From c67ef227fe09ebd2213c47709a37a70784232b12 Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Tue, 18 Oct 2022 12:51:29 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: 387ab5f18b..eaf8ce9d39: Alejandro Hernandez Samaniego (1): rootfs.py: dont try to list installed packages for baremetal images Alex Stewart (1): maintainers: update opkg maintainer Alexander Kanavin (26): devtool/upgrade: correctly clean up when recipe filename isn't yet known devtool/upgrade: catch bb.fetch2.decodeurl errors scripts/oe-setup-builddir: make it known where configurations come from bluez5: update 5.64 -> 5.65 libwpe: upgrade 1.12.0 -> 1.12.2 ell: upgrade 0.49 -> 0.50 iso-codes: upgrade 4.10.0 -> 4.11.0 libcap: upgrade 2.64 -> 2.65 libwebp: upgrade 1.2.2 -> 1.2.3 mobile-broadband-provider-info: upgrade 20220511 -> 20220725 webkitgtk: upgrade 2.36.4 -> 2.36.5 weston: upgrade 10.0.1 -> 10.0.2 tzdata: upgrade 2022a -> 2022b xz: update 5.2.5 -> 5.2.6 gdk-pixbuf: upgrade 2.42.6 -> 2.42.8 gdk-pixbuf: update 2.42.8 -> 2.42.9 epiphany: upgrade 42.3 -> 42.4 glib-networking: upgrade 2.72.1 -> 2.72.2 libjpeg-turbo: upgrade 2.1.3 -> 2.1.4 libwebp: upgrade 1.2.3 -> 1.2.4 wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 wpebackend-fdo: upgrade 1.12.0 -> 1.12.1 bind: upgrade 9.18.4 -> 9.18.5 lighttpd: upgrade 1.4.65 -> 1.4.66 rpm: update 4.17.0 -> 4.17.1 tzdata: update to 2022d Alexandre Belloni (3): ruby: drop capstone support runqemu: display host uptime when starting oeqa/runtime/dnf: fix typo Andrei Gherzan (4): linux-yocto: Fix COMPATIBLE_MACHINE regex match shadow: Enable subid support rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils shadow: Avoid nss warning/error with musl Anuj Mittal (1): poky.conf: add ubuntu-22.04 to tested distros Aryaman Gupta (2): bitbake: bitbake: runqueue: add cpu/io pressure regulation bitbake: bitbake: runqueue: add memory pressure regulation Awais Belal (1): kernel-fitimage.bbclass: only package unique DTBs Beniamin Sandu (1): libpam: use /run instead of /var/run in systemd tmpfiles Bertrand Marquis (1): sysvinit-inittab/start_getty: Fix respawn too fast Bruce Ashfield (16): lttng-modules: fix 5.19+ build lttng-modules: fix build against mips and v5.19 kernel lttng-modules: replace mips compaction fix with upstream change linux-yocto/5.15: update to v5.15.60 linux-yocto/5.15: update to v5.15.62 linux-yocto/5.10: update to v5.10.136 linux-yocto/5.10: update to v5.10.137 linux-yocto/5.10: update to v5.10.141 linux-yocto/5.10: update to v5.10.143 linux-yocto/5.15: update to v5.15.63 linux-yocto/5.15: update to v5.15.65 linux-yocto/5.15: update to v5.15.68 linux-yocto/5.15: cfg: fix ACPI warnings for -tiny kernel-yocto: allow patch author date to be commit date kern-tools: fix queue processing in relative TOPDIR configurations kern-tools: allow 'y' or 'm' to avoid config audit warnings Changqing Li (1): apt: fix nativesdk-apt build failure during the second time build Chee Yang Lee (1): sqlite: add CVE-2022-35737 patch to SRC_URI Daiane Angolini (1): python3-pip: Fix RDEPENDS after the update Daniel McGregor (1): coreutils: add openssl PACKAGECONFIG Denys Dmytriyenko (1): glibc-locale: explicitly remove empty dirs in ${libdir} Dmitry Baryshkov (2): linux-firmware: upgrade 20220708 -> 20220913 linux-firmware: package new Qualcomm firmware Enrico Scholz (5): npm: replace 'npm pack' call by 'tar czf' npm: return content of 'package.json' in 'npm_pack' npm: take 'version' directly from 'package.json' lib:npm_registry: initial checkin npm: use npm_registry to cache package Ernst Sjöstrand (1): cve-check: Don't use f-strings Florin Diaconescu (4): expat: upgrade 2.4.7 -> 2.4.8 expat: upgrade 2.4.8 -> 2.4.9 rsync: update 3.2.3 -> 3.2.4 rsync: update 3.2.4 -> 3.2.5 Gennaro Iorio (1): bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls He Zhe (3): lttng-tools: Disable on qemuriscv32 stress-cpu: disable float128 math on powerpc64 to avoid SIGILL lttng-tools: Disable on riscv32 Hitendra Prajapati (5): gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify zlib: CVE-2022-37434 a heap-based buffer over-read libtiff: CVE-2022-34526 A stack overflow was discovered Revert "gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow" Jacob Kroon (1): bitbake: bitbake-user-manual: Correct description of the ??= operator Jon Mason (2): ref-manual: add numa to machine features oeqa/parselogs: add qemuarmv5 arm-charlcd masking Jose Quaresma (7): archiver.bbclass: remove unsed do_deploy_archives[dirs] create-spdx: ignore packing control files from ipk and deb archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain bitbake: bb/utils: remove: check the path again the expand python glob bitbake: bb/utils: movefile: use the logger for printing Joshua Watt (4): bitbake: utils: Pass lock argument in fileslocked classes: cve-check: Get shared database lock oeqa: qemurunner: Report UNIX Epoch timestamp on login bitbake: siggen: Fix insufficent entropy in sigtask file names Kai Kang (1): packagegroup-self-hosted: update for strace Khem Raj (15): libxml2: Ignore CVE-2016-3709 connman: Backports for security fixes cracklib: Drop using register keyword tcp-wrappers: Fix implicit-function-declaration warnings xinetd: Pass missing -D_GNU_SOURCE watchdog: Include needed system header for function decls pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses apr: Use correct strerror_r implementation based on libc type gcr: Define _GNU_SOURCE apr: Cache configure tests which use AC_TRY_RUN autoconf: Fix strict prototype errors in generated tests autoconf: Update K & R stype functions webkitgtk: Upgrade to 2.36.6 minor update webkitgtk: Update to 2.36.7 rpm: Remove -Wimplicit-function-declaration warnings Kristian Amlie (1): externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used. LUIS ENRIQUEZ (1): kernel-fitimage.bbclass: add padding algorithm property in config nodes Mark Hatle (1): runqemu: Add missing space on default display option Martin Beeger (1): cmake: remove CMAKE_ASM_FLAGS variable in toolchain file Martin Jansa (2): libxml2: Port gentest.py to Python-3 create-pull-request: don't switch the git remote protocol to git:// Mateusz Marciniec (1): util-linux: Remove --enable-raw from EXTRA_OECONF Michael Opdenacker (7): migration guides: add missing release notes bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format poky.yaml.in: update version requirements migration-guides: add 4.0.4 release notes dev-manual: fix reference to BitBake user manual Mihai Lindner (1): create-spdx: Fix supplier field Mikko Rapeli (7): boost: fix install of fiber shared libraries bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit u-boot: switch from append to += in SRC_URI glibc-tests: use += instead of :append go-native: switch from SRC_URI:append to SRC_URI += python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI += linux-libc-headers: switch from SRC_URI:append to SRC_URI += Ming Liu (1): meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE Mingli Yu (1): busybox: add devmem 128-bit support Neil Horman (1): bitbake: Fix npm to use https rather than http Ola x Nilsson (1): bitbake: ConfHandler: Remove lingering close Otavio Salvador (1): bitbake: toaster: fix kirkstone version Paul Eggleton (1): relocate_sdk.py: ensure interpreter size error causes relocation to fail Pavel Zhukov (4): package_rpm: Do not replace square brackets in %files parselogs: Ignore xf86OpenConsole error core-image.bbclass: Exclude openssh complementary packages bitbake: gitsm: Error out if submodule refers to parent repo Peter Bergin (1): rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable Peter Kjellerstedt (1): cairo: Adapt the license information based on what is being built Peter Marko (1): create-spdx: handle links to inaccessible locations Rajesh Dangi (2): linux-yocto/5.15: update genericx86* machines to v5.15.59 linux-yocto/5.10: update genericx86* machines to v5.10.135 Randy MacLeod (1): vim: update from 9.0.0063 to 9.0.0115 Rasmus Villemoes (1): bitbake.conf: set BB_DEFAULT_UMASK using ??= Richard Purdie (25): nativesdk: Clear TUNE_FEATURES selftest/wic: Tweak test case to not depend on kernel size bitbake: runqueue: Change pressure file warning to a note perf: Fix reproducibility issues with 5.19 onwards vim: Upgrade 9.0.0115 -> 9.0.0242 vim: Upgrade 9.0.0242 -> 9.0.0341 pseudo: Update to include recent upstream minor fixes bitbake: runqueue: Fix unihash cache mismatch issues bitbake: cooker: Drop sre_constants usage bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests bitbake: fetch2: Ensure directory exists before creating symlink gcc-multilib-config: Fix i686 toolchain relocation issues kernel: Always set CC and LD for the kernel build kernel: Use consistent make flags for menuconfig vim: Upgrade 9.0.0341 -> 9.0.0453 build-appliance-image: Update to kirkstone head revision libpng: upgrade 1.6.37 -> 1.6.38 vim: Upgrade 9.0.453 -> 9.0.541 perf: Fix for recent kernel upgrades vim: Upgrade 9.0.0541 -> 9.0.0598 bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig bitbake: runqueue: Improve deadlock warning messages bitbake: runqueue: Drop deadlock breaking force fail bitbake: bitbake: Add copyright headers where missing bitbake: asyncrpc/client: Fix unix domain socket chdir race issues Robert Joslyn (2): curl: Backport patch for CVE-2022-35252 tzdata: Update from 2022b to 2022c Roland Hieber (1): devtool: error out when workspace is using old override syntax Ross Burton (8): oeqa/qemurunner: add run_serial() comment oeqa/selftest: rename git.py to intercept.py oeqa/gotoolchain: put writable files in the Go module cache oeqa/gotoolchain: set CGO_ENABLED=1 wic: add target tools to PATH when executing native commands wic/bootimg-efi: use cross objcopy when building unified kernel image wic: depend on cross-binutils cve-check: close cursors as soon as possible Ruiqiang Hao (2): gcc: add arm-v9 support tune-neoversen2: support tune-neoversen2 base on armv9a Sakib Sajal (9): qemu: fix CVE-2021-3507 qemu: fix CVE-2021-3929 qemu: fix CVE-2021-4158 qemu: fix CVE-2022-0358 qemu: fix CVE-2022-0216 u-boot: fix CVE-2022-33103 u-boot: fix CVE-2022-30552 u-boot: fix CVE-2022-33967 go: update v1.17.12 -> v1.17.13 Samuli Piippo (2): Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks" gcc-cross-canadian: add default plugin linker Shubham Kulkarni (1): sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct Steve Sakoman (3): lttng-modules: fix build for kernel 5.10.137 poky.conf: bump version for 4.0.4 system-requirements.rst: Add Ubuntu 22.04 to list of supported distros Sundeep KOKKONDA (1): glibc: stable 2.35 branch updates. Teoh Jay Shen (3): go: fix CVE-2022-27664 inetutils: fix CVE-2022-39028 - remote DoS vulnerability in inetutils-telnetd bind: upgrade 9.18.6 -> 9.18.7 Ulrich Ölmann (1): scripts/runqemu.README: fix typos and trailing whitespaces Xiangyu Chen (1): ltp: Fix pread02 case trigger the glibc overflow detection Yang Xu (1): insane.bbclass: Skip patches not in oe-core by full path Yongxin Liu (1): grub2: fix several CVEs ghassaneben (1): sqlite: fix CVE-2022-35737 niko.mauno@vaisala.com (2): systemd: Fix unwritable /var/lock when no sysvinit handling systemd: Add 'no-dns-fallback' PACKAGECONFIG option pgowda (3): binutils : CVE-2022-38533 binutils: fix CVE-2022-38126 binutils : Fix CVE-2022-38127 wangmy (10): libcap: upgrade 2.63 -> 2.64 libtasn1: upgrade 4.18.0 -> 4.19.0 liburcu: upgrade 0.13.1 -> 0.13.2 libwpe: upgrade 1.12.2 -> 1.12.3 libatomic-ops: upgrade 7.6.12 -> 7.6.14 lz4: upgrade 1.9.3 -> 1.9.4 cracklib: upgrade 2.9.7 -> 2.9.8 vala: upgrade 0.56.2 -> 0.56.3 lighttpd: upgrade 1.4.64 -> 1.4.65 bind: upgrade 9.18.5 -> 9.18.6 meta-raspberrypi: 0135a02ea5..dacad9302a: Lluis Campos (1): rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE` Vinicius Aquino (1): raspberrypi-firmware: Update to 20220830 snapshot meta-openembedded: acbe748798..744a4b6eda: Changqing Li (2): fuse3: support ptest fuse3: fix ptest test_passthrough_hp failure Chen Qi (1): polkit: refresh patch Enrico Scholz (1): nodejs-oe-cache-native: initial checkin Hitendra Prajapati (1): wireshark: CVE-2022-3190 Infinite loop in legacy style dissector Hitomi Hasegawa (1): libsdl: add CVE-2019-14906 to allowlist Jose Quaresma (2): wireguard-module: 1.0.20210219 -> 1.0.20220627 wireguard-tools: Add a new package for wg-quick Justin Bronder (1): lmdb: only set SONAME on the shared library Khem Raj (5): audit: Upgrade to 3.0.8 and fix build with linux 5.17+ ntpsec: Add -D_GNU_SOURCE and fix building with devtool gd: Fix build with clang-15 safec: Remove unused variable 'len' audit: Revert the tweak done in configure step in do_install Lei Maohui (1): xrdp: Fix buildpaths warning. Martin Jansa (1): libcec: fix runtime dependencies for ${PN}-examples Mingli Yu (1): postgresql: make sure pam conf installed when pam enabled Ovidiu Panait (1): net-snmp: upgrade 5.9.1 -> 5.9.3 Richard Purdie (1): lmdb: Don't inherit base Sakib Sajal (1): minicoredumper: retry elf parsing as long as needed Saul Wold (10): libipc-signal-perl: Fix LICENSE string libdigest-hmac-perl: Fix LICENSE string libio-socket-ssl-perl: Fix LICENSE string libdigest-sha1-perl: Fix LICENSE string libmime-types-perl: Fix LICENSE string libauthen-sasl-perl: Fix LICENSE string libnet-ldap-perl: Fix LICENSE string libxml-libxml-perl: Fix LICENSE string libnet-telnet-perl: Fix LICENSE string libproc-waitstat-perl: Fix LICENSE string Steffen Olsen (1): postgreql: Fix pg_config not working after buildpaths patch Wang Mingyu (3): php: upgrade 8.1.8 -> 8.1.9 postgresql: upgrade 14.4 -> 14.5 tcpreplay: upgrade 4.4.1 -> 4.4.2 Yi Zhao (6): libldb: upgrade 2.3.3 -> 2.3.4 samba: upgrade 4.14.13 -> 4.14.14 samba: fix buildpaths issue frr: Security fix CVE-2022-37035 open-vm-tools: Security fix CVE-2022-31676 frr: Security fix CVE-2022-37032 wangmy (2): php: upgrade 8.1.9 -> 8.1.10 dnsmasq: upgrade 2.86 -> 2.87 Signed-off-by: Patrick Williams Change-Id: I02f0e5b5dcf292a12933c694a10d0946b0edcbc4 --- ...syscalls.c-allow-EBADF-in-fcheck_stat-631.patch | 45 + .../recipes-support/fuse/fuse3_3.10.5.bb | 26 +- ...-smbtorture-skip-test-case-tfork_cmd_send.patch | 38 + .../recipes-connectivity/samba/samba_4.14.13.bb | 347 ------ .../recipes-connectivity/samba/samba_4.14.14.bb | 348 ++++++ .../wireguard/wireguard-module_1.0.20210219.bb | 30 - .../wireguard/wireguard-module_1.0.20220627.bb | 30 + .../wireguard/wireguard-tools_1.0.20210914.bb | 14 +- .../recipes-protocols/frr/frr/CVE-2022-37032.patch | 42 + .../recipes-protocols/frr/frr/CVE-2022-37035.patch | 151 +++ .../recipes-protocols/frr/frr_8.2.2.bb | 2 + ...rch_path.m4-keep-consistent-between-32bit.patch | 11 +- .../0001-config_os_headers-Error-Fix.patch | 4 +- .../0001-get_pid_from_inode-Include-limit.h.patch | 6 +- ...-snmpd-always-exit-after-displaying-usage.patch | 55 - ...tools.c-Don-t-check-for-return-from-EVP_M.patch | 4 +- .../0002-configure-fix-a-cc-check-issue.patch | 28 - .../0004-configure-fix-incorrect-variable.patch | 6 +- .../net-snmp/net-snmp/fix-libtool-finish.patch | 6 +- ...nmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch | 26 +- ...snmp-add-knob-whether-nlist.h-are-checked.patch | 4 +- .../net-snmp/net-snmp-fix-for-disable-des.patch | 4 +- ...p-testing-add-the-output-format-for-ptest.patch | 2 +- .../net-snmp/reproducibility-have-printcap.patch | 4 +- .../recipes-protocols/net-snmp/net-snmp_5.9.1.bb | 294 ----- .../recipes-protocols/net-snmp/net-snmp_5.9.3.bb | 292 +++++ .../recipes-support/dnsmasq/dnsmasq.inc | 5 +- .../dnsmasq/dnsmasq/CVE-2022-0934.patch | 191 --- .../recipes-support/dnsmasq/dnsmasq_2.86.bb | 8 - .../recipes-support/dnsmasq/dnsmasq_2.87.bb | 7 + .../recipes-support/libldb/libldb_2.3.3.bb | 81 -- .../recipes-support/libldb/libldb_2.3.4.bb | 81 ++ .../0001-wscript-Widen-the-search-for-tags.patch | 29 + .../recipes-support/ntpsec/ntpsec_1.2.1.bb | 6 +- ...eck-authorization-on-incoming-guestOps-re.patch | 43 + .../open-vm-tools/open-vm-tools_11.3.5.bb | 1 + .../recipes-support/tcpreplay/tcpreplay_4.4.1.bb | 21 - .../recipes-support/tcpreplay/tcpreplay_4.4.2.bb | 21 + .../wireshark/files/CVE-2022-3190.patch | 145 +++ .../recipes-support/wireshark/wireshark_3.4.12.bb | 1 + ...0001-strpbrk_s-Remove-unused-variable-len.patch | 42 + .../meta-oe/recipes-core/safec/safec_3.7.1.bb | 3 +- .../files/0001-make-set-soname-on-liblmdb.patch | 22 + .../meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb | 5 +- .../0001-config_info.c-not-expose-build-info.patch | 11 +- ...ure.ac-bypass-autoconf-2.69-version-check.patch | 6 +- .../meta-oe/recipes-dbs/postgresql/postgresql.inc | 2 +- .../recipes-dbs/postgresql/postgresql_14.4.bb | 18 - .../recipes-dbs/postgresql/postgresql_14.5.bb | 18 + .../nodejs/nodejs-oe-cache-16.14/oe-npm-cache | 77 ++ .../nodejs/nodejs-oe-cache-native_16.14.bb | 21 + .../meta-oe/recipes-devtools/php/php_8.1.10.bb | 286 +++++ .../meta-oe/recipes-devtools/php/php_8.1.8.bb | 286 ----- .../recipes-extended/libcec/libcec_6.0.2.bb | 3 + .../0004-Make-netgroup-support-optional.patch | 20 +- .../recipes-graphics/libsdl/libsdl_1.2.15.bb | 3 + ...umper-retry-elf-parsing-as-long-as-needed.patch | 128 ++ .../minicoredumper/minicoredumper_2.0.1.bb | 1 + .../Fixed-swig-host-contamination-issue.patch | 13 +- .../meta-oe/recipes-security/audit/audit_3.0.7.bb | 108 -- .../meta-oe/recipes-security/audit/audit_3.0.8.bb | 115 ++ .../0001-Fix-deprecared-function-prototypes.patch | 115 ++ .../meta-oe/recipes-support/gd/gd_2.3.3.bb | 1 + .../meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb | 1 + .../libauthen/libauthen-sasl-perl_2.16.bb | 2 +- .../libdigest/libdigest-hmac-perl_1.03.bb | 2 +- .../libdigest/libdigest-sha1-perl_2.13.bb | 2 +- .../libio/libio-socket-ssl-perl_2.074.bb | 2 +- .../recipes-perl/libipc/libipc-signal-perl_1.00.bb | 2 +- .../libmime/libmime-types-perl_2.17.bb | 2 +- .../recipes-perl/libnet/libnet-ldap-perl_0.68.bb | 2 +- .../recipes-perl/libnet/libnet-telnet-perl_3.05.bb | 2 +- .../libproc/libproc-waitstat-perl_1.00.bb | 2 +- .../libxml/libxml-libxml-perl_2.0134.bb | 2 +- .../recipes-bsp/bootfiles/rpi-cmdline.bb | 2 +- .../recipes-bsp/common/raspberrypi-firmware.inc | 4 +- poky/bitbake/bin/bitbake-prserv | 2 + poky/bitbake/bin/bitbake-worker | 2 + poky/bitbake/bin/git-make-shallow | 2 + .../bitbake-user-manual-fetching.rst | 78 +- .../bitbake-user-manual-metadata.rst | 55 +- .../bitbake-user-manual-ref-variables.rst | 2 +- poky/bitbake/lib/bb/COW.py | 2 + poky/bitbake/lib/bb/asyncrpc/__init__.py | 2 + poky/bitbake/lib/bb/asyncrpc/client.py | 24 +- poky/bitbake/lib/bb/asyncrpc/serv.py | 2 + poky/bitbake/lib/bb/codeparser.py | 2 + poky/bitbake/lib/bb/compress/_pipecompress.py | 2 + poky/bitbake/lib/bb/compress/lz4.py | 2 + poky/bitbake/lib/bb/compress/zstd.py | 2 + poky/bitbake/lib/bb/cooker.py | 5 +- poky/bitbake/lib/bb/daemonize.py | 2 + poky/bitbake/lib/bb/event.py | 10 +- poky/bitbake/lib/bb/exceptions.py | 2 + poky/bitbake/lib/bb/fetch2/__init__.py | 2 + poky/bitbake/lib/bb/fetch2/gitsm.py | 5 +- poky/bitbake/lib/bb/fetch2/npm.py | 2 +- poky/bitbake/lib/bb/fetch2/osc.py | 2 + poky/bitbake/lib/bb/parse/parse_py/BBHandler.py | 4 +- poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py | 11 +- poky/bitbake/lib/bb/process.py | 2 + poky/bitbake/lib/bb/runqueue.py | 105 +- poky/bitbake/lib/bb/siggen.py | 4 +- poky/bitbake/lib/bb/tests/compression.py | 2 + poky/bitbake/lib/bb/tests/cooker.py | 2 + poky/bitbake/lib/bb/tests/parse.py | 23 + poky/bitbake/lib/bb/utils.py | 43 +- poky/bitbake/lib/bblayers/__init__.py | 2 + poky/bitbake/lib/bblayers/action.py | 2 + poky/bitbake/lib/bblayers/common.py | 2 + poky/bitbake/lib/bblayers/layerindex.py | 2 + poky/bitbake/lib/bblayers/query.py | 2 + poky/bitbake/lib/prserv/__init__.py | 2 + poky/bitbake/lib/prserv/client.py | 2 + poky/bitbake/lib/prserv/db.py | 2 + poky/bitbake/lib/prserv/serv.py | 2 + poky/bitbake/lib/toaster/manage.py | 2 + poky/bitbake/lib/toaster/orm/fixtures/poky.xml | 2 +- poky/documentation/brief-yoctoprojectqs/index.rst | 1 + poky/documentation/dev-manual/common-tasks.rst | 2 +- .../documentation/migration-guides/release-3.4.rst | 2 + .../documentation/migration-guides/release-4.0.rst | 4 + .../migration-guides/release-notes-3.4.3.rst | 197 ++++ .../migration-guides/release-notes-3.4.4.rst | 155 +++ .../migration-guides/release-notes-4.0.1.rst | 248 ++++ .../migration-guides/release-notes-4.0.2.rst | 296 +++++ .../migration-guides/release-notes-4.0.3.rst | 314 +++++ .../migration-guides/release-notes-4.0.4.rst | 299 +++++ poky/documentation/poky.yaml.in | 3 +- poky/documentation/ref-manual/features.rst | 2 + .../ref-manual/system-requirements.rst | 2 + poky/meta-poky/conf/distro/poky.conf | 3 +- .../recipes-kernel/linux/linux-yocto_5.10.bbappend | 8 +- .../recipes-kernel/linux/linux-yocto_5.15.bbappend | 8 +- poky/meta/classes/archiver.bbclass | 5 +- poky/meta/classes/core-image.bbclass | 4 + poky/meta/classes/create-spdx.bbclass | 9 +- poky/meta/classes/cve-check.bbclass | 36 +- poky/meta/classes/externalsrc.bbclass | 8 +- poky/meta/classes/image_types_wic.bbclass | 2 + poky/meta/classes/insane.bbclass | 3 +- poky/meta/classes/kernel-fitimage.bbclass | 12 +- poky/meta/classes/kernel-uboot.bbclass | 3 + poky/meta/classes/kernel-uimage.bbclass | 2 +- poky/meta/classes/kernel-yocto.bbclass | 6 +- poky/meta/classes/kernel.bbclass | 16 +- poky/meta/classes/nativesdk.bbclass | 1 + poky/meta/classes/npm.bbclass | 63 +- poky/meta/classes/package_rpm.bbclass | 6 - poky/meta/classes/rootfs-postcommands.bbclass | 30 +- poky/meta/classes/sanity.bbclass | 1 + poky/meta/classes/uboot-sign.bbclass | 3 + poky/meta/conf/bitbake.conf | 2 +- poky/meta/conf/distro/include/maintainers.inc | 8 +- poky/meta/conf/machine/include/arm/arch-armv9a.inc | 28 + .../machine/include/arm/armv9a/tune-neoversen2.inc | 10 +- poky/meta/lib/oe/cve_check.py | 2 +- poky/meta/lib/oe/npm_registry.py | 169 +++ poky/meta/lib/oe/rootfs.py | 4 + poky/meta/lib/oe/spdx.py | 2 +- poky/meta/lib/oeqa/runtime/cases/dnf.py | 2 +- poky/meta/lib/oeqa/runtime/cases/parselogs.py | 2 + poky/meta/lib/oeqa/selftest/cases/fitimage.py | 4 +- poky/meta/lib/oeqa/selftest/cases/git.py | 15 - poky/meta/lib/oeqa/selftest/cases/gotoolchain.py | 8 +- poky/meta/lib/oeqa/selftest/cases/intercept.py | 15 + .../lib/oeqa/selftest/cases/oelib/buildhistory.py | 6 +- poky/meta/lib/oeqa/selftest/cases/wic.py | 2 +- poky/meta/lib/oeqa/utils/qemurunner.py | 6 +- poky/meta/lib/rootfspostcommands.py | 7 + ...rs-png-Drop-greyscale-support-to-fix-heap.patch | 179 +++ ...ers-png-Avoid-heap-OOB-R-W-inserting-huff.patch | 50 + ...ers-jpeg-Block-int-underflow-wild-pointer.patch | 84 ++ ...-28733-net-ip-Do-IP-fragment-maths-safely.patch | 63 + ...p-Error-out-on-headers-with-LF-without-CR.patch | 58 + ...http-Fix-OOB-write-for-split-http-headers.patch | 56 + ...-Reject-non-kernel-files-in-the-shim_lock.patch | 111 ++ .../files/video-Remove-trailing-whitespaces.patch | 693 +++++++++++ ...rs-jpeg-Abort-sooner-if-a-read-operation-.patch | 264 +++++ ...rs-jpeg-Refuse-to-handle-multiple-start-o.patch | 53 + poky/meta/recipes-bsp/grub/grub2.inc | 10 + ...001-fs-squashfs-Use-kcalloc-when-relevant.patch | 64 + ...-sqfs_read-Prevent-arbitrary-code-executi.patch | 80 ++ ...or-the-minimum-IP-fragmented-datagram-siz.patch | 207 ++++ poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 5 +- .../0001-avoid-start-failure-with-bind-user.patch | 27 - ...lwresd-V-and-start-log-hide-build-options.patch | 35 - ...-searching-for-json-headers-searches-sysr.patch | 47 - .../recipes-connectivity/bind/bind-9.18.4/bind9 | 2 - .../bind/bind-9.18.4/conf.patch | 330 ------ .../bind/bind-9.18.4/generate-rndc-key.sh | 8 - .../init.d-add-support-for-read-only-rootfs.patch | 65 -- .../make-etc-initd-bind-stop-work.patch | 42 - .../bind/bind-9.18.4/named.service | 22 - .../0001-avoid-start-failure-with-bind-user.patch | 27 + ...lwresd-V-and-start-log-hide-build-options.patch | 35 + ...-searching-for-json-headers-searches-sysr.patch | 47 + .../recipes-connectivity/bind/bind-9.18.7/bind9 | 2 + .../bind/bind-9.18.7/conf.patch | 330 ++++++ .../bind/bind-9.18.7/generate-rndc-key.sh | 8 + .../init.d-add-support-for-read-only-rootfs.patch | 65 ++ .../make-etc-initd-bind-stop-work.patch | 42 + .../bind/bind-9.18.7/named.service | 22 + poky/meta/recipes-connectivity/bind/bind_9.18.4.bb | 114 -- poky/meta/recipes-connectivity/bind/bind_9.18.7.bb | 114 ++ poky/meta/recipes-connectivity/bluez5/bluez5.inc | 1 - .../bluez5/bluez5/fix_service.patch | 30 - .../recipes-connectivity/bluez5/bluez5_5.64.bb | 70 -- .../recipes-connectivity/bluez5/bluez5_5.65.bb | 70 ++ .../connman/connman/CVE-2022-32292.patch | 37 + .../connman/connman/CVE-2022-32293_p1.patch | 141 +++ .../connman/connman/CVE-2022-32293_p2.patch | 174 +++ .../recipes-connectivity/connman/connman_1.41.bb | 3 + .../inetutils/inetutils/CVE-2022-39028.patch | 54 + .../inetutils/inetutils_2.2.bb | 1 + .../mobile-broadband-provider-info_git.bb | 4 +- .../busybox/0001-devmem-add-128-bit-width.patch | 128 ++ poky/meta/recipes-core/busybox/busybox_1.35.0.bb | 1 + poky/meta/recipes-core/coreutils/coreutils_9.0.bb | 1 + poky/meta/recipes-core/ell/ell_0.49.bb | 23 - poky/meta/recipes-core/ell/ell_0.50.bb | 23 + poky/meta/recipes-core/expat/expat_2.4.7.bb | 31 - poky/meta/recipes-core/expat/expat_2.4.9.bb | 31 + .../glib-networking/glib-networking_2.72.1.bb | 38 - .../glib-networking/glib-networking_2.72.2.bb | 38 + poky/meta/recipes-core/glibc/glibc-locale.inc | 5 +- poky/meta/recipes-core/glibc/glibc-tests_2.35.bb | 4 +- poky/meta/recipes-core/glibc/glibc-version.inc | 2 +- .../images/build-appliance-image_15.0.0.bb | 2 +- .../libxml2/0001-Port-gentest.py-to-Python-3.patch | 814 +++++++++++++ poky/meta/recipes-core/libxml/libxml2_2.9.14.bb | 15 + .../meta/recipes-core/meta/cve-update-db-native.bb | 51 +- poky/meta/recipes-core/meta/wic-tools.bb | 3 +- .../packagegroups/packagegroup-self-hosted.bb | 5 +- .../systemd/systemd/00-create-volatile.conf | 1 + poky/meta/recipes-core/systemd/systemd_250.5.bb | 1 + .../sysvinit/sysvinit-inittab/start_getty | 3 + .../recipes-core/util-linux/util-linux_2.37.4.bb | 2 +- .../recipes-core/zlib/zlib/CVE-2022-37434.patch | 44 + poky/meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + poky/meta/recipes-devtools/apt/apt_2.4.5.bb | 2 +- ...-compilers-that-moan-about-K-R-func-decls.patch | 138 +++ .../recipes-devtools/autoconf/autoconf_2.71.bb | 1 + .../recipes-devtools/binutils/binutils-2.38.inc | 6 + .../binutils/binutils/0015-CVE-2022-38533.patch | 36 + .../binutils/binutils/0016-CVE-2022-38126.patch | 34 + .../binutils/binutils/0017-CVE-2022-38127-1.patch | 1224 ++++++++++++++++++++ .../binutils/binutils/0017-CVE-2022-38127-2.patch | 188 +++ .../binutils/binutils/0017-CVE-2022-38127-3.patch | 211 ++++ .../binutils/binutils/0017-CVE-2022-38127-4.patch | 43 + .../cmake/cmake/OEToolchainConfig.cmake | 1 - poky/meta/recipes-devtools/gcc/gcc-11.3.inc | 5 + .../recipes-devtools/gcc/gcc-cross-canadian.inc | 3 +- .../recipes-devtools/gcc/gcc-multilib-config.inc | 2 +- ...01-aarch64-Update-Neoverse-N2-core-defini.patch | 42 + .../gcc/0002-aarch64-add-armv9-a-to-march.patch | 89 ++ ...-Enable-FP16-feature-by-default-for-Armv9.patch | 38 + ...004-arm-add-armv9-a-architecture-to-march.patch | 294 +++++ poky/meta/recipes-devtools/go/go-1.17.12.inc | 25 - poky/meta/recipes-devtools/go/go-1.17.13.inc | 26 + .../go/go-1.18/CVE-2022-27664.patch | 102 ++ .../go/go-binary-native_1.17.12.bb | 46 - .../go/go-binary-native_1.17.13.bb | 46 + .../go/go-cross-canadian_1.17.12.bb | 2 - .../go/go-cross-canadian_1.17.13.bb | 2 + poky/meta/recipes-devtools/go/go-cross_1.17.12.bb | 2 - poky/meta/recipes-devtools/go/go-cross_1.17.13.bb | 2 + .../recipes-devtools/go/go-crosssdk_1.17.12.bb | 2 - .../recipes-devtools/go/go-crosssdk_1.17.13.bb | 2 + poky/meta/recipes-devtools/go/go-native_1.17.12.bb | 58 - poky/meta/recipes-devtools/go/go-native_1.17.13.bb | 58 + .../meta/recipes-devtools/go/go-runtime_1.17.12.bb | 3 - .../meta/recipes-devtools/go/go-runtime_1.17.13.bb | 3 + poky/meta/recipes-devtools/go/go_1.17.12.bb | 17 - poky/meta/recipes-devtools/go/go_1.17.13.bb | 17 + poky/meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- .../recipes-devtools/python/python3-pip_22.0.3.bb | 2 + .../python/python3-rfc3986-validator_0.1.1.bb | 2 +- poky/meta/recipes-devtools/qemu/qemu.inc | 7 + .../qemu/qemu/CVE-2021-3507_1.patch | 92 ++ .../qemu/qemu/CVE-2021-3507_2.patch | 115 ++ .../recipes-devtools/qemu/qemu/CVE-2021-3929.patch | 70 ++ .../recipes-devtools/qemu/qemu/CVE-2021-4158.patch | 46 + .../qemu/qemu/CVE-2022-0216_1.patch | 42 + .../qemu/qemu/CVE-2022-0216_2.patch | 52 + .../recipes-devtools/qemu/qemu/CVE-2022-0358.patch | 106 ++ .../rpm/files/0001-CVE-2021-3521.patch | 57 - ...code-lib-rpm-as-the-installation-path-for.patch | 14 +- ...installing-execute-package-scriptlets-wit.patch | 18 +- ...c-add-linux-gnux32-variant-to-triplet-han.patch | 31 + .../rpm/files/0002-CVE-2021-3521.patch | 64 - .../rpm/files/0003-CVE-2021-3521.patch | 329 ------ poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb | 208 ---- poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb | 206 ++++ ...erify-the-hostname-in-the-certificate-whe.patch | 31 - .../rsync/files/makefile-no-rebuild.patch | 12 +- poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb | 61 - poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb | 70 ++ .../0001-Remove-dependency-on-libcapstone.patch | 36 + poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb | 2 +- poky/meta/recipes-devtools/vala/vala_0.56.2.bb | 3 - poky/meta/recipes-devtools/vala/vala_0.56.3.bb | 3 + .../recipes-extended/cracklib/cracklib_2.9.7.bb | 33 - .../recipes-extended/cracklib/cracklib_2.9.8.bb | 34 + .../recipes-extended/lighttpd/lighttpd_1.4.64.bb | 79 -- .../recipes-extended/lighttpd/lighttpd_1.4.66.bb | 79 ++ ...-buffer-to-avoid-glibc-overflow-detection.patch | 58 + poky/meta/recipes-extended/ltp/ltp_20220121.bb | 1 + poky/meta/recipes-extended/pam/libpam/99_pam | 2 +- ...h.conf-message-when-not-in-place-eg.-musl.patch | 27 + poky/meta/recipes-extended/shadow/shadow.inc | 9 + ...disable-float128-math-on-powerpc64-to-avo.patch | 43 + .../stress-ng/stress-ng_0.13.12.bb | 4 +- ...ix-implicit-function-declaration-warnings.patch | 109 ++ .../tcp-wrappers/tcp-wrappers_7.6.bb | 1 + poky/meta/recipes-extended/timezone/timezone.inc | 6 +- ...-not-guard-sys-quota.h-sys-swap.h-and-sys.patch | 37 + .../recipes-extended/watchdog/watchdog_5.16.bb | 1 + .../recipes-extended/xinetd/xinetd_2.3.15.4.bb | 2 + .../recipes-extended/xz/xz/CVE-2022-1271.patch | 96 -- poky/meta/recipes-extended/xz/xz_5.2.5.bb | 47 - poky/meta/recipes-extended/xz/xz_5.2.6.bb | 44 + poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb | 43 - poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb | 43 + poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb | 2 + .../0001-Add-use_prebuilt_tools-option.patch | 18 +- .../gdk-pixbuf/gdk-pixbuf/fatal-loader.patch | 20 +- .../recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb | 128 -- .../recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb | 132 +++ poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb | 6 +- .../recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb | 62 - .../recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb | 62 + .../wayland/weston/dont-use-plane-add-prop.patch | 32 - .../meta/recipes-graphics/wayland/weston_10.0.1.bb | 144 --- .../meta/recipes-graphics/wayland/weston_10.0.2.bb | 142 +++ .../kern-tools/kern-tools-native_git.bb | 2 +- .../linux-firmware/linux-firmware_20220708.bb | 1083 ----------------- .../linux-firmware/linux-firmware_20220913.bb | 1105 ++++++++++++++++++ .../linux-libc-headers/linux-libc-headers_5.16.bb | 2 +- poky/meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +- .../recipes-kernel/linux/linux-yocto-rt_5.10.bb | 8 +- .../recipes-kernel/linux/linux-yocto-rt_5.15.bb | 8 +- .../recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 10 +- .../recipes-kernel/linux/linux-yocto-tiny_5.15.bb | 8 +- poky/meta/recipes-kernel/linux/linux-yocto.inc | 2 +- poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb | 26 +- poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb | 28 +- ...fix-adjust-range-v5.10.137-in-block-probe.patch | 92 ++ .../lttng/lttng-modules/0001-fix-compaction.patch | 68 ++ ..._alloc-fix-tracepoint-mm_page_alloc_zone_.patch | 106 ++ ...ve-flags-parameter-from-aops-write_begin-.patch | 76 ++ ...ueue-Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 ++ .../recipes-kernel/lttng/lttng-modules_2.13.4.bb | 5 + poky/meta/recipes-kernel/lttng/lttng-platforms.inc | 4 + poky/meta/recipes-kernel/perf/perf.bb | 8 +- .../wireless-regdb/wireless-regdb_2022.06.06.bb | 43 - .../wireless-regdb/wireless-regdb_2022.08.12.bb | 43 + .../recipes-multimedia/libpng/libpng_1.6.37.bb | 35 - .../recipes-multimedia/libpng/libpng_1.6.38.bb | 34 + .../libtiff/tiff/CVE-2022-34526.patch | 29 + poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb | 55 - poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 55 + poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb | 18 - poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb | 18 + poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb | 167 --- poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb | 166 +++ .../recipes-sato/webkit/wpebackend-fdo_1.12.0.bb | 24 - .../recipes-sato/webkit/wpebackend-fdo_1.12.1.bb | 24 + ...AC_CACHE_CHECK-for-strerror_r-return-type.patch | 52 + ...emove-runtime-test-for-mmap-that-can-map-.patch | 62 + poky/meta/recipes-support/apr/apr_1.7.0.bb | 19 +- ...install-targets-if-there-s-build-no-in-ur.patch | 82 ++ poky/meta/recipes-support/boost/boost_1.78.0.bb | 1 + .../recipes-support/curl/curl/CVE-2022-35252.patch | 72 ++ poky/meta/recipes-support/curl/curl_7.82.0.bb | 1 + .../gnutls/gnutls/CVE-2022-2509.patch | 282 +++++ poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb | 1 + .../meta/recipes-support/gnutls/libtasn1_4.18.0.bb | 23 - .../meta/recipes-support/gnutls/libtasn1_4.19.0.bb | 23 + .../recipes-support/iso-codes/iso-codes_4.10.0.bb | 22 - .../recipes-support/iso-codes/iso-codes_4.11.0.bb | 22 + .../libatomic-ops/libatomic-ops_7.6.12.bb | 22 - .../libatomic-ops/libatomic-ops_7.6.14.bb | 22 + ...ibcap-Raise-the-size-of-arrays-containing.patch | 2 +- poky/meta/recipes-support/libcap/libcap_2.63.bb | 80 -- poky/meta/recipes-support/libcap/libcap_2.65.bb | 80 ++ .../meta/recipes-support/liburcu/liburcu_0.13.1.bb | 24 - .../meta/recipes-support/liburcu/liburcu_0.13.2.bb | 24 + .../recipes-support/lz4/files/CVE-2021-3520.patch | 27 - poky/meta/recipes-support/lz4/lz4_1.9.3.bb | 31 - poky/meta/recipes-support/lz4/lz4_1.9.4.bb | 29 + .../recipes-support/pinentry/pinentry_1.2.0.bb | 3 + ...op-variables-in-the-printf-implementation.patch | 26 + poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 4 +- .../recipes-support/vim/files/crosscompile.patch | 51 - poky/meta/recipes-support/vim/files/racefix.patch | 37 - poky/meta/recipes-support/vim/vim.inc | 6 +- poky/scripts/create-pull-request | 2 +- poky/scripts/devtool | 10 +- poky/scripts/lib/devtool/upgrade.py | 33 +- poky/scripts/lib/wic/misc.py | 7 +- poky/scripts/lib/wic/plugins/source/bootimg-efi.py | 25 +- poky/scripts/oe-setup-builddir | 12 +- poky/scripts/relocate_sdk.py | 10 +- poky/scripts/runqemu | 8 +- poky/scripts/runqemu.README | 16 +- 407 files changed, 16059 insertions(+), 6146 deletions(-) create mode 100644 meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb delete mode 100644 meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb create mode 100644 meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb create mode 100644 meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch create mode 100644 meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch delete mode 100644 meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb create mode 100644 meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb delete mode 100644 meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch delete mode 100644 meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb create mode 100644 meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb delete mode 100644 meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb create mode 100644 meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb create mode 100644 meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch create mode 100644 meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch delete mode 100644 meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb create mode 100644 meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb create mode 100644 meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch create mode 100644 meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch create mode 100644 meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch delete mode 100644 meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb create mode 100644 meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb create mode 100755 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb create mode 100644 meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch delete mode 100644 meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb create mode 100644 meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb create mode 100644 meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch create mode 100644 poky/documentation/migration-guides/release-notes-3.4.3.rst create mode 100644 poky/documentation/migration-guides/release-notes-3.4.4.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.1.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.2.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.3.rst create mode 100644 poky/documentation/migration-guides/release-notes-4.0.4.rst create mode 100644 poky/meta/conf/machine/include/arm/arch-armv9a.inc create mode 100644 poky/meta/lib/oe/npm_registry.py delete mode 100644 poky/meta/lib/oeqa/selftest/cases/git.py create mode 100644 poky/meta/lib/oeqa/selftest/cases/intercept.py create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch create mode 100644 poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch create mode 100644 poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch create mode 100644 poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch create mode 100644 poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch create mode 100644 poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch create mode 100644 poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch create mode 100644 poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/bind9 delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.4/named.service create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service delete mode 100644 poky/meta/recipes-connectivity/bind/bind_9.18.4.bb create mode 100644 poky/meta/recipes-connectivity/bind/bind_9.18.7.bb delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5_5.64.bb create mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5_5.65.bb create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch create mode 100644 poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch create mode 100644 poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch delete mode 100644 poky/meta/recipes-core/ell/ell_0.49.bb create mode 100644 poky/meta/recipes-core/ell/ell_0.50.bb delete mode 100644 poky/meta/recipes-core/expat/expat_2.4.7.bb create mode 100644 poky/meta/recipes-core/expat/expat_2.4.9.bb delete mode 100644 poky/meta/recipes-core/glib-networking/glib-networking_2.72.1.bb create mode 100644 poky/meta/recipes-core/glib-networking/glib-networking_2.72.2.bb create mode 100644 poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch create mode 100644 poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch create mode 100644 poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch create mode 100644 poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch create mode 100644 poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch create mode 100644 poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch create mode 100644 poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch create mode 100644 poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch delete mode 100644 poky/meta/recipes-devtools/go/go-1.17.12.inc create mode 100644 poky/meta/recipes-devtools/go/go-1.17.13.inc create mode 100644 poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch delete mode 100644 poky/meta/recipes-devtools/go/go-binary-native_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go-binary-native_1.17.13.bb delete mode 100644 poky/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go-cross-canadian_1.17.13.bb delete mode 100644 poky/meta/recipes-devtools/go/go-cross_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go-cross_1.17.13.bb delete mode 100644 poky/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go-crosssdk_1.17.13.bb delete mode 100644 poky/meta/recipes-devtools/go/go-native_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go-native_1.17.13.bb delete mode 100644 poky/meta/recipes-devtools/go/go-runtime_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go-runtime_1.17.13.bb delete mode 100644 poky/meta/recipes-devtools/go/go_1.17.12.bb create mode 100644 poky/meta/recipes-devtools/go/go_1.17.13.bb create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch create mode 100644 poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch delete mode 100644 poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch create mode 100644 poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch delete mode 100644 poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch delete mode 100644 poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch delete mode 100644 poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb create mode 100644 poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb delete mode 100644 poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch delete mode 100644 poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb create mode 100644 poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb create mode 100644 poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch delete mode 100644 poky/meta/recipes-devtools/vala/vala_0.56.2.bb create mode 100644 poky/meta/recipes-devtools/vala/vala_0.56.3.bb delete mode 100644 poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb create mode 100644 poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb delete mode 100644 poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb create mode 100644 poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb create mode 100644 poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch create mode 100644 poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch create mode 100644 poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch create mode 100644 poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch create mode 100644 poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch delete mode 100644 poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch delete mode 100644 poky/meta/recipes-extended/xz/xz_5.2.5.bb create mode 100644 poky/meta/recipes-extended/xz/xz_5.2.6.bb delete mode 100644 poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb create mode 100644 poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb delete mode 100644 poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb create mode 100644 poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb delete mode 100644 poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb create mode 100644 poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb delete mode 100644 poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch delete mode 100644 poky/meta/recipes-graphics/wayland/weston_10.0.1.bb create mode 100644 poky/meta/recipes-graphics/wayland/weston_10.0.2.bb delete mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb create mode 100644 poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb create mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch create mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch create mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch create mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch create mode 100644 poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch delete mode 100644 poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb create mode 100644 poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb delete mode 100644 poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb create mode 100644 poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb create mode 100644 poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch delete mode 100644 poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb create mode 100644 poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb delete mode 100644 poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb create mode 100644 poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb delete mode 100644 poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb create mode 100644 poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb delete mode 100644 poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.0.bb create mode 100644 poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb create mode 100644 poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch create mode 100644 poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch create mode 100644 poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch create mode 100644 poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch delete mode 100644 poky/meta/recipes-support/gnutls/libtasn1_4.18.0.bb create mode 100644 poky/meta/recipes-support/gnutls/libtasn1_4.19.0.bb delete mode 100644 poky/meta/recipes-support/iso-codes/iso-codes_4.10.0.bb create mode 100644 poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb delete mode 100644 poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb create mode 100644 poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb delete mode 100644 poky/meta/recipes-support/libcap/libcap_2.63.bb create mode 100644 poky/meta/recipes-support/libcap/libcap_2.65.bb delete mode 100644 poky/meta/recipes-support/liburcu/liburcu_0.13.1.bb create mode 100644 poky/meta/recipes-support/liburcu/liburcu_0.13.2.bb delete mode 100644 poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch delete mode 100644 poky/meta/recipes-support/lz4/lz4_1.9.3.bb create mode 100644 poky/meta/recipes-support/lz4/lz4_1.9.4.bb create mode 100644 poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch delete mode 100644 poky/meta/recipes-support/vim/files/crosscompile.patch delete mode 100644 poky/meta/recipes-support/vim/files/racefix.patch diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch new file mode 100644 index 0000000000..2207408bd2 --- /dev/null +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3/0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch @@ -0,0 +1,45 @@ +From cee6de8d6619aeeb70f3318dfd35f2fdf5e43848 Mon Sep 17 00:00:00 2001 +From: Luis Henriques +Date: Sat, 20 Nov 2021 10:09:25 +0000 +Subject: [PATCH] test/test_syscalls.c: allow EBADF in fcheck_stat() (#631) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Test test/test_examples.py::test_passthrough_hp[False] fails because, on +kernels >= 5.14, fstat() will return -EBADF: + +3 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +4 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +5 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +9 [check_unlinked_testfile] fcheck_stat() - fstat: Bad file descriptor +... + +This patch simply whitelists the EBADF errno code. + +Signed-off-by: Luís Henriques +Co-authored-by: Luís Henriques + +Upstream-Status: Backport [https://github.com/libfuse/libfuse/commit/cee6de8d6619aeeb70f3318dfd35f2fdf5e43848] +Signed-off-by: Changqing Li +--- + test/test_syscalls.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/test/test_syscalls.c b/test/test_syscalls.c +index 160a2ac..65292ed 100644 +--- a/test/test_syscalls.c ++++ b/test/test_syscalls.c +@@ -277,7 +277,8 @@ static int fcheck_stat(int fd, int flags, struct stat *st) + if (flags & O_PATH) { + // With O_PATH fd, the server does not have to keep + // the inode alive so FUSE inode may be stale or bad +- if (errno == ESTALE || errno == EIO || errno == ENOENT) ++ if (errno == ESTALE || errno == EIO || ++ errno == ENOENT || errno == EBADF) + return 0; + } + PERROR("fstat"); +-- +2.25.1 + diff --git a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb index e0cf2092a6..0f379afb92 100644 --- a/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb +++ b/meta-openembedded/meta-filesystems/recipes-support/fuse/fuse3_3.10.5.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://GPL2.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://LICENSE;md5=a55c12a2d7d742ecb41ca9ae0a6ddc66" SRC_URI = "https://github.com/libfuse/libfuse/releases/download/fuse-${PV}/fuse-${PV}.tar.xz \ + file://0001-test-test_syscalls.c-allow-EBADF-in-fcheck_stat-631.patch \ " SRC_URI[sha256sum] = "b2e283485d47404ac896dd0bb7f7ba81e1470838e677e45f659804c3a3b69666" @@ -35,7 +36,28 @@ RDEPENDS:${PN}-ptest += " \ do_install_ptest() { install -d ${D}${PTEST_PATH}/test + install -d ${D}${PTEST_PATH}/example + install -d ${D}${PTEST_PATH}/util cp -rf ${S}/test/* ${D}${PTEST_PATH}/test/ + + example_excutables=`find ${B}/example -type f -executable` + util_excutables=`find ${B}/util -type f -executable` + test_excutables=`find ${B}/test -type f -executable` + + for e in $example_excutables + do + cp -rf $e ${D}${PTEST_PATH}/example/ + done + + for e in $util_excutables + do + cp -rf $e ${D}${PTEST_PATH}/util/ + done + + for e in $test_excutables + do + cp -rf $e ${D}${PTEST_PATH}/test + done } DEPENDS = "udev" @@ -49,10 +71,6 @@ RRECOMMENDS:${PN}:class-target = "kernel-module-fuse fuse3-utils" FILES:${PN} += "${libdir}/libfuse3.so.*" FILES:${PN}-dev += "${libdir}/libfuse3*.la" -EXTRA_OEMESON += " \ - -Dexamples=false \ -" - # Forbid auto-renaming to libfuse3-utils FILES:fuse3-utils = "${bindir} ${base_sbindir}" DEBIAN_NOAUTONAME:fuse3-utils = "1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch new file mode 100644 index 0000000000..90ee317860 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-smbtorture-skip-test-case-tfork_cmd_send.patch @@ -0,0 +1,38 @@ +From 059b517f9ef6cbdc696e0983ce255b1728042827 Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Thu, 25 Aug 2022 16:46:04 +0800 +Subject: [PATCH] smbtorture: skip test case tfork_cmd_send + +The test case tfork_cmd_send fails on target as it requires a script +located in the source directory: + +$ smbtorture ncalrpc:localhost local.tfork.tfork_cmd_send +test: tfork_cmd_send +/buildarea/build/tmp/work/core2-64-poky-linux/samba/4.14.14-r0/samba-4.14.14/testprogs/blackbox/tfork.sh: +Failed to exec child - No such file or directory + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao +--- + lib/util/tests/tfork.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c +index 70ae975..4826ce6 100644 +--- a/lib/util/tests/tfork.c ++++ b/lib/util/tests/tfork.c +@@ -839,10 +839,6 @@ struct torture_suite *torture_local_tfork(TALLOC_CTX *mem_ctx) + "tfork_threads", + test_tfork_threads); + +- torture_suite_add_simple_test(suite, +- "tfork_cmd_send", +- test_tfork_cmd_send); +- + torture_suite_add_simple_test(suite, + "tfork_event_file_handle", + test_tfork_event_file_handle); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb deleted file mode 100644 index 49e93fc536..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.13.bb +++ /dev/null @@ -1,347 +0,0 @@ -HOMEPAGE = "https://www.samba.org/" -SECTION = "console/network" - -LICENSE = "GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://${COREBASE}/meta/files/common-licenses/LGPL-3.0-or-later;md5=c51d3eef3be114124d11349ca0d7e117 \ - file://${COREBASE}/meta/files/common-licenses/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c" - -SAMBA_MIRROR = "http://samba.org/samba/ftp" -MIRRORS += "\ -${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \ -${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \ -" - -SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ - file://smb.conf \ - file://volatiles.03_samba \ - file://0001-Don-t-check-xsltproc-manpages.patch \ - file://0002-do-not-import-target-module-while-cross-compile.patch \ - file://0003-Add-config-option-without-valgrind.patch \ - file://0004-Add-options-to-configure-the-use-of-libbsd.patch \ - file://0005-samba-build-dnsserver_common-code.patch \ - file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ - " - -SRC_URI:append:libc-musl = " \ - file://netdb_defines.patch \ - file://samba-pam.patch \ - file://samba-4.3.9-remove-getpwent_r.patch \ - file://cmocka-uintptr_t.patch \ - file://samba-fix-musl-lib-without-innetgr.patch \ - " - -SRC_URI[sha256sum] = "e1df792818a17d8d21faf33580d32939214694c92b84fb499464210d86a7ff75" - -UPSTREAM_CHECK_REGEX = "samba\-(?P4\.14(\.\d+)+).tar.gz" - -inherit systemd waf-samba cpan-base perlnative update-rc.d perl-version pkgconfig - -# CVE-2011-2411 is valnerble only on HP NonStop Servers. -CVE_CHECK_IGNORE += "CVE-2011-2411" - -# remove default added RDEPENDS on perl -RDEPENDS:${PN}:remove = "perl" - -DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libaio libpam libtasn1 jansson libparse-yapp-perl-native gnutls" - -inherit features_check -REQUIRED_DISTRO_FEATURES = "pam" - -DEPENDS:append:libc-musl = " libtirpc" -CFLAGS:append:libc-musl = " -I${STAGING_INCDIR}/tirpc" -LDFLAGS:append:libc-musl = " -ltirpc" - -COMPATIBLE_HOST:riscv32 = "null" - -INITSCRIPT_NAME = "samba" -INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ." - -SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind" -SYSTEMD_SERVICE:${PN}-base = "nmb.service smb.service" -SYSTEMD_SERVICE:${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}" -SYSTEMD_SERVICE:winbind = "winbind.service" - -# There are prerequisite settings to enable ad-dc, so disable the service by default. -# Reference: -# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller -SYSTEMD_AUTO_ENABLE:${PN}-ad-dc = "disable" - -#cross_compile cannot use preforked process, since fork process earlier than point subproces.popen -#to cross Popen -export WAF_NO_PREFORK="yes" - -# Use krb5. Build active domain controller. -# -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \ - acl cups ad-dc ldap mitkrb5 \ -" - -RDEPENDS:${PN}-ctdb-tests += "bash util-linux-getopt" - -PACKAGECONFIG[acl] = "--with-acl-support,--without-acl-support,acl" -PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin" -PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,cups" -PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" -PACKAGECONFIG[sasl] = ",,cyrus-sasl" -PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" -PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi" -PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi" -PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind," -PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust" -PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive" -PACKAGECONFIG[libunwind] = ", , libunwind" -PACKAGECONFIG[gpgme] = ",--without-gpgme,," -PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb," -PACKAGECONFIG[libbsd] = "--with-libbsd, --without-libbsd, libbsd" -PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,python3-markdown python3-dnspython," -PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5," - -SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2" -SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" -SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4" -SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}" - -# These libraries are supposed to replace others supplied by packages, but decorate the names of -# .so files so there will not be a conflict. This is not done consistantly, so be very careful -# when adding to this list. -# -SAMBA4_LIBS="heimdal,cmocka,NONE" - -EXTRA_OECONF += "--enable-fhs \ - --with-piddir=/run \ - --with-sockets-dir=/run/samba \ - --with-modulesdir=${libdir}/samba \ - --with-lockdir=${localstatedir}/lib/samba \ - --with-cachedir=${localstatedir}/lib/samba \ - --disable-rpath-install \ - --with-shared-modules=${SAMBA4_MODULES} \ - --bundled-libraries=${SAMBA4_LIBS} \ - ${@oe.utils.conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \ - --with-cluster-support \ - --with-profiling-data \ - --with-libiconv=${STAGING_DIR_HOST}${prefix} \ - --with-pam --with-pammodulesdir=${base_libdir}/security \ - " - -LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}" - -do_configure:append () { - cd ${S}/pidl/ - perl Makefile.PL PREFIX=${prefix} - sed -e 's,VENDORPREFIX)/lib/perl,VENDORPREFIX)/${baselib}/perl,g' \ - -e 's,PERLPREFIX)/lib/perl,PERLPREFIX)/${baselib}/perl,g' -i Makefile - -} - -do_compile:append () { - oe_runmake -C ${S}/pidl -} - -do_install:append() { - for section in 1 5 7; do - install -d ${D}${mandir}/man$section - install -m 0644 ctdb/doc/*.$section ${D}${mandir}/man$section - done - for section in 1 5 7 8; do - install -d ${D}${mandir}/man$section - install -m 0644 docs/manpages/*.$section ${D}${mandir}/man$section - done - - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${S}/bin/default/packaging/systemd/*.service ${D}${systemd_system_unitdir}/ - sed -e 's,\(ExecReload=\).*\(/kill\),\1${base_bindir}\2,' \ - -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \ - -i ${D}${systemd_system_unitdir}/*.service - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then - rm -f ${D}${systemd_system_unitdir}/samba.service - fi - - install -d ${D}${sysconfdir}/tmpfiles.d - install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf - echo "d ${localstatedir}/log/samba 0755 root root -" \ - >> ${D}${sysconfdir}/tmpfiles.d/samba.conf - install -d ${D}${sysconfdir}/init.d - install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/samba - sed -e 's,/opt/samba/bin,${sbindir},g' \ - -e 's,/opt/samba/smb.conf,${sysconfdir}/samba/smb.conf,g' \ - -e 's,/opt/samba/log,${localstatedir}/log/samba,g' \ - -e 's,/etc/init.d/samba.server,${sysconfdir}/init.d/samba,g' \ - -e 's,/usr/bin,${base_bindir},g' \ - -i ${D}${sysconfdir}/init.d/samba - - install -d ${D}${sysconfdir}/samba - echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts - install -m644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf - install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/03_samba - - install -d ${D}${sysconfdir}/default - install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba - - # the items are from ctdb/tests/run_tests.sh - for d in cunit eventd eventscripts onnode shellcheck takeover takeover_helper tool; do - testdir=${D}${datadir}/ctdb-tests/UNIT/$d - install -d $testdir - cp ${S}/ctdb/tests/UNIT/$d/*.sh $testdir - cp -r ${S}/ctdb/tests/UNIT/$d/scripts ${S}/ctdb/tests/UNIT/$d/stubs $testdir || true - done - - # fix file-rdeps qa warning - if [ -f ${D}${bindir}/onnode ]; then - sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode - fi - - chmod 0750 ${D}${sysconfdir}/sudoers.d || true - rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log - - for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate samba_downgrade_db; do - if [ -f "${D}${sbindir}/$f" ]; then - sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${sbindir}/$f - fi - done - if [ -f "${D}${bindir}/samba-tool" ]; then - sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${bindir}/samba-tool - fi - - oe_runmake -C ${S}/pidl DESTDIR=${D} install_vendor - find ${D}${libdir}/ -type f -name "perllocal.pod" | xargs rm -f - rm -rf ${D}${libdir}/perl5/vendor_perl/${PERLVERSION}/${BUILD_SYS}/auto/Parse/Pidl/.packlist - sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${bindir}/pidl -} - -PACKAGES =+ "${PN}-python3 ${PN}-pidl \ - ${PN}-dsdb-modules ${PN}-testsuite registry-tools \ - winbind \ - ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \ - smbclient ${PN}-client ${PN}-server ${PN}-test" - -python samba_populate_packages() { - def module_hook(file, pkg, pattern, format, basename): - pn = d.getVar('PN') - d.appendVar('RRECOMMENDS:%s-base' % pn, ' %s' % pkg) - - mlprefix = d.getVar('MLPREFIX') or '' - pam_libdir = d.expand('${base_libdir}/security') - pam_pkgname = mlprefix + 'pam-plugin%s' - do_split_packages(d, pam_libdir, r'^pam_(.*)\.so$', pam_pkgname, 'PAM plugin for %s', extra_depends='', prepend=True) - - libdir = d.getVar('libdir') - do_split_packages(d, libdir, r'^lib(.*)\.so\..*$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True, allow_links=True) - pkglibdir = '%s/samba' % libdir - do_split_packages(d, pkglibdir, r'^lib(.*)\.so$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True) - moduledir = '%s/samba/auth' % libdir - do_split_packages(d, moduledir, r'^(.*)\.so$', 'samba-auth-%s', 'Samba %s authentication backend', hook=module_hook, extra_depends='', prepend=True) - moduledir = '%s/samba/pdb' % libdir - do_split_packages(d, moduledir, r'^(.*)\.so$', 'samba-pdb-%s', 'Samba %s password backend', hook=module_hook, extra_depends='', prepend=True) -} - -PACKAGESPLITFUNCS:prepend = "samba_populate_packages " -PACKAGES_DYNAMIC = "samba-auth-.* samba-pdb-.*" - -RDEPENDS:${PN} += "${PN}-base ${PN}-python3 ${PN}-dsdb-modules python3" -RDEPENDS:${PN}-python3 += "pytalloc python3-tdb pyldb" - -FILES:${PN}-base = "${sbindir}/nmbd \ - ${sbindir}/smbd \ - ${sysconfdir}/init.d \ - ${systemd_system_unitdir}/nmb.service \ - ${systemd_system_unitdir}/smb.service" - -FILES:${PN}-ad-dc = "${sbindir}/samba \ - ${systemd_system_unitdir}/samba.service \ - ${libdir}/krb5/plugins/kdb/samba.so \ -" -RDEPENDS:${PN}-ad-dc = "krb5-kdc" - -FILES:${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \ - ${bindir}/ctdb_run_cluster_tests \ - ${sysconfdir}/ctdb/nodes \ - ${datadir}/ctdb-tests \ - ${datadir}/ctdb/tests \ - ${localstatedir}/lib/ctdb \ - " - -FILES:${BPN}-common = "${sysconfdir}/default \ - ${sysconfdir}/samba \ - ${sysconfdir}/tmpfiles.d \ - ${localstatedir}/lib/samba \ - ${localstatedir}/spool/samba \ -" - -FILES:${PN} += "${libdir}/vfs/*.so \ - ${libdir}/charset/*.so \ - ${libdir}/*.dat \ - ${libdir}/auth/*.so \ - ${datadir}/ctdb/events/* \ -" - -FILES:${PN}-dsdb-modules = "${libdir}/samba/ldb" - -FILES:${PN}-testsuite = "${bindir}/gentest \ - ${bindir}/locktest \ - ${bindir}/masktest \ - ${bindir}/ndrdump \ - ${bindir}/smbtorture" - -FILES:registry-tools = "${bindir}/regdiff \ - ${bindir}/regpatch \ - ${bindir}/regshell \ - ${bindir}/regtree" - -FILES:winbind = "${sbindir}/winbindd \ - ${bindir}/wbinfo \ - ${bindir}/ntlm_auth \ - ${libdir}/samba/idmap \ - ${libdir}/samba/nss_info \ - ${libdir}/winbind_krb5_locator.so \ - ${libdir}/winbind-krb5-localauth.so \ - ${sysconfdir}/init.d/winbind \ - ${systemd_system_unitdir}/winbind.service" - -FILES:${PN}-python3 = "${PYTHON_SITEPACKAGES_DIR}" - -FILES:smbclient = "${bindir}/cifsdd \ - ${bindir}/rpcclient \ - ${bindir}/smbcacls \ - ${bindir}/smbclient \ - ${bindir}/smbcquotas \ - ${bindir}/smbget \ - ${bindir}/smbspool \ - ${bindir}/smbtar \ - ${bindir}/smbtree \ - ${libdir}/samba/smbspool_krb5_wrapper" - -RDEPENDS:${PN}-pidl:append = " perl libparse-yapp-perl" -FILES:${PN}-pidl = "${bindir}/pidl \ - ${libdir}/perl5 \ - " - -RDEPENDS:${PN}-client = "\ - smbclient \ - winbind \ - registry-tools \ - ${PN}-pidl \ - " - -ALLOW_EMPTY:${PN}-client = "1" - -RDEPENDS:${PN}-server = "\ - ${PN} \ - winbind \ - registry-tools \ - " - -ALLOW_EMPTY:${PN}-server = "1" - -RDEPENDS:${PN}-test = "\ - ${PN}-ctdb-tests \ - ${PN}-testsuite \ - " - -ALLOW_EMPTY:${PN}-test = "1" - -# Patch for CVE-2018-1050 is applied in version 4.5.15, 4.6.13, 4.7.5. -# Patch for CVE-2018-1057 is applied in version 4.3.13, 4.4.16. -CVE_CHECK_IGNORE += "CVE-2018-1050" -CVE_CHECK_IGNORE += "CVE-2018-1057" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb new file mode 100644 index 0000000000..53526a26b6 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -0,0 +1,348 @@ +HOMEPAGE = "https://www.samba.org/" +SECTION = "console/network" + +LICENSE = "GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://${COREBASE}/meta/files/common-licenses/LGPL-3.0-or-later;md5=c51d3eef3be114124d11349ca0d7e117 \ + file://${COREBASE}/meta/files/common-licenses/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c" + +SAMBA_MIRROR = "http://samba.org/samba/ftp" +MIRRORS += "\ +${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \ +${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \ +" + +SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ + file://smb.conf \ + file://volatiles.03_samba \ + file://0001-Don-t-check-xsltproc-manpages.patch \ + file://0002-do-not-import-target-module-while-cross-compile.patch \ + file://0003-Add-config-option-without-valgrind.patch \ + file://0004-Add-options-to-configure-the-use-of-libbsd.patch \ + file://0005-samba-build-dnsserver_common-code.patch \ + file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ + file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \ + " + +SRC_URI:append:libc-musl = " \ + file://netdb_defines.patch \ + file://samba-pam.patch \ + file://samba-4.3.9-remove-getpwent_r.patch \ + file://cmocka-uintptr_t.patch \ + file://samba-fix-musl-lib-without-innetgr.patch \ + " + +SRC_URI[sha256sum] = "abd5e9e6aa45e55114b188ba189ebdfc8fd3d7718d43f749e477ce7f791e5519" + +UPSTREAM_CHECK_REGEX = "samba\-(?P4\.14(\.\d+)+).tar.gz" + +inherit systemd waf-samba cpan-base perlnative update-rc.d perl-version pkgconfig + +# CVE-2011-2411 is valnerble only on HP NonStop Servers. +CVE_CHECK_IGNORE += "CVE-2011-2411" + +# remove default added RDEPENDS on perl +RDEPENDS:${PN}:remove = "perl" + +DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libaio libpam libtasn1 jansson libparse-yapp-perl-native gnutls" + +inherit features_check +REQUIRED_DISTRO_FEATURES = "pam" + +DEPENDS:append:libc-musl = " libtirpc" +CFLAGS:append:libc-musl = " -I${STAGING_INCDIR}/tirpc" +LDFLAGS:append:libc-musl = " -ltirpc" + +COMPATIBLE_HOST:riscv32 = "null" + +INITSCRIPT_NAME = "samba" +INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ." + +SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind" +SYSTEMD_SERVICE:${PN}-base = "nmb.service smb.service" +SYSTEMD_SERVICE:${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}" +SYSTEMD_SERVICE:winbind = "winbind.service" + +# There are prerequisite settings to enable ad-dc, so disable the service by default. +# Reference: +# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller +SYSTEMD_AUTO_ENABLE:${PN}-ad-dc = "disable" + +#cross_compile cannot use preforked process, since fork process earlier than point subproces.popen +#to cross Popen +export WAF_NO_PREFORK="yes" + +# Use krb5. Build active domain controller. +# +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \ + acl cups ad-dc ldap mitkrb5 \ +" + +RDEPENDS:${PN}-ctdb-tests += "bash util-linux-getopt" + +PACKAGECONFIG[acl] = "--with-acl-support,--without-acl-support,acl" +PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin" +PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,cups" +PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" +PACKAGECONFIG[sasl] = ",,cyrus-sasl" +PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" +PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi" +PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi" +PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind," +PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust" +PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive" +PACKAGECONFIG[libunwind] = ", , libunwind" +PACKAGECONFIG[gpgme] = ",--without-gpgme,," +PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb," +PACKAGECONFIG[libbsd] = "--with-libbsd, --without-libbsd, libbsd" +PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,python3-markdown python3-dnspython," +PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5," + +SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2" +SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" +SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4" +SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}" + +# These libraries are supposed to replace others supplied by packages, but decorate the names of +# .so files so there will not be a conflict. This is not done consistantly, so be very careful +# when adding to this list. +# +SAMBA4_LIBS="heimdal,cmocka,NONE" + +EXTRA_OECONF += "--enable-fhs \ + --with-piddir=/run \ + --with-sockets-dir=/run/samba \ + --with-modulesdir=${libdir}/samba \ + --with-lockdir=${localstatedir}/lib/samba \ + --with-cachedir=${localstatedir}/lib/samba \ + --disable-rpath-install \ + --with-shared-modules=${SAMBA4_MODULES} \ + --bundled-libraries=${SAMBA4_LIBS} \ + ${@oe.utils.conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \ + --with-cluster-support \ + --with-profiling-data \ + --with-libiconv=${STAGING_DIR_HOST}${prefix} \ + --with-pam --with-pammodulesdir=${base_libdir}/security \ + " + +LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}" + +do_configure:append () { + cd ${S}/pidl/ + perl Makefile.PL PREFIX=${prefix} + sed -e 's,VENDORPREFIX)/lib/perl,VENDORPREFIX)/${baselib}/perl,g' \ + -e 's,PERLPREFIX)/lib/perl,PERLPREFIX)/${baselib}/perl,g' -i Makefile + +} + +do_compile:append () { + oe_runmake -C ${S}/pidl +} + +do_install:append() { + for section in 1 5 7; do + install -d ${D}${mandir}/man$section + install -m 0644 ctdb/doc/*.$section ${D}${mandir}/man$section + done + for section in 1 5 7 8; do + install -d ${D}${mandir}/man$section + install -m 0644 docs/manpages/*.$section ${D}${mandir}/man$section + done + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${S}/bin/default/packaging/systemd/*.service ${D}${systemd_system_unitdir}/ + sed -e 's,\(ExecReload=\).*\(/kill\),\1${base_bindir}\2,' \ + -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \ + -i ${D}${systemd_system_unitdir}/*.service + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then + rm -f ${D}${systemd_system_unitdir}/samba.service + fi + + install -d ${D}${sysconfdir}/tmpfiles.d + install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf + echo "d ${localstatedir}/log/samba 0755 root root -" \ + >> ${D}${sysconfdir}/tmpfiles.d/samba.conf + install -d ${D}${sysconfdir}/init.d + install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/samba + sed -e 's,/opt/samba/bin,${sbindir},g' \ + -e 's,/opt/samba/smb.conf,${sysconfdir}/samba/smb.conf,g' \ + -e 's,/opt/samba/log,${localstatedir}/log/samba,g' \ + -e 's,/etc/init.d/samba.server,${sysconfdir}/init.d/samba,g' \ + -e 's,/usr/bin,${base_bindir},g' \ + -i ${D}${sysconfdir}/init.d/samba + + install -d ${D}${sysconfdir}/samba + echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts + install -m644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf + install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/03_samba + + install -d ${D}${sysconfdir}/default + install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba + + # the items are from ctdb/tests/run_tests.sh + for d in cunit eventd eventscripts onnode shellcheck takeover takeover_helper tool; do + testdir=${D}${datadir}/ctdb-tests/UNIT/$d + install -d $testdir + cp ${S}/ctdb/tests/UNIT/$d/*.sh $testdir + cp -r ${S}/ctdb/tests/UNIT/$d/scripts ${S}/ctdb/tests/UNIT/$d/stubs $testdir || true + done + + # fix file-rdeps qa warning + if [ -f ${D}${bindir}/onnode ]; then + sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode + fi + + chmod 0750 ${D}${sysconfdir}/sudoers.d || true + rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log + + for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate samba_downgrade_db; do + if [ -f "${D}${sbindir}/$f" ]; then + sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${sbindir}/$f + fi + done + if [ -f "${D}${bindir}/samba-tool" ]; then + sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${bindir}/samba-tool + fi + + oe_runmake -C ${S}/pidl DESTDIR=${D} install_vendor + find ${D}${libdir}/ -type f -name "perllocal.pod" | xargs rm -f + rm -rf ${D}${libdir}/perl5/vendor_perl/${PERLVERSION}/${BUILD_SYS}/auto/Parse/Pidl/.packlist + sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${bindir}/pidl +} + +PACKAGES =+ "${PN}-python3 ${PN}-pidl \ + ${PN}-dsdb-modules ${PN}-testsuite registry-tools \ + winbind \ + ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \ + smbclient ${PN}-client ${PN}-server ${PN}-test" + +python samba_populate_packages() { + def module_hook(file, pkg, pattern, format, basename): + pn = d.getVar('PN') + d.appendVar('RRECOMMENDS:%s-base' % pn, ' %s' % pkg) + + mlprefix = d.getVar('MLPREFIX') or '' + pam_libdir = d.expand('${base_libdir}/security') + pam_pkgname = mlprefix + 'pam-plugin%s' + do_split_packages(d, pam_libdir, r'^pam_(.*)\.so$', pam_pkgname, 'PAM plugin for %s', extra_depends='', prepend=True) + + libdir = d.getVar('libdir') + do_split_packages(d, libdir, r'^lib(.*)\.so\..*$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True, allow_links=True) + pkglibdir = '%s/samba' % libdir + do_split_packages(d, pkglibdir, r'^lib(.*)\.so$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True) + moduledir = '%s/samba/auth' % libdir + do_split_packages(d, moduledir, r'^(.*)\.so$', 'samba-auth-%s', 'Samba %s authentication backend', hook=module_hook, extra_depends='', prepend=True) + moduledir = '%s/samba/pdb' % libdir + do_split_packages(d, moduledir, r'^(.*)\.so$', 'samba-pdb-%s', 'Samba %s password backend', hook=module_hook, extra_depends='', prepend=True) +} + +PACKAGESPLITFUNCS:prepend = "samba_populate_packages " +PACKAGES_DYNAMIC = "samba-auth-.* samba-pdb-.*" + +RDEPENDS:${PN} += "${PN}-base ${PN}-python3 ${PN}-dsdb-modules python3" +RDEPENDS:${PN}-python3 += "pytalloc python3-tdb pyldb" + +FILES:${PN}-base = "${sbindir}/nmbd \ + ${sbindir}/smbd \ + ${sysconfdir}/init.d \ + ${systemd_system_unitdir}/nmb.service \ + ${systemd_system_unitdir}/smb.service" + +FILES:${PN}-ad-dc = "${sbindir}/samba \ + ${systemd_system_unitdir}/samba.service \ + ${libdir}/krb5/plugins/kdb/samba.so \ +" +RDEPENDS:${PN}-ad-dc = "krb5-kdc" + +FILES:${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \ + ${bindir}/ctdb_run_cluster_tests \ + ${sysconfdir}/ctdb/nodes \ + ${datadir}/ctdb-tests \ + ${datadir}/ctdb/tests \ + ${localstatedir}/lib/ctdb \ + " + +FILES:${BPN}-common = "${sysconfdir}/default \ + ${sysconfdir}/samba \ + ${sysconfdir}/tmpfiles.d \ + ${localstatedir}/lib/samba \ + ${localstatedir}/spool/samba \ +" + +FILES:${PN} += "${libdir}/vfs/*.so \ + ${libdir}/charset/*.so \ + ${libdir}/*.dat \ + ${libdir}/auth/*.so \ + ${datadir}/ctdb/events/* \ +" + +FILES:${PN}-dsdb-modules = "${libdir}/samba/ldb" + +FILES:${PN}-testsuite = "${bindir}/gentest \ + ${bindir}/locktest \ + ${bindir}/masktest \ + ${bindir}/ndrdump \ + ${bindir}/smbtorture" + +FILES:registry-tools = "${bindir}/regdiff \ + ${bindir}/regpatch \ + ${bindir}/regshell \ + ${bindir}/regtree" + +FILES:winbind = "${sbindir}/winbindd \ + ${bindir}/wbinfo \ + ${bindir}/ntlm_auth \ + ${libdir}/samba/idmap \ + ${libdir}/samba/nss_info \ + ${libdir}/winbind_krb5_locator.so \ + ${libdir}/winbind-krb5-localauth.so \ + ${sysconfdir}/init.d/winbind \ + ${systemd_system_unitdir}/winbind.service" + +FILES:${PN}-python3 = "${PYTHON_SITEPACKAGES_DIR}" + +FILES:smbclient = "${bindir}/cifsdd \ + ${bindir}/rpcclient \ + ${bindir}/smbcacls \ + ${bindir}/smbclient \ + ${bindir}/smbcquotas \ + ${bindir}/smbget \ + ${bindir}/smbspool \ + ${bindir}/smbtar \ + ${bindir}/smbtree \ + ${libdir}/samba/smbspool_krb5_wrapper" + +RDEPENDS:${PN}-pidl:append = " perl libparse-yapp-perl" +FILES:${PN}-pidl = "${bindir}/pidl \ + ${libdir}/perl5 \ + " + +RDEPENDS:${PN}-client = "\ + smbclient \ + winbind \ + registry-tools \ + ${PN}-pidl \ + " + +ALLOW_EMPTY:${PN}-client = "1" + +RDEPENDS:${PN}-server = "\ + ${PN} \ + winbind \ + registry-tools \ + " + +ALLOW_EMPTY:${PN}-server = "1" + +RDEPENDS:${PN}-test = "\ + ${PN}-ctdb-tests \ + ${PN}-testsuite \ + " + +ALLOW_EMPTY:${PN}-test = "1" + +# Patch for CVE-2018-1050 is applied in version 4.5.15, 4.6.13, 4.7.5. +# Patch for CVE-2018-1057 is applied in version 4.3.13, 4.4.16. +CVE_CHECK_IGNORE += "CVE-2018-1050" +CVE_CHECK_IGNORE += "CVE-2018-1057" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb deleted file mode 100644 index ce2ba65526..0000000000 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20210219.bb +++ /dev/null @@ -1,30 +0,0 @@ -require wireguard.inc - -SRCREV = "122f06bfd8fc7b06a0899fa9adc4ce8e06900d98" - -SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;branch=master" - -inherit module kernel-module-split - -DEPENDS = "virtual/kernel libmnl" - -# This module requires Linux 3.10 higher and several networking related -# configuration options. For exact kernel requirements visit: -# https://www.wireguard.io/install/#kernel-requirements - -EXTRA_OEMAKE:append = " \ - KERNELDIR=${STAGING_KERNEL_DIR} \ - " - -MAKE_TARGETS = "module" -MODULES_INSTALL_TARGET = "module-install" - -RