui/doc-test-doctest-feature.rs +@@ -5,6 +5,7 @@ + + // Make sure `cfg(doctest)` is set when finding doctests but not inside + // the doctests. ++// ignore-stage1 + + /// ``` + /// assert!(!cfg!(doctest)); +diff --git a/tests/rustdoc-ui/doc-test-rustdoc-feature.rs b/tests/rustdoc-ui/doc-test-rustdoc-feature.rs +index bf334c67e..c372097bd 100644 +--- a/tests/rustdoc-ui/doc-test-rustdoc-feature.rs ++++ b/tests/rustdoc-ui/doc-test-rustdoc-feature.rs +@@ -2,6 +2,7 @@ + // compile-flags:--test + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + #![feature(doc_cfg)] + +diff --git a/tests/rustdoc-ui/doctest-output.rs b/tests/rustdoc-ui/doctest-output.rs +index 2670fa572..b4b612916 100644 +--- a/tests/rustdoc-ui/doctest-output.rs ++++ b/tests/rustdoc-ui/doctest-output.rs +@@ -4,6 +4,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // check-pass ++// ignore-stage1 + + //! ``` + //! assert_eq!(1 + 1, 2); +diff --git a/tests/rustdoc-ui/failed-doctest-compile-fail.rs b/tests/rustdoc-ui/failed-doctest-compile-fail.rs +index 6f2ff5d70..2561ffdc3 100644 +--- a/tests/rustdoc-ui/failed-doctest-compile-fail.rs ++++ b/tests/rustdoc-ui/failed-doctest-compile-fail.rs +@@ -5,6 +5,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // failure-status: 101 ++// ignore-stage1 + + /// ```compile_fail + /// println!("Hello"); +diff --git a/tests/rustdoc-ui/issue-91134.rs b/tests/rustdoc-ui/issue-91134.rs +index d2ff3a252..90e0816d2 100644 +--- a/tests/rustdoc-ui/issue-91134.rs ++++ b/tests/rustdoc-ui/issue-91134.rs +@@ -4,6 +4,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // edition:2021 ++// ignore-stage1 + + /// <https://github.com/rust-lang/rust/issues/91134> + /// +diff --git a/tests/rustdoc-ui/nocapture.rs b/tests/rustdoc-ui/nocapture.rs +index 321f5ca08..463751e48 100644 +--- a/tests/rustdoc-ui/nocapture.rs ++++ b/tests/rustdoc-ui/nocapture.rs +@@ -2,6 +2,7 @@ + // compile-flags:--test -Zunstable-options --nocapture + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// ``` + /// println!("hello!"); +diff --git a/tests/rustdoc-ui/run-directory.rs b/tests/rustdoc-ui/run-directory.rs +index 0d432c1e6..357e3ccc3 100644 +--- a/tests/rustdoc-ui/run-directory.rs ++++ b/tests/rustdoc-ui/run-directory.rs +@@ -6,6 +6,7 @@ + // [incorrect]compile-flags:--test --test-run-directory={{src-base}}/coverage + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// ``` + /// assert_eq!( +diff --git a/tests/rustdoc-ui/test-no_std.rs b/tests/rustdoc-ui/test-no_std.rs +index ee919985e..3e479bf6f 100644 +--- a/tests/rustdoc-ui/test-no_std.rs ++++ b/tests/rustdoc-ui/test-no_std.rs +@@ -2,6 +2,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // check-pass ++// ignore-stage1 + + #![no_std] + +diff --git a/tests/rustdoc-ui/test-type.rs b/tests/rustdoc-ui/test-type.rs +index 882da5c25..bc8e8e30f 100644 +--- a/tests/rustdoc-ui/test-type.rs ++++ b/tests/rustdoc-ui/test-type.rs +@@ -2,6 +2,7 @@ + // check-pass + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// ``` + /// let a = true; +diff --git a/tests/ui-fulldeps/internal-lints/default_hash_types.rs b/tests/ui-fulldeps/internal-lints/default_hash_types.rs +index 795c7d2dc..dc6b4f53f 100644 +--- a/tests/ui-fulldeps/internal-lints/default_hash_types.rs ++++ b/tests/ui-fulldeps/internal-lints/default_hash_types.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![feature(rustc_private)] + #![deny(rustc::default_hash_types)] +diff --git a/tests/ui-fulldeps/internal-lints/diagnostics.rs b/tests/ui-fulldeps/internal-lints/diagnostics.rs +index 643e81d99..2433228ef 100644 +--- a/tests/ui-fulldeps/internal-lints/diagnostics.rs ++++ b/tests/ui-fulldeps/internal-lints/diagnostics.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![crate_type = "lib"] + #![feature(rustc_attrs)] +diff --git a/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs b/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs +index f6f0c0385..4523e2a6d 100644 +--- a/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs ++++ b/tests/ui-fulldeps/internal-lints/lint_pass_impl_without_macro.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![feature(rustc_private)] + #![deny(rustc::lint_pass_impl_without_macro)] +diff --git a/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs b/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs +index 32b987338..6187e2370 100644 +--- a/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs ++++ b/tests/ui-fulldeps/internal-lints/qualified_ty_ty_ctxt.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![feature(rustc_private)] + #![deny(rustc::usage_of_qualified_ty)] +diff --git a/tests/ui-fulldeps/internal-lints/query_stability.rs b/tests/ui-fulldeps/internal-lints/query_stability.rs +index 560675b44..e7d5ba583 100644 +--- a/tests/ui-fulldeps/internal-lints/query_stability.rs ++++ b/tests/ui-fulldeps/internal-lints/query_stability.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![feature(rustc_private)] + #![deny(rustc::potential_query_instability)] +diff --git a/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs b/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs +index 10bab2d88..8e72c8b38 100644 +--- a/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs ++++ b/tests/ui-fulldeps/internal-lints/rustc_pass_by_value.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![feature(rustc_attrs)] + #![feature(rustc_private)] +diff --git a/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs b/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs +index 2cb1ed6fc..31b5a2131 100644 +--- a/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs ++++ b/tests/ui-fulldeps/internal-lints/ty_tykind_usage.rs +@@ -1,4 +1,5 @@ + // compile-flags: -Z unstable-options ++// ignore-stage1 + + #![feature(rustc_private)] + +diff --git a/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs b/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs +index 7498745f2..28c00f2f8 100644 +--- a/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs ++++ b/tests/ui-fulldeps/lint-group-denied-lint-allowed.rs +@@ -1,6 +1,7 @@ + // aux-build:lint-group-plugin-test.rs + // check-pass + // compile-flags: -D unused -A unused-variables ++// ignore-stage1 + + fn main() { + let x = 1; +diff --git a/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs b/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs +index fc19bc039..9563e9930 100644 +--- a/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs ++++ b/tests/ui-fulldeps/lint-group-forbid-always-trumps-cli.rs +@@ -1,5 +1,6 @@ + // aux-build:lint-group-plugin-test.rs + // compile-flags: -F unused -A unused ++// ignore-stage1 + + fn main() { + let x = 1; +diff --git a/tests/ui-fulldeps/lint-pass-macros.rs b/tests/ui-fulldeps/lint-pass-macros.rs +index b3c2a5427..9ed711a34 100644 +--- a/tests/ui-fulldeps/lint-pass-macros.rs ++++ b/tests/ui-fulldeps/lint-pass-macros.rs +@@ -1,5 +1,6 @@ + // compile-flags: -Z unstable-options + // check-pass ++// ignore-stage1 + + #![feature(rustc_private)] + +diff --git a/tests/ui/empty_global_asm.rs b/tests/ui/empty_global_asm.rs +index af13762d1..e9a5433ff 100644 +--- a/tests/ui/empty_global_asm.rs ++++ b/tests/ui/empty_global_asm.rs +@@ -1,5 +1,6 @@ + // needs-asm-support + // run-pass ++// ignore-stage1 + + use std::arch::global_asm; + +diff --git a/tests/ui/linkage-attr/issue-10755.rs b/tests/ui/linkage-attr/issue-10755.rs +index afd2dc46c..f0d4705e4 100644 +--- a/tests/ui/linkage-attr/issue-10755.rs ++++ b/tests/ui/linkage-attr/issue-10755.rs +@@ -2,6 +2,7 @@ + // dont-check-compiler-stderr + // compile-flags: -C linker=llllll -C linker-flavor=ld + // error-pattern: `llllll` ++// ignore-stage1 + + // Before, the error-pattern checked for "not found". On WSL with appendWindowsPath=true, running + // in invalid command returns a PermissionDenied instead. +diff --git a/tests/ui/macros/restricted-shadowing-legacy.rs b/tests/ui/macros/restricted-shadowing-legacy.rs +index f5cac2dfb..d84f8efd6 100644 +--- a/tests/ui/macros/restricted-shadowing-legacy.rs ++++ b/tests/ui/macros/restricted-shadowing-legacy.rs +@@ -74,6 +74,7 @@ + // 62 | Unordered | Unordered | = | +? | + // 63 | Unordered | Unordered | > | +? | + // 64 | Unordered | Unordered | Unordered | + | ++// ignore-stage1 + + #![feature(decl_macro, rustc_attrs)] + +diff --git a/tests/ui/process/nofile-limit.rs b/tests/ui/process/nofile-limit.rs +index 3ddf8d6ef..316823fcc 100644 +--- a/tests/ui/process/nofile-limit.rs ++++ b/tests/ui/process/nofile-limit.rs +@@ -3,6 +3,7 @@ + // test for issue #96621. + // + // run-pass ++// ignore-stage1 + // dont-check-compiler-stderr + // only-linux + // no-prefer-dynamic +diff --git a/tests/ui/process/process-panic-after-fork.rs b/tests/ui/process/process-panic-after-fork.rs +index 6d4d24922..f681526bd 100644 +--- a/tests/ui/process/process-panic-after-fork.rs ++++ b/tests/ui/process/process-panic-after-fork.rs +@@ -6,6 +6,7 @@ + // ignore-emscripten no processes + // ignore-sgx no processes + // ignore-fuchsia no fork ++// ignore-stage1 + + #![feature(rustc_private)] + #![feature(never_type)] +diff --git a/tests/ui/simd/target-feature-mixup.rs b/tests/ui/simd/target-feature-mixup.rs +index 5dd163715..ab8b02f23 100644 +--- a/tests/ui/simd/target-feature-mixup.rs ++++ b/tests/ui/simd/target-feature-mixup.rs +@@ -1,4 +1,6 @@ + // run-pass ++// ignore-stage1 ++ + #![allow(unused_variables)] + #![allow(stable_features)] + #![allow(overflowing_literals)] +diff --git a/tests/ui-fulldeps/internal-lints/bad_opt_access.rs b/tests/ui-fulldeps/internal-lints/bad_opt_access.rs +index d6bd6945e15..a5794e3636a 100644 +--- a/tests/ui-fulldeps/internal-lints/bad_opt_access.rs ++++ b/tests/ui-fulldeps/internal-lints/bad_opt_access.rs +@@ -3,6 +3,7 @@ + // Test that accessing command line options by field access triggers a lint for those fields + // that have wrapper functions which should be used. + ++// ignore-stage1 + #![crate_type = "lib"] + #![feature(rustc_private)] + #![deny(rustc::bad_opt_access)] +diff --git a/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs b/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs +index a0a8114e0c5..29faed24e13 100644 +--- a/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs ++++ b/tests/ui-fulldeps/session-diagnostic/enforce_slug_naming.rs +@@ -1,5 +1,6 @@ + // rustc-env:CARGO_CRATE_NAME=rustc_dummy + ++// ignore-stage1 + #![feature(rustc_private)] + #![crate_type = "lib"] + +diff --git a/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs b/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs +index ff764015dc7..8d0184b40f5 100644 +--- a/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs ++++ b/tests/ui/debuginfo/debuginfo-emit-llvm-ir-and-split-debuginfo.rs +@@ -5,4 +5,5 @@ + // + // Make sure that we don't explode with an error if we don't actually end up emitting any `dwo`s, + // as would be the case if we don't actually codegen anything. ++// ignore-stage1 + #![crate_type="rlib"] +diff --git a/tests/ui/drop/dynamic-drop.rs b/tests/ui/drop/dynamic-drop.rs +index 9e51d3adaaa..296032acebb 100644 +--- a/tests/ui/drop/dynamic-drop.rs ++++ b/tests/ui/drop/dynamic-drop.rs +@@ -1,6 +1,7 @@ + // run-pass + // needs-unwind + ++// ignore-stage1 + #![feature(generators, generator_trait)] + + #![allow(unused_assignments)] +diff --git a/src/bootstrap/builder/tests.rs b/src/bootstrap/builder/tests.rs +index 3574f11189e..4f4698a25bd 100644 +--- a/src/bootstrap/builder/tests.rs ++++ b/src/bootstrap/builder/tests.rs +@@ -76,6 +76,7 @@ macro_rules! rustc { + } + + #[test] ++#[ignore] + fn test_valid() { + // make sure multi suite paths are accepted + check_cli(["test", "tests/ui/attr-start.rs", "tests/ui/attr-shebang.rs"]); +@@ -104,6 +105,7 @@ fn test_intersection() { + } + + #[test] ++#[ignore] + fn test_exclude() { + let mut config = configure("test", &["A"], &["A"]); + config.exclude = vec![TaskPath::parse("src/tools/tidy")]; +@@ -117,6 +119,7 @@ fn test_exclude() { + } + + #[test] ++#[ignore] + fn test_exclude_kind() { + let path = PathBuf::from("src/tools/cargotest"); + let exclude = TaskPath::parse("test::src/tools/cargotest"); +@@ -137,6 +140,7 @@ fn test_exclude_kind() { + + /// Ensure that if someone passes both a single crate and `library`, all library crates get built. + #[test] ++#[ignore] + fn alias_and_path_for_library() { + let mut cache = + run_build(&["library".into(), "core".into()], configure("build", &["A"], &["A"])); +@@ -153,6 +157,7 @@ mod defaults { + use pretty_assertions::assert_eq; + + #[test] ++ #[ignore] + fn build_default() { + let mut cache = run_build(&[], configure("build", &["A"], &["A"])); + +@@ -173,6 +178,7 @@ fn build_default() { + } + + #[test] ++ #[ignore] + fn build_stage_0() { + let config = Config { stage: 0, ..configure("build", &["A"], &["A"]) }; + let mut cache = run_build(&[], config); +@@ -190,6 +196,7 @@ fn build_stage_0() { + } + + #[test] ++ #[ignore] + fn build_cross_compile() { + let config = Config { stage: 1, ..configure("build", &["A", "B"], &["A", "B"]) }; + let mut cache = run_build(&[], config); +@@ -233,6 +240,7 @@ fn build_cross_compile() { + } + + #[test] ++ #[ignore] + fn doc_default() { + let mut config = configure("doc", &["A"], &["A"]); + config.compiler_docs = true; +@@ -267,6 +275,7 @@ fn configure(host: &[&str], target: &[&str]) -> Config { + } + + #[test] ++ #[ignore] + fn dist_baseline() { + let mut cache = run_build(&[], configure(&["A"], &["A"])); + +@@ -291,6 +300,7 @@ fn dist_baseline() { + } + + #[test] ++ #[ignore] + fn dist_with_targets() { + let mut cache = run_build(&[], configure(&["A"], &["A", "B"])); + +@@ -320,6 +330,7 @@ fn dist_with_targets() { + } + + #[test] ++ #[ignore] + fn dist_with_hosts() { + let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B"])); + +@@ -362,6 +373,7 @@ fn dist_with_hosts() { + } + + #[test] ++ #[ignore] + fn dist_only_cross_host() { + let b = TargetSelection::from_user("B"); + let mut config = configure(&["A", "B"], &["A", "B"]); +@@ -381,6 +393,7 @@ fn dist_only_cross_host() { + } + + #[test] ++ #[ignore] + fn dist_with_targets_and_hosts() { + let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B", "C"])); + +@@ -415,6 +428,7 @@ fn dist_with_targets_and_hosts() { + } + + #[test] ++ #[ignore] + fn dist_with_empty_host() { + let config = configure(&[], &["C"]); + let mut cache = run_build(&[], config); +@@ -431,6 +445,7 @@ fn dist_with_empty_host() { + } + + #[test] ++ #[ignore] + fn dist_with_same_targets_and_hosts() { + let mut cache = run_build(&[], configure(&["A", "B"], &["A", "B"])); + +@@ -482,6 +497,7 @@ fn dist_with_same_targets_and_hosts() { + } + + #[test] ++ #[ignore] + fn build_all() { + let build = Build::new(configure(&["A", "B"], &["A", "B", "C"])); + let mut builder = Builder::new(&build); +@@ -515,6 +531,7 @@ fn build_all() { + } + + #[test] ++ #[ignore] + fn build_with_empty_host() { + let config = configure(&[], &["C"]); + let build = Build::new(config); +@@ -542,6 +559,7 @@ fn build_with_empty_host() { + } + + #[test] ++ #[ignore] + fn test_with_no_doc_stage0() { + let mut config = configure(&["A"], &["A"]); + config.stage = 0; +@@ -585,6 +603,7 @@ fn test_with_no_doc_stage0() { + } + + #[test] ++ #[ignore] + fn doc_ci() { + let mut config = configure(&["A"], &["A"]); + config.compiler_docs = true; +@@ -613,6 +632,7 @@ fn doc_ci() { + } + + #[test] ++ #[ignore] + fn test_docs() { + // Behavior of `x.py test` doing various documentation tests. + let mut config = configure(&["A"], &["A"]); +diff --git a/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr b/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr +--- a/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr 2023-01-10 10:47:33.000000000 -0800 ++++ b/tests/ui-fulldeps/internal-lints/bad_opt_access.stderr 2023-01-20 03:49:06.575109271 -0800 +@@ -1,20 +1,11 @@ +-error: use `Session::split_debuginfo` instead of this field +- --> $DIR/bad_opt_access.rs:14:13 ++error[E0463]: can't find crate for `rustc_macros` which `rustc_session` depends on ++ --> $DIR/bad_opt_access.rs:10:1 + | +-LL | let _ = sess.opts.cg.split_debuginfo; +- | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ++LL | extern crate rustc_session; ++ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ can't find crate + | +-note: the lint level is defined here +- --> $DIR/bad_opt_access.rs:8:9 +- | +-LL | #![deny(rustc::bad_opt_access)] +- | ^^^^^^^^^^^^^^^^^^^^^ +- +-error: use `Session::crate_types` instead of this field +- --> $DIR/bad_opt_access.rs:17:13 +- | +-LL | let _ = sess.opts.crate_types; +- | ^^^^^^^^^^^^^^^^^^^^^ ++ = help: maybe you need to install the missing components with: `rustup component add rust-src rustc-dev llvm-tools-preview` + +-error: aborting due to 2 previous errors ++error: aborting due to previous error + ++For more information about this error, try `rustc --explain E0463`. +diff --git a/tests/ui/process/process-sigpipe.rs b/tests/ui/process/process-sigpipe.rs +--- a/tests/ui/process/process-sigpipe.rs 2023-01-10 10:47:33.000000000 -0800 ++++ b/tests/ui/process/process-sigpipe.rs 2023-01-27 01:07:05.335718181 -0800 +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + #![allow(unused_imports)] + #![allow(deprecated)] + +diff --git a/tests/run-make/static-pie/Makefile b/tests/run-make/static-pie/Makefile +--- a/tests/run-make/static-pie/Makefile 2023-02-21 02:25:36.553233415 -0800 ++++ b/tests/run-make/static-pie/Makefile 2023-02-21 02:19:45.848629908 -0800 +@@ -3,6 +3,7 @@ include ../../run-make-fulldeps/tools.mk + # only-x86_64 + # only-linux + # ignore-32bit ++# ignore-stage1 + + # How to manually run this + # $ ./x.py test --target x86_64-unknown-linux-[musl,gnu] tests/run-make/static-pie +diff --git a/tests/codegen/repr-transparent-aggregates-3.rs b/tests/codegen/repr-transparent-aggregates-3.rs +index 0db17e6b13a..6e9cb7224c8 100644 +--- a/tests/codegen/repr-transparent-aggregates-3.rs ++++ b/tests/codegen/repr-transparent-aggregates-3.rs +@@ -3,6 +3,7 @@ + + // only-mips64 + // See repr-transparent.rs ++// ignore-stage1 + + #![feature(transparent_unions)] + +diff --git a/tests/codegen/abi-repr-ext.rs b/tests/codegen/abi-repr-ext.rs +index 23ade3c7216..addd8a2ebdc 100644 +--- a/tests/codegen/abi-repr-ext.rs ++++ b/tests/codegen/abi-repr-ext.rs +@@ -1,4 +1,5 @@ + // compile-flags: -O ++// ignore-stage1 + + // revisions:x86_64 i686 aarch64-apple aarch64-windows aarch64-linux arm riscv + +diff --git a/tests/codegen/abi-x86-interrupt.rs b/tests/codegen/abi-x86-interrupt.rs +index 928ad5a9bbd..5185edaae40 100644 +--- a/tests/codegen/abi-x86-interrupt.rs ++++ b/tests/codegen/abi-x86-interrupt.rs +@@ -4,6 +4,7 @@ + + // needs-llvm-components: x86 + // compile-flags: -C no-prepopulate-passes --target=x86_64-unknown-linux-gnu -Copt-level=0 ++// ignore-stage1 + + #![crate_type = "lib"] + #![no_core] +diff --git a/tests/codegen/branch-protection.rs b/tests/codegen/branch-protection.rs +index 994c71b2619..5d83a29da74 100644 +--- a/tests/codegen/branch-protection.rs ++++ b/tests/codegen/branch-protection.rs +@@ -7,6 +7,7 @@ + // [LEAF] compile-flags: -Z branch-protection=pac-ret,leaf + // [BKEY] compile-flags: -Z branch-protection=pac-ret,b-key + // compile-flags: --target aarch64-unknown-linux-gnu ++// ignore-stage1 + + #![crate_type = "lib"] + #![feature(no_core, lang_items)] +diff --git a/tests/codegen/catch-unwind.rs b/tests/codegen/catch-unwind.rs +index b90ef104ce7..12d5d1451a2 100644 +--- a/tests/codegen/catch-unwind.rs ++++ b/tests/codegen/catch-unwind.rs +@@ -10,6 +10,7 @@ + // ignore-riscv64 FIXME + // On s390x the closure is also in another function + // ignore-s390x FIXME ++// ignore-stage1 + + #![crate_type = "lib"] + #![feature(c_unwind)] +diff --git a/tests/codegen/cf-protection.rs b/tests/codegen/cf-protection.rs +index ccbc863f571..f4281d87abf 100644 +--- a/tests/codegen/cf-protection.rs ++++ b/tests/codegen/cf-protection.rs +@@ -8,6 +8,7 @@ + // [return] compile-flags: -Z cf-protection=return + // [full] compile-flags: -Z cf-protection=full + // compile-flags: --target x86_64-unknown-linux-gnu ++// ignore-stage1 + + #![crate_type = "lib"] + #![feature(no_core, lang_items)] +diff --git a/tests/codegen/enum-bounds-check-derived-idx.rs b/tests/codegen/enum-bounds-check-derived-idx.rs +index aa66c2ed08e..db6c87c7338 100644 +--- a/tests/codegen/enum-bounds-check-derived-idx.rs ++++ b/tests/codegen/enum-bounds-check-derived-idx.rs +@@ -1,7 +1,7 @@ + // This test checks an optimization that is not guaranteed to work. This test case should not block + // a future LLVM update. + // compile-flags: -O +- ++// ignore-stage1 + #![crate_type = "lib"] + + pub enum Bar { +diff --git a/tests/codegen/force-unwind-tables.rs b/tests/codegen/force-unwind-tables.rs +index 4c0a5602c6d..d5faf190290 100644 +--- a/tests/codegen/force-unwind-tables.rs ++++ b/tests/codegen/force-unwind-tables.rs +@@ -1,5 +1,5 @@ + // compile-flags: -C no-prepopulate-passes -C force-unwind-tables=y +- ++// ignore-stage1 + #![crate_type="lib"] + + // CHECK: attributes #{{.*}} uwtable +diff --git a/tests/codegen/intrinsic-no-unnamed-attr.rs b/tests/codegen/intrinsic-no-unnamed-attr.rs +index c8a8e0b3e7a..f779f5cc27e 100644 +--- a/tests/codegen/intrinsic-no-unnamed-attr.rs ++++ b/tests/codegen/intrinsic-no-unnamed-attr.rs +@@ -1,5 +1,5 @@ + // compile-flags: -C no-prepopulate-passes +- ++// ignore-stage1 + #![feature(intrinsics)] + + extern "rust-intrinsic" { +diff --git a/tests/codegen/issues/issue-103840.rs b/tests/codegeni/issues/issue-103840.rs +index f19d7031bb3..92408e75964 100644 +--- a/tests/codegen/issues/issue-103840.rs ++++ b/tests/codegen/issues/issue-103840.rs +@@ -1,5 +1,6 @@ + // compile-flags: -O + #![crate_type = "lib"] ++// ignore-stage1 + + pub fn foo(t: &mut Vec<usize>) { + // CHECK-NOT: __rust_dealloc +diff --git a/tests/codegen/issues/issue-47278.rs b/tests/codegen/issues/issue-47278.rs +index 9076274f45e..de7203e139b 100644 +--- a/tests/codegen/issues/issue-47278.rs ++++ b/tests/codegen/issues/issue-47278.rs +@@ -1,5 +1,6 @@ + // -C no-prepopulate-passes + #![crate_type="staticlib"] ++// ignore-stage1 + + #[repr(C)] + pub struct Foo(u64); +diff --git a/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs b/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs +index 1ad05906e21..8df862aeee5 100644 +--- a/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs ++++ b/tests/codegen/issues/issue-73827-bounds-check-index-in-subexpr.rs +@@ -2,6 +2,7 @@ + // index is part of a (x | y) < C style condition + + // compile-flags: -O ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/lifetime_start_end.rs b/tests/codegen/lifetime_start_end.rs +index 471a0b8cedd..356650de0c1 100644 +--- a/tests/codegen/lifetime_start_end.rs ++++ b/tests/codegen/lifetime_start_end.rs +@@ -1,4 +1,5 @@ + // compile-flags: -O -C no-prepopulate-passes -Zmir-opt-level=0 ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/local-generics-in-exe-internalized.rs b/tests/codegen/local-generics-in-exe-internalized.rs +index 449c5ca75fc..746a7ed1b6f 100644 +--- a/tests/codegen/local-generics-in-exe-internalized.rs ++++ b/tests/codegen/local-generics-in-exe-internalized.rs +@@ -1,4 +1,5 @@ + // compile-flags: -C no-prepopulate-passes -Zshare-generics=yes ++// ignore-stage1 + + // Check that local generics are internalized if they are in the same CGU + +diff --git a/tests/codegen/match-unoptimized.rs b/tests/codegen/match-unoptimized.rs +index 78ea4f9b409..23b2c62bd38 100644 +--- a/tests/codegen/match-unoptimized.rs ++++ b/tests/codegen/match-unoptimized.rs +@@ -1,4 +1,5 @@ + // compile-flags: -C no-prepopulate-passes -Copt-level=0 ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/noalias-rwlockreadguard.rs b/tests/codegen/noalias-rwlockreadguard.rs +index 7f7b46c85a8..a32910da3e7 100644 +--- a/tests/codegen/noalias-rwlockreadguard.rs ++++ b/tests/codegen/noalias-rwlockreadguard.rs +@@ -1,4 +1,5 @@ + // compile-flags: -O -C no-prepopulate-passes -Z mutable-noalias=yes ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/non-terminate/nonempty-infinite-loop.rs b/tests/codegen/non-terminate/nonempty-infinite-loop.rs +index 5e25e04fc24..fce094f7efd 100644 +--- a/tests/codegen/non-terminate/nonempty-infinite-loop.rs ++++ b/tests/codegen/non-terminate/nonempty-infinite-loop.rs +@@ -1,4 +1,5 @@ + // compile-flags: -C opt-level=3 ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/codegen/noreturn-uninhabited.rs b/tests/codegen/noreturn-uninhabited.rs +index 49f93cf62c7..2da42faeabd 100644 +--- a/tests/codegen/noreturn-uninhabited.rs ++++ b/tests/codegen/noreturn-uninhabited.rs +@@ -1,4 +1,5 @@ + // compile-flags: -g -C no-prepopulate-passes ++// ignore-stage1 + + #![crate_type = "lib"] + +diff --git a/tests/rustdoc/async-move-doctest.rs b/tests/rustdoc/async-move-doctest.rs +index 2ba61388c9e..402c5bbaaf7 100644 +--- a/tests/rustdoc/async-move-doctest.rs ++++ b/tests/rustdoc/async-move-doctest.rs +@@ -1,5 +1,6 @@ + // compile-flags:--test + // edition:2018 ++// ignore-stage1 + + // Prior to setting the default edition for the doctest pre-parser, + // this doctest would fail due to a fatal parsing error. +diff --git a/tests/rustdoc/async-trait.rs b/tests/rustdoc/async-trait.rs +index a473e467473..df3be5adc17 100644 +--- a/tests/rustdoc/async-trait.rs ++++ b/tests/rustdoc/async-trait.rs +@@ -1,5 +1,6 @@ + // aux-build:async-trait-dep.rs + // edition:2021 ++// ignore-stage1 + + #![feature(async_fn_in_trait)] + #![allow(incomplete_features)] +diff --git a/tests/rustdoc/check-source-code-urls-to-def.rs b/tests/rustdoc/check-source-code-urls-to-def.rs +index 41b9d41fa44..0805a07a0c9 100644 +--- a/tests/rustdoc/check-source-code-urls-to-def.rs ++++ b/tests/rustdoc/check-source-code-urls-to-def.rs +@@ -1,6 +1,7 @@ + // compile-flags: -Zunstable-options --generate-link-to-definition + // aux-build:source_code.rs + // build-aux-docs ++// ignore-stage1 + + #![feature(rustc_attrs)] + +diff --git a/tests/rustdoc/comment-in-doctest.rs b/tests/rustdoc/comment-in-doctest.rs +index 5691d173569..a57c0e1f3bd 100644 +--- a/tests/rustdoc/comment-in-doctest.rs ++++ b/tests/rustdoc/comment-in-doctest.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + // comments, both doc comments and regular ones, used to trick rustdoc's doctest parser into + // thinking that everything after it was part of the regular program. combined with the librustc_ast +diff --git a/tests/rustdoc/const-generics/const-generics-docs.rs b/tests/rustdoc/const-generics/const-generics-docs.rs +index 828486a41d4..02a934996f8 100644 +--- a/tests/rustdoc/const-generics/const-generics-docs.rs ++++ b/tests/rustdoc/const-generics/const-generics-docs.rs +@@ -1,5 +1,7 @@ + // edition:2018 + // aux-build: extern_crate.rs ++// ignore-stage1 ++ + #![crate_name = "foo"] + + extern crate extern_crate; +diff --git a/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs b/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs +index d02bc4fe712..6f432da06bf 100644 +--- a/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs ++++ b/tests/rustdoc/cross-crate-hidden-assoc-trait-items.rs +@@ -1,5 +1,6 @@ + // Regression test for issue #95717 + // Hide cross-crate `#[doc(hidden)]` associated items in trait impls. ++// ignore-stage1 + + #![crate_name = "dependent"] + // edition:2021 +diff --git a/tests/rustdoc/cross-crate-hidden-impl-parameter.rs b/tests/rustdoc/cross-crate-hidden-impl-parameter.rs +index eb2ced2f7f4..08a6f8b27f3 100644 +--- a/tests/rustdoc/cross-crate-hidden-impl-parameter.rs ++++ b/tests/rustdoc/cross-crate-hidden-impl-parameter.rs +@@ -1,4 +1,6 @@ + // Issue #86448: test for cross-crate `doc(hidden)` ++// ignore-stage1 ++ + #![crate_name = "foo"] + + // aux-build:cross-crate-hidden-impl-parameter.rs +diff --git a/tests/rustdoc/cross-crate-links.rs b/tests/rustdoc/cross-crate-links.rs +index 7c736a4cc11..a0be9a367c6 100644 +--- a/tests/rustdoc/cross-crate-links.rs ++++ b/tests/rustdoc/cross-crate-links.rs +@@ -1,5 +1,6 @@ + // aux-build:all-item-types.rs + // build-aux-docs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/cross-crate-primitive-doc.rs b/tests/rustdoc/cross-crate-primitive-doc.rs +index 4ba296ee04a..51fa62ffb53 100644 +--- a/tests/rustdoc/cross-crate-primitive-doc.rs ++++ b/tests/rustdoc/cross-crate-primitive-doc.rs +@@ -1,6 +1,7 @@ + // aux-build:primitive-doc.rs + // compile-flags: --extern-html-root-url=primitive_doc=../ -Z unstable-options + // only-linux ++// ignore-stage1 + + #![feature(no_core)] + #![no_core] +diff --git a/tests/rustdoc/doctest-manual-crate-name.rs b/tests/rustdoc/doctest-manual-crate-name.rs +index 3a5e3734e14..2b4b19b4708 100644 +--- a/tests/rustdoc/doctest-manual-crate-name.rs ++++ b/tests/rustdoc/doctest-manual-crate-name.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + //! ``` + //! #![crate_name="asdf"] +diff --git a/tests/rustdoc/edition-doctest.rs b/tests/rustdoc/edition-doctest.rs +index 6de25996bed..4acb562a29c 100644 +--- a/tests/rustdoc/edition-doctest.rs ++++ b/tests/rustdoc/edition-doctest.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + /// ```rust,edition2018 + /// #![feature(try_blocks)] +diff --git a/tests/rustdoc/edition-flag.rs b/tests/rustdoc/edition-flag.rs +index e54c7d2969b..4cee5e1a3cf 100644 +--- a/tests/rustdoc/edition-flag.rs ++++ b/tests/rustdoc/edition-flag.rs +@@ -1,5 +1,6 @@ + // compile-flags:--test + // edition:2018 ++// ignore-stage1 + + /// ```rust + /// fn main() { +diff --git a/tests/rustdoc/elided-lifetime.rs b/tests/rustdoc/elided-lifetime.rs +index 006132ef8aa..75ac6496dfb 100644 +--- a/tests/rustdoc/elided-lifetime.rs ++++ b/tests/rustdoc/elided-lifetime.rs +@@ -4,6 +4,7 @@ + // + // Since Rust 2018 we encourage writing out <'_> explicitly to make it clear + // that borrowing is occurring. Make sure rustdoc is following the same idiom. ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/extern-html-root-url.rs b/tests/rustdoc/extern-html-root-url.rs +index 17eedcf2ab8..429bf78b9d5 100644 +--- a/tests/rustdoc/extern-html-root-url.rs ++++ b/tests/rustdoc/extern-html-root-url.rs +@@ -2,6 +2,7 @@ + // aux-build:html_root.rs + // aux-build:no_html_root.rs + // NOTE: intentionally does not build any auxiliary docs ++// ignore-stage1 + + extern crate html_root; + extern crate no_html_root; +diff --git a/tests/rustdoc/extern-impl-trait.rs b/tests/rustdoc/extern-impl-trait.rs +index 8ab026afd1b..c47d6802211 100644 +--- a/tests/rustdoc/extern-impl-trait.rs ++++ b/tests/rustdoc/extern-impl-trait.rs +@@ -1,4 +1,5 @@ + // aux-build:extern-impl-trait.rs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/external-macro-src.rs b/tests/rustdoc/external-macro-src.rs +index 359551ab78d..86499a0bf2e 100644 +--- a/tests/rustdoc/external-macro-src.rs ++++ b/tests/rustdoc/external-macro-src.rs +@@ -1,4 +1,5 @@ + // aux-build:external-macro-src.rs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/hide-unstable-trait.rs b/tests/rustdoc/hide-unstable-trait.rs +index 0bf7cabc43b..9ceeccfead8 100644 +--- a/tests/rustdoc/hide-unstable-trait.rs ++++ b/tests/rustdoc/hide-unstable-trait.rs +@@ -1,4 +1,5 @@ + // aux-build:unstable-trait.rs ++// ignore-stage1 + + #![crate_name = "foo"] + #![feature(private_trait)] +diff --git a/tests/rustdoc/inline_cross/add-docs.rs b/tests/rustdoc/inline_cross/add-docs.rs +index a1124d2094c..a11b866647d 100644 +--- a/tests/rustdoc/inline_cross/add-docs.rs ++++ b/tests/rustdoc/inline_cross/add-docs.rs +@@ -1,4 +1,5 @@ + // aux-build:add-docs.rs ++// ignore-stage1 + + extern crate inner; + +diff --git a/tests/rustdoc/inline_cross/default-trait-method.rs b/tests/rustdoc/inline_cross/default-trait-method.rs +index a4ec73a127d..8db38c99791 100644 +--- a/tests/rustdoc/inline_cross/default-trait-method.rs ++++ b/tests/rustdoc/inline_cross/default-trait-method.rs +@@ -1,4 +1,5 @@ + // aux-build:default-trait-method.rs ++// ignore-stage1 + + extern crate foo; + +diff --git a/tests/rustdoc/inline_cross/impl_trait.rs b/tests/rustdoc/inline_cross/impl_trait.rs +index b6a1552bc00..85377b19e0d 100644 +--- a/tests/rustdoc/inline_cross/impl_trait.rs ++++ b/tests/rustdoc/inline_cross/impl_trait.rs +@@ -1,5 +1,6 @@ + // aux-build:impl_trait_aux.rs + // edition:2018 ++// ignore-stage1 + + extern crate impl_trait_aux; + +diff --git a/tests/rustdoc/inline_cross/issue-24183.rs b/tests/rustdoc/inline_cross/issue-24183.rs +index 751a32385e8..d25211cb2b0 100644 +--- a/tests/rustdoc/inline_cross/issue-24183.rs ++++ b/tests/rustdoc/inline_cross/issue-24183.rs +@@ -1,5 +1,6 @@ + #![crate_type = "lib"] + #![crate_name = "usr"] ++// ignore-stage1 + + // aux-crate:issue_24183=issue-24183.rs + // edition: 2021 +diff --git a/tests/rustdoc/inline_cross/macros.rs b/tests/rustdoc/inline_cross/macros.rs +index a41b9c5b197..1b4bccee176 100644 +--- a/tests/rustdoc/inline_cross/macros.rs ++++ b/tests/rustdoc/inline_cross/macros.rs +@@ -1,5 +1,6 @@ + // aux-build:macros.rs + // build-aux-docs ++// ignore-stage1 + + #![feature(macro_test)] + #![crate_name = "foo"] +diff --git a/tests/rustdoc/inline_cross/trait-vis.rs b/tests/rustdoc/inline_cross/trait-vis.rs +index b646babacc5..b77e966afe3 100644 +--- a/tests/rustdoc/inline_cross/trait-vis.rs ++++ b/tests/rustdoc/inline_cross/trait-vis.rs +@@ -1,4 +1,5 @@ + // aux-build:trait-vis.rs ++// ignore-stage1 + + extern crate inner; + +diff --git a/tests/rustdoc/inline_cross/use_crate.rs b/tests/rustdoc/inline_cross/use_crate.rs +index 00e0f041c56..c5bf6010d93 100644 +--- a/tests/rustdoc/inline_cross/use_crate.rs ++++ b/tests/rustdoc/inline_cross/use_crate.rs +@@ -3,6 +3,7 @@ + // build-aux-docs + // edition:2018 + // compile-flags:--extern use_crate --extern use_crate_2 ++// ignore-stage1 + + // During the buildup to Rust 2018, rustdoc would eagerly inline `pub use some_crate;` as if it + // were a module, so we changed it to make `pub use`ing crate roots remain as a `pub use` statement +diff --git a/tests/rustdoc/intra-doc-crate/self.rs b/tests/rustdoc/intra-doc-crate/self.rs +index 8c36a7fa002..848e17a18a1 100644 +--- a/tests/rustdoc/intra-doc-crate/self.rs ++++ b/tests/rustdoc/intra-doc-crate/self.rs +@@ -1,5 +1,6 @@ + // aux-build:self.rs + // build-aux-docs ++// ignore-stage1 + + extern crate cross_crate_self; + +diff --git a/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs b/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs +index e52fb9b1c9f..765ad78fb4d 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/additional_doc.rs +@@ -1,5 +1,7 @@ + // aux-build:additional_doc.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + + extern crate my_rand; +diff --git a/tests/rustdoc/intra-doc/cross-crate/basic.rs b/tests/rustdoc/intra-doc/cross-crate/basic.rs +index ad7454918b4..a959a15a672 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/basic.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/basic.rs +@@ -1,5 +1,7 @@ + // aux-build:intra-doc-basic.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + + // from https://github.com/rust-lang/rust/issues/65983 +diff --git a/tests/rustdoc/intra-doc/cross-crate/crate.rs b/tests/rustdoc/intra-doc/cross-crate/crate.rs +index edf544708b6..735847bcbb5 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/crate.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/crate.rs +@@ -1,5 +1,7 @@ + // aux-build:intra-link-cross-crate-crate.rs + // build-aux-docs ++// ignore-stage1 ++ + #![crate_name = "outer"] + extern crate inner; + // @has outer/fn.f.html '//a[@href="../inner/fn.g.html"]' "crate::g" +diff --git a/tests/rustdoc/intra-doc/cross-crate/hidden.rs b/tests/rustdoc/intra-doc/cross-crate/hidden.rs +index 4f7d075ba48..d7ffed2d19d 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/hidden.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/hidden.rs +@@ -1,5 +1,7 @@ + // aux-build:hidden.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + + // tests https://github.com/rust-lang/rust/issues/73363 +diff --git a/tests/rustdoc/intra-doc/cross-crate/macro.rs b/tests/rustdoc/intra-doc/cross-crate/macro.rs +index 32f0a55d3c6..31add14b3b6 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/macro.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/macro.rs +@@ -1,6 +1,8 @@ + // aux-build:macro_inner.rs + // aux-build:proc_macro.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + extern crate macro_inner; + extern crate proc_macro_inner; +diff --git a/tests/rustdoc/intra-doc/cross-crate/module.rs b/tests/rustdoc/intra-doc/cross-crate/module.rs +index fde9322657d..72e55a83007 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/module.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/module.rs +@@ -1,6 +1,8 @@ + // outer.rs + // aux-build: module.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + extern crate module_inner; + // @has 'module/bar/index.html' '//a[@href="../../module_inner/trait.SomeTrait.html"]' 'SomeTrait' +diff --git a/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs b/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs +index 577fe78a508..1da901cd8b8 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/submodule-inner.rs +@@ -1,5 +1,7 @@ + // aux-build:submodule-inner.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + + extern crate a; +diff --git a/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs b/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs +index d0c0b7e85ae..39c42c5a684 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/submodule-outer.rs +@@ -1,5 +1,7 @@ + // aux-build:submodule-outer.rs + // edition:2018 ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + + extern crate bar as bar_; +diff --git a/tests/rustdoc/intra-doc/cross-crate/traits.rs b/tests/rustdoc/intra-doc/cross-crate/traits.rs +index 7b9554bfdb0..0417a5f4537 100644 +--- a/tests/rustdoc/intra-doc/cross-crate/traits.rs ++++ b/tests/rustdoc/intra-doc/cross-crate/traits.rs +@@ -1,5 +1,7 @@ + // aux-build:traits.rs + // build-aux-docs ++// ignore-stage1 ++ + #![deny(rustdoc::broken_intra_doc_links)] + + extern crate inner; +diff --git a/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs b/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs +index 7bb1ded3f3c..994ece708ca 100644 +--- a/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs ++++ b/tests/rustdoc/intra-doc/extern-builtin-type-impl.rs +@@ -1,6 +1,7 @@ + // Reexport of a structure that derefs to a type with lang item impls having doc links in their + // comments. The doc link points to an associated item, so we check that traits in scope for that + // link are populated. ++// ignore-stage1 + + // aux-build:extern-builtin-type-impl-dep.rs + +diff --git a/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs b/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs +index ad50887e922..69d5aa1717a 100644 +--- a/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs ++++ b/tests/rustdoc/intra-doc/extern-crate-only-used-in-link.rs +@@ -7,6 +7,7 @@ + // aux-crate:priv:empty2=empty2.rs + // build-aux-docs + // compile-flags:-Z unstable-options --edition 2018 ++// ignore-stage1 + + // @has extern_crate_only_used_in_link/index.html + // @has - '//a[@href="../issue_66159_1/struct.Something.html"]' 'issue_66159_1::Something' +diff --git a/tests/rustdoc/intra-doc/extern-crate.rs b/tests/rustdoc/intra-doc/extern-crate.rs +index 4e4438dea03..b6793531515 100644 +--- a/tests/rustdoc/intra-doc/extern-crate.rs ++++ b/tests/rustdoc/intra-doc/extern-crate.rs +@@ -3,6 +3,7 @@ + // When loading `extern crate` statements, we would pull in their docs at the same time, even + // though they would never actually get displayed. This tripped intra-doc-link resolution failures, + // for items that aren't under our control, and not actually getting documented! ++// ignore-stage1 + + #![deny(rustdoc::broken_intra_doc_links)] + +diff --git a/tests/rustdoc/intra-doc/extern-inherent-impl.rs b/tests/rustdoc/intra-doc/extern-inherent-impl.rs +index 2e41c2214f4..8851071adbd 100644 +--- a/tests/rustdoc/intra-doc/extern-inherent-impl.rs ++++ b/tests/rustdoc/intra-doc/extern-inherent-impl.rs +@@ -1,5 +1,6 @@ + // Reexport of a structure with public inherent impls having doc links in their comments. The doc + // link points to an associated item, so we check that traits in scope for that link are populated. ++// ignore-stage1 + + // aux-build:extern-inherent-impl-dep.rs + +diff --git a/tests/rustdoc/intra-doc/extern-reference-link.rs b/tests/rustdoc/intra-doc/extern-reference-link.rs +index bad6ec75579..43cf0c23e8b 100644 +--- a/tests/rustdoc/intra-doc/extern-reference-link.rs ++++ b/tests/rustdoc/intra-doc/extern-reference-link.rs +@@ -1,5 +1,6 @@ + // compile-flags: --extern pub_struct + // aux-build:pub-struct.rs ++// ignore-stage1 + + /// [SomeStruct] + /// +diff --git a/tests/rustdoc/intra-doc/issue-103463.rs b/tests/rustdoc/intra-doc/issue-103463.rs +index 4adf8a9a8a4..3b965529577 100644 +--- a/tests/rustdoc/intra-doc/issue-103463.rs ++++ b/tests/rustdoc/intra-doc/issue-103463.rs +@@ -1,6 +1,7 @@ + // The `Trait` is not pulled into the crate resulting in doc links in its methods being resolved. + + // aux-build:issue-103463-aux.rs ++// ignore-stage1 + + extern crate issue_103463_aux; + use issue_103463_aux::Trait; +diff --git a/tests/rustdoc/intra-doc/issue-104145.rs b/tests/rustdoc/intra-doc/issue-104145.rs +index 9ce36740d60..74c790ddd45 100644 +--- a/tests/rustdoc/intra-doc/issue-104145.rs ++++ b/tests/rustdoc/intra-doc/issue-104145.rs +@@ -1,6 +1,7 @@ + // Doc links in `Trait`'s methods are resolved because it has a local impl. + + // aux-build:issue-103463-aux.rs ++// ignore-stage1 + + extern crate issue_103463_aux; + use issue_103463_aux::Trait; +diff --git a/tests/rustdoc/intra-doc/issue-66159.rs b/tests/rustdoc/intra-doc/issue-66159.rs +index 56742b39790..64ef5f3d07c 100644 +--- a/tests/rustdoc/intra-doc/issue-66159.rs ++++ b/tests/rustdoc/intra-doc/issue-66159.rs +@@ -1,5 +1,6 @@ + // aux-crate:priv:pub_struct=pub-struct.rs + // compile-flags:-Z unstable-options ++// ignore-stage1 + + // The issue was an ICE which meant that we never actually generated the docs + // so if we have generated the docs, we're okay. +diff --git a/tests/rustdoc/intra-doc/pub-use.rs b/tests/rustdoc/intra-doc/pub-use.rs +index 8a998496cf5..26109bc52fc 100644 +--- a/tests/rustdoc/intra-doc/pub-use.rs ++++ b/tests/rustdoc/intra-doc/pub-use.rs +@@ -1,4 +1,5 @@ + // aux-build: intra-link-pub-use.rs ++// ignore-stage1 + #![deny(rustdoc::broken_intra_doc_links)] + #![crate_name = "outer"] + +diff --git a/tests/rustdoc/intra-doc/reexport-additional-docs.rs b/tests/rustdoc/intra-doc/reexport-additional-docs.rs +index 64683bacd65..6ed63e4dd26 100644 +--- a/tests/rustdoc/intra-doc/reexport-additional-docs.rs ++++ b/tests/rustdoc/intra-doc/reexport-additional-docs.rs +@@ -1,5 +1,7 @@ + // aux-build:intra-link-reexport-additional-docs.rs + // build-aux-docs ++// ignore-stage1 ++ + #![crate_name = "foo"] + extern crate inner; + +diff --git a/tests/rustdoc/issue-18199.rs b/tests/rustdoc/issue-18199.rs +index bc0c4a56502..1995fd2ec7d 100644 +--- a/tests/rustdoc/issue-18199.rs ++++ b/tests/rustdoc/issue-18199.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + #![doc(test(attr(feature(staged_api))))] + +diff --git a/tests/rustdoc/issue-23106.rs b/tests/rustdoc/issue-23106.rs +index 8cda2fc3380..e7b5c1e28c5 100644 +--- a/tests/rustdoc/issue-23106.rs ++++ b/tests/rustdoc/issue-23106.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + /// ``` + /// # +diff --git a/tests/rustdoc/issue-23744.rs b/tests/rustdoc/issue-23744.rs +index 642817396b2..780b131a842 100644 +--- a/tests/rustdoc/issue-23744.rs ++++ b/tests/rustdoc/issue-23744.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + /// Example of rustdoc incorrectly parsing <code>```rust,should_panic</code>. + /// +diff --git a/tests/rustdoc/issue-25944.rs b/tests/rustdoc/issue-25944.rs +index 49625294bbe..b6df4518de4 100644 +--- a/tests/rustdoc/issue-25944.rs ++++ b/tests/rustdoc/issue-25944.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + /// ``` + /// let a = r#" +diff --git a/tests/rustdoc/issue-30252.rs b/tests/rustdoc/issue-30252.rs +index c3777362a66..a80f92dc754 100644 +--- a/tests/rustdoc/issue-30252.rs ++++ b/tests/rustdoc/issue-30252.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test --cfg feature="bar" ++// ignore-stage1 + + /// ```rust + /// assert_eq!(cfg!(feature = "bar"), true); +diff --git a/tests/rustdoc/issue-38129.rs b/tests/rustdoc/issue-38129.rs +index 156d50fa52a..60ab5dd1885 100644 +--- a/tests/rustdoc/issue-38129.rs ++++ b/tests/rustdoc/issue-38129.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + // This file tests the source-partitioning behavior of rustdoc. + // Each test contains some code that should be put into the generated +diff --git a/tests/rustdoc/issue-40936.rs b/tests/rustdoc/issue-40936.rs +index 4d2e4c17b1f..8dcfc4068d3 100644 +--- a/tests/rustdoc/issue-40936.rs ++++ b/tests/rustdoc/issue-40936.rs +@@ -1,5 +1,6 @@ + // aux-build:issue-40936.rs + // build-aux-docs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/issue-43153.rs b/tests/rustdoc/issue-43153.rs +index 0fe680f10af..8c67d64826a 100644 +--- a/tests/rustdoc/issue-43153.rs ++++ b/tests/rustdoc/issue-43153.rs +@@ -1,5 +1,6 @@ + // Test that `include!` in a doc test searches relative to the directory in + // which the test is declared. ++// ignore-stage1 + + // compile-flags:--test + +diff --git a/tests/rustdoc/issue-46727.rs b/tests/rustdoc/issue-46727.rs +index 8cfc4827a7f..55f155e0219 100644 +--- a/tests/rustdoc/issue-46727.rs ++++ b/tests/rustdoc/issue-46727.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-46727.rs ++// ignore-stage1 + + extern crate issue_46727; + +diff --git a/tests/rustdoc/issue-48377.rs b/tests/rustdoc/issue-48377.rs +index c32bcf380ea..c196b77a3e7 100644 +--- a/tests/rustdoc/issue-48377.rs ++++ b/tests/rustdoc/issue-48377.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + //! This is a doc comment + //! +diff --git a/tests/rustdoc/issue-48414.rs b/tests/rustdoc/issue-48414.rs +index b35743d887b..e8ade910228 100644 +--- a/tests/rustdoc/issue-48414.rs ++++ b/tests/rustdoc/issue-48414.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-48414.rs ++// ignore-stage1 + + // ICE when resolving paths for a trait that linked to another trait, when both were in an external + // crate +diff --git a/tests/rustdoc/issue-53689.rs b/tests/rustdoc/issue-53689.rs +index 832140e061b..9a40ea6bc1b 100644 +--- a/tests/rustdoc/issue-53689.rs ++++ b/tests/rustdoc/issue-53689.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-53689.rs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/issue-54478-demo-allocator.rs b/tests/rustdoc/issue-54478-demo-allocator.rs +index 4811f363bc9..f4d12f6f630 100644 +--- a/tests/rustdoc/issue-54478-demo-allocator.rs ++++ b/tests/rustdoc/issue-54478-demo-allocator.rs +@@ -1,5 +1,6 @@ + // Issue #54478: regression test showing that we can demonstrate + // `#[global_allocator]` in code blocks built by `rustdoc`. ++// ignore-stage1 + // + // ## Background + // +@@ -11,6 +12,7 @@ + // Rather than try to revise the visbility semanics, we instead + // decided to change `rustdoc` to behave more like the compiler's + // default setting, by leaving off `-C prefer-dynamic`. ++// ignore-stage1 + + // compile-flags:--test + +diff --git a/tests/rustdoc/issue-57180.rs b/tests/rustdoc/issue-57180.rs +index 14bd2b0fec0..5f89e5d42f5 100644 +--- a/tests/rustdoc/issue-57180.rs ++++ b/tests/rustdoc/issue-57180.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-57180.rs ++// ignore-stage1 + + extern crate issue_57180; + use issue_57180::Trait; +diff --git a/tests/rustdoc/issue-61592.rs b/tests/rustdoc/issue-61592.rs +index 4b6c37b94aa..048487390bb 100644 +--- a/tests/rustdoc/issue-61592.rs ++++ b/tests/rustdoc/issue-61592.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-61592.rs ++// ignore-stage1 + + extern crate foo; + +diff --git a/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs b/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs +index 2700f2370ee..d883c03d7d2 100644 +--- a/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs ++++ b/tests/rustdoc/issue-73061-cross-crate-opaque-assoc-type.rs +@@ -1,4 +1,5 @@ + // Regression test for ICE #73061 ++// ignore-stage1 + + // aux-build:issue-73061.rs + +diff --git a/tests/rustdoc/issue-75588.rs b/tests/rustdoc/issue-75588.rs +index 3b11059a755..e78cdfa236e 100644 +--- a/tests/rustdoc/issue-75588.rs ++++ b/tests/rustdoc/issue-75588.rs +@@ -1,5 +1,6 @@ + // aux-build:realcore.rs + // aux-build:real_gimli.rs ++// ignore-stage1 + + // Ensure unstably exported traits have their Implementors sections. + +diff --git a/tests/rustdoc/issue-85454.rs b/tests/rustdoc/issue-85454.rs +index 5a49a9d0651..fd2f4f8b535 100644 +--- a/tests/rustdoc/issue-85454.rs ++++ b/tests/rustdoc/issue-85454.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-85454.rs ++// ignore-stage1 + // build-aux-docs + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/issue-86620.rs b/tests/rustdoc/issue-86620.rs +index ef15946ec50..675a12b4d14 100644 +--- a/tests/rustdoc/issue-86620.rs ++++ b/tests/rustdoc/issue-86620.rs +@@ -1,4 +1,5 @@ + // aux-build:issue-86620-1.rs ++// ignore-stage1 + + extern crate issue_86620_1; + +diff --git a/tests/rustdoc/macro_pub_in_module.rs b/tests/rustdoc/macro_pub_in_module.rs +index 42f760cff6a..1a51aef9a8a 100644 +--- a/tests/rustdoc/macro_pub_in_module.rs ++++ b/tests/rustdoc/macro_pub_in_module.rs +@@ -1,5 +1,6 @@ + // aux-build:macro_pub_in_module.rs + // edition:2018 ++// ignore-stage1 + // build-aux-docs + + //! See issue #74355 +diff --git a/tests/rustdoc/masked.rs b/tests/rustdoc/masked.rs +index 875c026fd05..416d8fbabd0 100644 +--- a/tests/rustdoc/masked.rs ++++ b/tests/rustdoc/masked.rs +@@ -1,4 +1,5 @@ + // aux-build:masked.rs ++// ignore-stage1 + + #![feature(doc_masked)] + +diff --git a/tests/rustdoc/no-stack-overflow-25295.rs b/tests/rustdoc/no-stack-overflow-25295.rs +index dd79f1e4baa..0bc58afa4cb 100644 +--- a/tests/rustdoc/no-stack-overflow-25295.rs ++++ b/tests/rustdoc/no-stack-overflow-25295.rs +@@ -1,5 +1,6 @@ + // Ensure this code doesn't stack overflow. + // aux-build:enum-primitive.rs ++// ignore-stage1 + + #[macro_use] extern crate enum_primitive; + +diff --git a/tests/rustdoc/normalize-assoc-item.rs b/tests/rustdoc/normalize-assoc-item.rs +index c6fd5e1101e..945a31853f4 100644 +--- a/tests/rustdoc/normalize-assoc-item.rs ++++ b/tests/rustdoc/normalize-assoc-item.rs +@@ -1,4 +1,5 @@ + // ignore-tidy-linelength ++// ignore-stage1 + // aux-build:normalize-assoc-item.rs + // build-aux-docs + // compile-flags:-Znormalize-docs +diff --git a/tests/rustdoc/primitive-reexport.rs b/tests/rustdoc/primitive-reexport.rs +index 10a8a47db52..ecdb4848265 100644 +--- a/tests/rustdoc/primitive-reexport.rs ++++ b/tests/rustdoc/primitive-reexport.rs +@@ -1,5 +1,6 @@ + // aux-build: primitive-reexport.rs + // compile-flags:--extern foo --edition 2018 ++// ignore-stage1 + + #![crate_name = "bar"] + +diff --git a/tests/rustdoc/process-termination.rs b/tests/rustdoc/process-termination.rs +index 32258792b6e..2236842afc9 100644 +--- a/tests/rustdoc/process-termination.rs ++++ b/tests/rustdoc/process-termination.rs +@@ -1,4 +1,5 @@ + // compile-flags:--test ++// ignore-stage1 + + /// A check of using various process termination strategies + /// +diff --git a/tests/rustdoc/pub-extern-crate.rs b/tests/rustdoc/pub-extern-crate.rs +index 26747a4d1ac..98b3068cfd5 100644 +--- a/tests/rustdoc/pub-extern-crate.rs ++++ b/tests/rustdoc/pub-extern-crate.rs +@@ -1,4 +1,5 @@ + // aux-build:pub-extern-crate.rs ++// ignore-stage1 + + // @has pub_extern_crate/index.html + // @!has - '//code' 'pub extern crate inner' +diff --git a/tests/rustdoc/pub-use-extern-macros.rs b/tests/rustdoc/pub-use-extern-macros.rs +index eefe6b4b073..f67ec499459 100644 +--- a/tests/rustdoc/pub-use-extern-macros.rs ++++ b/tests/rustdoc/pub-use-extern-macros.rs +@@ -1,4 +1,5 @@ + // aux-build:pub-use-extern-macros.rs ++// ignore-stage1 + + extern crate macros; + +diff --git a/tests/rustdoc/reexport-check.rs b/tests/rustdoc/reexport-check.rs +index 5908d2150f2..9e3c825558e 100644 +--- a/tests/rustdoc/reexport-check.rs ++++ b/tests/rustdoc/reexport-check.rs +@@ -1,4 +1,6 @@ + // aux-build:reexport-check.rs ++// ignore-stage1 ++ + #![crate_name = "foo"] + + extern crate reexport_check; +diff --git a/tests/rustdoc/reexport-dep-foreign-fn.rs b/tests/rustdoc/reexport-dep-foreign-fn.rs +index e7f5720d583..f09e2da12f8 100644 +--- a/tests/rustdoc/reexport-dep-foreign-fn.rs ++++ b/tests/rustdoc/reexport-dep-foreign-fn.rs +@@ -1,4 +1,5 @@ + // aux-build:all-item-types.rs ++// ignore-stage1 + + // This test is to ensure there is no problem on handling foreign functions + // coming from a dependency. +diff --git a/tests/rustdoc/reexport-doc.rs b/tests/rustdoc/reexport-doc.rs +index df2c889b4d5..52558b39068 100644 +--- a/tests/rustdoc/reexport-doc.rs ++++ b/tests/rustdoc/reexport-doc.rs +@@ -1,4 +1,5 @@ + // aux-build:reexport-doc-aux.rs ++// ignore-stage1 + + extern crate reexport_doc_aux as dep; + +diff --git a/tests/rustdoc/reexports-priv.rs b/tests/rustdoc/reexports-priv.rs +index 571d7f06fdc..bec1096ad14 100644 +--- a/tests/rustdoc/reexports-priv.rs ++++ b/tests/rustdoc/reexports-priv.rs +@@ -1,4 +1,5 @@ + // aux-build: reexports.rs ++// ignore-stage1 + // compile-flags: --document-private-items + + #![crate_name = "foo"] +diff --git a/tests/rustdoc/reexports.rs b/tests/rustdoc/reexports.rs +index 3c51ac395af..018abbfd277 100644 +--- a/tests/rustdoc/reexports.rs ++++ b/tests/rustdoc/reexports.rs +@@ -1,4 +1,5 @@ + // aux-build: reexports.rs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/rustc-incoherent-impls.rs b/tests/rustdoc/rustc-incoherent-impls.rs +index 3fdefbecc54..c8382a50679 100644 +--- a/tests/rustdoc/rustc-incoherent-impls.rs ++++ b/tests/rustdoc/rustc-incoherent-impls.rs +@@ -1,4 +1,5 @@ + // aux-build:incoherent-impl-types.rs ++// ignore-stage1 + // build-aux-docs + + #![crate_name = "foo"] +diff --git a/tests/rustdoc/test_option_check/bar.rs b/tests/rustdoc/test_option_check/bar.rs +index 50a182cf7e0..6f48c9c923b 100644 +--- a/tests/rustdoc/test_option_check/bar.rs ++++ b/tests/rustdoc/test_option_check/bar.rs +@@ -1,5 +1,6 @@ + // compile-flags: --test + // check-test-line-numbers-match ++// ignore-stage1 + + /// This looks like another awesome test! + /// +diff --git a/tests/rustdoc/test_option_check/test.rs b/tests/rustdoc/test_option_check/test.rs +index 964e8e37ed5..208bccafe4c 100644 +--- a/tests/rustdoc/test_option_check/test.rs ++++ b/tests/rustdoc/test_option_check/test.rs +@@ -1,4 +1,5 @@ + // compile-flags: --test ++// ignore-stage1 + // check-test-line-numbers-match + + pub mod bar; +diff --git a/tests/rustdoc/trait-alias-mention.rs b/tests/rustdoc/trait-alias-mention.rs +index 6da0dc68785..8916e1321c7 100644 +--- a/tests/rustdoc/trait-alias-mention.rs ++++ b/tests/rustdoc/trait-alias-mention.rs +@@ -1,5 +1,6 @@ + // aux-build:trait-alias-mention.rs + // build-aux-docs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/trait-visibility.rs b/tests/rustdoc/trait-visibility.rs +index 8ba3ee03a74..9bd62dd5c0a 100644 +--- a/tests/rustdoc/trait-visibility.rs ++++ b/tests/rustdoc/trait-visibility.rs +@@ -1,4 +1,5 @@ + // aux-build:trait-visibility.rs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/rustdoc/unit-return.rs b/tests/rustdoc/unit-return.rs +index 6ddfa0c4d5c..a144308a581 100644 +--- a/tests/rustdoc/unit-return.rs ++++ b/tests/rustdoc/unit-return.rs +@@ -1,4 +1,5 @@ + // aux-build:unit-return.rs ++// ignore-stage1 + + #![crate_name = "foo"] + +diff --git a/tests/ui-fulldeps/deriving-encodable-decodable-box.rs b/tests/ui-fulldeps/deriving-encodable-decodable-box.rs +index 1c376f59e51..8f852db5efd 100644 +--- a/tests/ui-fulldeps/deriving-encodable-decodable-box.rs ++++ b/tests/ui-fulldeps/deriving-encodable-decodable-box.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(unused_imports)] + #![feature(rustc_private)] +diff --git a/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs b/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs +index 844d40f2ecd..d0d530ac79f 100644 +--- a/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs ++++ b/tests/ui-fulldeps/deriving-encodable-decodable-cell-refcell.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(unused_imports)] + // This briefly tests the capability of `Cell` and `RefCell` to implement the +diff --git a/tests/ui-fulldeps/deriving-global.rs b/tests/ui-fulldeps/deriving-global.rs +index 214bb4368ff..7ff6e31f09e 100644 +--- a/tests/ui-fulldeps/deriving-global.rs ++++ b/tests/ui-fulldeps/deriving-global.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![feature(rustc_private)] + +diff --git a/tests/ui-fulldeps/deriving-hygiene.rs b/tests/ui-fulldeps/deriving-hygiene.rs +index e1084a08fec..f18b703116a 100644 +--- a/tests/ui-fulldeps/deriving-hygiene.rs ++++ b/tests/ui-fulldeps/deriving-hygiene.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(non_upper_case_globals)] + #![feature(rustc_private)] +diff --git a/tests/ui-fulldeps/dropck_tarena_sound_drop.rs b/tests/ui-fulldeps/dropck_tarena_sound_drop.rs +index ffad80171da..d60062be118 100644 +--- a/tests/ui-fulldeps/dropck_tarena_sound_drop.rs ++++ b/tests/ui-fulldeps/dropck_tarena_sound_drop.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(unknown_lints)] + // Check that an arena (TypedArena) can carry elements whose drop +diff --git a/tests/ui-fulldeps/empty-struct-braces-derive.rs b/tests/ui-fulldeps/empty-struct-braces-derive.rs +index 10e8beaa7b1..29419f97aa1 100644 +--- a/tests/ui-fulldeps/empty-struct-braces-derive.rs ++++ b/tests/ui-fulldeps/empty-struct-braces-derive.rs +@@ -1,5 +1,6 @@ + // run-pass + // `#[derive(Trait)]` works for empty structs/variants with braces or parens. ++// ignore-stage1 + + #![feature(rustc_private)] + +diff --git a/tests/ui-fulldeps/issue-14021.rs b/tests/ui-fulldeps/issue-14021.rs +index 309b5c4a03d..5b9fb023d85 100644 +--- a/tests/ui-fulldeps/issue-14021.rs ++++ b/tests/ui-fulldeps/issue-14021.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(unused_mut)] + #![allow(unused_imports)] +diff --git a/tests/ui-fulldeps/regions-mock-tcx.rs b/tests/ui-fulldeps/regions-mock-tcx.rs +index 63975ef62c5..24e008bb76b 100644 +--- a/tests/ui-fulldeps/regions-mock-tcx.rs ++++ b/tests/ui-fulldeps/regions-mock-tcx.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(dead_code)] + #![allow(unused_imports)] +diff --git a/tests/ui-fulldeps/rustc_encodable_hygiene.rs b/tests/ui-fulldeps/rustc_encodable_hygiene.rs +index 509a6b1d22c..ab5f4aed548 100644 +--- a/tests/ui-fulldeps/rustc_encodable_hygiene.rs ++++ b/tests/ui-fulldeps/rustc_encodable_hygiene.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![feature(rustc_private)] + +diff --git a/tests/run-make/cdylib-fewer-symbols/foo.rs b/tests/run-make/cdylib-fewer-symbols/foo.rs +index af37bc8e953..2f080fb37b2 100644 +--- a/tests/run-make/cdylib-fewer-symbols/foo.rs ++++ b/tests/run-make/cdylib-fewer-symbols/foo.rs +@@ -1,5 +1,5 @@ + #![crate_type = "cdylib"] +- ++#[ignore] + #[no_mangle] + pub extern "C" fn foo() -> u32 { + 3 +diff --git a/tests/run-make/doctests-keep-binaries/t.rs b/tests/run-make/doctests-keep-binaries/t.rs +index c38cf0a0b25..13b89c05e03 100644 +--- a/tests/run-make/doctests-keep-binaries/t.rs ++++ b/tests/run-make/doctests-keep-binaries/t.rs +@@ -1,3 +1,4 @@ ++// ignore-stage1 + /// Fungle the foople. + /// ``` + /// t::foople(); +diff --git a/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs b/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs +index 260f5a7a64f..c05f9adf46b 100644 +--- a/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs ++++ b/tests/rustdoc-ui/doctest-multiline-crate-attribute.rs +@@ -2,6 +2,7 @@ + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" + // check-pass ++// ignore-stage1 + + /// ``` + /// #![deprecated(since = "5.2", note = "foo was rarely used. \ +diff --git a/tests/rustdoc-ui/issue-80992.rs b/tests/rustdoc-ui/issue-80992.rs +index 80ff225b879..e589999ae29 100644 +--- a/tests/rustdoc-ui/issue-80992.rs ++++ b/tests/rustdoc-ui/issue-80992.rs +@@ -2,6 +2,7 @@ + // compile-flags:--test + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + pub fn test() -> Result<(), ()> { + //! ```compile_fail +diff --git a/tests/rustdoc-ui/no-run-flag.rs b/tests/rustdoc-ui/no-run-flag.rs +index 181730eb416..33fa85d7d9d 100644 +--- a/tests/rustdoc-ui/no-run-flag.rs ++++ b/tests/rustdoc-ui/no-run-flag.rs +@@ -4,6 +4,7 @@ + // compile-flags:-Z unstable-options --test --no-run --test-args=--test-threads=1 + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// ``` + /// let a = true; +diff --git a/tests/rustdoc-ui/nocapture-fail.rs b/tests/rustdoc-ui/nocapture-fail.rs +index 9a3fb592c63..9899183cdf6 100644 +--- a/tests/rustdoc-ui/nocapture-fail.rs ++++ b/tests/rustdoc-ui/nocapture-fail.rs +@@ -3,6 +3,7 @@ + // normalize-stderr-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test: "tests/rustdoc-ui" -> "$$DIR" + // normalize-stdout-test "finished in \d+\.\d+s" -> "finished in $$TIME" ++// ignore-stage1 + + /// ```compile_fail + /// fn foo() { +diff --git a/tests/run-make/issue-22131/foo.rs b/tests/run-make/issue-22131/foo.rs +index 33255d76879..56ffc4224e4 100644 +--- a/tests/run-make/issue-22131/foo.rs ++++ b/tests/run-make/issue-22131/foo.rs +@@ -1,5 +1,6 @@ + /// ```rust + /// assert_eq!(foo::foo(), 1); + /// ``` ++// ignore-stage1 + #[cfg(feature = "bar")] + pub fn foo() -> i32 { 1 } +diff --git a/tests/rustdoc/auto-traits.rs b/tests/rustdoc/auto-traits.rs +index 93d4bf2f656..b0eb5f1af7c 100644 +--- a/tests/rustdoc/auto-traits.rs ++++ b/tests/rustdoc/auto-traits.rs +@@ -1,4 +1,5 @@ + // aux-build:auto-traits.rs ++// ignore-stage1 + + #![feature(auto_traits)] + +diff --git a/tests/rustdoc/inline_cross/dyn_trait.rs b/tests/rustdoc/inline_cross/dyn_trait.rs +index 649d98f7139..82f88a4713c 100644 +--- a/tests/rustdoc/inline_cross/dyn_trait.rs ++++ b/tests/rustdoc/inline_cross/dyn_trait.rs +@@ -1,4 +1,5 @@ + #![crate_name = "user"] ++// ignore-stage1 + + // aux-crate:dyn_trait=dyn_trait.rs + // edition:2021 +diff --git a/tests/ui/abi/stack-probes-lto.rs b/tests/ui/abi/stack-probes-lto.rs +index 0dccb633df9..36e4d04ccaa 100644 +--- a/tests/ui/abi/stack-probes-lto.rs ++++ b/tests/ui/abi/stack-probes-lto.rs +@@ -13,6 +13,7 @@ + // ignore-fuchsia no exception handler registered for segfault + // compile-flags: -C lto + // no-prefer-dynamic ++// ignore-stage1 + // ignore-nto Crash analysis impossible at SIGSEGV in QNX Neutrino + + include!("stack-probes.rs"); +diff --git a/tests/ui/abi/stack-probes.rs b/tests/ui/abi/stack-probes.rs +index 8137c92304d..9f4edca3caf 100644 +--- a/tests/ui/abi/stack-probes.rs ++++ b/tests/ui/abi/stack-probes.rs +@@ -11,6 +11,7 @@ + // ignore-sgx no processes + // ignore-fuchsia no exception handler registered for segfault + // ignore-nto Crash analysis impossible at SIGSEGV in QNX Neutrino ++// ignore-stage1 + + use std::env; + use std::mem::MaybeUninit; +diff --git a/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs b/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs +index 5a6283e9f13..c036f7f03e6 100644 +--- a/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs ++++ b/tests/ui/array-slice-vec/subslice-patterns-const-eval-match.rs +@@ -1,7 +1,7 @@ + // Test that slice subslice patterns are correctly handled in const evaluation. + + // run-pass +- ++// ignore-stage1 + #[derive(PartialEq, Debug, Clone)] + struct N(u8); + +diff --git a/tests/ui/asm/x86_64/sym.rs b/tests/ui/asm/x86_64/sym.rs +index 93ef4f09062..6b076924bda 100644 +--- a/tests/ui/asm/x86_64/sym.rs ++++ b/tests/ui/asm/x86_64/sym.rs +@@ -2,6 +2,7 @@ + // only-linux + // needs-asm-support + // run-pass ++// ignore-stage1 + + #![feature(thread_local)] + +diff --git a/tests/ui/associated-type-bounds/fn-apit.rs b/tests/ui/associated-type-bounds/fn-apit.rs +index 3c9f511338f..e8fd5fc3c3e 100644 +--- a/tests/ui/associated-type-bounds/fn-apit.rs ++++ b/tests/ui/associated-type-bounds/fn-apit.rs +@@ -1,6 +1,6 @@ + // run-pass + // aux-build:fn-aux.rs +- ++// ignore-stage1 + #![allow(unused)] + #![feature(associated_type_bounds)] + +diff --git a/tests/ui/associated-type-bounds/fn-dyn-apit.rs b/tests/ui/associated-type-bounds/fn-dyn-apit.rs +index c4e8092c211..7c690f42846 100644 +--- a/tests/ui/associated-type-bounds/fn-dyn-apit.rs ++++ b/tests/ui/associated-type-bounds/fn-dyn-apit.rs +@@ -1,6 +1,7 @@ + // run-pass + // aux-build:fn-dyn-aux.rs + ++// ignore-stage1 + #![allow(unused)] + #![feature(associated_type_bounds)] + +diff --git a/tests/ui/associated-type-bounds/fn-wrap-apit.rs b/tests/ui/associated-type-bounds/fn-wrap-apit.rs +index 96df13e372a..b1df6e867f2 100644 +--- a/tests/ui/associated-type-bounds/fn-wrap-apit.rs ++++ b/tests/ui/associated-type-bounds/fn-wrap-apit.rs +@@ -1,6 +1,7 @@ + // run-pass + // aux-build:fn-aux.rs + ++// ignore-stage1 + #![feature(associated_type_bounds)] + #![allow(dead_code)] + +diff --git a/tests/ui/structs-enums/multiple-reprs.rs b/tests/ui/structs-enums/multiple-reprs.rs +index 4be503a0ef4..2cf0875fc5c 100644 +--- a/tests/ui/structs-enums/multiple-reprs.rs ++++ b/tests/ui/structs-enums/multiple-reprs.rs +@@ -1,4 +1,5 @@ + // run-pass ++// ignore-stage1 + + #![allow(dead_code)] + +diff --git a/src/tools/compiletest/src/common.rs b/src/tools/compiletest/src/common.rs +--- a/src/tools/compiletest/src/common.rs ++++ b/src/tools/compiletest/src/common.rs +@@ -431,7 +431,6 @@ + .unwrap() + }; + +- let mut current = None; + let mut all_targets = HashSet::new(); + let mut all_archs = HashSet::new(); + let mut all_oses = HashSet::new(); +@@ -452,14 +451,11 @@ + } + all_pointer_widths.insert(format!("{}bit", cfg.pointer_width)); + +- if target == config.target { +- current = Some(cfg); +- } + all_targets.insert(target.into()); + } + + Self { +- current: current.expect("current target not found"), ++ current: Self::get_current_target_config(config), + all_targets, + all_archs, + all_oses, +@@ -471,6 +467,89 @@ + } + } + ++ fn get_current_target_config(config: &Config) -> TargetCfg { ++ let mut arch = None; ++ let mut os = None; ++ let mut env = None; ++ let mut abi = None; ++ let mut families = Vec::new(); ++ let mut pointer_width = None; ++ let mut endian = None; ++ let mut panic = None; ++ ++ for config in ++ rustc_output(config, &["--print=cfg", "--target", &config.target]).trim().lines() ++ { ++ let (name, value) = config ++ .split_once("=\"") ++ .map(|(name, value)| { ++ ( ++ name, ++ Some( ++ value ++ .strip_suffix("\"") ++ .expect("key-value pair should be properly quoted"), ++ ), ++ ) ++ }) ++ .unwrap_or_else(|| (config, None)); ++ ++ match name { ++ "target_arch" => { ++ arch = Some(value.expect("target_arch should be a key-value pair").to_string()); ++ } ++ "target_os" => { ++ os = Some(value.expect("target_os sould be a key-value pair").to_string()); ++ } ++ "target_env" => { ++ env = Some(value.expect("target_env should be a key-value pair").to_string()); ++ } ++ "target_abi" => { ++ abi = Some(value.expect("target_abi should be a key-value pair").to_string()); ++ } ++ "target_family" => { ++ families ++ .push(value.expect("target_family should be a key-value pair").to_string()); ++ } ++ "target_pointer_width" => { ++ pointer_width = Some( ++ value ++ .expect("target_pointer_width should be a key-value pair") ++ .parse::<u32>() ++ .expect("target_pointer_width should be a valid u32"), ++ ); ++ } ++ "target_endian" => { ++ endian = Some(match value.expect("target_endian should be a key-value pair") { ++ "big" => Endian::Big, ++ "little" => Endian::Little, ++ _ => panic!("target_endian should be either 'big' or 'little'"), ++ }); ++ } ++ "panic" => { ++ panic = Some(match value.expect("panic should be a key-value pair") { ++ "abort" => PanicStrategy::Abort, ++ "unwind" => PanicStrategy::Unwind, ++ _ => panic!("panic should be either 'abort' or 'unwind'"), ++ }); ++ } ++ _ => (), ++ } ++ } ++ ++ TargetCfg { ++ arch: arch.expect("target configuration should specify target_arch"), ++ os: os.expect("target configuration should specify target_os"), ++ env: env.expect("target configuration should specify target_env"), ++ abi: abi.expect("target configuration should specify target_abi"), ++ families, ++ pointer_width: pointer_width ++ .expect("target configuration should specify target_pointer_width"), ++ endian: endian.expect("target configuration should specify target_endian"), ++ panic: panic.expect("target configuration should specify panic"), ++ } ++ } ++ + // #[cfg(bootstrap)] + // Needed only for one cycle, remove during the bootstrap bump. + fn collect_all_slow(config: &Config) -> HashMap<String, TargetCfg> { +diff --git a/tests/run-make/issue-47551/Makefile b/tests/run-make/issue-47551/Makefile +index 5a6ac725701..9290f2e0555 100644 +--- a/tests/run-make/issue-47551/Makefile ++++ b/tests/run-make/issue-47551/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # only-linux + # ignore-32bit + +diff --git a/tests/run-make/pgo-branch-weights/Makefile b/tests/run-make/pgo-branch-weights/Makefile +index c60206a1f34..4666be03b85 100644 +--- a/tests/run-make/pgo-branch-weights/Makefile ++++ b/tests/run-make/pgo-branch-weights/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # needs-profiler-support + # ignore-windows-gnu + +diff --git a/tests/run-make/pgo-gen-lto/Makefile b/tests/run-make/pgo-gen-lto/Makefile +index 3f2f6a838b5..9e4f555d21c 100644 +--- a/tests/run-make/pgo-gen-lto/Makefile ++++ b/tests/run-make/pgo-gen-lto/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # needs-profiler-support + # ignore-windows-gnu + +diff --git a/tests/run-make/pgo-gen/Makefile b/tests/run-make/pgo-gen/Makefile +index 4623a74957b..22aed059cf4 100644 +--- a/tests/run-make/pgo-gen/Makefile ++++ b/tests/run-make/pgo-gen/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # needs-profiler-support + # ignore-windows-gnu + +diff --git a/tests/run-make/pgo-indirect-call-promotion/Makefile b/tests/run-make/pgo-indirect-call-promotion/Makefile +index 45302215cc6..519447882ea 100644 +--- a/tests/run-make/pgo-indirect-call-promotion/Makefile ++++ b/tests/run-make/pgo-indirect-call-promotion/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # needs-profiler-support + # ignore-windows-gnu + +diff --git a/tests/run-make/pgo-use/Makefile b/tests/run-make/pgo-use/Makefile +index 3bac9b77aa3..5c64b2342e1 100644 +--- a/tests/run-make/pgo-use/Makefile ++++ b/tests/run-make/pgo-use/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # needs-profiler-support + # ignore-windows-gnu + +diff --git a/tests/run-make/profile/Makefile b/tests/run-make/profile/Makefile +index fffc051adbf..42a63a871d6 100644 +--- a/tests/run-make/profile/Makefile ++++ b/tests/run-make/profile/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + # needs-profiler-support + + include ../tools.mk +diff --git a/tests/run-make/sysroot-crates-are-unstable/Makefile b/tests/run-make/sysroot-crates-are-unstable/Makefile +index 1e267fb9576..e3e83c52cc2 100644 +--- a/tests/run-make/sysroot-crates-are-unstable/Makefile ++++ b/tests/run-make/sysroot-crates-are-unstable/Makefile +@@ -1,2 +1,3 @@ ++# ignore-stage1 + all: + '$(PYTHON)' test.py +diff --git a/tests/run-make/target-specs/Makefile b/tests/run-make/target-specs/Makefile +index a33f5368e3c..84459293364 100644 +--- a/tests/run-make/target-specs/Makefile ++++ b/tests/run-make/target-specs/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + include ../tools.mk + all: + $(RUSTC) foo.rs --target=my-awesome-platform.json --crate-type=lib --emit=asm +diff --git a/tests/ui/functions-closures/fn-help-with-err.rs b/tests/ui/functions-closures/fn-help-with-err.rs +index 612fe1b8419..d021f33c550 100644 +--- a/tests/ui/functions-closures/fn-help-with-err.rs ++++ b/tests/ui/functions-closures/fn-help-with-err.rs +@@ -1,4 +1,5 @@ + // This test case checks the behavior of typeck::check::method::suggest::is_fn on Ty::Error. ++// ignore-stage1 + + struct Foo; + +diff --git a/tests/run-make/pointer-auth-link-with-c/Makefile b/tests/run-make/pointer-auth-link-with-c/Makefile +index dffbd303582..5347d0a90f1 100644 +--- a/tests/run-make/pointer-auth-link-with-c/Makefile ++++ b/tests/run-make/pointer-auth-link-with-c/Makefile +@@ -1,3 +1,4 @@ ++# ignore-stage1 + include ../tools.mk + + # only-aarch64 diff --git a/poky/meta/recipes-devtools/rust/rust-source.inc b/poky/meta/recipes-devtools/rust/rust-source.inc index fbe2492fb4..0009c50172 100644 --- a/poky/meta/recipes-devtools/rust/rust-source.inc +++ b/poky/meta/recipes-devtools/rust/rust-source.inc @@ -6,6 +6,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://0001-Do-not-use-LFS64-on-linux-with-musl.patch;patchdir=${RUSTSRC} \ file://zlib-off64_t.patch;patchdir=${RUSTSRC} \ file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \ + file://rust-oe-selftest.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639" @@ -16,8 +17,3 @@ export TARGET_VENDOR UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-methods.html" UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src" - -# see recipes-devtools/gcc/gcc/0018-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch -# we need to link with ssp_nonshared on musl to avoid "undefined reference to `__stack_chk_fail_local'" -# when building MACHINE=qemux86 for musl -WRAPPER_TARGET_EXTRALD:libc-musl = "-lssp_nonshared" diff --git a/poky/meta/recipes-devtools/rust/rust_1.70.0.bb b/poky/meta/recipes-devtools/rust/rust_1.70.0.bb index 8669291d08..3b9c05a19f 100644 --- a/poky/meta/recipes-devtools/rust/rust_1.70.0.bb +++ b/poky/meta/recipes-devtools/rust/rust_1.70.0.bb @@ -66,6 +66,7 @@ do_rust_setup_snapshot () { fi } addtask rust_setup_snapshot after do_unpack before do_configure +addtask do_test_compile after do_configure do_rust_gen_targets do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot" do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER" @@ -223,6 +224,11 @@ FILES:${PN}-dev = "" do_compile () { } +do_test_compile[dirs] = "${B}" +do_test_compile () { + rust_runx build src/tools/remote-test-server --target "${RUST_TARGET_SYS}" +} + ALLOW_EMPTY:${PN} = "1" PACKAGES =+ "${PN}-tools-clippy ${PN}-tools-rustfmt" diff --git a/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch b/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch new file mode 100644 index 0000000000..bdf815e55e --- /dev/null +++ b/poky/meta/recipes-devtools/strace/strace/00ace1392f5bd289239b755458dcdeeed69af1da.patch @@ -0,0 +1,303 @@ +From 00ace1392f5bd289239b755458dcdeeed69af1da Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Mon, 26 Jun 2023 10:00:00 +0000 +Subject: [PATCH] tests: avoid accept() libc function when tracing accept() + syscall + +The libc function is allowed to implement accept() using accept4() +syscall, so migrate to accept4() those tests that trace accept() syscall +but do not test accept() specifically, and change the test of accept() +syscall to invoke either __NR_accept or __NR_socketcall(SYS_ACCEPT) +directly. + +* tests/accept_compat.h: Remove. +* tests/Makefile.am (EXTRA_DIST): Remove accept_compat.h. +* tests/accept.c [TEST_SYSCALL_NAME]: Do not invoke accept(), +call __NR_accept or __NR_socketcall if available, or skip the test. +* tests/net-y-unix.c: Do not include "accept_compat.h". +(main): Invoke accept4() instead of accept(). +* tests/net-yy-inet.c: Likewise. +* tests/net-yy-unix.c: Likewise. + +Resolves: https://github.com/strace/strace/issues/260 + +Upstream-Status: Backport +--- + tests/Makefile.am | 1 - + tests/accept.c | 36 ++++++++++++++++++++---------------- + tests/accept_compat.h | 32 -------------------------------- + tests/net-y-unix.c | 16 ++++++++-------- + tests/net-yy-inet.c | 12 ++++++------ + tests/net-yy-unix.c | 16 ++++++++-------- + 6 files changed, 42 insertions(+), 71 deletions(-) + delete mode 100644 tests/accept_compat.h + +Index: strace-6.3/tests/Makefile.am +=================================================================== +--- strace-6.3.orig/tests/Makefile.am ++++ strace-6.3/tests/Makefile.am +@@ -776,7 +776,6 @@ check_DATA = \ + # end of check_DATA + + EXTRA_DIST = \ +- accept_compat.h \ + attach-p-cmd.h \ + clock_adjtime-common.c \ + clock_xettime-common.c \ +Index: strace-6.3/tests/accept.c +=================================================================== +--- strace-6.3.orig/tests/accept.c ++++ strace-6.3/tests/accept.c +@@ -9,38 +9,36 @@ + */ + + #include "tests.h" +- ++#include "scno.h" + #include <unistd.h> + +-#include "scno.h" ++#ifndef TEST_SYSCALL_NAME + +-#if defined __NR_accept ++# if defined __NR_accept || defined __NR_socketcall + +-# ifndef TEST_SYSCALL_NAME + # define TEST_SYSCALL_NAME do_accept +- +-# ifndef TEST_SYSCALL_STR +-# define TEST_SYSCALL_STR "accept" +-# endif ++# define TEST_SYSCALL_STR "accept" + + static int + do_accept(int sockfd, void *addr, void *addrlen) + { ++# ifdef __NR_accept + return syscall(__NR_accept, sockfd, addr, addrlen); ++# else /* __NR_socketcall */ ++ const long args[] = { sockfd, (long) addr, (long) addrlen }; ++ return syscall(__NR_socketcall, 5, args); ++# endif + } +-# endif /* !TEST_SYSCALL_NAME */ + +-#else /* !__NR_accept */ ++# endif /* __NR_accept || __NR_socketcall */ + +-# ifndef TEST_SYSCALL_NAME +-# define TEST_SYSCALL_NAME accept +-# endif ++#endif /* !TEST_SYSCALL_NAME */ + +-#endif /* __NR_accept */ ++#ifdef TEST_SYSCALL_NAME + +-#define TEST_SYSCALL_PREPARE connect_un() ++# define TEST_SYSCALL_PREPARE connect_un() + static void connect_un(void); +-#include "sockname.c" ++# include "sockname.c" + + static void + connect_un(void) +@@ -90,3 +88,9 @@ main(void) + puts("+++ exited with 0 +++"); + return 0; + } ++ ++#else ++ ++SKIP_MAIN_UNDEFINED("__NR_accept || __NR_socketcall") ++ ++#endif +Index: strace-6.3/tests/accept_compat.h +=================================================================== +--- strace-6.3.orig/tests/accept_compat.h ++++ /dev/null +@@ -1,32 +0,0 @@ +-/* +- * Copyright (c) 2018-2019 The strace developers. +- * All rights reserved. +- * +- * SPDX-License-Identifier: GPL-2.0-or-later +- */ +- +-#ifndef _STRACE_TESTS_ACCEPT_COMPAT_H_ +-# define _STRACE_TESTS_ACCEPT_COMPAT_H_ +- +-# include <unistd.h> +-# include <sys/socket.h> +-# include "scno.h" +- +-# if defined __NR_socketcall && defined __sparc__ +-/* +- * Work around the fact that +- * - glibc >= 2.26 uses accept4 syscall to implement accept() call on sparc; +- * - accept syscall had not been wired up on sparc until v4.4-rc8~4^2~1. +- */ +-static inline int +-do_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) +-{ +- const long args[] = { sockfd, (long) addr, (long) addrlen }; +- +- return syscall(__NR_socketcall, 5, args); +-} +-# else +-# define do_accept accept +-# endif +- +-#endif /* !_STRACE_TESTS_ACCEPT_COMPAT_H_ */ +Index: strace-6.3/tests/net-y-unix.c +=================================================================== +--- strace-6.3.orig/tests/net-y-unix.c ++++ strace-6.3/tests/net-y-unix.c +@@ -10,6 +10,7 @@ + + #include "tests.h" + #include <assert.h> ++#include <fcntl.h> + #include <stddef.h> + #include <stdio.h> + #include <stdlib.h> +@@ -18,8 +19,6 @@ + #include <sys/socket.h> + #include <sys/un.h> + +-#include "accept_compat.h" +- + #define TEST_SOCKET "net-y-unix.socket" + + int +@@ -88,12 +87,12 @@ main(void) + struct sockaddr * const accept_sa = tail_alloc(sizeof(addr)); + memset(accept_sa, 0, sizeof(addr)); + *len = sizeof(addr); +- int accept_fd = do_accept(listen_fd, accept_sa, len); ++ int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC); + if (accept_fd < 0) + perror_msg_and_fail("accept"); + unsigned long accept_inode = inode_of_sockfd(accept_fd); +- printf("accept(%d<socket:[%lu]>, {sa_family=AF_UNIX}" +- ", [%d => %d]) = %d<socket:[%lu]>\n", ++ printf("accept4(%d<socket:[%lu]>, {sa_family=AF_UNIX}" ++ ", [%d => %d], SOCK_CLOEXEC) = %d<socket:[%lu]>\n", + listen_fd, listen_inode, + (int) sizeof(addr), (int) *len, + accept_fd, accept_inode); +@@ -160,14 +159,15 @@ main(void) + + memset(accept_sa, 0, sizeof(addr)); + *len = sizeof(addr); +- accept_fd = do_accept(listen_fd, accept_sa, len); ++ accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC); + if (accept_fd < 0) + perror_msg_and_fail("accept"); + accept_inode = inode_of_sockfd(accept_fd); + const char * const sun_path1 = + ((struct sockaddr_un *) accept_sa)->sun_path + 1; +- printf("accept(%d<socket:[%lu]>, {sa_family=AF_UNIX" +- ", sun_path=@\"%s\"}, [%d => %d]) = %d<socket:[%lu]>\n", ++ printf("accept4(%d<socket:[%lu]>, {sa_family=AF_UNIX" ++ ", sun_path=@\"%s\"}, [%d => %d], SOCK_CLOEXEC)" ++ " = %d<socket:[%lu]>\n", + listen_fd, listen_inode, sun_path1, + (int) sizeof(addr), (int) *len, + accept_fd, accept_inode); +Index: strace-6.3/tests/net-yy-inet.c +=================================================================== +--- strace-6.3.orig/tests/net-yy-inet.c ++++ strace-6.3/tests/net-yy-inet.c +@@ -10,6 +10,7 @@ + + #include "tests.h" + #include <assert.h> ++#include <fcntl.h> + #include <stddef.h> + #include <stdio.h> + #include <string.h> +@@ -19,8 +20,6 @@ + #include <netinet/tcp.h> + #include <arpa/inet.h> + +-#include "accept_compat.h" +- + #ifndef ADDR_FAMILY + # define ADDR_FAMILY_FIELD sin_family + # define ADDR_FAMILY AF_INET +@@ -104,14 +103,15 @@ main(void) + struct sockaddr * const accept_sa = tail_alloc(sizeof(addr)); + memset(accept_sa, 0, sizeof(addr)); + *len = sizeof(addr); +- const int accept_fd = do_accept(listen_fd, accept_sa, len); ++ const int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC); + if (accept_fd < 0) + perror_msg_and_fail("accept"); + const unsigned int connect_port = + ntohs(((struct SOCKADDR_TYPE *) accept_sa)->INPORT); +- printf("accept(%d<" TCP_STR ":[" LOOPBACK ":%u]>, {sa_family=" AF_STR +- ", " INPORT_STR "=htons(%u), " INADDR_STR SA_FIELDS "}" +- ", [%u]) = %d<" TCP_STR ":[" LOOPBACK ":%u->" LOOPBACK ":%u]>\n", ++ printf("accept4(%d<" TCP_STR ":[" LOOPBACK ":%u]>, {sa_family=" AF_STR ++ ", " INPORT_STR "=htons(%u), " INADDR_STR SA_FIELDS "}, [%u]" ++ ", SOCK_CLOEXEC) = %d<" TCP_STR ":[" LOOPBACK ":%u->" LOOPBACK ++ ":%u]>\n", + listen_fd, listen_port, connect_port, (unsigned) *len, + accept_fd, listen_port, connect_port); + +Index: strace-6.3/tests/net-yy-unix.c +=================================================================== +--- strace-6.3.orig/tests/net-yy-unix.c ++++ strace-6.3/tests/net-yy-unix.c +@@ -10,6 +10,7 @@ + + #include "tests.h" + #include <assert.h> ++#include <fcntl.h> + #include <stddef.h> + #include <stdio.h> + #include <stdlib.h> +@@ -22,8 +23,6 @@ + # include "xmalloc.h" + #endif + +-#include "accept_compat.h" +- + #define TEST_SOCKET "net-yy-unix.socket" + + int +@@ -112,12 +111,12 @@ main(void) + struct sockaddr * const accept_sa = tail_alloc(sizeof(addr)); + memset(accept_sa, 0, sizeof(addr)); + *len = sizeof(addr); +- int accept_fd = do_accept(listen_fd, accept_sa, len); ++ int accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC); + if (accept_fd < 0) + perror_msg_and_fail("accept"); + unsigned long accept_inode = inode_of_sockfd(accept_fd); +- printf("accept(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX}" +- ", [%d => %d]) = %d<%s:[%lu->%lu,\"%s\"]>\n", ++ printf("accept4(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX}" ++ ", [%d => %d], SOCK_CLOEXEC) = %d<%s:[%lu->%lu,\"%s\"]>\n", + listen_fd, sock_proto_name, listen_inode, TEST_SOCKET, + (int) sizeof(addr), (int) *len, + accept_fd, sock_proto_name, accept_inode, connect_inode, +@@ -191,14 +190,15 @@ main(void) + + memset(accept_sa, 0, sizeof(addr)); + *len = sizeof(addr); +- accept_fd = do_accept(listen_fd, accept_sa, len); ++ accept_fd = accept4(listen_fd, accept_sa, len, O_CLOEXEC); + if (accept_fd < 0) + perror_msg_and_fail("accept"); + accept_inode = inode_of_sockfd(accept_fd); + const char * const sun_path1 = + ((struct sockaddr_un *) accept_sa)->sun_path + 1; +- printf("accept(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX" +- ", sun_path=@\"%s\"}, [%d => %d]) = %d<%s:[%lu->%lu,\"%s\"]>\n", ++ printf("accept4(%d<%s:[%lu,\"%s\"]>, {sa_family=AF_UNIX" ++ ", sun_path=@\"%s\"}, [%d => %d], SOCK_CLOEXEC)" ++ " = %d<%s:[%lu->%lu,\"%s\"]>\n", + listen_fd, sock_proto_name, listen_inode, TEST_SOCKET, + sun_path1, (int) sizeof(addr), (int) *len, + accept_fd, sock_proto_name, accept_inode, connect_inode, diff --git a/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch b/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch new file mode 100644 index 0000000000..b4c6ff99de --- /dev/null +++ b/poky/meta/recipes-devtools/strace/strace/3bbfb541b258baec9eba674b5d8dc30007a61542.patch @@ -0,0 +1,50 @@ +From 3bbfb541b258baec9eba674b5d8dc30007a61542 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Wed, 21 Jun 2023 08:00:00 +0000 +Subject: [PATCH] net: enhance getsockopt decoding + +When getsockopt syscall fails the kernel sometimes updates the optlen +argument, for example, NETLINK_LIST_MEMBERSHIPS updates it even if +optval is not writable. + +* src/net.c (SYS_FUNC(getsockopt)): Try to fetch and print optlen +argument on exiting syscall regardless of getsockopt exit status. + +Upstream-Status: Backport +--- + src/net.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/net.c b/src/net.c +index f68ccb947..7244b5e57 100644 +--- a/src/net.c ++++ b/src/net.c +@@ -1038,7 +1038,7 @@ SYS_FUNC(getsockopt) + } else { + ulen = get_tcb_priv_ulong(tcp); + +- if (syserror(tcp) || umove(tcp, tcp->u_arg[4], &rlen) < 0) { ++ if (umove(tcp, tcp->u_arg[4], &rlen) < 0) { + /* optval */ + printaddr(tcp->u_arg[3]); + tprint_arg_next(); +@@ -1047,6 +1047,19 @@ SYS_FUNC(getsockopt) + tprint_indirect_begin(); + PRINT_VAL_D(ulen); + tprint_indirect_end(); ++ } else if (syserror(tcp)) { ++ /* optval */ ++ printaddr(tcp->u_arg[3]); ++ tprint_arg_next(); ++ ++ /* optlen */ ++ tprint_indirect_begin(); ++ if (ulen != rlen) { ++ PRINT_VAL_D(ulen); ++ tprint_value_changed(); ++ } ++ PRINT_VAL_D(rlen); ++ tprint_indirect_end(); + } else { + /* optval */ + print_getsockopt(tcp, tcp->u_arg[1], tcp->u_arg[2], diff --git a/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch b/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch new file mode 100644 index 0000000000..a0843836c2 --- /dev/null +++ b/poky/meta/recipes-devtools/strace/strace/f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch @@ -0,0 +1,50 @@ +From f31c2f4494779e5c5f170ad10539bfc2dfafe967 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Sat, 24 Jun 2023 08:00:00 +0000 +Subject: [PATCH] tests: update sockopt-sol_netlink test + +Update sockopt-sol_netlink test that started to fail, likely +due to recent linux kernel commit f4e4534850a9 ("net/netlink: fix +NETLINK_LIST_MEMBERSHIPS length report"). + +* tests/sockopt-sol_netlink.c (main): Always print changing optlen value +on exiting syscall. + +Reported-by: Alexander Gordeev <agordeev@linux.ibm.com> +--- + tests/sockopt-sol_netlink.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +Upstream-Status: Backport + +diff --git a/tests/sockopt-sol_netlink.c b/tests/sockopt-sol_netlink.c +index 82b98adc23..1c33219ac5 100644 +--- a/tests/sockopt-sol_netlink.c ++++ b/tests/sockopt-sol_netlink.c +@@ -94,7 +94,10 @@ main(void) + printf("%p", val); + else + printf("[%d]", *val); +- printf(", [%d]) = %s\n", *len, errstr); ++ printf(", [%d", (int) sizeof(*val)); ++ if ((int) sizeof(*val) != *len) ++ printf(" => %d", *len); ++ printf("]) = %s\n", errstr); + + /* optlen larger than necessary - shortened */ + *len = sizeof(*val) + 1; +@@ -150,8 +153,12 @@ main(void) + /* optval EFAULT - print address */ + *len = sizeof(*val); + get_sockopt(fd, names[i].val, efault, len); +- printf("getsockopt(%d, SOL_NETLINK, %s, %p, [%d]) = %s\n", +- fd, names[i].str, efault, *len, errstr); ++ printf("getsockopt(%d, SOL_NETLINK, %s, %p", ++ fd, names[i].str, efault); ++ printf(", [%d", (int) sizeof(*val)); ++ if ((int) sizeof(*val) != *len) ++ printf(" => %d", *len); ++ printf("]) = %s\n", errstr); + + /* optlen EFAULT - print address */ + get_sockopt(fd, names[i].val, val, len + 1); diff --git a/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch b/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch deleted file mode 100644 index 5741bf8672..0000000000 --- a/poky/meta/recipes-devtools/strace/strace/skip-sockopt-test.patch +++ /dev/null @@ -1,37 +0,0 @@ -Upstream-Status: Inappropriate [avoid this test until fixed by upstream] - -Reported at https://github.com/strace/strace/issues/257 - -root@qemux86-64:/usr/lib/strace/ptest/tests# make sockopt-sol_netlink.gen.log -FAIL: sockopt-sol_netlink.gen.test - -#root@qemux86-64:/usr/lib/strace/ptest/tests# diff sockopt-sol_netlink.dir/exp sockopt-sol_netlink.dir/out -#--- sockopt-sol_netlink.dir/exp -#+++ sockopt-sol_netlink.dir/out -#@@ -86,11 +86,11 @@ - setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a802ffc, -1) = -1 EINVAL (Invalid argument) - setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a802ffc, 3) = 0 - setsockopt(3, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, 0x7fa18a803000, 4) = -1 EFAULT (Bad address) --getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [8]) = 0 -+getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [4 => 8]) = 0 - getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [0], [5 => 8]) = 0 - getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, NULL, [0 => 8]) = 0 - getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [], [3 => 8]) = 0 --getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a803000, [8]) = -1 EFAULT (Bad address) -+getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a803000, [4]) = -1 EFAULT (Bad address) - getsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, 0x7fa18a802ffc, 0x7fa18a7fd000) = -1 EFAULT (Bad address) - setsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [233811181], 4) = -1 ENOPROTOOPT (Protocol not available) - setsockopt(3, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, [233811181], 5) = -1 ENOPROTOOPT (Protocol not available) - - - -Index: strace-6.3/tests/sockopt-sol_netlink.gen.test -=================================================================== ---- strace-6.3.orig/tests/sockopt-sol_netlink.gen.test -+++ strace-6.3/tests/sockopt-sol_netlink.gen.test -@@ -1,4 +1,5 @@ - #!/bin/sh -efu - # Generated by ./tests/gen_tests.sh from ./tests/gen_tests.in (sockopt-sol_netlink -e trace=getsockopt,setsockopt); do not edit. - . "${srcdir=.}/init.sh" -+skip_ "Test failing after system upgrades, wait for upstream fixes" - run_strace_match_diff -e trace=getsockopt,setsockopt diff --git a/poky/meta/recipes-devtools/strace/strace_6.3.bb b/poky/meta/recipes-devtools/strace/strace_6.3.bb index 7ba9fcc468..a47cc71724 100644 --- a/poky/meta/recipes-devtools/strace/strace_6.3.bb +++ b/poky/meta/recipes-devtools/strace/strace_6.3.bb @@ -14,7 +14,9 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \ file://skip-load.patch \ file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \ file://0002-tests-Replace-off64_t-with-off_t.patch \ - file://skip-sockopt-test.patch \ + file://00ace1392f5bd289239b755458dcdeeed69af1da.patch \ + file://f31c2f4494779e5c5f170ad10539bfc2dfafe967.patch \ + file://3bbfb541b258baec9eba674b5d8dc30007a61542.patch \ " SRC_URI[sha256sum] = "e17878e301506c1cc301611118ad14efee7f8bcef63b27ace5d290acce7bb731" diff --git a/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb index 982f370edb..91fc81352e 100644 --- a/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb +++ b/poky/meta/recipes-devtools/tcltk/tcl_8.6.13.bb @@ -29,10 +29,6 @@ SRC_URI[sha256sum] = "c61f0d6699e2bc7691f119b41963aaa8dc980f23532c4e937739832a5f SRC_URI:class-native = "${BASE_SRC_URI}" -# Upstream don't believe this is an exploitable issue -# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7 -CVE_CHECK_IGNORE += "CVE-2021-35331" - UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html" UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src" diff --git a/poky/meta/recipes-extended/acpica/acpica_20230331.bb b/poky/meta/recipes-extended/acpica/acpica_20230628.bb index 01b8833f50..06db99cef5 100644 --- a/poky/meta/recipes-extended/acpica/acpica_20230331.bb +++ b/poky/meta/recipes-extended/acpica/acpica_20230628.bb @@ -17,7 +17,7 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "m4-native flex-native bison-native" SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz" -SRC_URI[sha256sum] = "0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2" +SRC_URI[sha256sum] = "86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce" UPSTREAM_CHECK_URI = "https://acpica.org/downloads" diff --git a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb index 4182372057..c5d3e04ed5 100644 --- a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb +++ b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb @@ -4,7 +4,7 @@ DESCRIPTION = "These are introductory examples to showcase the use of QEMU to ru LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=39346640a23c701e4f459e05f56f4449" -SRCREV = "ea7f59b02467ed1fb36c3b4c6d5cabe702df26ec" +SRCREV = "fc7c43d138185028b6ac14c83f6492fce26eca95" PV = "0.1+git${SRCPV}" SRC_URI = "git://github.com/ahcbb6/baremetal-helloqemu.git;protocol=https;branch=master" diff --git a/poky/meta/recipes-extended/cpio/cpio_2.14.bb b/poky/meta/recipes-extended/cpio/cpio_2.14.bb index e55fb70cb1..560038d2a6 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.14.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.14.bb @@ -16,8 +16,7 @@ SRC_URI[sha256sum] = "145a340fd9d55f0b84779a44a12d5f79d77c99663967f8cfa168d7905c inherit autotools gettext texinfo ptest -# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us -CVE_CHECK_IGNORE += "CVE-2010-4226" +CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS" EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" @@ -66,7 +65,7 @@ do_install_ptest_base:append() { # The tests need to run as a non-root user, so pull in the ptest user DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' ptest-runner', '', d)}" -PACKAGE_WRITE_DEPS += "ptest-runner" +PACKAGE_WRITE_DEPS:append:class-target = " ${MLPREFIX}ptest-runner" RDEPENDS:${PN}-ptest += "ptest-runner" diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index d77758fd3f..36feaddcf8 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -15,19 +15,15 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ - file://CVE-2023-32324.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" -# Issue only applies to MacOS -CVE_CHECK_IGNORE += "CVE-2008-1033" -# Issue affects pdfdistiller plugin used with but not part of cups -CVE_CHECK_IGNORE += "CVE-2009-0032" -# This is an Ubuntu only issue. -CVE_CHECK_IGNORE += "CVE-2018-6553" -# This is fixed in 2.4.2 but the cve-check class still reports it -CVE_CHECK_IGNORE += "CVE-2022-26691" +CVE_STATUS[CVE-2008-1033] = "not-applicable-platform: Issue only applies to MacOS" +CVE_STATUS[CVE-2009-0032] = "cpe-incorrect: Issue affects pdfdistiller plugin used with but not part of cups" +CVE_STATUS[CVE-2018-6553] = "not-applicable-platform: This is an Ubuntu only issue" +CVE_STATUS[CVE-2022-26691] = "fixed-version: This is fixed in 2.4.2 but the cve-check class still reports it" +CVE_STATUS[CVE-2021-25317] = "not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply." LEAD_SONAME = "libcupsdriver.so" @@ -115,7 +111,3 @@ SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess" cups_sysroot_preprocess () { sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:' } - -# -25317 concerns /var/log/cups having lp ownership. Our /var/log/cups is -# root:root, so this doesn't apply. -CVE_CHECK_IGNORE += "CVE-2021-25317" diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch deleted file mode 100644 index 40b89c9899..0000000000 --- a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal <zdohnal@redhat.com> -Date: Thu, 1 Jun 2023 12:04:00 +0200 -Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324) - -CVE: CVE-2023-32324 -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589] - -(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e) -Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> ---- - cups/string.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/cups/string.c b/cups/string.c -index 93cdad19..6ef58515 100644 ---- a/cups/string.c -+++ b/cups/string.c -@@ -1,6 +1,7 @@ - /* - * String functions for CUPS. - * -+ * Copyright © 2023 by OpenPrinting. - * Copyright © 2007-2019 by Apple Inc. - * Copyright © 1997-2007 by Easy Software Products. - * -@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ - size_t srclen; /* Length of source string */ - - -+ if (size == 0) -+ return (0); -+ - /* - * Figure out how much room is needed... - */ diff --git a/poky/meta/recipes-extended/cups/cups_2.4.2.bb b/poky/meta/recipes-extended/cups/cups_2.4.6.bb index f5ca749bac..58029fdbd4 100644 --- a/poky/meta/recipes-extended/cups/cups_2.4.2.bb +++ b/poky/meta/recipes-extended/cups/cups_2.4.6.bb @@ -2,4 +2,4 @@ require cups.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908" +SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch index 8b88c308f2..32793233f9 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch +++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch @@ -1,4 +1,4 @@ -From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001 +From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001 From: Peiran Hong <peiran.hong@windriver.com> Date: Thu, 5 Sep 2019 15:42:22 -0400 Subject: [PATCH] Skip strip-trailing-cr test case @@ -12,23 +12,18 @@ Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Peiran Hong <peiran.hong@windriver.com> --- - tests/Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) + tests/Makefile.am | 1 - + 1 file changed, 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am -index d98df82..757ea52 100644 +index 79bacfb..4adb4d7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am -@@ -21,9 +21,11 @@ TESTS = \ +@@ -22,7 +22,6 @@ TESTS = \ stdin \ strcoll-0-names \ filename-quoting \ - strip-trailing-cr \ timezone \ - colors -+# Skipping this test since it requires valgrind -+# and thus is too heavy for diffutils package -+# strip-trailing-cr - - XFAIL_TESTS = large-subopt - + colors \ + y2038-vs-32bit diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb index 2bb9e6f32d..08e8305612 100644 --- a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb +++ b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb @@ -8,7 +8,7 @@ SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \ file://0001-Skip-strip-trailing-cr-test-case.patch \ " -SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1" +SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e" EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb index f03ebf4478..fdbdfb6502 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb @@ -18,9 +18,6 @@ DEPENDS = "tiff jpeg fontconfig cups libpng freetype zlib" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" -# We use a system libjpeg-turbo which has this fix -CVE_CHECK_IGNORE += "CVE-2013-6629" - def gs_verdir(v): return "".join(v.split(".")) @@ -30,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo file://avoid-host-contamination.patch \ " -SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce" +SRC_URI[sha256sum] = "a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" diff --git a/poky/meta/recipes-extended/iputils/iputils_20221126.bb b/poky/meta/recipes-extended/iputils/iputils_20221126.bb index cd5fe9bd3e..7d94271a64 100644 --- a/poky/meta/recipes-extended/iputils/iputils_20221126.bb +++ b/poky/meta/recipes-extended/iputils/iputils_20221126.bb @@ -17,9 +17,8 @@ S = "${WORKDIR}/git" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)" -# Fixed in 2000-10-10, but the versioning of iputils -# breaks the version order. -CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214" +CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order." +CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order." PACKAGECONFIG ??= "libcap" PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" diff --git a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb index d0afb3ca0a..f0e687c330 100644 --- a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb +++ b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb @@ -13,9 +13,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SECTION = "libs" DEPENDS += "libtirpc libnsl2" -PV = "3.1+git${SRCPV}" +PV = "3.2" -SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad" +SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59" SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \ " diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb index f55e0b0ed1..d466905426 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb @@ -14,8 +14,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3" -# Was fixed in 1.3.3rc1 so not present in 1.3.3 -CVE_CHECK_IGNORE += "CVE-2021-46828" +CVE_STATUS[CVE-2021-46828] = "fixed-version: fixed in 1.3.3rc1 so not present in 1.3.3" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb index f0755e3ae5..10a6149abc 100644 --- a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb +++ b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb @@ -16,8 +16,9 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \ SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516" -# These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used -CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" +CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE" +CVE_STATUS_RECIPE = "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550" +CVE_STATUS_RECIPE[status] = "not-applicable-platform: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}" diff --git a/poky/meta/recipes-extended/ltp/ltp_20230516.bb b/poky/meta/recipes-extended/ltp/ltp_20230516.bb index ddc6523e30..e9407d3148 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20230516.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20230516.bb @@ -93,6 +93,7 @@ RDEPENDS:${PN} = "\ e2fsprogs-mke2fs \ expect \ file \ + findutils \ gawk \ gdb \ gzip \ diff --git a/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch new file mode 100644 index 0000000000..cea435f83b --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch @@ -0,0 +1,148 @@ +From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:07 -0600 +Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container() + +Move the function up so that the function declaration is not necessary +and remove the unused arguments to the function. + +No functional changes are intended but will help with a bug fix in the +next patch. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 88 ++++++++++++++++++++++++----------------------------- + 1 file changed, 39 insertions(+), 49 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 3f304cd..65cf727 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -503,13 +503,6 @@ struct ddf_super { + static int load_super_ddf_all(struct supertype *st, int fd, + void **sbp, char *devname); + static int get_svd_state(const struct ddf_super *, const struct vcl *); +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose); + + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, +@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks, + return 1; + } + ++static int ++validate_geometry_ddf_container(struct supertype *st, ++ int level, int raiddisks, ++ unsigned long long data_offset, ++ char *dev, unsigned long long *freesize, ++ int verbose) ++{ ++ int fd; ++ unsigned long long ldsize; ++ ++ if (level != LEVEL_CONTAINER) ++ return 0; ++ if (!dev) ++ return 1; ++ ++ fd = dev_open(dev, O_RDONLY|O_EXCL); ++ if (fd < 0) { ++ if (verbose) ++ pr_err("ddf: Cannot open %s: %s\n", ++ dev, strerror(errno)); ++ return 0; ++ } ++ if (!get_dev_size(fd, dev, &ldsize)) { ++ close(fd); ++ return 0; ++ } ++ close(fd); ++ if (freesize) { ++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); ++ if (*freesize == 0) ++ return 0; ++ } ++ ++ return 1; ++} ++ + static int validate_geometry_ddf(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st, + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { + /* Must be a fresh device to add to a container */ +- return validate_geometry_ddf_container(st, level, layout, +- raiddisks, *chunk, +- size, data_offset, dev, +- freesize, +- verbose); ++ return validate_geometry_ddf_container(st, level, raiddisks, ++ data_offset, dev, ++ freesize, verbose); + } + + if (!dev) { +@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st, + return 1; + } + +-static int +-validate_geometry_ddf_container(struct supertype *st, +- int level, int layout, int raiddisks, +- int chunk, unsigned long long size, +- unsigned long long data_offset, +- char *dev, unsigned long long *freesize, +- int verbose) +-{ +- int fd; +- unsigned long long ldsize; +- +- if (level != LEVEL_CONTAINER) +- return 0; +- if (!dev) +- return 1; +- +- fd = dev_open(dev, O_RDONLY|O_EXCL); +- if (fd < 0) { +- if (verbose) +- pr_err("ddf: Cannot open %s: %s\n", +- dev, strerror(errno)); +- return 0; +- } +- if (!get_dev_size(fd, dev, &ldsize)) { +- close(fd); +- return 0; +- } +- close(fd); +- if (freesize) { +- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS); +- if (*freesize == 0) +- return 0; +- } +- +- return 1; +-} +- + static int validate_geometry_ddf_bvd(struct supertype *st, + int level, int layout, int raiddisks, + int *chunk, unsigned long long size, +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch new file mode 100644 index 0000000000..fafe88b49c --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch @@ -0,0 +1,56 @@ +From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:08 -0600 +Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in + validate_geometry_ddf() + +A relatively recent patch added a call to validate_geometry() in +Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL. + +This causes some ddf tests to segfault which aborts the test suite. + +To fix this, avoid dereferencing chunk when the level is +LEVEL_CONTAINER or LEVEL_NONE. + +Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container") +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + super-ddf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/super-ddf.c b/super-ddf.c +index 65cf727..3ef1293 100644 +--- a/super-ddf.c ++++ b/super-ddf.c +@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st, + * If given BVDs, we make an SVD, changing all the GUIDs in the process. + */ + +- if (*chunk == UnSet) +- *chunk = DEFAULT_CHUNK; +- + if (level == LEVEL_NONE) + level = LEVEL_CONTAINER; + if (level == LEVEL_CONTAINER) { +@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st, + freesize, verbose); + } + ++ if (*chunk == UnSet) ++ *chunk = DEFAULT_CHUNK; ++ + if (!dev) { + mdu_array_info_t array = { + .level = level, +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch new file mode 100644 index 0000000000..a954ab027a --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch @@ -0,0 +1,91 @@ +From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:09 -0600 +Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork + +The test 07reshape-grow fails most of the time. But it succeeds around +1 in 5 times. When it does succeed, it causes the tests to die because +mdadm has segfaulted. + +The segfault was caused by mdadm attempting to repoen a file +descriptor that was already closed. The backtrace of the segfault +was: + + #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101 + #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956 + #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0) + at util.c:1072 + #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079 + #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244 + #5 0x000056146e329f36 in start_array (mdfd=4, + mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860, + st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0, + bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5, + sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90, + clean=1, avail=0x56146fc78720 "\001\001\001\001\001", + start_partial_ok=0, err_ok=0, was_forced=0) + at Assemble.c:1206 + #6 0x000056146e32c36e in Assemble (st=0x56146fc78660, + mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70, + devlist=0x56146fc6e2d0, c=0x7ffc55342e90) + at Assemble.c:1914 + #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238) + at mdadm.c:1510 + +The file descriptor was closed early in Grow_continue(). The noted commit +moved the close() call to close the fd above the fork which caused the +parent process to return with a closed fd. + +This meant reshape_array() and Grow_continue() would return in the parent +with the fd forked. The fd would eventually be passed to reopen_mddev() +which returned an unhandled NULL from fd2devnm() which would then be +dereferenced in devnm2devid. + +Fix this by moving the close() call below the fork. This appears to +fix the 07revert-grow test. While we're at it, switch to using +close_fd() to invalidate the file descriptor. + +Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time") +Cc: Alex Wu <alexwu@synology.com> +Cc: BingJing Chang <bingjingc@synology.com> +Cc: Danny Shih <dannyshih@synology.com> +Cc: ChangSyun Peng <allenpeng@synology.com> +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + Grow.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Grow.c b/Grow.c +index 9c6fc95..a8e4e83 100644 +--- a/Grow.c ++++ b/Grow.c +@@ -3501,7 +3501,6 @@ started: + return 0; + } + +- close(fd); + /* Now we just need to kick off the reshape and watch, while + * handling backups of the data... + * This is all done by a forked background process. +@@ -3522,6 +3521,9 @@ started: + break; + } + ++ /* Close unused file descriptor in the forked process */ ++ close_fd(&fd); ++ + /* If another array on the same devices is busy, the + * reshape will wait for them. This would mean that + * the first section that we suspend will stay suspended +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch new file mode 100644 index 0000000000..72cb40f782 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch @@ -0,0 +1,42 @@ +From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:10 -0600 +Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks + +Not all struct superswitch implement a get_bad_blocks() function, +yet mdmon seems to call it without checking for NULL and thus +occasionally segfaults in the test 10ddf-geometry. + +Fix this by checking for NULL before calling it. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + monitor.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/monitor.c b/monitor.c +index afc3e50..8e43c0d 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi) + struct md_bb *bb; + int i; + ++ if (!ss->get_bad_blocks) ++ return -1; ++ + /* + * Get a list of bad blocks for an array, then read list of + * acknowledged bad blocks from kernel and compare it against metadata +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch new file mode 100644 index 0000000000..c55bfb125b --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch @@ -0,0 +1,128 @@ +From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:18 -0600 +Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures + +Add functionality to continue if a test marked as broken fails. + +To mark a test as broken, a file with the same name but with the suffix +'.broken' should exist. The first line in the file will be printed with +a KNOWN BROKEN message; the rest of the file can describe the how the +test is broken. + +Also adds --skip-broken and --skip-always-broken to skip all the tests +that have a .broken file or to skip all tests whose .broken file's first +line contains the keyword always. + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3 + +[OP: adjusted context for mdadm-4.2] +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + test | 37 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 35 insertions(+), 2 deletions(-) + +diff --git a/test b/test +index 8f189d9..ee8fba1 100755 +--- a/test ++++ b/test +@@ -10,6 +10,8 @@ devlist= + + savelogs=0 + exitonerror=1 ++ctrl_c_error=0 ++skipbroken=0 + prefix='[0-9][0-9]' + + # use loop devices by default if doesn't specify --dev +@@ -35,6 +37,7 @@ die() { + + ctrl_c() { + exitonerror=1 ++ ctrl_c_error=1 + } + + # mdadm always adds --quiet, and we want to see any unexpected messages +@@ -79,8 +82,21 @@ mdadm() { + do_test() { + _script=$1 + _basename=`basename $_script` ++ _broken=0 ++ + if [ -f "$_script" ] + then ++ if [ -f "${_script}.broken" ]; then ++ _broken=1 ++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n') ++ if [ "$skipbroken" == "all" ]; then ++ return ++ elif [ "$skipbroken" == "always" ] && ++ [[ "$_broken_msg" == *always* ]]; then ++ return ++ fi ++ fi ++ + rm -f $targetdir/stderr + # this might have been reset: restore the default. + echo 2000 > /proc/sys/dev/raid/speed_limit_max +@@ -97,10 +113,15 @@ do_test() { + else + save_log fail + _fail=1 ++ if [ "$_broken" == "1" ]; then ++ echo " (KNOWN BROKEN TEST: $_broken_msg)" ++ fi + fi + [ "$savelogs" == "1" ] && + mv -f $targetdir/log $logdir/$_basename.log +- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1 ++ [ "$ctrl_c_error" == "1" ] && exit 1 ++ [ "$_fail" == "1" -a "$exitonerror" == "1" \ ++ -a "$_broken" == "0" ] && exit 1 + fi + } + +@@ -117,6 +138,8 @@ do_help() { + --logdir=directory Directory to save all logfiles in + --save-logs Usually use with --logdir together + --keep-going | --no-error Don't stop on error, ie. run all tests ++ --skip-broken Skip tests that are known to be broken ++ --skip-always-broken Skip tests that are known to always fail + --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk + --disks= Provide a bunch of physical devices for test + --volgroup=name LVM volume group for LVM test +@@ -211,6 +234,12 @@ parse_args() { + --keep-going | --no-error ) + exitonerror=0 + ;; ++ --skip-broken ) ++ skipbroken=all ++ ;; ++ --skip-always-broken ) ++ skipbroken=always ++ ;; + --disable-multipath ) + unset MULTIPATH + ;; +@@ -275,7 +304,11 @@ main() { + if [ $script == "$testdir/11spare-migration" ];then + continue + fi +- do_test $script ++ case $script in ++ *.broken) ;; ++ *) ++ do_test $script ++ esac + done + fi + +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch new file mode 100644 index 0000000000..115b23bac5 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch @@ -0,0 +1,454 @@ +From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001 +From: Logan Gunthorpe <logang@deltatee.com> +Date: Wed, 22 Jun 2022 14:25:19 -0600 +Subject: [PATCH 6/6] tests: Add broken files for all broken tests + +Each broken file contains the rough frequency of brokeness as well +as a brief explanation of what happens when it breaks. Estimates +of failure rates are not statistically significant and can vary +run to run. + +This is really just a view from my window. Tests were done on a +small VM with the default loop devices, not real hardware. We've +seen different kernel configurations can cause bugs to appear as well +(ie. different block schedulers). It may also be that different race +conditions will be seen on machines with different performance +characteristics. + +These annotations were done with the kernel currently in md/md-next: + + facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()") + +Signed-off-by: Logan Gunthorpe <logang@deltatee.com> +Signed-off-by: Jes Sorensen <jes@trained-monkey.org> + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + tests/01r5integ.broken | 7 ++++ + tests/01raid6integ.broken | 7 ++++ + tests/04r5swap.broken | 7 ++++ + tests/07autoassemble.broken | 8 ++++ + tests/07autodetect.broken | 5 +++ + tests/07changelevelintr.broken | 9 +++++ + tests/07changelevels.broken | 9 +++++ + tests/07reshape5intr.broken | 45 ++++++++++++++++++++++ + tests/07revert-grow.broken | 31 +++++++++++++++ + tests/07revert-shrink.broken | 9 +++++ + tests/07testreshape5.broken | 12 ++++++ + tests/09imsm-assemble.broken | 6 +++ + tests/09imsm-create-fail-rebuild.broken | 5 +++ + tests/09imsm-overlap.broken | 7 ++++ + tests/10ddf-assemble-missing.broken | 6 +++ + tests/10ddf-fail-create-race.broken | 7 ++++ + tests/10ddf-fail-two-spares.broken | 5 +++ + tests/10ddf-incremental-wrong-order.broken | 9 +++++ + tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++ + tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++ + tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++ + tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++ + tests/19raid6auto-repair.broken | 5 +++ + tests/19raid6repair.broken | 5 +++ + 24 files changed, 226 insertions(+) + create mode 100644 tests/01r5integ.broken + create mode 100644 tests/01raid6integ.broken + create mode 100644 tests/04r5swap.broken + create mode 100644 tests/07autoassemble.broken + create mode 100644 tests/07autodetect.broken + create mode 100644 tests/07changelevelintr.broken + create mode 100644 tests/07changelevels.broken + create mode 100644 tests/07reshape5intr.broken + create mode 100644 tests/07revert-grow.broken + create mode 100644 tests/07revert-shrink.broken + create mode 100644 tests/07testreshape5.broken + create mode 100644 tests/09imsm-assemble.broken + create mode 100644 tests/09imsm-create-fail-rebuild.broken + create mode 100644 tests/09imsm-overlap.broken + create mode 100644 tests/10ddf-assemble-missing.broken + create mode 100644 tests/10ddf-fail-create-race.broken + create mode 100644 tests/10ddf-fail-two-spares.broken + create mode 100644 tests/10ddf-incremental-wrong-order.broken + create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken + create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken + create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken + create mode 100644 tests/19raid6auto-repair.broken + create mode 100644 tests/19raid6repair.broken + +diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken +new file mode 100644 +index 0000000..2073763 +--- /dev/null ++++ b/tests/01r5integ.broken +@@ -0,0 +1,7 @@ ++fails rarely ++ ++Fails about 1 in every 30 runs with a sha mismatch error: ++ ++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match ++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3 ++ missing +diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken +new file mode 100644 +index 0000000..1df735f +--- /dev/null ++++ b/tests/01raid6integ.broken +@@ -0,0 +1,7 @@ ++fails infrequently ++ ++Fails about 1 in 5 with a sha mismatch: ++ ++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match ++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and ++ /dev/loop3 missing +diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken +new file mode 100644 +index 0000000..e38987d +--- /dev/null ++++ b/tests/04r5swap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 has no superblock - assembly aborted ++ ++ ERROR: no recovery happening +diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken +new file mode 100644 +index 0000000..8be0940 +--- /dev/null ++++ b/tests/07autoassemble.broken +@@ -0,0 +1,8 @@ ++always fails ++ ++Prints lots of messages, but the array doesn't assemble. Error ++possibly related to: ++ ++ mdadm: /dev/md/1 is busy - skipping ++ mdadm: no recogniseable superblock on /dev/md/testing:0 ++ mdadm: /dev/md/2 is busy - skipping +diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken +new file mode 100644 +index 0000000..294954a +--- /dev/null ++++ b/tests/07autodetect.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ ERROR: no resync happening +diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken +new file mode 100644 +index 0000000..284b490 +--- /dev/null ++++ b/tests/07changelevelintr.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 56832 ++ ++ ERROR: no reshape happening +diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken +new file mode 100644 +index 0000000..9b930d9 +--- /dev/null ++++ b/tests/07changelevels.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata ++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata ++ ++ ERROR: /dev/md0 isn't a block device. +diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken +new file mode 100644 +index 0000000..efe52a6 +--- /dev/null ++++ b/tests/07reshape5intr.broken +@@ -0,0 +1,45 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex ++held") ++ ++The new error is simply: ++ ++ ERROR: no reshape happening ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails infrequently ++ ++Fails roughly 1 in 4 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: cannot re-read metadata from /dev/loop6 - aborting ++ ++ ERROR: no reshape happening ++ ++Also have seen a random deadlock: ++ ++ INFO: task mdadm:109702 blocked for more than 30 seconds. ++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040 ++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. ++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000 ++ Call Trace: ++ <TASK> ++ __schedule+0x67e/0x13b0 ++ schedule+0x82/0x110 ++ mddev_suspend+0x2e1/0x330 ++ suspend_lo_store+0xbd/0x140 ++ md_attr_store+0xcb/0x130 ++ sysfs_kf_write+0x89/0xb0 ++ kernfs_fop_write_iter+0x202/0x2c0 ++ new_sync_write+0x222/0x330 ++ vfs_write+0x3bc/0x4d0 ++ ksys_write+0xd9/0x180 ++ __x64_sys_write+0x43/0x50 ++ do_syscall_64+0x3b/0x90 ++ entry_SYSCALL_64_after_hwframe+0x44/0xae +diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken +new file mode 100644 +index 0000000..9b6db86 +--- /dev/null ++++ b/tests/07revert-grow.broken +@@ -0,0 +1,31 @@ ++always fails ++ ++This patch, recently added to md-next causes the test to always fail: ++ ++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held") ++ ++The errors are: ++ ++ mdadm: No active reshape to revert on /dev/loop0 ++ ERROR: active raid5 not found ++ ++Before the patch, the error seen is below. ++ ++-- ++ ++fails rarely ++ ++Fails about 1 in every 30 runs with errors: ++ ++ mdadm: Merging with already-assembled /dev/md/0 ++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory ++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument ++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument ++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it ++ (use --run to insist). ++ ++ grep: /sys/block/md*/md/sync_action: No such file or directory ++ ++ ERROR: active raid5 not found +diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken +new file mode 100644 +index 0000000..c33c39e +--- /dev/null ++++ b/tests/07revert-shrink.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ++ mdadm: this change will reduce the size of the array. ++ use --grow --array-size first to truncate array. ++ e.g. mdadm --grow /dev/md0 --array-size 53760 ++ ++ ERROR: active raid5 not found +diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken +new file mode 100644 +index 0000000..a8ce03e +--- /dev/null ++++ b/tests/07testreshape5.broken +@@ -0,0 +1,12 @@ ++always fails ++ ++Test seems to run 'test_stripe' at $dir directory, but $dir is never ++set. If $dir is adjusted to $PWD, the test still fails with: ++ ++ mdadm: /dev/loop2 is not suitable for this array. ++ mdadm: create aborted ++ ++ return 1 ++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile ++ ++ echo cmp failed ++ cmp failed ++ ++ exit 2 +diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken +new file mode 100644 +index 0000000..a6d4d5c +--- /dev/null ++++ b/tests/09imsm-assemble.broken +@@ -0,0 +1,6 @@ ++fails infrequently ++ ++Fails roughly 1 in 10 runs with errors: ++ ++ mdadm: /dev/loop2 is still in use, cannot remove. ++ /dev/loop2 removal from /dev/md/container should have succeeded +diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken +new file mode 100644 +index 0000000..40c4b29 +--- /dev/null ++++ b/tests/09imsm-create-fail-rebuild.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ **Error**: Array size mismatch - expected 3072, actual 16384 +diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken +new file mode 100644 +index 0000000..e7ccab7 +--- /dev/null ++++ b/tests/09imsm-overlap.broken +@@ -0,0 +1,7 @@ ++always fails ++ ++Fails with errors: ++ ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ **Error**: Offset mismatch - expected 15360, actual 0 ++ /dev/md/vol3 failed check +diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken +new file mode 100644 +index 0000000..bfd8d10 +--- /dev/null ++++ b/tests/10ddf-assemble-missing.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with errors: ++ ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 +diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken +new file mode 100644 +index 0000000..6c0df02 +--- /dev/null ++++ b/tests/10ddf-fail-create-race.broken +@@ -0,0 +1,7 @@ ++usually fails ++ ++Fails about 9 out of 10 times with many errors: ++ ++ mdadm: cannot open MISSING: No such file or directory ++ ERROR: non-degraded array found ++ ERROR: disk 0 not marked as failed in meta data +diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken +new file mode 100644 +index 0000000..eeea56d +--- /dev/null ++++ b/tests/10ddf-fail-two-spares.broken +@@ -0,0 +1,5 @@ ++fails infrequently ++ ++Fails roughly 1 in 3 with error: ++ ++ ERROR: /dev/md/vol1 should be optimal in meta data +diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken +new file mode 100644 +index 0000000..a5af3ba +--- /dev/null ++++ b/tests/10ddf-incremental-wrong-order.broken +@@ -0,0 +1,9 @@ ++always fails ++ ++Fails with errors: ++ ERROR: sha1sum of /dev/md/vol0 has changed ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10 ++ ERROR: unexpected number of online disks on /dev/loop10 ++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8 ++ ERROR: unexpected number of online disks on /dev/loop8 ++ ERROR: sha1sum of /dev/md/vol0 has changed +diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken +new file mode 100644 +index 0000000..4ef1d40 +--- /dev/null ++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with error: ++ ++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk") +diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..89cd4e5 +--- /dev/null ++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken +new file mode 100644 +index 0000000..a27399f +--- /dev/null ++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken +@@ -0,0 +1,5 @@ ++fails rarely ++ ++Fails about 1 run in 100 with message: ++ ++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0 +diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken +new file mode 100644 +index 0000000..aa1982e +--- /dev/null ++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken +@@ -0,0 +1,6 @@ ++always fails ++ ++Fails with error: ++ ++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token ++ is "chunk") +diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6auto-repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken +new file mode 100644 +index 0000000..e91a142 +--- /dev/null ++++ b/tests/19raid6repair.broken +@@ -0,0 +1,5 @@ ++always fails ++ ++Fails with: ++ ++ "should detect errors" +-- +2.39.1 + diff --git a/poky/meta/recipes-extended/mdadm/files/run-ptest b/poky/meta/recipes-extended/mdadm/files/run-ptest index fae8071d43..2380c322a9 100644 --- a/poky/meta/recipes-extended/mdadm/files/run-ptest +++ b/poky/meta/recipes-extended/mdadm/files/run-ptest @@ -2,6 +2,6 @@ mkdir -p /mdadm-testing-dir # make the test continue to execute even one fail -dir=. ./test --keep-going --disable-integrity +dir=. ./test --keep-going --disable-integrity --skip-broken rm -rf /mdadm-testing-dir/* diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb index 14de9d88c2..50d9548747 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb @@ -32,6 +32,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \ file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \ file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \ + file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \ + file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \ + file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \ + file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \ + file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \ + file://0006-tests-Add-broken-files-for-all-broken-tests.patch \ " SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d" @@ -101,10 +107,9 @@ do_install_ptest() { } RDEPENDS:${PN} += "bash" -RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs" +RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace" RRECOMMENDS:${PN}-ptest += " \ coreutils \ - util-linux \ kernel-module-loop \ kernel-module-linear \ kernel-module-raid0 \ diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb index 5e68a7ea92..b8c867161b 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "cf04c16b099b3d414db4b5b93fc5ed9d46aad564c81a352aa107a33964c356b8" +SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch new file mode 100644 index 0000000000..95c437df4f --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch @@ -0,0 +1,39 @@ +From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 1 Jul 2023 07:48:17 -0700 +Subject: [PATCH] examples: Replace use of termio.h with termios.h + +Fixes build with musl and makes it portable + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + examples/tty_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/examples/tty_conv.c b/examples/tty_conv.c +index 23f0684..db22500 100644 +--- a/examples/tty_conv.c ++++ b/examples/tty_conv.c +@@ -6,7 +6,8 @@ + #include <string.h> + #include <errno.h> + #include <unistd.h> +-#include <termio.h> ++#include <termios.h> ++#include <sys/ioctl.h> + #include <security/pam_appl.h> + + /*************************************** +@@ -16,7 +17,7 @@ + ***************************************/ + static void echoOff(int fd, int off) + { +- struct termio tty; ++ struct termios tty; + if (ioctl(fd, TCGETA, &tty) < 0) + { + fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); +-- +2.41.0 + diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch deleted file mode 100644 index 94dcb04f0a..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001 -From: Per Jessen <per@jessen.ch> -Date: Fri, 22 Apr 2022 18:15:36 +0200 -Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype - -When using scandir() to look for MOTD files to display, we wrongly -relied on all filesystems providing a filetype. This is a fix to divert -to lstat() when we have no filetype. To maintain MT safety, it isn't -possible to use lstat() in the scandir() filter function, so all of the -filtering has been moved to an additional loop after scanning all the -motd dirs. -Also, remove superfluous alphasort from scandir(), we are doing -a qsort() later. - -Resolves: https://github.com/linux-pam/linux-pam/issues/455 - -Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70] - -Signed-off-by: Per Jessen <per@jessen.ch> -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++------- - 1 file changed, 40 insertions(+), 9 deletions(-) - -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index 6ac8cba2..5ca486e4 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) - } - } - --static int filter_dirents(const struct dirent *d) --{ -- return (d->d_type == DT_REG || d->d_type == DT_LNK); --} -- - static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) - { -@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - - for (i = 0; i < num_motd_dirs; i++) { - int rv; -- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), -- filter_dirents, alphasort); -+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); - if (rv < 0) { - if (errno != ENOENT || report_missing) { - pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", -@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - if (dirscans_size_total == 0) - goto out; - -+ /* filter out unwanted names, directories, and complement data with lstat() */ -+ for (i = 0; i < num_motd_dirs; i++) { -+ struct dirent **d = dirscans[i]; -+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { -+ int rc; -+ char *fullpath; -+ struct stat s; -+ -+ switch(d[j]->d_type) { /* the filetype determines how to proceed */ -+ case DT_REG: /* regular files and */ -+ case DT_LNK: /* symlinks */ -+ continue; /* are good. */ -+ case DT_UNKNOWN: /* for file systems that do not provide */ -+ /* a filetype, we use lstat() */ -+ if (join_dir_strings(&fullpath, motd_dir_path_split[i], -+ d[j]->d_name) <= 0) -+ break; -+ rc = lstat(fullpath, &s); -+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ -+ if (rc != 0) /* if the lstat() somehow failed */ -+ break; -+ -+ if (S_ISREG(s.st_mode) || /* regular files and */ -+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ -+ break; -+ case DT_DIR: /* We don't want directories */ -+ default: /* nor anything else */ -+ break; -+ } -+ _pam_drop(d[j]); /* free memory */ -+ d[j] = NULL; /* indicate this one was dropped */ -+ dirscans_size_total--; -+ } -+ } -+ - /* Allocate space for all file names found in the directories, including duplicates. */ - if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); -@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - unsigned int j; - - for (j = 0; j < dirscans_sizes[i]; j++) { -- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -- i_dirnames++; -+ if (NULL != dirscans[i][j]) { -+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -+ i_dirnames++; -+ } - } - } - --- -2.39.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch b/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch deleted file mode 100644 index 40040a873a..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e8e8ccfd57e0274b431bc5717bf37c488285b07b Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Wed, 27 Oct 2021 10:30:46 +0800 -Subject: [PATCH] run-xtests.sh: check whether files exist - -Fixes: - # ./run-xtests.sh . tst-pam_access1 - mv: cannot stat '/etc/security/opasswd': No such file or directory - PASS: tst-pam_access1 - mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory - ================== - 1 tests passed - 0 tests not run - ================== - -Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/e8e8ccfd57e0274b431bc5717bf37c488285b07b] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - xtests/run-xtests.sh | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh -index 14f585d9..ff9a4dc1 100755 ---- a/xtests/run-xtests.sh -+++ b/xtests/run-xtests.sh -@@ -18,10 +18,12 @@ all=0 - - mkdir -p /etc/security - for config in access.conf group.conf time.conf limits.conf ; do -- cp /etc/security/$config /etc/security/$config-pam-xtests -+ [ -f "/etc/security/$config" ] && -+ mv /etc/security/$config /etc/security/$config-pam-xtests - install -m 644 "${SRCDIR}"/$config /etc/security/$config - done --mv /etc/security/opasswd /etc/security/opasswd-pam-xtests -+[ -f /etc/security/opasswd ] && -+ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests - - for testname in $XTESTS ; do - for cfg in "${SRCDIR}"/$testname*.pamd ; do -@@ -47,11 +49,15 @@ for testname in $XTESTS ; do - all=`expr $all + 1` - rm -f /etc/pam.d/$testname* - done --mv /etc/security/access.conf-pam-xtests /etc/security/access.conf --mv /etc/security/group.conf-pam-xtests /etc/security/group.conf --mv /etc/security/time.conf-pam-xtests /etc/security/time.conf --mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf --mv /etc/security/opasswd-pam-xtests /etc/security/opasswd -+ -+for config in access.conf group.conf time.conf limits.conf opasswd ; do -+ if [ -f "/etc/security/$config-pam-xtests" ]; then -+ mv /etc/security/$config-pam-xtests /etc/security/$config -+ else -+ rm -f /etc/security/$config -+ fi -+done -+ - if test "$failed" -ne 0; then - echo "===================" - echo "$failed of $all tests failed" --- -2.32.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch deleted file mode 100644 index e7bf03f9f7..0000000000 --- a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk <kukuk@suse.com> -Date: Thu, 24 Feb 2022 10:37:32 +0100 -Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf - -According to the manual page, the following entry is valid but does not -work: --:root:ALL EXCEPT localhost - -See https://bugzilla.suse.com/show_bug.cgi?id=1019866 - -Patched is based on PR#226 from Josef Moellers - -Upstream-Status: Backport -CVE: CVE-2022-28321 - -Reference to upstream patch: -[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f] - -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- - 1 file changed, 76 insertions(+), 19 deletions(-) - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 277192b..bca424f 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - if ((str_len = strlen(string)) > tok_len - && strcasecmp(tok, string + str_len - tok_len) == 0) - return YES; -- } else if (tok[tok_len - 1] == '.') { -+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ - struct addrinfo hint; - - memset (&hint, '\0', sizeof (hint)); -@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - return NO; - } - -- /* Assume network/netmask with an IP of a host. */ -+ /* Assume network/netmask, IP address or hostname. */ - return network_netmask_match(pamh, tok, string, item); - } - -@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. -- * "NONE" token matches NULL string. -+ * "NONE" token matches NULL string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ -@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - - /* network_netmask_match - match a string against one token - * where string is a hostname or ip (v4,v6) address and tok -- * represents either a single ip (v4,v6) address or a network/netmask -+ * represents either a hostname, a single ip (v4,v6) address -+ * or a network/netmask - */ - static int - network_netmask_match (pam_handle_t *pamh, -@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh, - char *netmask_ptr; - char netmask_string[MAXHOSTNAMELEN + 1]; - int addr_type; -+ struct addrinfo *ai = NULL; - - if (item->debug) -- pam_syslog (pamh, LOG_DEBUG, -+ pam_syslog (pamh, LOG_DEBUG, - "network_netmask_match: tok=%s, item=%s", tok, string); -+ - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) - { -@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh, - netmask_ptr = number_to_netmask(netmask, addr_type, - netmask_string, MAXHOSTNAMELEN); - } -- } -+ -+ /* -+ * Construct an addrinfo list from the IP address. -+ * This should not fail as the input is a correct IP address... -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) -+ { -+ return NO; -+ } -+ } - else -- /* NO, then check if it is only an addr */ -- if (isipaddr(tok, NULL, NULL) != YES) -+ { -+ /* -+ * It is either an IP address or a hostname. -+ * Let getaddrinfo sort everything out -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) - { -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); -+ - return NO; - } -+ netmask_ptr = NULL; -+ } - - if (isipaddr(string, NULL, NULL) != YES) - { -- /* Assume network/netmask with a name of a host. */ - struct addrinfo hint; - -+ /* Assume network/netmask with a name of a host. */ - memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = AI_CANONNAME; - hint.ai_family = AF_UNSPEC; - - if (item->gai_rv != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else if (!item->res && - (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else - { - struct addrinfo *runp = item->res; -+ struct addrinfo *runp1; - - while (runp != NULL) - { - char buf[INET6_ADDRSTRLEN]; - -- DIAG_PUSH_IGNORE_CAST_ALIGN; -- inet_ntop (runp->ai_family, -- runp->ai_family == AF_INET -- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr -- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, -- buf, sizeof (buf)); -- DIAG_POP_IGNORE_CAST_ALIGN; -+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } - -- if (are_addresses_equal(buf, tok, netmask_ptr)) -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) - { -- return YES; -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ if (runp->ai_family != runp1->ai_family) -+ continue; -+ -+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } -+ -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } - } - runp = runp->ai_next; - } - } - } - else -- return (are_addresses_equal(string, tok, netmask_ptr)); -+ { -+ struct addrinfo *runp1; -+ -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); -+ -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } -+ } -+ -+ freeaddrinfo(ai); - - return NO; - } --- -2.37.3 - diff --git a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb index bec47ab836..eafb5aae43 100644 --- a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb +++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -21,14 +21,12 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://pam.d/common-session-noninteractive \ file://pam.d/other \ file://libpam-xtests.patch \ - file://0001-run-xtests.sh-check-whether-files-exist.patch \ + file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \ file://run-ptest \ file://pam-volatiles.conf \ - file://CVE-2022-28321-0002.patch \ - file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \ " -SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d" +SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt" diff --git a/poky/meta/recipes-extended/procps/procps_4.0.3.bb b/poky/meta/recipes-extended/procps/procps_4.0.3.bb index cc3420df4e..dc0e957bda 100644 --- a/poky/meta/recipes-extended/procps/procps_4.0.3.bb +++ b/poky/meta/recipes-extended/procps/procps_4.0.3.bb @@ -72,10 +72,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } -# 'ps' isn't suitable for use as a security tool so whitelist this CVE. -# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 -CVE_CHECK_IGNORE += "CVE-2018-1121" - PROCPS_PACKAGES = "${PN}-lib \ ${PN}-ps \ ${PN}-sysctl" diff --git a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot index 8a68dd341a..09df77d2e7 100644 --- a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0 # # /etc/login.defs - Configuration control definitions for the shadow package. # diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/login b/poky/meta/recipes-extended/shadow/files/pam.d/login index b340058539..d39e09b1ea 100644 --- a/poky/meta/recipes-extended/shadow/files/pam.d/login +++ b/poky/meta/recipes-extended/shadow/files/pam.d/login @@ -57,10 +57,6 @@ auth optional pam_group.so # (Replaces the use of /etc/limits in old login) session required pam_limits.so -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - # Prints the motd upon succesful login # (Replaces the `MOTD_FILE' option in login.defs) session optional pam_motd.so diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index e05fa237a2..6580bd9166 100644 --- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" LICENSE = "BSD-3-Clause | Artistic-1.0" -LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" +LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed" DEPENDS = "base-passwd" diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index cf05a3af93..83e1a84769 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -65,14 +65,11 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-env \ pam-plugin-group \ pam-plugin-limits \ - pam-plugin-lastlog \ pam-plugin-motd \ pam-plugin-mail \ pam-plugin-shells \ pam-plugin-rootok" -PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog" - PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" diff --git a/poky/meta/recipes-extended/shadow/shadow_4.13.bb b/poky/meta/recipes-extended/shadow/shadow_4.13.bb index d1a3fd5593..4e55446312 100644 --- a/poky/meta/recipes-extended/shadow/shadow_4.13.bb +++ b/poky/meta/recipes-extended/shadow/shadow_4.13.bb @@ -6,9 +6,6 @@ BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p BBCLASSEXTEND = "native nativesdk" -# Severity is low and marked as closed and won't fix. # https://bugzilla.redhat.com/show_bug.cgi?id=884658 -CVE_CHECK_IGNORE += "CVE-2013-4235" - -# This is an issue for a different shadow -CVE_CHECK_IGNORE += "CVE-2016-15024" +CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix." +CVE_STATUS[CVE-2016-15024] = "cpe-incorrect: This is an issue for a different shadow" diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index 3051e9b5bc..a53663d086 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -39,8 +39,7 @@ UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" -# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source -CVE_CHECK_IGNORE += "CVE-2008-0888" +CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source" # exclude version 5.5.2 which triggers a false positive UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index c390fcf33c..72eb1ae067 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -18,7 +18,7 @@ SRCREV = "6a4af7786630ce48747d9687e2f18f45ea6684c4" S = "${WORKDIR}/git" # https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision -CVE_CHECK_IGNORE += "CVE-2013-4342" +CVE_STATUS[CVE-2013-4342] = "fixed-version: Fixed directly in git tree revision" inherit autotools update-rc.d systemd pkgconfig diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb index 82153131b4..3425e8eb7b 100644 --- a/poky/meta/recipes-extended/zip/zip_3.0.bb +++ b/poky/meta/recipes-extended/zip/zip_3.0.bb @@ -26,11 +26,8 @@ UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37" SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369" -# Disputed and also Debian doesn't consider a vulnerability -CVE_CHECK_IGNORE += "CVE-2018-13410" - -# Not for zip but for smart contract implementation for it -CVE_CHECK_IGNORE += "CVE-2018-13684" +CVE_STATUS[CVE-2018-13410] = "disputed: Disputed and also Debian doesn't consider a vulnerability" +CVE_STATUS[CVE-2018-13684] = "cpe-incorrect: Not for zip but for smart contract implementation for it" # zip.inc sets CFLAGS, but what Makefile actually uses is # CFLAGS_NOOPT. It will also force -O3 optimization, overriding diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb b/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb index ea22723a97..c97ede459d 100644 --- a/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb +++ b/poky/meta/recipes-gnome/epiphany/epiphany_43.1.bb @@ -38,3 +38,6 @@ PACKAGECONFIG[developer-mode] = "-Ddeveloper_mode=true,-Ddeveloper_mode=false" FILES:${PN} += "${datadir}/dbus-1 ${datadir}/gnome-shell/search-providers ${datadir}/metainfo" RDEPENDS:${PN} = "iso-codes adwaita-icon-theme gsettings-desktop-schemas" + +# ANGLE requires SSE support as of webkit 2.40.x on 32 bit x86 +COMPATIBLE_HOST:x86 = "${@bb.utils.contains_any('TUNE_FEATURES', 'core2 corei7', '.*', 'null', d)}" diff --git a/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb b/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb index 08e9899d00..6888c33d14 100644 --- a/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb +++ b/poky/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb @@ -33,4 +33,4 @@ RCONFLICTS:${PN} += "libnotify3" RREPLACES:${PN} += "libnotify3" # -7381 is specific to the NodeJS bindings -CVE_CHECK_IGNORE += "CVE-2013-7381" +CVE_STATUS[CVE-2013-7381] = "cpe-incorrect: The issue is specific to the NodeJS bindings" diff --git a/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc b/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc index d73d1ae693..8d790c32f8 100644 --- a/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc +++ b/poky/meta/recipes-gnome/librsvg/librsvg-crates.inc @@ -3,13 +3,18 @@ # from Cargo.lock SRC_URI += " \ crate://crates.io/adler/1.0.2 \ - crate://crates.io/aho-corasick/0.7.20 \ + crate://crates.io/aho-corasick/1.0.1 \ + crate://crates.io/android-tzdata/0.1.1 \ crate://crates.io/android_system_properties/0.1.5 \ crate://crates.io/anes/0.1.6 \ - crate://crates.io/anstyle/0.3.4 \ - crate://crates.io/anyhow/1.0.69 \ + crate://crates.io/anstream/0.3.2 \ + crate://crates.io/anstyle/1.0.0 \ + crate://crates.io/anstyle-parse/0.2.0 \ + crate://crates.io/anstyle-query/1.0.0 \ + crate://crates.io/anstyle-wincon/1.0.1 \ + crate://crates.io/anyhow/1.0.71 \ crate://crates.io/approx/0.5.1 \ - crate://crates.io/assert_cmd/2.0.10 \ + crate://crates.io/assert_cmd/2.0.11 \ crate://crates.io/atty/0.2.14 \ crate://crates.io/autocfg/1.1.0 \ crate://crates.io/base-x/0.2.11 \ @@ -17,44 +22,41 @@ SRC_URI += " \ crate://crates.io/bit-vec/0.6.3 \ crate://crates.io/bitflags/1.3.2 \ crate://crates.io/block/0.1.6 \ - crate://crates.io/bstr/1.3.0 \ - crate://crates.io/bumpalo/3.12.0 \ + crate://crates.io/bstr/1.5.0 \ + crate://crates.io/bumpalo/3.13.0 \ crate://crates.io/bytemuck/1.13.1 \ crate://crates.io/byteorder/1.4.3 \ crate://crates.io/cairo-rs/0.17.0 \ crate://crates.io/cairo-sys-rs/0.17.0 \ crate://crates.io/cast/0.3.0 \ crate://crates.io/cc/1.0.79 \ - crate://crates.io/cfg-expr/0.11.0 \ + crate://crates.io/cfg-expr/0.15.1 \ crate://crates.io/cfg-if/1.0.0 \ - crate://crates.io/chrono/0.4.24 \ - crate://crates.io/ciborium/0.2.0 \ - crate://crates.io/ciborium-io/0.2.0 \ - crate://crates.io/ciborium-ll/0.2.0 \ - crate://crates.io/clap/3.2.23 \ - crate://crates.io/clap/4.1.9 \ - crate://crates.io/clap_complete/4.1.5 \ - crate://crates.io/clap_derive/4.1.9 \ + crate://crates.io/chrono/0.4.25 \ + crate://crates.io/ciborium/0.2.1 \ + crate://crates.io/ciborium-io/0.2.1 \ + crate://crates.io/ciborium-ll/0.2.1 \ + crate://crates.io/clap/3.2.25 \ + crate://crates.io/clap/4.3.0 \ + crate://crates.io/clap_builder/4.3.0 \ + crate://crates.io/clap_complete/4.3.0 \ + crate://crates.io/clap_derive/4.3.0 \ crate://crates.io/clap_lex/0.2.4 \ - crate://crates.io/clap_lex/0.3.3 \ - crate://crates.io/codespan-reporting/0.11.1 \ + crate://crates.io/clap_lex/0.5.0 \ + crate://crates.io/colorchoice/1.0.0 \ crate://crates.io/const-cstr/0.3.0 \ crate://crates.io/const_fn/0.4.9 \ crate://crates.io/convert_case/0.4.0 \ - crate://crates.io/core-foundation-sys/0.8.3 \ + crate://crates.io/core-foundation-sys/0.8.4 \ crate://crates.io/crc32fast/1.3.2 \ crate://crates.io/criterion/0.4.0 \ crate://crates.io/criterion-plot/0.5.0 \ - crate://crates.io/crossbeam-channel/0.5.7 \ + crate://crates.io/crossbeam-channel/0.5.8 \ crate://crates.io/crossbeam-deque/0.8.3 \ crate://crates.io/crossbeam-epoch/0.9.14 \ crate://crates.io/crossbeam-utils/0.8.15 \ crate://crates.io/cssparser/0.29.6 \ crate://crates.io/cssparser-macros/0.6.0 \ - crate://crates.io/cxx/1.0.92 \ - crate://crates.io/cxx-build/1.0.92 \ - crate://crates.io/cxxbridge-flags/1.0.92 \ - crate://crates.io/cxxbridge-macro/1.0.92 \ crate://crates.io/data-url/0.2.0 \ crate://crates.io/derive_more/0.99.17 \ crate://crates.io/difflib/0.4.0 \ @@ -71,30 +73,32 @@ SRC_URI += " \ crate://crates.io/encoding-index-singlebyte/1.20141219.5 \ crate://crates.io/encoding-index-tradchinese/1.20141219.5 \ crate://crates.io/encoding_index_tests/0.1.4 \ - crate://crates.io/errno/0.2.8 \ + crate://crates.io/encoding_rs/0.8.32 \ + crate://crates.io/errno/0.3.1 \ crate://crates.io/errno-dragonfly/0.1.2 \ crate://crates.io/fastrand/1.9.0 \ - crate://crates.io/flate2/1.0.25 \ + crate://crates.io/fdeflate/0.3.0 \ + crate://crates.io/flate2/1.0.26 \ crate://crates.io/float-cmp/0.9.0 \ crate://crates.io/fnv/1.0.7 \ crate://crates.io/form_urlencoded/1.1.0 \ crate://crates.io/futf/0.1.5 \ - crate://crates.io/futures-channel/0.3.27 \ - crate://crates.io/futures-core/0.3.27 \ - crate://crates.io/futures-executor/0.3.27 \ - crate://crates.io/futures-io/0.3.27 \ - crate://crates.io/futures-macro/0.3.27 \ - crate://crates.io/futures-task/0.3.27 \ - crate://crates.io/futures-util/0.3.27 \ + crate://crates.io/futures-channel/0.3.28 \ + crate://crates.io/futures-core/0.3.28 \ + crate://crates.io/futures-executor/0.3.28 \ + crate://crates.io/futures-io/0.3.28 \ + crate://crates.io/futures-macro/0.3.28 \ + crate://crates.io/futures-task/0.3.28 \ + crate://crates.io/futures-util/0.3.28 \ crate://crates.io/fxhash/0.2.1 \ crate://crates.io/gdk-pixbuf/0.17.0 \ crate://crates.io/gdk-pixbuf-sys/0.17.0 \ crate://crates.io/getrandom/0.1.16 \ - crate://crates.io/getrandom/0.2.8 \ - crate://crates.io/gio/0.17.4 \ + crate://crates.io/getrandom/0.2.9 \ + crate://crates.io/gio/0.17.9 \ crate://crates.io/gio-sys/0.17.4 \ - crate://crates.io/glib/0.17.5 \ - crate://crates.io/glib-macros/0.17.5 \ + crate://crates.io/glib/0.17.9 \ + crate://crates.io/glib-macros/0.17.9 \ crate://crates.io/glib-sys/0.17.4 \ crate://crates.io/gobject-sys/0.17.4 \ crate://crates.io/half/1.8.2 \ @@ -103,36 +107,35 @@ SRC_URI += " \ crate://crates.io/hermit-abi/0.1.19 \ crate://crates.io/hermit-abi/0.2.6 \ crate://crates.io/hermit-abi/0.3.1 \ - crate://crates.io/iana-time-zone/0.1.53 \ - crate://crates.io/iana-time-zone-haiku/0.1.1 \ + crate://crates.io/iana-time-zone/0.1.56 \ + crate://crates.io/iana-time-zone-haiku/0.1.2 \ crate://crates.io/idna/0.3.0 \ - crate://crates.io/indexmap/1.9.2 \ + crate://crates.io/indexmap/1.9.3 \ crate://crates.io/instant/0.1.12 \ - crate://crates.io/io-lifetimes/1.0.7 \ - crate://crates.io/is-terminal/0.4.4 \ + crate://crates.io/io-lifetimes/1.0.11 \ + crate://crates.io/is-terminal/0.4.7 \ crate://crates.io/itertools/0.10.5 \ crate://crates.io/itoa/1.0.6 \ - crate://crates.io/js-sys/0.3.61 \ + crate://crates.io/js-sys/0.3.63 \ crate://crates.io/language-tags/0.3.2 \ crate://crates.io/lazy_static/1.4.0 \ - crate://crates.io/libc/0.2.140 \ + crate://crates.io/libc/0.2.144 \ crate://crates.io/libloading/0.7.4 \ - crate://crates.io/libm/0.2.6 \ - crate://crates.io/link-cplusplus/1.0.8 \ + crate://crates.io/libm/0.2.7 \ crate://crates.io/linked-hash-map/0.5.6 \ - crate://crates.io/linux-raw-sys/0.1.4 \ + crate://crates.io/linux-raw-sys/0.3.8 \ crate://crates.io/locale_config/0.3.0 \ crate://crates.io/lock_api/0.4.9 \ - crate://crates.io/log/0.4.17 \ + crate://crates.io/log/0.4.18 \ crate://crates.io/lopdf/0.29.0 \ crate://crates.io/mac/0.1.1 \ crate://crates.io/malloc_buf/0.0.6 \ crate://crates.io/markup5ever/0.11.0 \ crate://crates.io/matches/0.1.10 \ - crate://crates.io/matrixmultiply/0.3.2 \ + crate://crates.io/matrixmultiply/0.3.7 \ crate://crates.io/memchr/2.5.0 \ crate://crates.io/memoffset/0.8.0 \ - crate://crates.io/miniz_oxide/0.6.2 \ + crate://crates.io/miniz_oxide/0.7.1 \ crate://crates.io/nalgebra/0.32.2 \ crate://crates.io/nalgebra-macros/0.2.0 \ crate://crates.io/new_debug_unreachable/1.0.4 \ @@ -146,9 +149,9 @@ SRC_URI += " \ crate://crates.io/objc/0.2.7 \ crate://crates.io/objc-foundation/0.1.1 \ crate://crates.io/objc_id/0.1.1 \ - crate://crates.io/once_cell/1.17.1 \ + crate://crates.io/once_cell/1.17.2 \ crate://crates.io/oorandom/11.1.3 \ - crate://crates.io/os_str_bytes/6.4.1 \ + crate://crates.io/os_str_bytes/6.5.0 \ crate://crates.io/pango/0.17.4 \ crate://crates.io/pango-sys/0.17.0 \ crate://crates.io/pangocairo/0.17.0 \ @@ -168,27 +171,26 @@ SRC_URI += " \ crate://crates.io/phf_shared/0.10.0 \ crate://crates.io/pin-project-lite/0.2.9 \ crate://crates.io/pin-utils/0.1.0 \ - crate://crates.io/pkg-config/0.3.26 \ + crate://crates.io/pkg-config/0.3.27 \ crate://crates.io/plotters/0.3.4 \ crate://crates.io/plotters-backend/0.3.4 \ crate://crates.io/plotters-svg/0.3.3 \ - crate://crates.io/png/0.17.7 \ + crate://crates.io/png/0.17.8 \ crate://crates.io/pom/3.2.0 \ crate://crates.io/ppv-lite86/0.2.17 \ crate://crates.io/precomputed-hash/0.1.1 \ crate://crates.io/predicates/2.1.5 \ - crate://crates.io/predicates/3.0.1 \ + crate://crates.io/predicates/3.0.3 \ crate://crates.io/predicates-core/1.0.6 \ crate://crates.io/predicates-tree/1.0.9 \ crate://crates.io/proc-macro-crate/1.3.1 \ crate://crates.io/proc-macro-error/1.0.4 \ crate://crates.io/proc-macro-error-attr/1.0.4 \ crate://crates.io/proc-macro-hack/0.5.20+deprecated \ - crate://crates.io/proc-macro2/1.0.52 \ - crate://crates.io/proptest/1.1.0 \ + crate://crates.io/proc-macro2/1.0.59 \ + crate://crates.io/proptest/1.2.0 \ crate://crates.io/quick-error/1.2.3 \ - crate://crates.io/quick-error/2.0.1 \ - crate://crates.io/quote/1.0.26 \ + crate://crates.io/quote/1.0.28 \ crate://crates.io/rand/0.7.3 \ crate://crates.io/rand/0.8.5 \ crate://crates.io/rand_chacha/0.2.2 \ @@ -203,30 +205,33 @@ SRC_URI += " \ crate://crates.io/rayon-core/1.11.0 \ crate://crates.io/rctree/0.5.0 \ crate://crates.io/redox_syscall/0.2.16 \ - crate://crates.io/regex/1.7.1 \ + crate://crates.io/redox_syscall/0.3.5 \ + crate://crates.io/regex/1.8.3 \ crate://crates.io/regex-automata/0.1.10 \ - crate://crates.io/regex-syntax/0.6.28 \ + crate://crates.io/regex-syntax/0.6.29 \ + crate://crates.io/regex-syntax/0.7.2 \ crate://crates.io/rgb/0.8.36 \ crate://crates.io/rustc_version/0.2.3 \ crate://crates.io/rustc_version/0.4.0 \ - crate://crates.io/rustix/0.36.9 \ + crate://crates.io/rustix/0.37.19 \ crate://crates.io/rusty-fork/0.3.0 \ crate://crates.io/ryu/1.0.13 \ crate://crates.io/safe_arch/0.6.0 \ crate://crates.io/same-file/1.0.6 \ crate://crates.io/scopeguard/1.1.0 \ - crate://crates.io/scratch/1.0.5 \ crate://crates.io/selectors/0.24.0 \ crate://crates.io/semver/0.9.0 \ crate://crates.io/semver/1.0.17 \ crate://crates.io/semver-parser/0.7.0 \ - crate://crates.io/serde/1.0.156 \ - crate://crates.io/serde_derive/1.0.156 \ - crate://crates.io/serde_json/1.0.94 \ + crate://crates.io/serde/1.0.163 \ + crate://crates.io/serde_derive/1.0.163 \ + crate://crates.io/serde_json/1.0.96 \ + crate://crates.io/serde_spanned/0.6.2 \ crate://crates.io/servo_arc/0.2.0 \ crate://crates.io/sha1/0.6.1 \ crate://crates.io/sha1_smol/1.0.0 \ - crate://crates.io/simba/0.8.0 \ + crate://crates.io/simba/0.8.1 \ + crate://crates.io/simd-adler32/0.3.5 \ crate://crates.io/siphasher/0.3.10 \ crate://crates.io/slab/0.4.8 \ crate://crates.io/smallvec/1.10.0 \ @@ -240,72 +245,87 @@ SRC_URI += " \ crate://crates.io/string_cache_codegen/0.5.2 \ crate://crates.io/strsim/0.10.0 \ crate://crates.io/syn/1.0.109 \ - crate://crates.io/system-deps/6.0.3 \ - crate://crates.io/tempfile/3.4.0 \ + crate://crates.io/syn/2.0.18 \ + crate://crates.io/system-deps/6.1.0 \ + crate://crates.io/target-lexicon/0.12.7 \ + crate://crates.io/tempfile/3.5.0 \ crate://crates.io/tendril/0.4.3 \ - crate://crates.io/termcolor/1.2.0 \ crate://crates.io/termtree/0.4.1 \ crate://crates.io/textwrap/0.16.0 \ - crate://crates.io/thiserror/1.0.39 \ - crate://crates.io/thiserror-impl/1.0.39 \ + crate://crates.io/thiserror/1.0.40 \ + crate://crates.io/thiserror-impl/1.0.40 \ crate://crates.io/time/0.2.27 \ crate://crates.io/time-macros/0.1.1 \ crate://crates.io/time-macros-impl/0.1.2 \ crate://crates.io/tinytemplate/1.2.1 \ crate://crates.io/tinyvec/1.6.0 \ crate://crates.io/tinyvec_macros/0.1.1 \ - crate://crates.io/toml/0.5.11 \ - crate://crates.io/toml_datetime/0.6.1 \ - crate://crates.io/toml_edit/0.19.7 \ + crate://crates.io/toml/0.7.4 \ + crate://crates.io/toml_datetime/0.6.2 \ + crate://crates.io/toml_edit/0.19.10 \ crate://crates.io/typenum/1.16.0 \ crate://crates.io/unarray/0.1.4 \ - crate://crates.io/unicode-bidi/0.3.11 \ - crate://crates.io/unicode-ident/1.0.8 \ + crate://crates.io/unicode-bidi/0.3.13 \ + crate://crates.io/unicode-ident/1.0.9 \ crate://crates.io/unicode-normalization/0.1.22 \ - crate://crates.io/unicode-width/0.1.10 \ crate://crates.io/url/2.3.1 \ crate://crates.io/utf-8/0.7.6 \ + crate://crates.io/utf8parse/0.2.1 \ crate://crates.io/version-compare/0.1.1 \ crate://crates.io/version_check/0.9.4 \ crate://crates.io/wait-timeout/0.2.0 \ crate://crates.io/walkdir/2.3.3 \ crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \ crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \ - crate://crates.io/wasm-bindgen/0.2.84 \ - crate://crates.io/wasm-bindgen-backend/0.2.84 \ - crate://crates.io/wasm-bindgen-macro/0.2.84 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.84 \ - crate://crates.io/wasm-bindgen-shared/0.2.84 \ - crate://crates.io/web-sys/0.3.61 \ + crate://crates.io/wasm-bindgen/0.2.86 \ + crate://crates.io/wasm-bindgen-backend/0.2.86 \ + crate://crates.io/wasm-bindgen-macro/0.2.86 \ + crate://crates.io/wasm-bindgen-macro-support/0.2.86 \ + crate://crates.io/wasm-bindgen-shared/0.2.86 \ + crate://crates.io/web-sys/0.3.63 \ crate://crates.io/weezl/0.1.7 \ - crate://crates.io/wide/0.7.8 \ + crate://crates.io/wide/0.7.9 \ crate://crates.io/winapi/0.3.9 \ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ crate://crates.io/winapi-util/0.1.5 \ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ - crate://crates.io/windows-sys/0.42.0 \ + crate://crates.io/windows/0.48.0 \ crate://crates.io/windows-sys/0.45.0 \ + crate://crates.io/windows-sys/0.48.0 \ crate://crates.io/windows-targets/0.42.2 \ + crate://crates.io/windows-targets/0.48.0 \ crate://crates.io/windows_aarch64_gnullvm/0.42.2 \ + crate://crates.io/windows_aarch64_gnullvm/0.48.0 \ crate://crates.io/windows_aarch64_msvc/0.42.2 \ + crate://crates.io/windows_aarch64_msvc/0.48.0 \ crate://crates.io/windows_i686_gnu/0.42.2 \ + crate://crates.io/windows_i686_gnu/0.48.0 \ crate://crates.io/windows_i686_msvc/0.42.2 \ + crate://crates.io/windows_i686_msvc/0.48.0 \ crate://crates.io/windows_x86_64_gnu/0.42.2 \ + crate://crates.io/windows_x86_64_gnu/0.48.0 \ crate://crates.io/windows_x86_64_gnullvm/0.42.2 \ + crate://crates.io/windows_x86_64_gnullvm/0.48.0 \ crate://crates.io/windows_x86_64_msvc/0.42.2 \ - crate://crates.io/winnow/0.3.6 \ + crate://crates.io/windows_x86_64_msvc/0.48.0 \ + crate://crates.io/winnow/0.4.6 \ crate://crates.io/xml5ever/0.17.0 \ crate://crates.io/yeslogic-fontconfig-sys/4.0.1 \ " SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -SRC_URI[aho-corasick-0.7.20.sha256sum] = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac" +SRC_URI[aho-corasick-1.0.1.sha256sum] = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04" +SRC_URI[android-tzdata-0.1.1.sha256sum] = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" SRC_URI[anes-0.1.6.sha256sum] = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" -SRC_URI[anstyle-0.3.4.sha256sum] = "1ba0b55c2201aa802adb684e7963ce2c3191675629e7df899774331e3ac747cf" -SRC_URI[anyhow-1.0.69.sha256sum] = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800" +SRC_URI[anstream-0.3.2.sha256sum] = "0ca84f3628370c59db74ee214b3263d58f9aadd9b4fe7e711fd87dc452b7f163" +SRC_URI[anstyle-1.0.0.sha256sum] = "41ed9a86bf92ae6580e0a31281f65a1b1d867c0cc68d5346e2ae128dddfa6a7d" +SRC_URI[anstyle-parse-0.2.0.sha256sum] = "e765fd216e48e067936442276d1d57399e37bce53c264d6fefbe298080cb57ee" +SRC_URI[anstyle-query-1.0.0.sha256sum] = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +SRC_URI[anstyle-wincon-1.0.1.sha256sum] = "180abfa45703aebe0093f79badacc01b8fd4ea2e35118747e5811127f926e188" +SRC_URI[anyhow-1.0.71.sha256sum] = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8" SRC_URI[approx-0.5.1.sha256sum] = "cab112f0a86d568ea0e627cc1d6be74a1e9cd55214684db5561995f6dad897c6" -SRC_URI[assert_cmd-2.0.10.sha256sum] = "ec0b2340f55d9661d76793b2bfc2eb0e62689bd79d067a95707ea762afd5e9dd" +SRC_URI[assert_cmd-2.0.11.sha256sum] = "86d6b683edf8d1119fe420a94f8a7e389239666aa72e65495d91c00462510151" SRC_URI[atty-0.2.14.sha256sum] = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" SRC_URI[base-x-0.2.11.sha256sum] = "4cbbc9d0964165b47557570cce6c952866c2678457aca742aafc9fb771d30270" @@ -313,44 +333,41 @@ SRC_URI[bit-set-0.5.3.sha256sum] = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0 SRC_URI[bit-vec-0.6.3.sha256sum] = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" SRC_URI[block-0.1.6.sha256sum] = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a" -SRC_URI[bstr-1.3.0.sha256sum] = "5ffdb39cb703212f3c11973452c2861b972f757b021158f3516ba10f2fa8b2c1" -SRC_URI[bumpalo-3.12.0.sha256sum] = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" +SRC_URI[bstr-1.5.0.sha256sum] = "a246e68bb43f6cd9db24bea052a53e40405417c5fb372e3d1a8a7f770a564ef5" +SRC_URI[bumpalo-3.13.0.sha256sum] = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" SRC_URI[bytemuck-1.13.1.sha256sum] = "17febce684fd15d89027105661fec94afb475cb995fbc59d2865198446ba2eea" SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" SRC_URI[cairo-rs-0.17.0.sha256sum] = "a8af54f5d48af1226928adc1f57edd22f5df1349e7da1fc96ae15cf43db0e871" SRC_URI[cairo-sys-rs-0.17.0.sha256sum] = "f55382a01d30e5e53f185eee269124f5e21ab526595b872751278dfbb463594e" SRC_URI[cast-0.3.0.sha256sum] = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" -SRC_URI[cfg-expr-0.11.0.sha256sum] = "b0357a6402b295ca3a86bc148e84df46c02e41f41fef186bda662557ef6328aa" +SRC_URI[cfg-expr-0.15.1.sha256sum] = "c8790cf1286da485c72cf5fc7aeba308438800036ec67d89425924c4807268c9" SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" -SRC_URI[chrono-0.4.24.sha256sum] = "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b" -SRC_URI[ciborium-0.2.0.sha256sum] = "b0c137568cc60b904a7724001b35ce2630fd00d5d84805fbb608ab89509d788f" -SRC_URI[ciborium-io-0.2.0.sha256sum] = "346de753af073cc87b52b2083a506b38ac176a44cfb05497b622e27be899b369" -SRC_URI[ciborium-ll-0.2.0.sha256sum] = "213030a2b5a4e0c0892b6652260cf6ccac84827b83a85a534e178e3906c4cf1b" -SRC_URI[clap-3.2.23.sha256sum] = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5" -SRC_URI[clap-4.1.9.sha256sum] = "9a9d6ada83c1edcce028902ea27dd929069c70df4c7600b131b4d9a1ad2879cc" -SRC_URI[clap_complete-4.1.5.sha256sum] = "37686beaba5ac9f3ab01ee3172f792fc6ffdd685bfb9e63cfef02c0571a4e8e1" -SRC_URI[clap_derive-4.1.9.sha256sum] = "fddf67631444a3a3e3e5ac51c36a5e01335302de677bd78759eaa90ab1f46644" +SRC_URI[chrono-0.4.25.sha256sum] = "fdbc37d37da9e5bce8173f3a41b71d9bf3c674deebbaceacd0ebdabde76efb03" +SRC_URI[ciborium-0.2.1.sha256sum] = "effd91f6c78e5a4ace8a5d3c0b6bfaec9e2baaef55f3efc00e45fb2e477ee926" +SRC_URI[ciborium-io-0.2.1.sha256sum] = "cdf919175532b369853f5d5e20b26b43112613fd6fe7aee757e35f7a44642656" +SRC_URI[ciborium-ll-0.2.1.sha256sum] = "defaa24ecc093c77630e6c15e17c51f5e187bf35ee514f4e2d67baaa96dae22b" +SRC_URI[clap-3.2.25.sha256sum] = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123" +SRC_URI[clap-4.3.0.sha256sum] = "93aae7a4192245f70fe75dd9157fc7b4a5bf53e88d30bd4396f7d8f9284d5acc" +SRC_URI[clap_builder-4.3.0.sha256sum] = "4f423e341edefb78c9caba2d9c7f7687d0e72e89df3ce3394554754393ac3990" +SRC_URI[clap_complete-4.3.0.sha256sum] = "a04ddfaacc3bc9e6ea67d024575fafc2a813027cf374b8f24f7bc233c6b6be12" +SRC_URI[clap_derive-4.3.0.sha256sum] = "191d9573962933b4027f932c600cd252ce27a8ad5979418fe78e43c07996f27b" SRC_URI[clap_lex-0.2.4.sha256sum] = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" -SRC_URI[clap_lex-0.3.3.sha256sum] = "033f6b7a4acb1f358c742aaca805c939ee73b4c6209ae4318ec7aca81c42e646" -SRC_URI[codespan-reporting-0.11.1.sha256sum] = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e" +SRC_URI[clap_lex-0.5.0.sha256sum] = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b" +SRC_URI[colorchoice-1.0.0.sha256sum] = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" SRC_URI[const-cstr-0.3.0.sha256sum] = "ed3d0b5ff30645a68f35ece8cea4556ca14ef8a1651455f789a099a0513532a6" SRC_URI[const_fn-0.4.9.sha256sum] = "fbdcdcb6d86f71c5e97409ad45898af11cbc995b4ee8112d59095a28d376c935" SRC_URI[convert_case-0.4.0.sha256sum] = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" -SRC_URI[core-foundation-sys-0.8.3.sha256sum] = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" +SRC_URI[core-foundation-sys-0.8.4.sha256sum] = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" SRC_URI[criterion-0.4.0.sha256sum] = "e7c76e09c1aae2bc52b3d2f29e13c6572553b30c4aa1b8a49fd70de6412654cb" SRC_URI[criterion-plot-0.5.0.sha256sum] = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" -SRC_URI[crossbeam-channel-0.5.7.sha256sum] = "cf2b3e8478797446514c91ef04bafcb59faba183e621ad488df88983cc14128c" +SRC_URI[crossbeam-channel-0.5.8.sha256sum] = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200" SRC_URI[crossbeam-deque-0.8.3.sha256sum] = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" SRC_URI[crossbeam-epoch-0.9.14.sha256sum] = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695" SRC_URI[crossbeam-utils-0.8.15.sha256sum] = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" SRC_URI[cssparser-0.29.6.sha256sum] = "f93d03419cb5950ccfd3daf3ff1c7a36ace64609a1a8746d493df1ca0afde0fa" SRC_URI[cssparser-macros-0.6.0.sha256sum] = "dfae75de57f2b2e85e8768c3ea840fd159c8f33e2b6522c7835b7abac81be16e" -SRC_URI[cxx-1.0.92.sha256sum] = "9a140f260e6f3f79013b8bfc65e7ce630c9ab4388c6a89c71e07226f49487b72" -SRC_URI[cxx-build-1.0.92.sha256sum] = "da6383f459341ea689374bf0a42979739dc421874f112ff26f829b8040b8e613" -SRC_URI[cxxbridge-flags-1.0.92.sha256sum] = "90201c1a650e95ccff1c8c0bb5a343213bdd317c6e600a93075bca2eff54ec97" -SRC_URI[cxxbridge-macro-1.0.92.sha256sum] = "0b75aed41bb2e6367cae39e6326ef817a851db13c13e4f3263714ca3cfb8de56" SRC_URI[data-url-0.2.0.sha256sum] = "8d7439c3735f405729d52c3fbbe4de140eaf938a1fe47d227c27f8254d4302a5" SRC_URI[derive_more-0.99.17.sha256sum] = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321" SRC_URI[difflib-0.4.0.sha256sum] = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" @@ -367,30 +384,32 @@ SRC_URI[encoding-index-simpchinese-1.20141219.5.sha256sum] = "d87a7194909b9118fc SRC_URI[encoding-index-singlebyte-1.20141219.5.sha256sum] = "3351d5acffb224af9ca265f435b859c7c01537c0849754d3db3fdf2bfe2ae84a" SRC_URI[encoding-index-tradchinese-1.20141219.5.sha256sum] = "fd0e20d5688ce3cab59eb3ef3a2083a5c77bf496cb798dc6fcdb75f323890c18" SRC_URI[encoding_index_tests-0.1.4.sha256sum] = "a246d82be1c9d791c5dfde9a2bd045fc3cbba3fa2b11ad558f27d01712f00569" -SRC_URI[errno-0.2.8.sha256sum] = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1" +SRC_URI[encoding_rs-0.8.32.sha256sum] = "071a31f4ee85403370b58aca746f01041ede6f0da2730960ad001edc2b71b394" +SRC_URI[errno-0.3.1.sha256sum] = "4bcfec3a70f97c962c307b2d2c56e358cf1d00b558d74262b5f929ee8cc7e73a" SRC_URI[errno-dragonfly-0.1.2.sha256sum] = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" SRC_URI[fastrand-1.9.0.sha256sum] = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" -SRC_URI[flate2-1.0.25.sha256sum] = "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841" +SRC_URI[fdeflate-0.3.0.sha256sum] = "d329bdeac514ee06249dabc27877490f17f5d371ec693360768b838e19f3ae10" +SRC_URI[flate2-1.0.26.sha256sum] = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743" SRC_URI[float-cmp-0.9.0.sha256sum] = "98de4bbd547a563b716d8dfa9aad1cb19bfab00f4fa09a6a4ed21dbcf44ce9c4" SRC_URI[fnv-1.0.7.sha256sum] = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" SRC_URI[form_urlencoded-1.1.0.sha256sum] = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8" SRC_URI[futf-0.1.5.sha256sum] = "df420e2e84819663797d1ec6544b13c5be84629e7bb00dc960d6917db2987843" -SRC_URI[futures-channel-0.3.27.sha256sum] = "164713a5a0dcc3e7b4b1ed7d3b433cabc18025386f9339346e8daf15963cf7ac" -SRC_URI[futures-core-0.3.27.sha256sum] = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd" -SRC_URI[futures-executor-0.3.27.sha256sum] = "1997dd9df74cdac935c76252744c1ed5794fac083242ea4fe77ef3ed60ba0f83" -SRC_URI[futures-io-0.3.27.sha256sum] = "89d422fa3cbe3b40dca574ab087abb5bc98258ea57eea3fd6f1fa7162c778b91" -SRC_URI[futures-macro-0.3.27.sha256sum] = "3eb14ed937631bd8b8b8977f2c198443447a8355b6e3ca599f38c975e5a963b6" -SRC_URI[futures-task-0.3.27.sha256sum] = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879" -SRC_URI[futures-util-0.3.27.sha256sum] = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab" +SRC_URI[futures-channel-0.3.28.sha256sum] = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" +SRC_URI[futures-core-0.3.28.sha256sum] = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" +SRC_URI[futures-executor-0.3.28.sha256sum] = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0" +SRC_URI[futures-io-0.3.28.sha256sum] = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" +SRC_URI[futures-macro-0.3.28.sha256sum] = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" +SRC_URI[futures-task-0.3.28.sha256sum] = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" +SRC_URI[futures-util-0.3.28.sha256sum] = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" SRC_URI[fxhash-0.2.1.sha256sum] = "c31b6d751ae2c7f11320402d34e41349dd1016f8d5d45e48c4312bc8625af50c" SRC_URI[gdk-pixbuf-0.17.0.sha256sum] = "b023fbe0c6b407bd3d9805d107d9800da3829dc5a676653210f1d5f16d7f59bf" SRC_URI[gdk-pixbuf-sys-0.17.0.sha256sum] = "7b41bd2b44ed49d99277d3925652a163038bd5ed943ec9809338ffb2f4391e3b" SRC_URI[getrandom-0.1.16.sha256sum] = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -SRC_URI[getrandom-0.2.8.sha256sum] = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" -SRC_URI[gio-0.17.4.sha256sum] = "2261a3b4e922ec676d1c27ac466218c38cf5dcb49a759129e54bb5046e442125" +SRC_URI[getrandom-0.2.9.sha256sum] = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4" +SRC_URI[gio-0.17.9.sha256sum] = "d14522e56c6bcb6f7a3aebc25cbcfb06776af4c0c25232b601b4383252d7cb92" SRC_URI[gio-sys-0.17.4.sha256sum] = "6b1d43b0d7968b48455244ecafe41192871257f5740aa6b095eb19db78e362a5" -SRC_URI[glib-0.17.5.sha256sum] = "cfb53061756195d76969292c2d2e329e01259276524a9bae6c9b73af62854773" -SRC_URI[glib-macros-0.17.5.sha256sum] = "454924cafe58d9174dc32972261fe271d6cd3c10f5e9ff505522a28dcf601a40" +SRC_URI[glib-0.17.9.sha256sum] = "a7f1de7cbde31ea4f0a919453a2dcece5d54d5b70e08f8ad254dc4840f5f09b6" +SRC_URI[glib-macros-0.17.9.sha256sum] = "0a7206c5c03851ef126ea1444990e81fdd6765fb799d5bc694e4897ca01bb97f" SRC_URI[glib-sys-0.17.4.sha256sum] = "49f00ad0a1bf548e61adfff15d83430941d9e1bb620e334f779edd1c745680a5" SRC_URI[gobject-sys-0.17.4.sha256sum] = "15e75b0000a64632b2d8ca3cf856af9308e3a970844f6e9659bd197f026793d0" SRC_URI[half-1.8.2.sha256sum] = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" @@ -399,36 +418,35 @@ SRC_URI[heck-0.4.1.sha256sum] = "95505c38b4572b2d910cecb0281560f54b440a19336cbbc SRC_URI[hermit-abi-0.1.19.sha256sum] = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" SRC_URI[hermit-abi-0.2.6.sha256sum] = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7" SRC_URI[hermit-abi-0.3.1.sha256sum] = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286" -SRC_URI[iana-time-zone-0.1.53.sha256sum] = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765" -SRC_URI[iana-time-zone-haiku-0.1.1.sha256sum] = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca" +SRC_URI[iana-time-zone-0.1.56.sha256sum] = "0722cd7114b7de04316e7ea5456a0bbb20e4adb46fd27a3697adb812cff0f37c" +SRC_URI[iana-time-zone-haiku-0.1.2.sha256sum] = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" SRC_URI[idna-0.3.0.sha256sum] = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6" -SRC_URI[indexmap-1.9.2.sha256sum] = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399" +SRC_URI[indexmap-1.9.3.sha256sum] = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" SRC_URI[instant-0.1.12.sha256sum] = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" -SRC_URI[io-lifetimes-1.0.7.sha256sum] = "76e86b86ae312accbf05ade23ce76b625e0e47a255712b7414037385a1c05380" -SRC_URI[is-terminal-0.4.4.sha256sum] = "21b6b32576413a8e69b90e952e4a026476040d81017b80445deda5f2d3921857" +SRC_URI[io-lifetimes-1.0.11.sha256sum] = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +SRC_URI[is-terminal-0.4.7.sha256sum] = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f" SRC_URI[itertools-0.10.5.sha256sum] = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" SRC_URI[itoa-1.0.6.sha256sum] = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" -SRC_URI[js-sys-0.3.61.sha256sum] = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" +SRC_URI[js-sys-0.3.63.sha256sum] = "2f37a4a5928311ac501dee68b3c7613a1037d0edb30c8e5427bd832d55d1b790" SRC_URI[language-tags-0.3.2.sha256sum] = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -SRC_URI[libc-0.2.140.sha256sum] = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c" +SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1" SRC_URI[libloading-0.7.4.sha256sum] = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" -SRC_URI[libm-0.2.6.sha256sum] = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb" -SRC_URI[link-cplusplus-1.0.8.sha256sum] = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5" +SRC_URI[libm-0.2.7.sha256sum] = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4" SRC_URI[linked-hash-map-0.5.6.sha256sum] = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" -SRC_URI[linux-raw-sys-0.1.4.sha256sum] = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4" +SRC_URI[linux-raw-sys-0.3.8.sha256sum] = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" SRC_URI[locale_config-0.3.0.sha256sum] = "08d2c35b16f4483f6c26f0e4e9550717a2f6575bcd6f12a53ff0c490a94a6934" SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" -SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" +SRC_URI[log-0.4.18.sha256sum] = "518ef76f2f87365916b142844c16d8fefd85039bc5699050210a7778ee1cd1de" SRC_URI[lopdf-0.29.0.sha256sum] = "de0f69c40d6dbc68ebac4bf5aec3d9978e094e22e29fcabd045acd9cec74a9dc" SRC_URI[mac-0.1.1.sha256sum] = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4" SRC_URI[malloc_buf-0.0.6.sha256sum] = "62bb907fe88d54d8d9ce32a3cceab4218ed2f6b7d35617cafe9adf84e43919cb" SRC_URI[markup5ever-0.11.0.sha256sum] = "7a2629bb1404f3d34c2e921f21fd34ba00b206124c81f65c50b43b6aaefeb016" SRC_URI[matches-0.1.10.sha256sum] = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" -SRC_URI[matrixmultiply-0.3.2.sha256sum] = "add85d4dd35074e6fedc608f8c8f513a3548619a9024b751949ef0e8e45a4d84" +SRC_URI[matrixmultiply-0.3.7.sha256sum] = "090126dc04f95dc0d1c1c91f61bdd474b3930ca064c1edc8a849da2c6cbe1e77" SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" -SRC_URI[miniz_oxide-0.6.2.sha256sum] = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa" +SRC_URI[miniz_oxide-0.7.1.sha256sum] = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" SRC_URI[nalgebra-0.32.2.sha256sum] = "d68d47bba83f9e2006d117a9a33af1524e655516b8919caac694427a6fb1e511" SRC_URI[nalgebra-macros-0.2.0.sha256sum] = "d232c68884c0c99810a5a4d333ef7e47689cfd0edc85efc9e54e1e6bf5212766" SRC_URI[new_debug_unreachable-1.0.4.sha256sum] = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54" @@ -442,9 +460,9 @@ SRC_URI[num_cpus-1.15.0.sha256sum] = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff7 SRC_URI[objc-0.2.7.sha256sum] = "915b1b472bc21c53464d6c8461c9d3af805ba1ef837e1cac254428f4a77177b1" SRC_URI[objc-foundation-0.1.1.sha256sum] = "1add1b659e36c9607c7aab864a76c7a4c2760cd0cd2e120f3fb8b952c7e22bf9" SRC_URI[objc_id-0.1.1.sha256sum] = "c92d4ddb4bd7b50d730c215ff871754d0da6b2178849f8a2a2ab69712d0c073b" -SRC_URI[once_cell-1.17.1.sha256sum] = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" +SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b" SRC_URI[oorandom-11.1.3.sha256sum] = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" -SRC_URI[os_str_bytes-6.4.1.sha256sum] = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee" +SRC_URI[os_str_bytes-6.5.0.sha256sum] = "ceedf44fb00f2d1984b0bc98102627ce622e083e49a5bacdb3e514fa4238e267" SRC_URI[pango-0.17.4.sha256sum] = "52c280b82a881e4208afb3359a8e7fde27a1b272280981f1f34610bed5770d37" SRC_URI[pango-sys-0.17.0.sha256sum] = "4293d0f0b5525eb5c24734d30b0ed02cd02aa734f216883f376b54de49625de8" SRC_URI[pangocairo-0.17.0.sha256sum] = "2feeb7ea7874507f83f5e7ba869c54e321959431c8fbd70d4b735c8b15d90506" @@ -464,27 +482,26 @@ SRC_URI[phf_shared-0.8.0.sha256sum] = "c00cf8b9eafe68dde5e9eaa2cef8ee84a9336a47d SRC_URI[phf_shared-0.10.0.sha256sum] = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096" SRC_URI[pin-project-lite-0.2.9.sha256sum] = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" SRC_URI[pin-utils-0.1.0.sha256sum] = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" -SRC_URI[pkg-config-0.3.26.sha256sum] = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" +SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" SRC_URI[plotters-0.3.4.sha256sum] = "2538b639e642295546c50fcd545198c9d64ee2a38620a628724a3b266d5fbf97" SRC_URI[plotters-backend-0.3.4.sha256sum] = "193228616381fecdc1224c62e96946dfbc73ff4384fba576e052ff8c1bea8142" SRC_URI[plotters-svg-0.3.3.sha256sum] = "f9a81d2759aae1dae668f783c308bc5c8ebd191ff4184aaa1b37f65a6ae5a56f" -SRC_URI[png-0.17.7.sha256sum] = "5d708eaf860a19b19ce538740d2b4bdeeb8337fa53f7738455e706623ad5c638" +SRC_URI[png-0.17.8.sha256sum] = "aaeebc51f9e7d2c150d3f3bfeb667f2aa985db5ef1e3d212847bdedb488beeaa" SRC_URI[pom-3.2.0.sha256sum] = "07e2192780e9f8e282049ff9bffcaa28171e1cb0844f49ed5374e518ae6024ec" SRC_URI[ppv-lite86-0.2.17.sha256sum] = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" SRC_URI[precomputed-hash-0.1.1.sha256sum] = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c" SRC_URI[predicates-2.1.5.sha256sum] = "59230a63c37f3e18569bdb90e4a89cbf5bf8b06fea0b84e65ea10cc4df47addd" -SRC_URI[predicates-3.0.1.sha256sum] = "1ba7d6ead3e3966038f68caa9fc1f860185d95a793180bbcfe0d0da47b3961ed" +SRC_URI[predicates-3.0.3.sha256sum] = "09963355b9f467184c04017ced4a2ba2d75cbcb4e7462690d388233253d4b1a9" SRC_URI[predicates-core-1.0.6.sha256sum] = "b794032607612e7abeb4db69adb4e33590fa6cf1149e95fd7cb00e634b92f174" SRC_URI[predicates-tree-1.0.9.sha256sum] = "368ba315fb8c5052ab692e68a0eefec6ec57b23a36959c14496f0b0df2c0cecf" SRC_URI[proc-macro-crate-1.3.1.sha256sum] = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919" SRC_URI[proc-macro-error-1.0.4.sha256sum] = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" SRC_URI[proc-macro-error-attr-1.0.4.sha256sum] = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" SRC_URI[proc-macro-hack-0.5.20+deprecated.sha256sum] = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" -SRC_URI[proc-macro2-1.0.52.sha256sum] = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224" -SRC_URI[proptest-1.1.0.sha256sum] = "29f1b898011ce9595050a68e60f90bad083ff2987a695a42357134c8381fba70" +SRC_URI[proc-macro2-1.0.59.sha256sum] = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b" +SRC_URI[proptest-1.2.0.sha256sum] = "4e35c06b98bf36aba164cc17cb25f7e232f5c4aeea73baa14b8a9f0d92dbfa65" SRC_URI[quick-error-1.2.3.sha256sum] = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" -SRC_URI[quick-error-2.0.1.sha256sum] = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3" -SRC_URI[quote-1.0.26.sha256sum] = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +SRC_URI[quote-1.0.28.sha256sum] = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488" SRC_URI[rand-0.7.3.sha256sum] = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" SRC_URI[rand_chacha-0.2.2.sha256sum] = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" @@ -499,30 +516,33 @@ SRC_URI[rayon-1.7.0.sha256sum] = "1d2df5196e37bcc87abebc0053e20787d73847bb33134a SRC_URI[rayon-core-1.11.0.sha256sum] = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d" SRC_URI[rctree-0.5.0.sha256sum] = "3b42e27ef78c35d3998403c1d26f3efd9e135d3e5121b0a4845cc5cc27547f4f" SRC_URI[redox_syscall-0.2.16.sha256sum] = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" -SRC_URI[regex-1.7.1.sha256sum] = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733" +SRC_URI[redox_syscall-0.3.5.sha256sum] = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +SRC_URI[regex-1.8.3.sha256sum] = "81ca098a9821bd52d6b24fd8b10bd081f47d39c22778cafaa75a2857a62c6390" SRC_URI[regex-automata-0.1.10.sha256sum] = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" -SRC_URI[regex-syntax-0.6.28.sha256sum] = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" +SRC_URI[regex-syntax-0.6.29.sha256sum] = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" +SRC_URI[regex-syntax-0.7.2.sha256sum] = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78" SRC_URI[rgb-0.8.36.sha256sum] = "20ec2d3e3fc7a92ced357df9cebd5a10b6fb2aa1ee797bf7e9ce2f17dffc8f59" SRC_URI[rustc_version-0.2.3.sha256sum] = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" SRC_URI[rustc_version-0.4.0.sha256sum] = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" -SRC_URI[rustix-0.36.9.sha256sum] = "fd5c6ff11fecd55b40746d1995a02f2eb375bf8c00d192d521ee09f42bef37bc" +SRC_URI[rustix-0.37.19.sha256sum] = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d" SRC_URI[rusty-fork-0.3.0.sha256sum] = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f" SRC_URI[ryu-1.0.13.sha256sum] = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" SRC_URI[safe_arch-0.6.0.sha256sum] = "794821e4ccb0d9f979512f9c1973480123f9bd62a90d74ab0f9426fcf8f4a529" SRC_URI[same-file-1.0.6.sha256sum] = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" SRC_URI[scopeguard-1.1.0.sha256sum] = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" -SRC_URI[scratch-1.0.5.sha256sum] = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1" SRC_URI[selectors-0.24.0.sha256sum] = "0c37578180969d00692904465fb7f6b3d50b9a2b952b87c23d0e2e5cb5013416" SRC_URI[semver-0.9.0.sha256sum] = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" SRC_URI[semver-1.0.17.sha256sum] = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed" SRC_URI[semver-parser-0.7.0.sha256sum] = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" -SRC_URI[serde-1.0.156.sha256sum] = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4" -SRC_URI[serde_derive-1.0.156.sha256sum] = "d7e29c4601e36bcec74a223228dce795f4cd3616341a4af93520ca1a837c087d" -SRC_URI[serde_json-1.0.94.sha256sum] = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea" +SRC_URI[serde-1.0.163.sha256sum] = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2" +SRC_URI[serde_derive-1.0.163.sha256sum] = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e" +SRC_URI[serde_json-1.0.96.sha256sum] = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1" +SRC_URI[serde_spanned-0.6.2.sha256sum] = "93107647184f6027e3b7dcb2e11034cf95ffa1e3a682c67951963ac69c1c007d" SRC_URI[servo_arc-0.2.0.sha256sum] = "d52aa42f8fdf0fed91e5ce7f23d8138441002fa31dca008acf47e6fd4721f741" SRC_URI[sha1-0.6.1.sha256sum] = "c1da05c97445caa12d05e848c4a4fcbbea29e748ac28f7e80e9b010392063770" SRC_URI[sha1_smol-1.0.0.sha256sum] = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" -SRC_URI[simba-0.8.0.sha256sum] = "50582927ed6f77e4ac020c057f37a268fc6aebc29225050365aacbb9deeeddc4" +SRC_URI[simba-0.8.1.sha256sum] = "061507c94fc6ab4ba1c9a0305018408e312e17c041eb63bef8aa726fa33aceae" +SRC_URI[simd-adler32-0.3.5.sha256sum] = "238abfbb77c1915110ad968465608b68e869e0772622c9656714e73e5a1a522f" SRC_URI[siphasher-0.3.10.sha256sum] = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de" SRC_URI[slab-0.4.8.sha256sum] = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d" SRC_URI[smallvec-1.10.0.sha256sum] = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" @@ -536,59 +556,69 @@ SRC_URI[string_cache-0.8.7.sha256sum] = "f91138e76242f575eb1d3b38b4f1362f10d3a43 SRC_URI[string_cache_codegen-0.5.2.sha256sum] = "6bb30289b722be4ff74a408c3cc27edeaad656e06cb1fe8fa9231fa59c728988" SRC_URI[strsim-0.10.0.sha256sum] = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -SRC_URI[system-deps-6.0.3.sha256sum] = "2955b1fe31e1fa2fbd1976b71cc69a606d7d4da16f6de3333d0c92d51419aeff" -SRC_URI[tempfile-3.4.0.sha256sum] = "af18f7ae1acd354b992402e9ec5864359d693cd8a79dcbef59f76891701c1e95" +SRC_URI[syn-2.0.18.sha256sum] = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e" +SRC_URI[system-deps-6.1.0.sha256sum] = "e5fa6fb9ee296c0dc2df41a656ca7948546d061958115ddb0bcaae43ad0d17d2" +SRC_URI[target-lexicon-0.12.7.sha256sum] = "fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5" +SRC_URI[tempfile-3.5.0.sha256sum] = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998" SRC_URI[tendril-0.4.3.sha256sum] = "d24a120c5fc464a3458240ee02c299ebcb9d67b5249c8848b09d639dca8d7bb0" -SRC_URI[termcolor-1.2.0.sha256sum] = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" SRC_URI[termtree-0.4.1.sha256sum] = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76" SRC_URI[textwrap-0.16.0.sha256sum] = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" -SRC_URI[thiserror-1.0.39.sha256sum] = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c" -SRC_URI[thiserror-impl-1.0.39.sha256sum] = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e" +SRC_URI[thiserror-1.0.40.sha256sum] = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac" +SRC_URI[thiserror-impl-1.0.40.sha256sum] = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" SRC_URI[time-0.2.27.sha256sum] = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242" SRC_URI[time-macros-0.1.1.sha256sum] = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1" SRC_URI[time-macros-impl-0.1.2.sha256sum] = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f" SRC_URI[tinytemplate-1.2.1.sha256sum] = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" SRC_URI[tinyvec-1.6.0.sha256sum] = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" SRC_URI[tinyvec_macros-0.1.1.sha256sum] = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" -SRC_URI[toml-0.5.11.sha256sum] = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" -SRC_URI[toml_datetime-0.6.1.sha256sum] = "3ab8ed2edee10b50132aed5f331333428b011c99402b5a534154ed15746f9622" -SRC_URI[toml_edit-0.19.7.sha256sum] = "dc18466501acd8ac6a3f615dd29a3438f8ca6bb3b19537138b3106e575621274" +SRC_URI[toml-0.7.4.sha256sum] = "d6135d499e69981f9ff0ef2167955a5333c35e36f6937d382974566b3d5b94ec" +SRC_URI[toml_datetime-0.6.2.sha256sum] = "5a76a9312f5ba4c2dec6b9161fdf25d87ad8a09256ccea5a556fef03c706a10f" +SRC_URI[toml_edit-0.19.10.sha256sum] = "2380d56e8670370eee6566b0bfd4265f65b3f432e8c6d85623f728d4fa31f739" SRC_URI[typenum-1.16.0.sha256sum] = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" SRC_URI[unarray-0.1.4.sha256sum] = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" -SRC_URI[unicode-bidi-0.3.11.sha256sum] = "524b68aca1d05e03fdf03fcdce2c6c94b6daf6d16861ddaa7e4f2b6638a9052c" -SRC_URI[unicode-ident-1.0.8.sha256sum] = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" +SRC_URI[unicode-bidi-0.3.13.sha256sum] = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +SRC_URI[unicode-ident-1.0.9.sha256sum] = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0" SRC_URI[unicode-normalization-0.1.22.sha256sum] = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" -SRC_URI[unicode-width-0.1.10.sha256sum] = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" SRC_URI[url-2.3.1.sha256sum] = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643" SRC_URI[utf-8-0.7.6.sha256sum] = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" +SRC_URI[utf8parse-0.2.1.sha256sum] = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" SRC_URI[version-compare-0.1.1.sha256sum] = "579a42fc0b8e0c63b76519a339be31bed574929511fa53c1a3acae26eb258f29" SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" SRC_URI[wait-timeout-0.2.0.sha256sum] = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6" SRC_URI[walkdir-2.3.3.sha256sum] = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698" SRC_URI[wasi-0.9.0+wasi-snapshot-preview1.sha256sum] = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" SRC_URI[wasi-0.11.0+wasi-snapshot-preview1.sha256sum] = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -SRC_URI[wasm-bindgen-0.2.84.sha256sum] = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" -SRC_URI[wasm-bindgen-backend-0.2.84.sha256sum] = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" -SRC_URI[wasm-bindgen-macro-0.2.84.sha256sum] = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" -SRC_URI[wasm-bindgen-macro-support-0.2.84.sha256sum] = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" -SRC_URI[wasm-bindgen-shared-0.2.84.sha256sum] = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" -SRC_URI[web-sys-0.3.61.sha256sum] = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97" +SRC_URI[wasm-bindgen-0.2.86.sha256sum] = "5bba0e8cb82ba49ff4e229459ff22a191bbe9a1cb3a341610c9c33efc27ddf73" +SRC_URI[wasm-bindgen-backend-0.2.86.sha256sum] = "19b04bc93f9d6bdee709f6bd2118f57dd6679cf1176a1af464fca3ab0d66d8fb" +SRC_URI[wasm-bindgen-macro-0.2.86.sha256sum] = "14d6b024f1a526bb0234f52840389927257beb670610081360e5a03c5df9c258" +SRC_URI[wasm-bindgen-macro-support-0.2.86.sha256sum] = "e128beba882dd1eb6200e1dc92ae6c5dbaa4311aa7bb211ca035779e5efc39f8" +SRC_URI[wasm-bindgen-shared-0.2.86.sha256sum] = "ed9d5b4305409d1fc9482fee2d7f9bcbf24b3972bf59817ef757e23982242a93" +SRC_URI[web-sys-0.3.63.sha256sum] = "3bdd9ef4e984da1187bf8110c5cf5b845fbc87a23602cdf912386a76fcd3a7c2" SRC_URI[weezl-0.1.7.sha256sum] = "9193164d4de03a926d909d3bc7c30543cecb35400c02114792c2cae20d5e2dbb" -SRC_URI[wide-0.7.8.sha256sum] = "b689b6c49d6549434bf944e6b0f39238cf63693cb7a147e9d887507fffa3b223" +SRC_URI[wide-0.7.9.sha256sum] = "5cd0496a71f3cc6bc4bf0ed91346426a5099e93d89807e663162dc5a1069ff65" SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -SRC_URI[windows-sys-0.42.0.sha256sum] = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" +SRC_URI[windows-0.48.0.sha256sum] = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" SRC_URI[windows-sys-0.45.0.sha256sum] = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +SRC_URI[windows-sys-0.48.0.sha256sum] = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" SRC_URI[windows-targets-0.42.2.sha256sum] = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +SRC_URI[windows-targets-0.48.0.sha256sum] = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5" SRC_URI[windows_aarch64_gnullvm-0.42.2.sha256sum] = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" +SRC_URI[windows_aarch64_gnullvm-0.48.0.sha256sum] = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" SRC_URI[windows_aarch64_msvc-0.42.2.sha256sum] = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" +SRC_URI[windows_aarch64_msvc-0.48.0.sha256sum] = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" SRC_URI[windows_i686_gnu-0.42.2.sha256sum] = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" +SRC_URI[windows_i686_gnu-0.48.0.sha256sum] = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" SRC_URI[windows_i686_msvc-0.42.2.sha256sum] = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" +SRC_URI[windows_i686_msvc-0.48.0.sha256sum] = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" SRC_URI[windows_x86_64_gnu-0.42.2.sha256sum] = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" +SRC_URI[windows_x86_64_gnu-0.48.0.sha256sum] = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" SRC_URI[windows_x86_64_gnullvm-0.42.2.sha256sum] = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" +SRC_URI[windows_x86_64_gnullvm-0.48.0.sha256sum] = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" SRC_URI[windows_x86_64_msvc-0.42.2.sha256sum] = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" -SRC_URI[winnow-0.3.6.sha256sum] = "23d020b441f92996c80d94ae9166e8501e59c7bb56121189dc9eab3bd8216966" +SRC_URI[windows_x86_64_msvc-0.48.0.sha256sum] = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" +SRC_URI[winnow-0.4.6.sha256sum] = "61de7bac303dc551fe038e2b3cef0f571087a47571ea6e79a87692ac99b99699" SRC_URI[xml5ever-0.17.0.sha256sum] = "4034e1d05af98b51ad7214527730626f019682d797ba38b51689212118d8e650" SRC_URI[yeslogic-fontconfig-sys-4.0.1.sha256sum] = "ec657fd32bbcbeaef5c7bc8e10b3db95b143fab8db0a50079773dbf936fd4f73" diff --git a/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch b/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch deleted file mode 100644 index 15d5abecc6..0000000000 --- a/poky/meta/recipes-gnome/librsvg/librsvg/0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c0b0ef51b3c997a1c20ef9381ba2201ed477f609 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex@linutronix.de> -Date: Tue, 21 Sep 2021 16:54:23 +0200 -Subject: [PATCH] system-deps/src/lib.rs: do not probe into harcoded list of - targets - -Oe-core defines custom targets, and this probe fails. - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex@linutronix.de> - ---- - system-deps-6.0.3/src/lib.rs | 16 +--------------- - 2 files changed, 2 insertions(+), 16 deletions(-) - -diff --git a/system-deps-6.0.3/src/lib.rs b/system-deps-6.0.3/src/lib.rs -index 45ab1ce..f87d1ec 100644 ---- a/system-deps-6.0.3/src/lib.rs -+++ b/system-deps-6.0.3/src/lib.rs -@@ -800,21 +800,7 @@ impl Config { - } - - fn check_cfg(&self, cfg: &cfg_expr::Expression) -> Result<bool, Error> { -- use cfg_expr::{targets::get_builtin_target_by_triple, Predicate}; -- -- let target = self -- .env -- .get("TARGET") -- .expect("no TARGET env variable defined"); -- let target = get_builtin_target_by_triple(&target) -- .unwrap_or_else(|| panic!("Invalid TARGET: {}", target)); -- -- let res = cfg.eval(|pred| match pred { -- Predicate::Target(tp) => Some(tp.matches(target)), -- _ => None, -- }); -- -- res.ok_or_else(|| Error::UnsupportedCfg(cfg.original().to_string())) -+ Ok(true) - } - } - diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb index 1a5d8a6b04..edd7ad38fd 100644 --- a/poky/meta/recipes-gnome/librsvg/librsvg_2.56.0.bb +++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb @@ -19,10 +19,9 @@ inherit cargo_common gnomebase pixbufcache upstream-version-is-even gobject-intr require ${BPN}-crates.inc SRC_URI += "file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.patch \ - file://0001-system-deps-src-lib.rs-do-not-probe-into-harcoded-li.patch;patchdir=${CARGO_VENDORING_DIRECTORY} \ " -SRC_URI[archive.sha256sum] = "194b5097d9cd107495f49c291cf0da65ec2b4bb55e5628369751a3f44ba222b3" +SRC_URI[archive.sha256sum] = "1685aeacae9a441dcb12c0c3ec63706172a2f52705dafbefb8e7311d4d5e430b" # librsvg is still autotools-based, but is calling cargo from its automake-driven makefiles # so we cannot use cargo class directly, but still need bits and pieces from it @@ -51,8 +50,7 @@ do_compile:prepend() { sed -ie 's,"linker": ".*","linker": "${RUST_TARGET_CC}",g' ${RUST_TARGETS_DIR}/${RUST_HOST_SYS}.json } -# Issue only on windows -CVE_CHECK_IGNORE += "CVE-2018-1000041" +CVE_STATUS[CVE-2018-1000041] = "not-applicable-platform: Issue only applies on Windows" CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" diff --git a/poky/meta/recipes-graphics/builder/builder_0.1.bb b/poky/meta/recipes-graphics/builder/builder_0.1.bb index 39be3bd63f..1700015ded 100644 --- a/poky/meta/recipes-graphics/builder/builder_0.1.bb +++ b/poky/meta/recipes-graphics/builder/builder_0.1.bb @@ -29,5 +29,4 @@ do_install () { chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh } -# -4178 is an unrelated 'builder' -CVE_CHECK_IGNORE = "CVE-2008-4178" +CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder" diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb b/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb index 514672c0ee..5b1c520944 100644 --- a/poky/meta/recipes-graphics/freetype/freetype_2.13.0.bb +++ b/poky/meta/recipes-graphics/freetype/freetype_2.13.1.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=843b6efc16f6b1652ec97f89d5a516c0 \ " SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "5ee23abd047636c24b2d43c6625dcafc66661d1aca64dec9e0d05df29592624c" +SRC_URI[sha256sum] = "ea67e3b019b1104d1667aa274f5dc307d8cbd606b399bc32df308a77f1a564bf" UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb index 7ecbb04a6a..359272e934 100644 --- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_7.3.0.bb +++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_8.0.1.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \ " SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "20770789749ac9ba846df33983dbda22db836c70d9f5d050cb9aa5347094a8fb" +SRC_URI[sha256sum] = "c1ce780acd385569f25b9a29603d1d5bc71e6940e55bfdd4f7266fad50e42620" DEPENDS += "glib-2.0-native" diff --git a/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch b/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch deleted file mode 100644 index fab5109f83..0000000000 --- a/poky/meta/recipes-graphics/jpeg/files/0001-libjpeg-turbo-fix-package_qa-error.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 5cf847b5bef8dc3f9f89bd09dd5af4e6603f393c Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Mon, 27 Aug 2018 16:10:55 +0800 -Subject: [PATCH] libjpeg-turbo: fix package_qa error - -Fix package qa errors like below: -libjpeg.so.62.3.0 contains probably-redundant RPATH /usr/lib [useless-rpaths] -usr/bin/cjpeg contains probably-redundant RPATH /usr/lib - -Upstream-Status: Inappropriate [oe-specific] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - CMakeLists.txt | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 2bc3458..ea3041e 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -191,10 +191,6 @@ endif() - report_option(ENABLE_SHARED "Shared libraries") - report_option(ENABLE_STATIC "Static libraries") - --if(ENABLE_SHARED) -- set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR}) --endif() -- - if(WITH_JPEG8 OR WITH_JPEG7) - set(WITH_ARITH_ENC 1) - set(WITH_ARITH_DEC 1) diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb index e086830c02..146d80008c 100644 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.0.bb @@ -2,19 +2,15 @@ SUMMARY = "Hardware accelerated JPEG compression/decompression library" DESCRIPTION = "libjpeg-turbo is a derivative of libjpeg that uses SIMD instructions (MMX, SSE2, NEON) to accelerate baseline JPEG compression and decompression" HOMEPAGE = "http://libjpeg-turbo.org/" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://cdjpeg.h;endline=13;md5=8a61af33cc1c681cd5cc297150bbb5bd \ - file://jpeglib.h;endline=16;md5=52b5eaade8d5b6a452a7693dfe52c084 \ - file://djpeg.c;endline=11;md5=510b386442ab6a27ee241fc5669bc5ea \ - " +LICENSE = "IJG & BSD-3-Clause & Zlib" +LIC_FILES_CHKSUM = "file://LICENSE.md;md5=2a8e0d8226a102f07ab63ed7fd6ce155" + DEPENDS:append:x86-64:class-target = " nasm-native" DEPENDS:append:x86:class-target = " nasm-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ - file://0001-libjpeg-turbo-fix-package_qa-error.patch \ - " +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf" +SRC_URI[sha256sum] = "c77c65fcce3d33417b2e90432e7a0eb05f59a7fff884022a9d931775d583bfaa" UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/" diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb index 3274475da1..1228217e8c 100644 --- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.26.5.bb +++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.28.0.bb @@ -25,7 +25,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz" S = "${WORKDIR}/SDL2-${PV}" -SRC_URI[sha256sum] = "ad8fea3da1be64c83c45b1d363a6b4ba8fd60f5bde3b23ec73855709ec5eabf7" +SRC_URI[sha256sum] = "d215ae4541e69d628953711496cd7b0e8b8d5c8d811d5b0f98fdc7fd1422998a" inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even diff --git a/poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb b/poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb index 453096822f..453096822f 100644 --- a/poky/meta/recipes-graphics/libva/libva-initial_2.18.0.bb +++ b/poky/meta/recipes-graphics/libva/libva-initial_2.19.0.bb diff --git a/poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb b/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb index c7bf36023d..acb25a3f0d 100644 --- a/poky/meta/recipes-graphics/libva/libva-utils_2.18.2.bb +++ b/poky/meta/recipes-graphics/libva/libva-utils_2.19.0.bb @@ -14,8 +14,8 @@ SECTION = "x11" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e" -SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.18-branch;protocol=https" -SRCREV = "76993ae8d0fbd17e5bfff80ed495c71e727f0d06" +SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.19-branch;protocol=https" +SRCREV = "5bf107ec4f7b18a6457d23abf57560dfb382a751" S = "${WORKDIR}/git" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))$" diff --git a/poky/meta/recipes-graphics/libva/libva.inc b/poky/meta/recipes-graphics/libva/libva.inc index 7ed0c9ed89..3388fea32b 100644 --- a/poky/meta/recipes-graphics/libva/libva.inc +++ b/poky/meta/recipes-graphics/libva/libva.inc @@ -18,7 +18,7 @@ LICENSE = "MIT" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libva-${PV}.tar.bz2" LIC_FILES_CHKSUM = "file://COPYING;md5=2e48940f94acb0af582e5ef03537800f" -SRC_URI[sha256sum] = "a3577eeba0c23924686c7e2f2030073736c8282a80f27b5473e33ea94ccd4982" +SRC_URI[sha256sum] = "963be798d559df7feebda6fa81aa0dae6f9409c633a37909c44c6aa8af1e2174" S = "${WORKDIR}/libva-${PV}" diff --git a/poky/meta/recipes-graphics/libva/libva_2.18.0.bb b/poky/meta/recipes-graphics/libva/libva_2.19.0.bb index 63dc5af8f2..63dc5af8f2 100644 --- a/poky/meta/recipes-graphics/libva/libva_2.18.0.bb +++ b/poky/meta/recipes-graphics/libva/libva_2.19.0.bb diff --git a/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch new file mode 100644 index 0000000000..3631a918b0 --- /dev/null +++ b/poky/meta/recipes-graphics/mesa/files/0001-gallium-Fix-build-with-llvm-17.patch @@ -0,0 +1,34 @@ +From 865762e0a767a121206d818bdd58301afbf30104 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 23 Jun 2023 01:20:38 -0700 +Subject: [PATCH] gallium: Fix build with llvm 17 + +These headers are not available for C files in llvm 17+ +and they seem to be not needed to compile after all with llvm 17 +so add conditions to exclude them for llvm >= 17 + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/23827] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/gallium/auxiliary/gallivm/lp_bld_init.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/gallium/auxiliary/gallivm/lp_bld_init.c b/src/gallium/auxiliary/gallivm/lp_bld_init.c +index 24d0823..3d4573e 100644 +--- a/src/gallium/auxiliary/gallivm/lp_bld_init.c ++++ b/src/gallium/auxiliary/gallivm/lp_bld_init.c +@@ -42,8 +42,10 @@ + + #include <llvm/Config/llvm-config.h> + #include <llvm-c/Analysis.h> ++#if LLVM_VERSION_MAJOR < 17 + #include <llvm-c/Transforms/Scalar.h> +-#if LLVM_VERSION_MAJOR >= 7 ++#endif ++#if LLVM_VERSION_MAJOR >= 7 && LLVM_VERSION_MAJOR < 17 + #include <llvm-c/Transforms/Utils.h> + #endif + #include <llvm-c/BitWriter.h> +-- +2.41.0 + diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb index ca160f1bfc..ca160f1bfc 100644 --- a/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.1.bb +++ b/poky/meta/recipes-graphics/mesa/mesa-gl_23.1.3.bb diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc index ac42a8dd4f..928899008e 100644 --- a/poky/meta/recipes-graphics/mesa/mesa.inc +++ b/poky/meta/recipes-graphics/mesa/mesa.inc @@ -17,9 +17,10 @@ PE = "2" SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \ file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ + file://0001-gallium-Fix-build-with-llvm-17.patch \ " -SRC_URI[sha256sum] = "a2679031ed5b73b29c4f042ac64d96f83b0cfe4858617de32e2efc196c653a40" +SRC_URI[sha256sum] = "2f6d7381bc10fbd2d6263ad1022785b8b511046c1a904162f8f7da18eea8aed9" UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" diff --git a/poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb b/poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb index 96e8aa38d6..96e8aa38d6 100644 --- a/poky/meta/recipes-graphics/mesa/mesa_23.1.1.bb +++ b/poky/meta/recipes-graphics/mesa/mesa_23.1.3.bb diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch new file mode 100644 index 0000000000..4db686fe2f --- /dev/null +++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers/0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch @@ -0,0 +1,28 @@ +From ea7b9e6fc0b3f45d6032ce624bed85bbde5ec0bf Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Wed, 21 Jun 2023 20:03:03 +0200 +Subject: [PATCH] scripts/CMakeLists.txt: append to CMAKE_FIND_ROOT_PATH + instead of replacing it + +Resetting CMAKE_FIND_ROOT_PATH in particular breaks builds in Yocto +(which is a major cross compiling framework). + +Upstream-Status: Backport [https://github.com/KhronosGroup/Vulkan-ValidationLayers/commit/e1b11dc7856765cf45a283ac805ea5066c81cd9b] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + scripts/CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt +index 94c8528c8..cd86c54eb 100644 +--- a/scripts/CMakeLists.txt ++++ b/scripts/CMakeLists.txt +@@ -124,7 +124,7 @@ if (MIMALLOC_INSTALL_DIR) + endif() + + if (CMAKE_CROSSCOMPILING) +- set(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE) ++ set(CMAKE_FIND_ROOT_PATH ${CMAKE_FIND_ROOT_PATH} ${CMAKE_PREFIX_PATH} PARENT_SCOPE) + else() + set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} PARENT_SCOPE) + endif() diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb index bfb4b370b8..62c6343c45 100644 --- a/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.243.0.bb +++ b/poky/meta/recipes-graphics/vulkan/vulkan-validation-layers_1.3.250.0.bb @@ -8,8 +8,10 @@ SECTION = "libs" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8df9e8826734226d08cb412babfa599c" -SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.243;protocol=https" -SRCREV = "4ac0fd8e6cb3d49105d707d9ec07f0f3aa0943d6" +SRC_URI = "git://git@github.com/KhronosGroup/Vulkan-ValidationLayers.git;branch=sdk-1.3.250;protocol=https \ + file://0001-scripts-CMakeLists.txt-append-to-CMAKE_FIND_ROOT_PAT.patch \ + " +SRCREV = "1541e00a63cd125f15d231d5a8059ebe66503b25" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb index afde995fd4..05943bc388 100644 --- a/poky/meta/recipes-graphics/wayland/wayland-protocols_1.31.bb +++ b/poky/meta/recipes-graphics/wayland/wayland-protocols_1.32.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c7b12b6702da38ca028ace54aae3d484 \ file://stable/presentation-time/presentation-time.xml;endline=26;md5=4646cd7d9edc9fa55db941f2d3a7dc53" SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/releases/${PV}/downloads/wayland-protocols-${PV}.tar.xz" -SRC_URI[sha256sum] = "a07fa722ed87676ec020d867714bc9a2f24c464da73912f39706eeef5219e238" +SRC_URI[sha256sum] = "7459799d340c8296b695ef857c07ddef24c5a09b09ab6a74f7b92640d2b1ba11" UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" diff --git a/poky/meta/recipes-graphics/wayland/weston_11.0.1.bb b/poky/meta/recipes-graphics/wayland/weston_12.0.1.bb index 0838791a6b..d9eae1ff62 100644 --- a/poky/meta/recipes-graphics/wayland/weston_11.0.1.bb +++ b/poky/meta/recipes-graphics/wayland/weston_12.0.1.bb @@ -6,14 +6,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d79ee9e66bb0f95d3386a7acae780b70 \ file://libweston/compositor.c;endline=27;md5=eb6d5297798cabe2ddc65e2af519bcf0 \ " -SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/uploads/f5648c818fba5432edc3ea63c4db4813/${BPN}-${PV}.tar.xz \ +SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \ file://weston.png \ file://weston.desktop \ file://xwayland.weston-start \ file://systemd-notify.weston-start \ " -SRC_URI[sha256sum] = "a413f68c252957fc3191c3650823ec356ae8c124ccc0cb440da5cdc4e2cb9e57" +SRC_URI[sha256sum] = "b18591eab278bc191720f6c09158040b795e7118af1d5ddca6acd9a8e2039535" UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)" @@ -37,7 +37,7 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'kms wayla ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ ${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \ - ${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'sysvinit', 'launcher-libseat', '', d)} \ + launcher-libseat \ image-jpeg \ screenshare \ shell-desktop \ @@ -71,9 +71,9 @@ PACKAGECONFIG[lcms] = "-Dcolor-management-lcms=true,-Dcolor-management-lcms=fals # Weston with webp support PACKAGECONFIG[webp] = "-Dimage-webp=true,-Dimage-webp=false,libwebp" # Weston with systemd-login support -PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus" +PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd dbus" # Weston with Xwayland support (requires X11 and Wayland) -PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,libxcb libxcursor xwayland" +PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,libxcb libxcursor xcb-util-cursor xwayland" # colord CMS support PACKAGECONFIG[colord] = "-Ddeprecated-color-management-colord=true,-Ddeprecated-color-management-colord=false,colord" # Clients support @@ -94,6 +94,13 @@ PACKAGECONFIG[shell-kiosk] = "-Dshell-kiosk=true,-Dshell-kiosk=false" PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg" # support libseat based launch PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd" +# deprecated and superseded by libseat launcher +PACKAGECONFIG[launcher-logind] = "-Ddeprecated-launcher-logind=true,-Ddeprecated-launcher-logind=false," +# screencasting via PipeWire +PACKAGECONFIG[pipewire] = "-Dbackend-pipewire=true,-Dbackend-pipewire=false,pipewire" +# VNC remote screensharing +PACKAGECONFIG[vnc] = "-Dbackend-vnc=true,-Dbackend-vnc=false,neatvnc" + do_install:append() { # Weston doesn't need the .la files to load modules, so wipe them diff --git a/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb b/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb index aaa8aa8903..3becd40281 100644 --- a/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb +++ b/poky/meta/recipes-graphics/xorg-app/xdpyinfo_1.3.4.bb @@ -9,7 +9,7 @@ clients and the server, and the different types of screens and visuals \ that are available." LIC_FILES_CHKSUM = "file://COPYING;md5=f3d09e6b9e203a1af489e16c708f4fb3" -DEPENDS += "libxtst libxext libxxf86vm libxi libxrender libxinerama libdmx libxau libxcomposite" +DEPENDS += "libxtst libxext libxxf86vm libxi libxrender libxinerama libxau libxcomposite" PE = "1" SRC_URI += "file://disable-xkb.patch" diff --git a/poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb b/poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb index 73d09f058d..3d1a7063ea 100644 --- a/poky/meta/recipes-graphics/xorg-app/xeyes_1.2.0.bb +++ b/poky/meta/recipes-graphics/xorg-app/xeyes_1.3.0.bb @@ -8,6 +8,7 @@ PE = "1" LIC_FILES_CHKSUM = "file://COPYING;md5=3ea51b365051ac32d1813a7dbaa4bfc6" -SRC_URI[sha256sum] = "f8a17e23146bef1ab345a1e303c6749e42aaa7bcf4f25428afad41770721b6db" +SRC_URI_EXT = "xz" +SRC_URI[sha256sum] = "0950c600bf33447e169a539ee6655ef9f36d6cebf2c1be67f7ab55dacb753023" DEPENDS += "libxau libxt libxext libxmu libxrender libxi" diff --git a/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb b/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb deleted file mode 100644 index 3634d53208..0000000000 --- a/poky/meta/recipes-graphics/xorg-lib/libdmx_1.1.4.bb +++ /dev/null @@ -1,21 +0,0 @@ -require xorg-lib-common.inc - -SUMMARY = "DMX: Distributed Multihead X extension library" - -DESCRIPTION = "The DMX extension provides support for communication with \ -and control of Xdmx(1) server. Attributes of the Xdmx(1) server and of \ -the back-end screens attached to the server can be queried and modified \ -via this protocol." - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=a3c3499231a8035efd0e004cfbd3b72a \ - file://src/dmx.c;endline=33;md5=c43f19af03c7c8619cadc9724ed9afe1" - -DEPENDS += "libxext xorgproto" - -PE = "1" - -XORG_EXT = "tar.bz2" - -SRC_URI[md5sum] = "d2f1f0ec68ac3932dd7f1d9aa0a7a11c" -SRC_URI[sha256sum] = "253f90005d134fa7a209fbcbc5a3024335367c930adf0f3203e754cf32747243" diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb index cf2e29471a..1cfa56b21e 100644 --- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.5.bb +++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb @@ -24,7 +24,7 @@ XORG_PN = "libX11" SRC_URI += "file://disable_tests.patch" -SRC_URI[sha256sum] = "e362c6f03c793171becd1ce2078c64789504c7d7ff48ee40a76ff76b59f6b561" +SRC_URI[sha256sum] = "59535b7cc6989ba806a022f7e8533b28c4397b9d86e9d07b6df0c0703fa25cc9" inherit gettext diff --git a/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb b/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb new file mode 100644 index 0000000000..047697845c --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-lib/xcb-util-cursor_0.1.4.bb @@ -0,0 +1,10 @@ +require recipes-graphics/xorg-lib/xcb-util.inc + +SUMMARY = "XCB port of libXcursor" + +DEPENDS += "xcb-util xcb-util-renderutil xcb-util-image" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=ce469b61c70ff8d7cce0547476891974" + +SRC_URI[sha256sum] = "28dcfe90bcab7b3561abe0dd58eb6832aa9cc77cfe42fcdfa4ebe20d605231fb" diff --git a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb index 53dfe1634a..4795464ac0 100644 --- a/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.38.bb +++ b/poky/meta/recipes-graphics/xorg-lib/xkeyboard-config_2.39.bb @@ -13,7 +13,7 @@ LICENSE = "MIT & MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=0e7f21ca7db975c63467d2e7624a12f9" SRC_URI = "${XORG_MIRROR}/individual/data/xkeyboard-config/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "0690a91bab86b18868f3eee6d41e9ec4ce6894f655443d490a2184bfac56c872" +SRC_URI[sha256sum] = "5ac5f533eff7b0c116805fe254fd79b2c9882700a4f9f2c070f8c4eae5aaa682" SECTION = "x11/libs" DEPENDS = "util-macros libxslt-native" diff --git a/poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb b/poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb index cd5aedb59d..781382e516 100644 --- a/poky/meta/recipes-graphics/xorg-lib/xtrans_1.4.0.bb +++ b/poky/meta/recipes-graphics/xorg-lib/xtrans_1.5.0.bb @@ -9,10 +9,8 @@ except in the X Transport Interface code." require xorg-lib-common.inc -LICENSE = "MIT & MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=49347921d4d5268021a999f250edc9ca" - -XORG_EXT = "tar.bz2" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=bc875e1c864f4f62b29f7d8651f627fa" SRC_URI += "file://multilibfix.patch" @@ -24,5 +22,4 @@ inherit gettext BBCLASSEXTEND = "native nativesdk" -SRC_URI[md5sum] = "ce2fb8100c6647ee81451ebe388b17ad" -SRC_URI[sha256sum] = "377c4491593c417946efcd2c7600d1e62639f7a8bbca391887e2c4679807d773" +SRC_URI[sha256sum] = "1ba4b703696bfddbf40bacf25bce4e3efb2a0088878f017a50e9884b0c8fb1bd" diff --git a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb index a1cd66c744..94d37c56bc 100644 --- a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2022.2.bb +++ b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2023.2.bb @@ -6,10 +6,10 @@ BUGTRACKER = "https://bugs.freedesktop.org/enter_bug.cgi?product=xorg" SECTION = "x11/libs" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=dfc4bd2b0568b31725b85b0604e69b56" +LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=0b9fe3db4015bcbe920e7c67a39ee3f1" SRC_URI = "${XORG_MIRROR}/individual/proto/${BP}.tar.xz" -SRC_URI[sha256sum] = "5d13dbf2be08f95323985de53352c4f352713860457b95ccaf894a647ac06b9e" +SRC_URI[sha256sum] = "b61fbc7db82b14ce2dc705ab590efc32b9ad800037113d1973811781d5118c2c" inherit meson diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index ecb164ddf7..085fcaf87a 100644 --- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -20,16 +20,15 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz" UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" CVE_PRODUCT = "xorg-server x_server" -# This is specific to Debian's xserver-wrapper.c -CVE_CHECK_IGNORE += "CVE-2011-4613" -# As per upstream, exploiting this flaw is non-trivial and it requires exact -# timing on the behalf of the attacker. Many graphical applications exit if their -# connection to the X server is lost, so a typical desktop session is either -# impossible or difficult to exploit. There is currently no upstream patch -# available for this flaw. -CVE_CHECK_IGNORE += "CVE-2020-25697" -# This is specific to XQuartz, which is the macOS X server port -CVE_CHECK_IGNORE += "CVE-2022-3553" + +CVE_STATUS[CVE-2011-4613] = "not-applicable-platform: This is specific to Debian's xserver-wrapper.c" +CVE_STATUS[CVE-2020-25697] = "upstream-wontfix: \ +As per upstream, exploiting this flaw is non-trivial and it requires exact \ +timing on the behalf of the attacker. Many graphical applications exit if their \ +connection to the X server is lost, so a typical desktop session is either \ +impossible or difficult to exploit. There is currently no upstream patch \ +available for this flaw." +CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port" S = "${WORKDIR}/${XORG_PN}-${PV}" diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb b/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb index a065e92f01..de516536d1 100644 --- a/poky/meta/recipes-graphics/xwayland/xwayland_23.1.1.bb +++ b/poky/meta/recipes-graphics/xwayland/xwayland_23.1.2.bb @@ -10,7 +10,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880" SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz" -SRC_URI[sha256sum] = "fb9461f5cb9fea5e07e91882311b0c88b43e8843b017ebac05eb5af69aa34c15" +SRC_URI[sha256sum] = "bd25d8498ee4d77874fda125127e2db37fc332531febc966231ea06fae8cf77f" UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar" diff --git a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb index b5c0834d89..f9a3811669 100644 --- a/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.2.bb +++ b/poky/meta/recipes-kernel/libtraceevent/libtraceevent_1.7.3.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSES/GPL-2.0;md5=e6a75371ba4d16749254a51215d13f97 file://LICENSES/LGPL-2.1;md5=b370887980db5dd40659b50909238dbd" SECTION = "libs" -SRCREV = "1c6f0f3b2bb47571fc455dc565dc343152517d98" +SRCREV = "dd148189b74da3e2f45c7e536319fec97cb71213" SRC_URI = "git://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git;branch=${BPN};protocol=https \ file://0001-makefile-Do-not-preserve-ownership-in-cp-command.patch" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb index 3470131294..329a3e3c9a 100644 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "a0997fc7a9af4e46d96529d6ef13b58a" +WHENCE_CHKSUM = "57bf874056926f12aec2405d3fc390d9" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "8b1acfa16f1ee94732a6acb50d9d6c835cf53af11068bd89ed207bbe04a1e951" +SRC_URI[sha256sum] = "87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d" inherit allarch diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch deleted file mode 100644 index 5b7c1b6e21..0000000000 --- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-include-linux-stddef.h-in-swab.h-uapi-header.patch +++ /dev/null @@ -1,42 +0,0 @@ -From dc221138c809125dc1bbff8506c70cb7bd846368 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 12 Sep 2018 17:08:58 -0700 -Subject: [PATCH] include linux/stddef.h in swab.h uapi header - -swab.h uses __always_inline without including the header where it is -defined, this is exposed by musl based distributions where this macro is -not defined by system C library headers unlike glibc where it is defined -in sys/cdefs.h and that header gets pulled in indirectly via - -features.h -> sys/cdefs.h - -and features.h gets pulled in a lot of headers. Therefore it may work in -cases where features.h is includes but not otherwise. - -Adding linux/stddef.h here ensures that __always_inline is always -defined independent of which C library is used in userspace - -Upstream-Status: Submitted [https://lkml.org/lkml/2018/9/13/78] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Cc: Philippe Ombredanne <pombredanne@nexb.com> -Cc: Kate Stewart <kstewart@linuxfoundation.org> -Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Cc: Thomas Gleixner <tglx@linutronix.de> - ---- - include/uapi/linux/swab.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h -index 7272f85d6..2912fe463 100644 ---- a/include/uapi/linux/swab.h -+++ b/include/uapi/linux/swab.h -@@ -3,6 +3,7 @@ - #define _UAPI_LINUX_SWAB_H - - #include <linux/types.h> -+#include <linux/stddef.h> - #include <linux/compiler.h> - #include <asm/bitsperlong.h> - #include <asm/swab.h> diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb index cbdebdc1e8..c52315499e 100644 --- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.1.bb +++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_6.4.bb @@ -4,7 +4,6 @@ SRC_URI:append:libc-musl = "\ file://0001-libc-compat.h-fix-some-issues-arising-from-in6.h.patch \ file://0003-remove-inclusion-of-sysinfo.h-in-kernel.h.patch \ file://0001-libc-compat.h-musl-_does_-define-IFF_LOWER_UP-DORMAN.patch \ - file://0001-include-linux-stddef.h-in-swab.h-uapi-header.patch \ " SRC_URI += "\ @@ -13,6 +12,6 @@ SRC_URI += "\ LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -SRC_URI[sha256sum] = "2ca1f17051a430f6fed1196e4952717507171acfd97d96577212502703b25deb" +SRC_URI[sha256sum] = "8fa0588f0c2ceca44cac77a0e39ba48c9f00a6b9dc69761c02a5d3efac8da7f3" diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 4cc151901b..2eb4836c35 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,20 +1,329 @@ +CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu" + +# https://www.linuxkernelcves.com/cves/CVE-2019-3016 +# Fixed with 5.6 +CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed in version v5.6" + +# https://www.linuxkernelcves.com/cves/CVE-2019-3819 +# Fixed with 5.1 +CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed in version v5.1" + +# https://www.linuxkernelcves.com/cves/CVE-2019-3887 +# Fixed with 5.2 +CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed in version v5.2" + +CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto" + +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 +# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 +# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 +CVE_STATUS[CVE-2020-27784] = "cpe-stable-backport: Backported in version v5.4.73" + + +# 2021 + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 +CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed in version v5.15" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 +CVE_STATUS[CVE-2021-3759] = "cpe-stable-backport: Backported in versions v5.4.224 and v6.1.11" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 +CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed in version v5.8" + + +# 2022 + +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 +CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed in version v5.15" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d +CVE_STATUS[CVE-2022-1184] = "cpe-stable-backport: Backported in versions v5.4.198, v5.10.121 and v5.15.46" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 +CVE_STATUS[CVE-2022-1462] = "cpe-stable-backport: Backported in versions v5.4.208, v5.10.134 and v5.15.58" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2196 +# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54 +# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026 +# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 +# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b +# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349 +# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35 +# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15 +CVE_STATUS[CVE-2022-2196] = "cpe-stable-backport: Backported in versions v5.4.1233, v5.10.170, v5.15.46 and v6.1.14" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac +CVE_STATUS[CVE-2022-2308] = "cpe-stable-backport: Backported in versions v5.15.72 and v5.19.14" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 +CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed in version v5.10.125" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 +# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 +# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 +# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 +# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca +# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 +# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d +CVE_STATUS[CVE-2022-2663] = "cpe-stable-backport: Backported in versions v5.4.213, v5.10.143, v5.15.68 and v5.19.9" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 +# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 +# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 +# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd +CVE_STATUS[CVE-2022-2785] = "cpe-stable-backport: Backported in version v5.19.4" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 +# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 +# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 +# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 +CVE_STATUS[CVE-2022-3176] = "cpe-stable-backport: Backported in version v5.15.65" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3424 +# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf +# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc +# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977 +# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c +# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106 +# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e +CVE_STATUS[CVE-2022-3424] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.86 and v 6.1.2" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 +# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 +# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438 +# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f +# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5 +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 +CVE_STATUS[CVE-2022-3435] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.158 and v5.15.82" + # https://nvd.nist.gov/vuln/detail/CVE-2022-3523 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 # Patched in kernel since v6.1 16ce101db85db694a91380aa4c89b25530871d33 -CVE_CHECK_IGNORE += "CVE-2022-3523" +CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed in version v6.1" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 +# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d +# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 +# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b +CVE_STATUS[CVE-2022-3526] = "cpe-stable-backport: Backported in version v5.15.35" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 +# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 +# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749 +# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 +# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b +# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d +CVE_STATUS[CVE-2022-3534] = "cpe-stable-backport: Backported in versions v5.10.163, v5.15.86 and v6.1.2" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 +# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde +CVE_STATUS[CVE-2022-3564] = "cpe-stable-backport: Backported in versions v5.10.154 and v5.15.78" # https://nvd.nist.gov/vuln/detail/CVE-2022-3566 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 # Patched in kernel since v6.1 f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 -CVE_CHECK_IGNORE += "CVE-2022-3566" +CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed in version v6.1" # https://nvd.nist.gov/vuln/detail/CVE-2022-3567 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 # Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6 -CVE_CHECK_IGNORE += "CVE-2022-3567" +CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed in version v6.1" +# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 +# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 +# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 +# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c +CVE_STATUS[CVE-2022-3619] = "cpe-stable-backport: Backported in version v5.15.78" -# 2023 +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 +# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd +CVE_STATUS[CVE-2022-3621] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 +# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 +CVE_STATUS[CVE-2022-3623] = "cpe-stable-backport: Backported in versions v5.4.228, v5.10.159, v5.15.78 and v 5.19.17" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 +# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e +# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 +CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed in version v6.0" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 +# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 +# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902 +# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f +# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 +# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 +# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 +CVE_STATUS[CVE-2022-3625] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 +# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 +CVE_STATUS[CVE-2022-3629] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 +# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da +# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 +# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b +CVE_STATUS[CVE-2022-3630] = "cpe-stable-backport: Backported in version v5.19.4" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 +# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de +CVE_STATUS[CVE-2022-3633] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 +CVE_STATUS[CVE-2022-3635] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 +# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 +# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 +CVE_STATUS[CVE-2022-3636] = "cpe-stable-backport: Backported in version v5.19" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 +# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 +# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624 +# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea +# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4 +# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533 +# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab +# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd +# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a +CVE_STATUS[CVE-2022-3640] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 +# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 +CVE_STATUS[CVE-2022-3646] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 +CVE_STATUS[CVE-2022-3649] = "cpe-stable-backport: Backported in versions v5.4.220, v5.10.148, v5.15.74 and v5.19.16" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 +# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 +# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4 +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 +CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in versions v5.4.230, v5.10.165, v5.15.90 and v6.1.8" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 +CVE_STATUS[CVE-2022-26365] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 +CVE_STATUS[CVE-2022-33740] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 +CVE_STATUS[CVE-2022-33741] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 +CVE_STATUS[CVE-2022-33742] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 +CVE_STATUS[CVE-2022-42895] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4 +# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b +# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 +# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a +CVE_STATUS[CVE-2022-42896] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.154 and v5.15.78" # https://nvd.nist.gov/vuln/detail/CVE-2022-38457 # https://nvd.nist.gov/vuln/detail/CVE-2022-40133 @@ -26,11 +335,271 @@ CVE_CHECK_IGNORE += "CVE-2022-3567" # * https://www.linuxkernelcves.com/cves/CVE-2022-38457 # * https://www.linuxkernelcves.com/cves/CVE-2022-40133 # * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/ -CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133" +CVE_STATUS[CVE-2022-38457] = "cpe-stable-backport: Backported in version v6.1.7" +CVE_STATUS[CVE-2022-40133] = "cpe-stable-backport: Backported in version v6.1.7" + +# Backported to 6.1.33 +CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in version v6.1.33" + +# 2023 + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0179 +# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0 +# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa +# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 +# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3 +CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in versions v5.10.164, v5.15.89 and v6.1.7" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e +# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c +# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 +CVE_STATUS[CVE-2023-0266] = "cpe-stable-backport: Backported in versions v5.15.88 and v6.1.6" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 +# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 +CVE_STATUS[CVE-2023-0394] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.164, v5.15.89 and v6.1.7" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0386 +# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203 +# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 +# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e +# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81 +CVE_STATUS[CVE-2023-0386] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0461 +# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578 +# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c +# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d +# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0 +# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6 +# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c +CVE_STATUS[CVE-2023-0461] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.88 and v6.1.5" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1073 +# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5 +# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456 +# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58 +# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64 +# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d +CVE_STATUS[CVE-2023-1073] = "cpe-stable-backport: Backported in versions v5.10.166, v5.15.91 and v6.1.9" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1074 +# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f +# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32 +# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3 +CVE_STATUS[CVE-2023-1074] = "cpe-stable-backport: Backported in versions v5.15.91 andv6.1.9" # https://nvd.nist.gov/vuln/detail/CVE-2023-1075 # Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221 # Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb # Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50 # 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch -CVE_CHECK_IGNORE += "CVE-2023-1075" +CVE_STATUS[CVE-2023-1075] = "cpe-stable-backport: Backported in version v6.1.11" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1076 +# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a +# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11 +# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178 +# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427 +# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44 +# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6 +CVE_STATUS[CVE-2023-1076] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1077 +# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97 +# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 +# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 +CVE_STATUS[CVE-2023-1077] = "cpe-stable-backport: Backported in versions v5.15.99 and v6.1.16" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1078 +# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d +# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba +# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 +CVE_STATUS[CVE-2023-1078] = "cpe-stable-backport: Backported in versions v5.15.94 and v6.1.12" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1079 +# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df +# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc +# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09 +# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138 +# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e +# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540 +CVE_STATUS[CVE-2023-1079] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1118 +# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6 +# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17 +# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c +# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c +# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 +# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a +# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555 +CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1281 +# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6 +# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2 +# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4 +# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da +# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f +CVE_STATUS[CVE-2023-1281] = "cpe-stable-backport: Backported in versions v5.10.169, v5.15.95 and v6.1.13" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1513 +# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952 +# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8 +# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107 +# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8 +# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb +CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in versions v5.4.232, v5.10.169, v5.15.95 and v6.1.13" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1652 +# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd +# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36 +# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560 +# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652 +# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652 +CVE_STATUS[CVE-2023-1652] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1829 +# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28 +# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480 +# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6 +# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19 +# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd +# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd +# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829 +# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829 +CVE_STATUS[CVE-2023-1829] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.100, v6.1.18 and v6.2.5" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-28466 +# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 +# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 +# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa +# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123 +# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce +CVE_STATUS[CVE-2023-28466] = "cpe-stable-backport: Backported in versions v5.15.05, v6.1.20 and v6.2.7" + + +# https://www.linuxkernelcves.com/cves/CVE-2023-0615 +# Fixed in 6.1 onwards +CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed in version v6.1 onwards" + +# https://www.linuxkernelcves.com/cves/CVE-2023-28328 +# Fixed with 6.1.2 +CVE_STATUS[CVE-2023-28328] = "fixed-version: Fixed in version v6.1.2" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2162 +# Fixed in 6.1.11 +CVE_STATUS[CVE-2023-2162] = "fixed-version: Fixed in version v6.1.11" + +# https://www.linuxkernelcves.com/cves/CVE-2023-0459 +# Fixed in 6.1.14 onwards +CVE_STATUS[CVE-2023-0459] = "fixed-version: Fixed in version v6.1.14" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1999 +# https://www.linuxkernelcves.com/cves/CVE-2023-2985 +# Fixed in 6.1.16 +CVE_STATUS[CVE-2023-1998] = "fixed-version: Fixed in version v6.1.16" +CVE_STATUS[CVE-2023-2985] = "fixed-version: Fixed in version v6.1.16" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1855 +# https://www.linuxkernelcves.com/cves/CVE-2023-1990 +# https://www.linuxkernelcves.com/cves/CVE-2023-2235 +# https://www.linuxkernelcves.com/cves/CVE-2023-30456 +# Fixed in 6.1.21 +CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6121" +CVE_STATUS_KERNEL_6121 = "CVE-2023-1855 CVE-2023-1990 CVE-2023-2235 CVE-2023-30456" +CVE_STATUS_KERNEL_6121[status] = "fixed-version: Fixed in version v6.1.21" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1989 +# https://www.linuxkernelcves.com/cves/CVE-2023-2194 +# https://www.linuxkernelcves.com/cves/CVE-2023-28866 +# https://www.linuxkernelcves.com/cves/CVE-2023-30772 +# https://www.linuxkernelcves.com/cves/CVE-2023-33203 +# https://www.linuxkernelcves.com/cves/CVE-2023-33288 +# Fixed with 6.1.22 +CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6122" +CVE_STATUS_KERNEL_6122 = "CVE-2023-2194 CVE-2023-1989 CVE-2023-28866 CVE-2023-30772 CVE-2023-33203 CVE-2023-33288" +CVE_STATUS_KERNEL_6122[status] = "fixed-version: Fixed in version v6.1.22" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1611 +# Fixed in 6.1.23 +CVE_STATUS[CVE-2023-1611] = "fixed-version: Fixed in version v6.1.23" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1859 +# Fixed in 6.1.25 +CVE_STATUS[CVE-2023-1859] = "fixed-version: Fixed in version v6.1.25" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2156 +# https://www.linuxkernelcves.com/cves/CVE-2023-31436 +# Fixed in 6.1.26 +CVE_STATUS[CVE-2023-2156] = "fixed-version: Fixed in version v6.1.26" +CVE_STATUS[CVE-2023-31436] = "fixed-version: Fixed in version v6.1.26" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1380 +# https://www.linuxkernelcves.com/cves/CVE-2023-2002 +# Fixed in 6.1.27 +CVE_STATUS[CVE-2023-1380] = "fixed-version: Fixed in version v6.1.27" +CVE_STATUS[CVE-2023-2002] = "fixed-version: Fixed in version v6.1.27" + +# https://www.linuxkernelcves.com/cves/CVE-2023-32233 +# Fixed with 6.1.28 +CVE_STATUS[CVE-2023-32233] = "fixed-version: Fixed in version v6.1.28" + +# https://www.linuxkernelcves.com/cves/CVE-2023-34256 +# Fixed in 6.1.29 +CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed in version v6.1.29" + + +# Backported to 6.1.9 +CVE_STATUS[CVE-2023-3358] = "cpe-stable-backport: Backported in version v6.1.9" + +# Backported to 6.1.11 +CVE_STATUS[CVE-2023-3359] = "cpe-stable-backport: Backported in version v6.1.11" +CVE_STATUS[CVE-2023-3161] = "cpe-stable-backport: Backported in version v6.1.11" + +# Backported to 6.1.16 +CVE_STATUS[CVE-2023-3220] = "cpe-stable-backport: Backported in version v6.1.16" + +# Backported to 6.1.28 +CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6128" +CVE_STATUS_KERNEL_6128 = "CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35826 CVE-2023-35828 CVE-2023-35829" +CVE_STATUS_KERNEL_6122[status] = "cpe-stable-backport: Backported in version v6.1.28" + +# Backported to 6.1.30 +# Backported to 6.1.30 as 9a342d4 +CVE_STATUS[CVE-2023-3090] = "cpe-stable-backport: Backported in version v6.1.30" +CVE_STATUS[CVE-2023-3141] = "cpe-stable-backport: Backported in version v6.1.30 as 9a342d4" + +# Backported to 6.1.33 +CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6133" +CVE_STATUS_KERNEL_6133 = "CVE-2023-2124 CVE-2023-3212 CVE-2023-35788" +CVE_STATUS_KERNEL_6133[status] = "cpe-stable-backport: Backported in version v6.1.33" + +# Backported to 6.1.35 +CVE_STATUS[CVE-2023-3117] = "cpe-stable-backport: Backported in version v6.1.35" +CVE_STATUS[CVE-2023-3390] = "cpe-stable-backport: Backported in version v6.1.35" + +# Backported to 6.1.36 +CVE_STATUS[CVE-2023-3389] = "cpe-stable-backport: Backported in version v6.1.36" + +# Only in 6.2.0 to 6.2.14, and 6.3.0 to 6.3.1 +CVE_STATUS[CVE-2023-3312] = "not-applicable-config: Only in versions v6.2.0 to v6.2.4 and v6.3.0 to v6.3.1" + + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23005 +# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b +# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee +# But, the CVE is disputed: +CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \ +in which a user can cause the alloc_memory_type error case to be reached. \ +See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2" + +CVE_STATUS[CVE-2023-28464] = "not-applicable-config: Only in 6.3-rc" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 54ead24ded..d4488b360c 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6f370bf9127713eccdfb3cf009c46ef4852aec28" -SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e" +SRCREV_machine ?= "efb2c857761e865cd7947aab42eaa5ba77ef6ee7" +SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.35" +LINUX_VERSION ?= "6.1.38" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb new file mode 100644 index 0000000000..9273a08c61 --- /dev/null +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb @@ -0,0 +1,48 @@ +KBRANCH ?= "v6.4/standard/preempt-rt/base" + +require recipes-kernel/linux/linux-yocto.inc + +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_6.4.inc + +# Skip processing of this recipe if it is not explicitly specified as the +# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying +# to build multiple virtual/kernel providers, e.g. as dependency of +# core-image-rt-sdk, core-image-rt. +python () { + if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt": + raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") +} + +SRCREV_machine ?= "917d160a84f61aada28d09f5afc04d6451fa52a0" +SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47" + +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ + git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https" + +LINUX_VERSION ?= "6.4.3" + +LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" + +DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" +DEPENDS += "openssl-native util-linux-native" + +PV = "${LINUX_VERSION}+git${SRCPV}" + +KMETA = "kernel-meta" +KCONF_BSP_AUDIT_LEVEL = "1" + +LINUX_KERNEL_TYPE = "preempt-rt" + +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$" + +KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" + +# Functionality flags +KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc" +KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}" +KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc" +KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" +KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" +KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}" +KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index fd2e2511d5..4e45e25975 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.35" +LINUX_VERSION ?= "6.1.38" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e" +SRCREV_machine ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb new file mode 100644 index 0000000000..39abfcbb08 --- /dev/null +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb @@ -0,0 +1,33 @@ +KBRANCH ?= "v6.4/standard/tiny/base" + +LINUX_KERNEL_TYPE = "tiny" +KCONFIG_MODE = "--allnoconfig" + +require recipes-kernel/linux/linux-yocto.inc + +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_6.4.inc + +LINUX_VERSION ?= "6.4.3" +LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" + +DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" +DEPENDS += "openssl-native util-linux-native" + +KMETA = "kernel-meta" +KCONF_BSP_AUDIT_LEVEL = "2" + +SRCREV_machine ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47" + +PV = "${LINUX_VERSION}+git${SRCPV}" + +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ + git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https" + +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$" + +# Functionality flags +KERNEL_FEATURES = "" + +KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index 04a8105e17..0cc303c009 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -62,7 +62,7 @@ KERNEL_FEATURES:append:qemuall=" features/kernel-sample/kernel-sample.scc" KERNEL_DEBUG ?= "" # These used to be version specific, but are now common dependencies. New # tools / dependencies will continue to be added in version specific recipes. -DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64" ], "elfutils-native", "", d)}' +DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64", "powerpc" ], "elfutils-native", "", d)}' DEPENDS += "openssl-native util-linux-native" DEPENDS += "gmp-native libmpc-native" DEPENDS += '${@bb.utils.contains("KERNEL_DEBUG", "True", "pahole-native", "", d)}' diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb index 1838a1e031..a76d2dc404 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -17,25 +17,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "915f4d2237d1c8e23eb67eda0b8e9b24373a80b4" -SRCREV_machine:qemuarm64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemuloongarch64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemumips ?= "1aad3fa2eba5594fb4e779fc53fef6046d833c91" -SRCREV_machine:qemuppc ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemuriscv64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemuriscv32 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemux86 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemux86-64 ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_machine:qemumips64 ?= "53e7685d6da27e112397e71c27a0bce0fc9313a9" -SRCREV_machine ?= "682b17e1d76bc4364fcc9864f39c31c855b5f5df" -SRCREV_meta ?= "b358c237cf493dcf5af1760fc4632ede32e1ff2e" +SRCREV_machine:qemuarm ?= "a74344429a095a5941cd8dfac532160349344c92" +SRCREV_machine:qemuarm64 ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemuloongarch64 ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemumips ?= "78c81e178f8e2ffbb7c03cd324cf50ee0c5c4cf2" +SRCREV_machine:qemuppc ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemuriscv64 ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemuriscv32 ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemux86 ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemux86-64 ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_machine:qemumips64 ?= "6c6b1170464e1f64f78a45cf7e78d5c678f38f48" +SRCREV_machine ?= "b110cf9bbc395fe757956839d8110e72368699f4" +SRCREV_meta ?= "cba89f406c6e07a16018cb77b51950cbae8ec654" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the <version>/base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "e84a4e368abe42cf359fe237f0238820859d5044" +SRCREV_machine:class-devupstream ?= "61fd484b2cf6bc8022e8e5ea6f693a9991740ac2" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.35" +LINUX_VERSION ?= "6.1.38" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb new file mode 100644 index 0000000000..443a89cc1e --- /dev/null +++ b/poky/meta/recipes-kernel/linux/linux-yocto_6.4.bb @@ -0,0 +1,71 @@ +KBRANCH ?= "v6.4/standard/base" + +require recipes-kernel/linux/linux-yocto.inc + +# CVE exclusions +include recipes-kernel/linux/cve-exclusion_6.4.inc + +# board specific branches +KBRANCH:qemuarm ?= "v6.4/standard/arm-versatile-926ejs" +KBRANCH:qemuarm64 ?= "v6.4/standard/qemuarm64" +KBRANCH:qemumips ?= "v6.4/standard/mti-malta32" +KBRANCH:qemuppc ?= "v6.4/standard/qemuppc" +KBRANCH:qemuriscv64 ?= "v6.4/standard/base" +KBRANCH:qemuriscv32 ?= "v6.4/standard/base" +KBRANCH:qemux86 ?= "v6.4/standard/base" +KBRANCH:qemux86-64 ?= "v6.4/standard/base" +KBRANCH:qemuloongarch64 ?= "v6.4/standard/base" +KBRANCH:qemumips64 ?= "v6.4/standard/mti-malta64" + +SRCREV_machine:qemuarm ?= "aa7642358697dc9be32c4563a3d950f257a3f2ed" +SRCREV_machine:qemuarm64 ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemuloongarch64 ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemumips ?= "8a3ac37b45e7dcc98d28ab3920309340202272d9" +SRCREV_machine:qemuppc ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemuriscv64 ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemuriscv32 ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemux86 ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemux86-64 ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_machine:qemumips64 ?= "144ff37fee7f0499574d5b508e4db82234f38fec" +SRCREV_machine ?= "dee78ad1963cff9c063fba486d43fc9670285883" +SRCREV_meta ?= "dab56f52aa33b5cea1513b36b98e50a6c7c31f47" + +# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll +# get the <version>/base branch, which is pure upstream -stable, and the same +# meta SRCREV as the linux-yocto-standard builds. Select your version using the +# normal PREFERRED_VERSION settings. +BBCLASSEXTEND = "devupstream:target" +SRCREV_machine:class-devupstream ?= "160f4124ea8b4cd6c86867e111fa55e266345a16" +PN:class-devupstream = "linux-yocto-upstream" +KBRANCH:class-devupstream = "v6.4/base" + +SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \ + git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https" + +LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" +LINUX_VERSION ?= "6.4.3" + +PV = "${LINUX_VERSION}+git${SRCPV}" + +KMETA = "kernel-meta" +KCONF_BSP_AUDIT_LEVEL = "1" + +KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" + +COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32|qemuloongarch64)$" + +# Functionality flags +KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" +KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}" +KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc" +KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc" +KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" +KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}" +KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}" +KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc" +KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc" +KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc" + +INSANE_SKIP:kernel-vmlinux:qemuppc64 = "textrel" + diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb index 916408bff0..424b0fa645 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb @@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \ file://0001-Makefile.am-update-rpath-link.patch \ " -SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6" +SRC_URI[sha256sum] = "e7e04596dd73ac7aa99e27cd000f949dbb0fed51bd29099f9b08a25c1df0ced5" CVE_PRODUCT = "ust" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 2d803381bb..7d90ac3612 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -383,7 +383,7 @@ PACKAGESPLITFUNCS =+ "perf_fix_sources" perf_fix_sources () { for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \ - util/expr-flex.h util/expr-flex.c; do + util/pmu-flex.h util/expr-flex.h util/expr-flex.c; do f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f if [ -e $f ]; then sed -i -e 's#${S}/##g' $f diff --git a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb index a8bf09904d..d482e27683 100644 --- a/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb +++ b/poky/meta/recipes-multimedia/alsa/alsa-lib_1.2.9.bb @@ -16,7 +16,7 @@ inherit autotools pkgconfig EXTRA_OECONF += " \ ${@bb.utils.contains('TARGET_FPU', 'soft', '--with-softfloat', '', d)} \ - --disable-python \ + --disable-python --disable-old-symbols \ " PACKAGES =+ "alsa-server alsa-conf libatopology" diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch new file mode 100644 index 0000000000..94e0ba6d10 --- /dev/null +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch @@ -0,0 +1,35 @@ +From 85eefb65eb632d827e17a72518dd289dcd721084 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 2 Jul 2023 19:29:55 -0700 +Subject: [PATCH] libswscale/riscv: Fix syntax of vsetvli + +Add missing operand which clang complains about but gcc assumes it to be +'m1' if not specifiied. + +Fixes building with clang +| src/libswscale/riscv/rgb2rgb_rvv.S:88:25: error: operand must be e[8|16|32|64|128|256|512|1024],m[1|2|4|8|f2|f4|f8],[ta|tu],[ma|mu] +| vsetvli t4, t3, e8, ta, ma +| ^ + +Upstream-Status: Submitted [https://ffmpeg.org/pipermail/ffmpeg-devel/2023-July/311514.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + libswscale/riscv/rgb2rgb_rvv.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libswscale/riscv/rgb2rgb_rvv.S b/libswscale/riscv/rgb2rgb_rvv.S +index 5626d90..bbdfdbe 100644 +--- a/libswscale/riscv/rgb2rgb_rvv.S ++++ b/libswscale/riscv/rgb2rgb_rvv.S +@@ -85,7 +85,7 @@ func ff_interleave_bytes_rvv, zve32x + mv t3, a3 + addi a4, a4, -1 + 2: +- vsetvli t4, t3, e8, ta, ma ++ vsetvli t4, t3, e8, m1, ta, ma + sub t3, t3, t4 + vle8.v v8, (t0) + add t0, t4, t0 +-- +2.41.0 + diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb index f84d9bb6d0..181c17d9d6 100644 --- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb +++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb @@ -22,7 +22,8 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \ file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02" -SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz" +SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ + file://0001-libswscale-riscv-Fix-syntax-of-vsetvli.patch" SRC_URI[sha256sum] = "57be87c22d9b49c112b6d24bc67d42508660e6b718b3db89c44e47e289137082" diff --git a/poky/meta/recipes-multimedia/flac/flac_1.4.2.bb b/poky/meta/recipes-multimedia/flac/flac_1.4.3.bb index d3ece3f3cf..d4e463cda5 100644 --- a/poky/meta/recipes-multimedia/flac/flac_1.4.2.bb +++ b/poky/meta/recipes-multimedia/flac/flac_1.4.3.bb @@ -5,15 +5,15 @@ BUGTRACKER = "https://github.com/xiph/flac/issues" SECTION = "libs" LICENSE = "GFDL-1.2 & GPL-2.0-or-later & LGPL-2.1-or-later & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ - file://src/Makefile.am;beginline=1;endline=17;md5=146d2c8c2fd287545cc1bd81f31e8758 \ + file://src/Makefile.am;beginline=1;endline=17;md5=b1dab2704be7f01bfbd9b7f6d5f000a9 \ file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://src/flac/main.c;beginline=1;endline=18;md5=893456854ce6bf14a1a7ea77266eebab \ + file://src/flac/main.c;beginline=1;endline=18;md5=23099119c034d894bd1bf7ef5bd22101 \ file://COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24 \ - file://COPYING.Xiph;md5=3d6da238b5b57a0965d6730291119f65 \ + file://COPYING.Xiph;md5=0c90e41ab2fa7e69ca9391330d870221 \ file://include/FLAC/all.h;beginline=65;endline=70;md5=39aaf5e03c7364363884c8b8ddda8eea" SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz" -SRC_URI[sha256sum] = "e322d58a1f48d23d9dd38f432672865f6f79e73a6f9cc5a5f57fcaa83eb5a8e4" +SRC_URI[sha256sum] = "6c58e69cd22348f441b861092b825e591d0b822e106de6eb0ee4d05d27205b70" CVE_PRODUCT = "libflac flac" @@ -25,11 +25,8 @@ EXTRA_OECONF = "--disable-oggtest \ " PACKAGECONFIG ??= " \ - ${@bb.utils.filter("TUNE_FEATURES", "altivec vsx", d)} \ ogg \ " -PACKAGECONFIG[altivec] = "--enable-altivec,--disable-altivec" -PACKAGECONFIG[vsx] = "--enable-vsx,--disable-vsx" PACKAGECONFIG[avx] = "--enable-avx,--disable-avx" PACKAGECONFIG[ogg] = "--enable-ogg --with-ogg-libraries=${STAGING_LIBDIR} --with-ogg-includes=${STAGING_INCDIR},--disable-ogg,libogg" diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb index fa82ef7861..beaf1a9b91 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.4.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "446ac9c42d502cbfd9081737cc1b853b3c1f50db77ca7ccd01aea10f687550c1" +SRC_URI[sha256sum] = "4c52053ce8c1df72fd81721e9f53de3b146edcf2de28f607be705bce4cf909d1" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS:${PN} = "git" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb index c5af676a95..4d59353e08 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.4.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "2ec5c805808b4371a7e32b1da0202a1c8a6b36b6ce905080bf5c34097d12a923" +SRC_URI[sha256sum] = "9a751bc740de768e791c37a95f0a924c6a41d12fd7f37f54ce6a4e834be122d3" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb index 694a12b1c1..fc70805daf 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.4.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "6f51c2331c334593c2c3cf12e9f22b9e3b419a3247cfb2fec0e1bd845569863a" +SRC_URI[sha256sum] = "5fcb872d977b035fb75a2d0ea955ba052dc3bdae282f8f60aa9d865808784211" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb index 3aa53193af..16d53203a4 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.4.bb @@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0002-avoid-including-sys-poll.h-directly.patch \ file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ " -SRC_URI[sha256sum] = "e1798fee2d86127f0637481c607f983293bf0fd81aad70a5c7b47205af3621d8" +SRC_URI[sha256sum] = "eaaf53224565eaabd505ca39c6d5769719b45795cf532ce1ceb60e1b2ebe99ac" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb index 44056b04e9..3c0cb7dc6c 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.4.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0003-viv-fb-Make-sure-config.h-is-included.patch \ file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ " -SRC_URI[sha256sum] = "1c596289a0d4207380233eba8c36a932c4d1aceba19932937d9b57c24cef89f3" +SRC_URI[sha256sum] = "292424e82dea170528c42b456f62a89532bcabc0508f192e34672fb86f68e5b8" S = "${WORKDIR}/gst-plugins-base-${PV}" @@ -21,7 +21,8 @@ inherit gobject-introspection # opengl packageconfig factored out to make it easy for distros # and BSP layers to choose OpenGL APIs/platforms/window systems -PACKAGECONFIG_GL ?= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gles2 egl', '', d)}" +PACKAGECONFIG_X11 = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'opengl glx', '', d)}" +PACKAGECONFIG_GL ?= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gles2 egl ${PACKAGECONFIG_X11}', '', d)}" PACKAGECONFIG ??= " \ ${GSTREAMER_ORC} \ @@ -32,7 +33,7 @@ PACKAGECONFIG ??= " \ " OPENGL_APIS = 'opengl gles2' -OPENGL_PLATFORMS = 'egl' +OPENGL_PLATFORMS = 'egl glx' X11DEPENDS = "virtual/libx11 libsm libxrender libxv" X11ENABLEOPTS = "-Dx11=enabled -Dxvideo=enabled -Dxshm=enabled" @@ -61,6 +62,7 @@ PACKAGECONFIG[gles2] = ",,virtual/libgles2" # OpenGL platform packageconfigs PACKAGECONFIG[egl] = ",,virtual/egl" +PACKAGECONFIG[glx] = ",,virtual/libgl" # OpenGL window systems (except for X11) PACKAGECONFIG[gbm] = ",,virtual/libgbm libgudev libdrm" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb index 8de1d1c5f5..0ae1758a3f 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.4.bb @@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" -SRC_URI[sha256sum] = "af81154b3a2ef3f4d2feba395f25696feea6fd13ec62c92d3c7a973470710273" +SRC_URI[sha256sum] = "d7120c1146a9d723d53d5bfe8074da2575a81f0598438752937f39bb7c833b6a" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb index 21102d59b6..1b3d3b6da7 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.4.bb @@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "3dc98ed5c2293368b3c4e6ce55d89be834a0a62e9bf88ef17928cf03b7d5a360" +SRC_URI[sha256sum] = "ffb461fda6c06d316c4be5682632cc8901454ed72b1098b1e0221bc55e673cd7" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb index 0cf1908e76..e35bef3d56 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.4.bb @@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "70bed3fabe634bc622ef6de4e6eb1c33bc9cefd64bdab200f6fa316b468c731c" +SRC_URI[sha256sum] = "e1302dcc0f2451b64380dcc0dd3b82735795e8951dc812d938d8ba91f388163e" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb index 0f8a89db7c..29eb4bb011 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.4.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "d02a39dfa9bdbf99a3dd2d378e17942b3ce42dfe36fb0c27e2d0b01722fc561d" +SRC_URI[sha256sum] = "4666612d7a99c60dcd6f0bdba1b7a74d2562a0501b2a3e0576f0916bf1d8811b" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb index 6e0014c090..34c15bb377 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.4.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "a27867062e8b69305fca5b7d3f13ed7c318b703e7d72756c94395bd305c7b32c" +SRC_URI[sha256sum] = "967b8e353d82d0081a68dc53639b25d9fb4ca89bfa1e061403e0cd7d23585ba6" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb index ca7548758c..2eadb79637 100644 --- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.3.bb +++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.4.bb @@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \ file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \ " -SRC_URI[sha256sum] = "9ffeab95053f9f6995eb3b3da225e88f21c129cd60da002d3f795db70d6d5974" +SRC_URI[sha256sum] = "11cb0498bc16b93d8b99d22f75f829b8d0abfd8254840b2120618db5532dc655" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb index a6c229f5cf..293bf2858d 100644 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.40.bb @@ -5,13 +5,13 @@ library for use in applications that read, create, and manipulate PNG \ HOMEPAGE = "http://www.libpng.org/" SECTION = "libs" LICENSE = "Libpng" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5c900cc124ba35a274073b5de7639b13" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8f533bc367bfd43f556b6f782234c076" DEPENDS = "zlib" LIBV = "16" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" +SRC_URI[sha256sum] = "535b479b2467ff231a3ec6d92a525906fb8ef27978be4f66dbe05d3f3a01b3a1" MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" @@ -32,5 +32,4 @@ FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" BBCLASSEXTEND = "native nativesdk" -# CVE-2019-17371 is actually a memory leak in gif2png 2.x -CVE_CHECK_IGNORE += "CVE-2019-17371" +CVE_STATUS[CVE-2019-17371] = "cpe-incorrect: A memory leak in gif2png 2.x" diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch deleted file mode 100644 index e356d377ea..0000000000 --- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch +++ /dev/null @@ -1,29 +0,0 @@ -CVE: CVE-2022-48281 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 -From: Su Laus <sulau@freenet.de> -Date: Sat, 21 Jan 2023 15:58:10 +0000 -Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. - ---- - tools/tiffcrop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 14fa18da..7db69883 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image, - cropsize + NUM_BUFF_OVERSIZE_BYTES); - else - { -- prev_cropsize = seg_buffs[0].size; -+ prev_cropsize = seg_buffs[i].size; - if (prev_cropsize < cropsize) - { - next_buff = _TIFFrealloc( --- -GitLab - diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch deleted file mode 100644 index 7db0a35f72..0000000000 --- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sat, 29 Apr 2023 12:20:46 +0200 -Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a - strip whith a missing end-of-information marker (fixes #548) - -CVE: CVE-2023-2731 -Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b] - ---- - libtiff/tif_lzw.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c -index ba75a07e..d631fa10 100644 ---- a/libtiff/tif_lzw.c -+++ b/libtiff/tif_lzw.c -@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s) - - if (sp->read_error) - { -+ TIFFErrorExtR(tif, module, -+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to " -+ "previous error", -+ tif->tif_row); - return 0; - } - -@@ -742,6 +746,7 @@ after_loop: - return (1); - - no_eoi: -+ sp->read_error = 1; - TIFFErrorExtR(tif, module, - "LZWDecode: Strip %" PRIu32 " not terminated with EOI code", - tif->tif_curstrip); --- -2.34.1 - diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb index ca4a3eff91..6171a538e5 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb @@ -8,24 +8,14 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" CVE_PRODUCT = "libtiff" -SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ - file://CVE-2022-48281.patch \ - file://CVE-2023-2731.patch \ -" +SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz" -SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464" +SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b" # exclude betas UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" -# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 -# and 4.3.0 doesn't have the issue -CVE_CHECK_IGNORE += "CVE-2015-7313" -# These issues only affect libtiff post-4.3.0 but before 4.4.0, -# caused by 3079627e and fixed by b4e79bfa. -CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623" -# Issue is in jbig which we don't enable -CVE_CHECK_IGNORE += "CVE-2022-1210" +CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue" inherit autotools multilib_header diff --git a/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch b/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch deleted file mode 100644 index d293ab93ab..0000000000 --- a/poky/meta/recipes-multimedia/webp/files/CVE-2023-1999.patch +++ /dev/null @@ -1,55 +0,0 @@ -From a486d800b60d0af4cc0836bf7ed8f21e12974129 Mon Sep 17 00:00:00 2001 -From: James Zern <jzern@google.com> -Date: Wed, 22 Feb 2023 22:15:47 -0800 -Subject: [PATCH] EncodeAlphaInternal: clear result->bw on error - -This avoids a double free should the function fail prior to -VP8BitWriterInit() and a previous trial result's buffer carried over. -Previously in ApplyFiltersAndEncode() trial.bw (with a previous -iteration's buffer) would be freed, followed by best.bw pointing to the -same buffer. - -Since: -187d379d add a fallback to ALPHA_NO_COMPRESSION - -In addition, check the return value of VP8BitWriterInit() in this -function. - -Bug: webp:603 -Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910 - -CVE: CVE-2023-1999 -Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129] -Signed-off-by: Nikhil R <nikhil.r@kpit.com> ---- - src/enc/alpha_enc.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c -index f7c02690e3..7d205586fe 100644 ---- a/src/enc/alpha_enc.c -+++ b/src/enc/alpha_enc.c -@@ -13,6 +13,7 @@ - - #include <assert.h> - #include <stdlib.h> -+#include <string.h> - - #include "src/enc/vp8i_enc.h" - #include "src/dsp/dsp.h" -@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height, - } - } else { - VP8LBitWriterWipeOut(&tmp_bw); -+ memset(&result->bw, 0, sizeof(result->bw)); - return 0; - } - } -@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height, - header = method | (filter << 2); - if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4; - -- VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size); -+ if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0; - ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN); - ok = ok && VP8BitWriterAppend(&result->bw, output, output_size); diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb index 7ca67e44fb..b9e763b08e 100644 --- a/poky/meta/recipes-multimedia/webp/libwebp_1.3.0.bb +++ b/poky/meta/recipes-multimedia/webp/libwebp_1.3.1.bb @@ -14,14 +14,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \ file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7" SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz" -SRC_URI[sha256sum] = "64ac4614db292ae8c5aa26de0295bf1623dbb3985054cb656c55e67431def17c" +SRC_URI[sha256sum] = "b3779627c2dfd31e3d8c4485962c2efe17785ef975e2be5c8c0c9e6cd3c4ef66" UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html" -SRC_URI += " \ - file://CVE-2023-1999.patch \ -" - EXTRA_OECONF = " \ --disable-wic \ --enable-libwebpmux \ diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch new file mode 100644 index 0000000000..bbe265059d --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch @@ -0,0 +1,28 @@ +From cd65e3d9256a4f6eb7906a9f10678c29a4ffef2f Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 26 Jun 2023 14:30:02 +0200 +Subject: [PATCH] Source/JavaScriptCore/CMakeLists.txt: ensure reproducibility + of __TIMESTAMP__ + +__TIMESTAMP__ refers to mtime of the file that contains it, which is unstable +and breaks binary reproducibility when the file is generated at build time. To ensure +this does not happen, mtime should be set from the original file. + +Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/15293] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + Source/JavaScriptCore/CMakeLists.txt | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt +index 43dc22ff..c2e3b1cd 100644 +--- a/Source/JavaScriptCore/CMakeLists.txt ++++ b/Source/JavaScriptCore/CMakeLists.txt +@@ -159,6 +159,7 @@ add_custom_command( + OUTPUT ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp + MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in + COMMAND ${PERL_EXECUTABLE} -pe s/CACHED_TYPES_CKSUM/__TIMESTAMP__/ ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in > ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp ++ COMMAND touch -r ${JAVASCRIPTCORE_DIR}/runtime/JSCBytecodeCacheVersion.cpp.in ${JavaScriptCore_DERIVED_SOURCES_DIR}/JSCBytecodeCacheVersion.cpp + VERBATIM + ) + diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch b/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch index 32f92f7ff5..34e0ff9af3 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch +++ b/poky/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch @@ -1,8 +1,8 @@ -From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001 +From 647c93de99a0f71f478d76a4cc7714eba7ba1447 Mon Sep 17 00:00:00 2001 From: Adrian Perez de Castro <aperez@igalia.com> Date: Thu, 2 Jun 2022 11:19:06 +0300 -Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast - path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182 +Subject: [PATCH] FELightningNEON.cpp fails to build, NEON fast path seems + unused https://bugs.webkit.org/show_bug.cgi?id=241182 Reviewed by NOBODY (OOPS!). @@ -30,19 +30,21 @@ left for a follow-up fix. * Source/WebCore/platform/graphics/filters/PointLightSource.h: * Source/WebCore/platform/graphics/filters/SpotLightSource.h: * Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h: ---- + Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233] Signed-off-by: Khem Raj <raj.khem@gmail.com> - +--- .../cpu/arm/filters/FELightingNEON.cpp | 4 +- - .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +++++++++---------- + .../graphics/cpu/arm/filters/FELightingNEON.h | 52 +++++++++---------- .../graphics/filters/DistantLightSource.h | 4 ++ .../platform/graphics/filters/FELighting.h | 7 --- .../graphics/filters/PointLightSource.h | 4 ++ .../graphics/filters/SpotLightSource.h | 4 ++ .../software/FELightingSoftwareApplier.h | 16 ++++++ - 7 files changed, 57 insertions(+), 36 deletions(-) + 7 files changed, 56 insertions(+), 35 deletions(-) +diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp +index f6ff8c20..42a97ffc 100644 --- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp +++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp @@ -49,7 +49,7 @@ short* feLightingConstantsForNeon() @@ -63,6 +65,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> { // Calling a powf function from the assembly code would require to save // and reload a lot of NEON registers. Since the base is in range [0..1] +diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h +index b17c603d..e4629cda 100644 --- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h +++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h @@ -24,14 +24,15 @@ @@ -104,7 +108,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 0, 0, 0, -@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeo +@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS // Set light source arguments. floatArguments.constOne = 1; @@ -133,7 +137,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> floatArguments.lightX = spotLightSource.position().x(); floatArguments.lightY = spotLightSource.position().y(); floatArguments.lightZ = spotLightSource.position().z(); -@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeo +@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS if (spotLightSource.specularExponent() == 1) neonData.flags |= FLAG_CONE_EXPONENT_IS_1; } else { @@ -142,7 +146,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> floatArguments.lightX = paintingData.initialLightingData.lightVector.x(); floatArguments.lightY = paintingData.initialLightingData.lightVector.y(); floatArguments.lightZ = paintingData.initialLightingData.lightVector.z(); -@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeo +@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS // Set lighting arguments. floatArguments.surfaceScale = data.surfaceScale; floatArguments.minusSurfaceScaleDividedByFour = -data.surfaceScale / 4; @@ -192,16 +196,18 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> } parallelJobs.execute(); return; -@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeo +@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeon(const LightingData& data, const LightS } // namespace WebCore #endif // CPU(ARM_NEON) && COMPILER(GCC_COMPATIBLE) - -#endif // FELightingNEON_h +diff --git a/Source/WebCore/platform/graphics/filters/DistantLightSource.h b/Source/WebCore/platform/graphics/filters/DistantLightSource.h +index 70c6512f..b032c82e 100644 --- a/Source/WebCore/platform/graphics/filters/DistantLightSource.h +++ b/Source/WebCore/platform/graphics/filters/DistantLightSource.h -@@ -25,6 +25,10 @@ - #include "LightSource.h" +@@ -26,6 +26,10 @@ + #include <wtf/ArgumentCoder.h> #include <wtf/Ref.h> +namespace WTF { @@ -211,6 +217,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> namespace WebCore { class DistantLightSource : public LightSource { +diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h +index 53beb596..e78a9354 100644 --- a/Source/WebCore/platform/graphics/filters/FELighting.h +++ b/Source/WebCore/platform/graphics/filters/FELighting.h @@ -35,8 +35,6 @@ @@ -222,7 +230,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> class FELighting : public FilterEffect { public: const Color& lightingColor() const { return m_lightingColor; } -@@ -67,11 +65,6 @@ protected: +@@ -64,11 +62,6 @@ protected: std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override; @@ -234,6 +242,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> Color m_lightingColor; float m_surfaceScale; float m_diffuseConstant; +diff --git a/Source/WebCore/platform/graphics/filters/PointLightSource.h b/Source/WebCore/platform/graphics/filters/PointLightSource.h +index 3a5723f0..675d63f5 100644 --- a/Source/WebCore/platform/graphics/filters/PointLightSource.h +++ b/Source/WebCore/platform/graphics/filters/PointLightSource.h @@ -26,6 +26,10 @@ @@ -247,6 +257,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> namespace WebCore { class PointLightSource : public LightSource { +diff --git a/Source/WebCore/platform/graphics/filters/SpotLightSource.h b/Source/WebCore/platform/graphics/filters/SpotLightSource.h +index 684626f7..dea58389 100644 --- a/Source/WebCore/platform/graphics/filters/SpotLightSource.h +++ b/Source/WebCore/platform/graphics/filters/SpotLightSource.h @@ -26,6 +26,10 @@ @@ -260,6 +272,8 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> namespace WebCore { class SpotLightSource : public LightSource { +diff --git a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h +index c974d921..e2896660 100644 --- a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h +++ b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h @@ -36,6 +36,7 @@ diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch b/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch new file mode 100644 index 0000000000..79da855ff4 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch @@ -0,0 +1,41 @@ +From 4977290ab4ab35258a6da9b13795c9b0f7894bf4 Mon Sep 17 00:00:00 2001 +From: Diego Pino Garcia <dpino@igalia.com> +Date: Mon, 22 May 2023 19:58:50 -0700 +Subject: [PATCH] [GLIB] Fix build error after 264196@main + https://bugs.webkit.org/show_bug.cgi?id=256917 + +Reviewed by Michael Catanzaro. + +Variable BWRAP_EXECUTABLE is only defined when BUBBLEWRAP_SANDBOX is +enabled. + +* Source/WTF/wtf/glib/Sandbox.cpp: +(WTF::isInsideUnsupportedContainer): + +Canonical link: https://commits.webkit.org/264395@main +Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/4977290ab4ab35258a6da9b13795c9b0f7894bf4] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + Source/WTF/wtf/glib/Sandbox.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Source/WTF/wtf/glib/Sandbox.cpp b/Source/WTF/wtf/glib/Sandbox.cpp +index 7d84e830ab33e..9b07bb8cb5a9b 100644 +--- a/Source/WTF/wtf/glib/Sandbox.cpp ++++ b/Source/WTF/wtf/glib/Sandbox.cpp +@@ -36,6 +36,7 @@ bool isInsideFlatpak() + return returnValue; + } + ++#if ENABLE(BUBBLEWRAP_SANDBOX) + bool isInsideUnsupportedContainer() + { + static bool inContainer = g_file_test("/run/.containerenv", G_FILE_TEST_EXISTS); +@@ -64,6 +65,7 @@ bool isInsideUnsupportedContainer() + + return inContainer && !supportedContainer; + } ++#endif + + bool isInsideSnap() + { diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch b/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch deleted file mode 100644 index 762de40995..0000000000 --- a/poky/meta/recipes-sato/webkit/webkitgtk/93920b55f52ff8b883296f4845269e2ed746acb3.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 93920b55f52ff8b883296f4845269e2ed746acb3 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@redhat.com> -Date: Fri, 31 Mar 2023 12:24:09 -0700 -Subject: [PATCH] Fix build of SourceBrush.cpp - https://bugs.webkit.org/show_bug.cgi?id=254821 - -Unreviewed build fix. - -* Source/WebCore/platform/graphics/SourceBrush.cpp: -(WebCore::SourceBrush::setGradient): -(WebCore::SourceBrush::setPattern): - -Canonical link: https://commits.webkit.org/262434@main - -Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/93920b55f52ff8b883296f4845269e2ed746acb3] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - Source/WebCore/platform/graphics/SourceBrush.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/Source/WebCore/platform/graphics/SourceBrush.cpp -+++ b/Source/WebCore/platform/graphics/SourceBrush.cpp -@@ -65,12 +65,12 @@ Pattern* SourceBrush::pattern() const - - void SourceBrush::setGradient(Ref<Gradient>&& gradient, const AffineTransform& spaceTransform) - { -- m_brush = { Brush::LogicalGradient { WTFMove(gradient), spaceTransform } }; -+ m_brush = Brush { Brush::LogicalGradient { { WTFMove(gradient) }, spaceTransform } }; - } - - void SourceBrush::setPattern(Ref<Pattern>&& pattern) - { -- m_brush = { WTFMove(pattern) }; -+ m_brush = Brush { WTFMove(pattern) }; - } - - WTF::TextStream& operator<<(TextStream& ts, const SourceBrush& brush) diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch b/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch new file mode 100644 index 0000000000..ae99810ced --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk/check-GST_GL_HAVE_PLATFORM_GLX.patch @@ -0,0 +1,33 @@ +Add additional check on GST_GL_HAVE_PLATFORM_GLX before using gst_gl_display_x11_new_with_display + +This ensures that there is a compile time check for glx support in gstreamer as +runtime check is not enough because gst_gl_display_x11_new_with_display() API comes from +gst/gl/x11/gstgldisplay_x11.h which is only included when GST_GL_HAVE_PLATFORM_GLX is defined +therefore make this check consistent to fix build with some platforms which use pvr gl drivers +where this problem appear at compile time. + + +/mnt/b/yoe/master/build/tmp/work/riscv64-yoe-linux/webkitgtk/2.40.2-r0/webkitgtk-2.40.2/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp:68:31: error: use of undeclared identifier 'gst_gl_display_x11_new_with_display'; did you mean 'gst_gl_display_egl_new_with_egl_display'? + 68 | return GST_GL_DISPLAY(gst_gl_display_x11_new_with_display(downcast<PlatformDisplayX11>(sharedDisplay).native())); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | gst_gl_display_egl_new_with_egl_display + +This issue is 2.40 specific since GLX support is removed [1] from trunk upstream, therefore +this patch wont be needed when upgrading to 2.42+ + +[1] https://github.com/WebKit/WebKit/commit/320560f9e53ddcd53954059bd005e0c75eb91abf + +Upstream-Status: Inappropriate [GLX support is gone in 2.41+] +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- a/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp 2023-02-20 01:22:18.917743700 -0800 ++++ b/Source/WebCore/platform/graphics/gstreamer/PlatformDisplayGStreamer.cpp 2023-07-08 08:45:09.739177065 -0700 +@@ -63,7 +63,7 @@ + if (glPlatform == GST_GL_PLATFORM_EGL) + return GST_GL_DISPLAY(gst_gl_display_egl_new_with_egl_display(sharedDisplay.eglDisplay())); + #endif +-#if USE(GLX) ++#if USE(GLX) && GST_GL_HAVE_PLATFORM_GLX + if (is<PlatformDisplayX11>(sharedDisplay) && glPlatform == GST_GL_PLATFORM_GLX) + return GST_GL_DISPLAY(gst_gl_display_x11_new_with_display(downcast<PlatformDisplayX11>(sharedDisplay).native())); + #endif diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch b/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch deleted file mode 100644 index 1ff9dcea7e..0000000000 --- a/poky/meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch +++ /dev/null @@ -1,30 +0,0 @@ -From d318bb461f040b90453bc4e100dcf967243ecd98 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@redhat.com> -Date: Mon, 16 Jan 2023 16:55:26 -0800 -Subject: [PATCH] WebKitGTK 2.39.4 does not build due to missing #include in - ANGLE https://bugs.webkit.org/show_bug.cgi?id=250689 - -Unreviewed build fix. - -* Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h: - -Canonical link: https://commits.webkit.org/258968@main - -Upstream-Status: Backport [https://bugs.webkit.org/show_bug.cgi?id=250689] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h b/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h -index 94cb93e01fc0..ec7bda372f30 100644 ---- a/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h -+++ b/Source/ThirdParty/ANGLE/include/GLSLANG/ShaderVars.h -@@ -12,6 +12,7 @@ - - #include <algorithm> - #include <array> -+#include <cstdint> - #include <string> - #include <vector> - diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb index f7fa6dfb98..8bef0b1605 100644 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.40.2.bb @@ -13,10 +13,11 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \ file://reproducibility.patch \ file://0d3344e17d258106617b0e6d783d073b188a2548.patch \ - file://d318bb461f040b90453bc4e100dcf967243ecd98.patch \ - file://93920b55f52ff8b883296f4845269e2ed746acb3.patch \ + file://4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch \ + file://0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch \ + file://check-GST_GL_HAVE_PLATFORM_GLX.patch \ " -SRC_URI[sha256sum] = "40c20c43022274df5893f22b1054fa894c3eea057389bb08aee08c5b0bb0c1a7" +SRC_URI[sha256sum] = "96898870d994da406ee7a632816dcde9a3bb395ee5f344fcb3f3b8cc8a77e000" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen @@ -28,6 +29,7 @@ CVE_PRODUCT = "webkitgtk webkitgtk\+" DEPENDS += " \ ruby-native \ gperf-native \ + unifdef-native \ cairo \ harfbuzz \ jpeg \ @@ -72,6 +74,8 @@ PACKAGECONFIG[lcms] = "-DUSE_LCMS=ON,-DUSE_LCMS=OFF,lcms" PACKAGECONFIG[soup2] = "-DUSE_SOUP2=ON,-DUSE_SOUP2=OFF,libsoup-2.4,,,soup3" PACKAGECONFIG[soup3] = ",,libsoup,,,soup2" PACKAGECONFIG[journald] = "-DENABLE_JOURNALD_LOG=ON,-DENABLE_JOURNALD_LOG=OFF,systemd" +PACKAGECONFIG[avif] = "-DUSE_AVIF_LOG=ON,-DUSE_AVIF=OFF,libavif" +PACKAGECONFIG[media-recorder] = "-DENABLE_MEDIA_RECORDER=ON,-DENABLE_MEDIA_RECORDER=OFF,gstreamer1.0-plugins-bad" EXTRA_OECMAKE = " \ -DPORT=GTK \ @@ -106,7 +110,7 @@ EXTRA_OECMAKE:append:powerpc = " -DUSE_LD_GOLD=OFF " # JIT and gold linker does not work on RISCV EXTRA_OECMAKE:append:riscv32 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF" -EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF" +EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF" # JIT not supported on MIPS either EXTRA_OECMAKE:append:mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON " @@ -137,6 +141,9 @@ ARM_INSTRUCTION_SET:armv7a = "thumb" ARM_INSTRUCTION_SET:armv7r = "thumb" ARM_INSTRUCTION_SET:armv7ve = "thumb" +# ANGLE requires SSE support as of webkit 2.40.x on 32 bit x86 +COMPATIBLE_HOST:x86 = "${@bb.utils.contains_any('TUNE_FEATURES', 'core2 corei7', '.*', 'null', d)}" + # introspection inside qemu-arm hangs forever on musl/arm builds # therefore disable GI_DATA GI_DATA_ENABLED:libc-musl:armv7a = "False" @@ -152,8 +159,8 @@ src_package_preprocess () { ${B}/JavaScriptCore/DerivedSources/*.h \ ${B}/JavaScriptCore/DerivedSources/yarr/*.h \ ${B}/JavaScriptCore/PrivateHeaders/JavaScriptCore/*.h \ - ${B}/WebKit2Gtk/DerivedSources/webkit2/*.cpp \ - ${B}/WebKit2Gtk/DerivedSources/webkit2/*.h + ${B}/WebCore/DerivedSources/*.cpp \ + ${B}/WebKitGTK/DerivedSources/webkit/*.cpp } diff --git a/poky/meta/recipes-support/debianutils/debianutils_5.7.bb b/poky/meta/recipes-support/debianutils/debianutils_5.8.bb index 7d705c6ff4..fb17d2d24f 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_5.7.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_5.8.bb @@ -6,12 +6,12 @@ HOMEPAGE = "https://packages.debian.org/sid/debianutils" BUGTRACKER = "https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debianutils;dist=unstable" SECTION = "base" LICENSE = "GPL-2.0-only & SMAIL_GPL" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=9b912cd0cc654134c0ef3424a0705b94" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=74765f57ae5dd2b10ffbc39528d98753" SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \ " -SRCREV = "de14223e5bffe15e374a441302c528ffc1cbed57" +SRCREV = "69116b856177ceb270908103b5776f897d2863c3" inherit autotools update-alternatives diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_242.bb b/poky/meta/recipes-support/diffoscope/diffoscope_244.bb index 4b0d518edc..c17bd81f5b 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_242.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_244.bb @@ -12,9 +12,22 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[sha256sum] = "d858c591d2c8d42b2b29eb6d229408607b1cd8a4e7ade72d0cd002db6d1c2a6e" +SRC_URI[sha256sum] = "8bee8bbb144cdb7ddfa21886d5ce1822220139241c9a53def09b4adc3340db93" -RDEPENDS:${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic python3-rpm" +RDEPENDS:${PN} += "\ + binutils \ + python3-curses \ + python3-difflib \ + python3-fcntl \ + python3-json \ + python3-libarchive-c \ + python3-magic \ + python3-multiprocessing \ + python3-pprint \ + python3-rpm \ + squashfs-tools \ + vim \ + " # Dependencies don't build for musl COMPATIBLE_HOST:libc-musl = 'null' diff --git a/poky/meta/recipes-support/icu/icu_72-1.bb b/poky/meta/recipes-support/icu/icu_73-2.bb index c2eae5298f..7c59f8bb89 100644 --- a/poky/meta/recipes-support/icu/icu_72-1.bb +++ b/poky/meta/recipes-support/icu/icu_73-2.bb @@ -78,7 +78,7 @@ FILES:libicuio = "${libdir}/libicuio.so.*" BBCLASSEXTEND = "native nativesdk" -LIC_FILES_CHKSUM = "file://../LICENSE;md5=a89d03060ff9c46552434dbd1fe3ed1f" +LIC_FILES_CHKSUM = "file://../LICENSE;md5=80c2cf39ad8ae12b9b9482a1737c6650" def icu_download_version(d): pvsplit = d.getVar('PV').split('-') @@ -111,8 +111,8 @@ SRC_URI = "${BASE_SRC_URI};name=code \ SRC_URI:append:class-target = "\ file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \ " -SRC_URI[code.sha256sum] = "a2d2d38217092a7ed56635e34467f92f976b370e20182ad325edea6681a71d68" -SRC_URI[data.sha256sum] = "ee19f876507d6c23d9e0a2b631096f6b0eaa6fa61728c33a89efdb55e3385dea" +SRC_URI[code.sha256sum] = "818a80712ed3caacd9b652305e01afc7fa167e6f2e94996da44b90c2ab604ce1" +SRC_URI[data.sha256sum] = "ca1ee076163b438461e484421a7679fc33a64cd0a54f9d4b401893fa1eb42701" UPSTREAM_CHECK_REGEX = "releases/tag/release-(?P<pver>(?!.+rc).+)" GITHUB_BASE_URI = "https://github.com/unicode-org/icu/releases" diff --git a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb index 2bab3ac955..7e899e7399 100644 --- a/poky/meta/recipes-support/libassuan/libassuan_2.5.5.bb +++ b/poky/meta/recipes-support/libassuan/libassuan_2.5.6.bb @@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \ file://libassuan-add-pkgconfig-support.patch \ " -SRC_URI[sha256sum] = "8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4" +SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426" BINCONFIG = "${bindir}/libassuan-config" diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb index 58f07a116d..524b06ca22 100644 --- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb +++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb @@ -29,8 +29,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ " SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03" -# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. -CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438" +CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." +CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro." BINCONFIG = "${bindir}/libgcrypt-config" diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb index dc39693be4..f9636f9433 100644 --- a/poky/meta/recipes-support/libksba/libksba_1.6.3.bb +++ b/poky/meta/recipes-support/libksba/libksba_1.6.4.bb @@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://ksba-add-pkgconfig-support.patch" -SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c" +SRC_URI[sha256sum] = "bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b" do_configure:prepend () { # Else these could be used in preference to those in aclocal-copy diff --git a/poky/meta/recipes-support/libmd/libmd_1.0.4.bb b/poky/meta/recipes-support/libmd/libmd_1.1.0.bb index b93dc2d78d..dc588a0f95 100644 --- a/poky/meta/recipes-support/libmd/libmd_1.0.4.bb +++ b/poky/meta/recipes-support/libmd/libmd_1.1.0.bb @@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=0436d4fb62a71f661d6e8b7812f9e1df" SRC_URI = "https://archive.hadrons.org/software/libmd/libmd-${PV}.tar.xz" -SRC_URI[sha256sum] = "f51c921042e34beddeded4b75557656559cf5b1f2448033b4c1eec11c07e530f" +SRC_URI[sha256sum] = "1bd6aa42275313af3141c7cf2e5b964e8b1fd488025caf2f971f43b00776b332" inherit autotools diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb deleted file mode 100644 index 01ba2a6fe9..0000000000 --- a/poky/meta/recipes-support/libproxy/libproxy_0.4.18.bb +++ /dev/null @@ -1,38 +0,0 @@ -SUMMARY = "Library providing automatic proxy configuration management" -DESCRIPTION = "libproxy provides interfaces to get the proxy that will be \ -used to access network resources. It uses various plugins to get proxy \ -configuration via different mechanisms (e.g. environment variables or \ -desktop settings)." -HOMEPAGE = "https://github.com/libproxy/libproxy" -BUGTRACKER = "https://github.com/libproxy/libproxy/issues" -SECTION = "libs" -LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ - file://utils/proxy.c;beginline=1;endline=18;md5=55152a1006d7dafbef32baf9c30a99c0" - -DEPENDS = "glib-2.0" - -SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz" -SRC_URI[sha256sum] = "69b5856e9ea42c38ac77e6b8c92ffc86a71d341fef74e77bef85f9cc6c47a4b1" - -inherit cmake pkgconfig github-releases - -PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gnome', '', d)} gnome3" -PACKAGECONFIG[gnome] = "-DWITH_GNOME=yes,-DWITH_GNOME=no,gconf" -PACKAGECONFIG[gnome3] = "-DWITH_GNOME3=yes,-DWITH_GNOME3=no" - -EXTRA_OECMAKE += " \ - -DWITH_KDE=no \ - -DWITH_MOZJS=no \ - -DWITH_NM=no \ - -DWITH_PERL=no \ - -DWITH_PYTHON2=no \ - -DWITH_PYTHON3=no \ - -DWITH_WEBKIT=no \ - -DWITH_SYSCONFIG=no \ - -DLIB_INSTALL_DIR=${libdir} \ - -DLIBEXEC_INSTALL_DIR=${libexecdir} \ -" -SECURITY_PIE_CFLAGS:remove = "-fPIE -pie" - -FILES:${PN} += "${libdir}/${BPN}/${PV}/modules" diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb b/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb new file mode 100644 index 0000000000..db88af093e --- /dev/null +++ b/poky/meta/recipes-support/libproxy/libproxy_0.5.3.bb @@ -0,0 +1,28 @@ +SUMMARY = "Library providing automatic proxy configuration management" +DESCRIPTION = "libproxy provides interfaces to get the proxy that will be \ +used to access network resources. It uses various plugins to get proxy \ +configuration via different mechanisms (e.g. environment variables or \ +desktop settings)." +HOMEPAGE = "https://github.com/libproxy/libproxy" +BUGTRACKER = "https://github.com/libproxy/libproxy/issues" +SECTION = "libs" +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ + file://src/libproxy/proxy.c;beginline=1;endline=20;md5=bb9a177ef1c995311070f34c5638a402 \ + " + +DEPENDS = "glib-2.0" + +SRC_URI = "git://github.com/libproxy/libproxy;protocol=https;branch=main" +SRCREV = "29d51a611f28af0bdbd51a5779cc8df264c8dcff" +S = "${WORKDIR}/git" + +inherit meson pkgconfig gobject-introspection vala gi-docgen +GIDOCGEN_MESON_OPTION = 'docs' + +PACKAGECONFIG ?= "" +PACKAGECONFIG[curl] = "-Dcurl=true,-Dcurl=false,curl" +PACKAGECONFIG[config-gnome] = "-Dconfig-gnome=true,-Dconfig-gnome=false,gsettings-desktop-schemas" +PACKAGECONFIG[pacrunner-duktape] = "-Dpacrunner-duktape=true,-Dpacrunner-duktape=false,duktape" + +FILES:${PN} += "${libdir}/${BPN}/${PV}/modules" diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch deleted file mode 100644 index ee916c42d4..0000000000 --- a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch +++ /dev/null @@ -1,23 +0,0 @@ -In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, -so we need to re-enable them as a workaround for the test -suite until upstream updates the tests. - -See: https://github.com/libssh2/libssh2/issues/630 - -Upstream-Status: Backport [alternative fixes merged upstream] - -Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5 - ---- a/tests/ssh2.sh -+++ b/tests/ssh2.sh -@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host - -o 'Port 4711' \ - -o 'Protocol 2' \ - -o "AuthorizedKeysFile $srcdir/etc/user.pub" \ -- -o 'UsePrivilegeSeparation no' \ -+ -o 'HostKeyAlgorithms +ssh-rsa' \ -+ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ - -o 'StrictModes no' \ - -D \ - $libssh2_sshd_params & - diff --git a/poky/meta/recipes-support/libssh2/libssh2/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest index 5e7426f79d..0f5526e316 100644 --- a/poky/meta/recipes-support/libssh2/libssh2/run-ptest +++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest @@ -2,7 +2,7 @@ ptestdir=$(dirname "$(readlink -f "$0")") cd tests -for test in simple mansyntax.sh ssh2.sh +for test in mansyntax.sh test_simple test_sshd.test do ./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test done diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb index d5513373b0..edc25db1b1 100644 --- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb +++ b/poky/meta/recipes-support/libssh2/libssh2_1.11.0.bb @@ -5,21 +5,22 @@ SECTION = "libs" DEPENDS = "zlib" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7" +LIC_FILES_CHKSUM = "file://COPYING;md5=24a33237426720395ebb1dd1349ca225" SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ - file://fix-ssh2-test.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51" +SRC_URI[sha256sum] = "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461" inherit autotools pkgconfig ptest EXTRA_OECONF += "\ --with-libz \ --with-libz-prefix=${STAGING_LIBDIR} \ + --disable-rpath \ " +DISABLE_STATIC = "" # only one of openssl and gcrypt could be set PACKAGECONFIG ??= "openssl" @@ -29,7 +30,7 @@ PACKAGECONFIG[gcrypt] = "--with-crypto=libgcrypt --with-libgcrypt-prefix=${STAGI BBCLASSEXTEND = "native nativesdk" # required for ptest on documentation -RDEPENDS:${PN}-ptest = "man-db openssh util-linux-col" +RDEPENDS:${PN}-ptest = "bash man-db openssh util-linux-col" RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us" do_compile_ptest() { @@ -41,9 +42,11 @@ do_install_ptest() { install -d ${D}${PTEST_PATH}/tests install -m 0755 ${S}/test-driver ${D}${PTEST_PATH}/ cp -rf ${B}/tests/.libs/* ${D}${PTEST_PATH}/tests/ + cp -rf ${B}/tests/test_simple ${D}${PTEST_PATH}/tests/ cp -rf ${S}/tests/mansyntax.sh ${D}${PTEST_PATH}/tests/ - cp -rf ${S}/tests/ssh2.sh ${D}${PTEST_PATH}/tests/ - cp -rf ${S}/tests/etc ${D}${PTEST_PATH}/tests/ + cp -rf ${S}/tests/key* ${D}${PTEST_PATH}/tests/ + cp -rf ${S}/tests/openssh_server/ ${D}${PTEST_PATH}/tests/ + cp -rf ${S}/tests/*.test ${D}${PTEST_PATH}/tests/ mkdir -p ${D}${PTEST_PATH}/docs cp -r ${S}/docs/* ${D}${PTEST_PATH}/docs/ } diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb index bf35a94b7f..ed5b15badd 100644 --- a/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb +++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.38.bb @@ -19,9 +19,7 @@ SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" -# We have libxml2 2.9.14 and we don't link statically with it anyway -# so this isn't an issue. -CVE_CHECK_IGNORE += "CVE-2022-29824" +CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled." S = "${WORKDIR}/libxslt-${PV}" diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb index d2a25fd5b0..51a854d44a 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -21,8 +21,7 @@ S = "${WORKDIR}/git" inherit ptest -# Fixed in r118, which is larger than the current version. -CVE_CHECK_IGNORE += "CVE-2014-4715" +CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version." EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" diff --git a/poky/meta/recipes-support/nettle/nettle_3.9.bb b/poky/meta/recipes-support/nettle/nettle_3.9.1.bb index 7a5bdb2a03..6bb76a6217 100644 --- a/poky/meta/recipes-support/nettle/nettle_3.9.bb +++ b/poky/meta/recipes-support/nettle/nettle_3.9.1.bb @@ -20,7 +20,7 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://check-header-files-of-openssl-only-if-enable_.patch \ " -SRC_URI[sha256sum] = "0ee7adf5a7201610bb7fe0acbb7c9b3be83be44904dd35ebbcd965cd896bfeaa" +SRC_URI[sha256sum] = "ccfeff981b0ca71bbd6fbcb054f407c60ffb644389a5be80d6716d5b550c6ce3" UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb index 88d5f31083..1be9a348ae 100644 --- a/poky/meta/recipes-support/nghttp2/nghttp2_1.53.0.bb +++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb @@ -8,7 +8,7 @@ SRC_URI = "\ ${GITHUB_BASE_URI}/download/v${PV}/nghttp2-${PV}.tar.xz \ file://0001-fetch-ocsp-response-use-python3.patch \ " -SRC_URI[sha256sum] = "b867184254e5a29b0ba68413aa14f8b0ce1142a371761374598dec092dabb809" +SRC_URI[sha256sum] = "19490b7c8c2ded1cf7c3e3a54ef4304e3a7876ae2d950d60a81d0dc6053be419" inherit cmake manpages python3native github-releases PACKAGECONFIG[manpages] = "" diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb index 72b446204a..ad207d0c9f 100644 --- a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb +++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.25.0.bb @@ -11,7 +11,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi" DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}" SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https" -SRCREV = "dd0590d4e583f107e3e9fafe9ed754149da335d0" +SRCREV = "a8cce8bd8065bbf80bd47219f85f0cd9cf27dd0c" S = "${WORKDIR}/git" PACKAGECONFIG ??= "" diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb index 9a9b8ec260..60918a3892 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb @@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/" LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" -SRCREV = "a6c7dcda520402adb62a31b8b1c7686c5b8a4875" +SRCREV = "4148e75284e443fc8ffaef425c467aa5523528ff" PV .= "+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \ diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb deleted file mode 100644 index b09e8e7f55..0000000000 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.41.2.bb +++ /dev/null @@ -1,14 +0,0 @@ -require sqlite3.inc - -LICENSE = "PD" -LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" - -SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz" -SRC_URI[sha256sum] = "e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499" - -# -19242 is only an issue in specific development branch commits -CVE_CHECK_IGNORE += "CVE-2019-19242" -# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA) -CVE_CHECK_IGNORE += "CVE-2015-3717" -# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f -CVE_CHECK_IGNORE += "CVE-2021-36690" diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb new file mode 100644 index 0000000000..8783f620f4 --- /dev/null +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.42.0.bb @@ -0,0 +1,8 @@ +require sqlite3.inc + +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" + +SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6" + diff --git a/poky/meta/recipes-support/taglib/taglib_1.13.bb b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb index 6560bc3660..3f0a759f95 100644 --- a/poky/meta/recipes-support/taglib/taglib_1.13.bb +++ b/poky/meta/recipes-support/taglib/taglib_1.13.1.bb @@ -11,7 +11,7 @@ DEPENDS = "zlib" SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz" -SRC_URI[sha256sum] = "58f08b4db3dc31ed152c04896ee9172d22052bc7ef12888028c01d8b1d60ade0" +SRC_URI[sha256sum] = "c8da2b10f1bfec2cd7dbfcd33f4a2338db0765d851a50583d410bacf055cfd0b" UPSTREAM_CHECK_URI = "https://taglib.org/" diff --git a/poky/meta/recipes-support/vte/vte_0.72.1.bb b/poky/meta/recipes-support/vte/vte_0.72.2.bb index b9ff3183c8..4249b75ac0 100644 --- a/poky/meta/recipes-support/vte/vte_0.72.1.bb +++ b/poky/meta/recipes-support/vte/vte_0.72.2.bb @@ -21,7 +21,7 @@ inherit gnomebase gi-docgen features_check upstream-version-is-even gobject-intr # vapigen.m4 is required when vala is not present (but the one from vala should be used normally) SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch" -SRC_URI[archive.sha256sum] = "0554f9f88d56ce2d78398fcc7f69bc00e53bbbc5f694e0ae1dcaf5286f89d7e4" +SRC_URI[archive.sha256sum] = "f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e" ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |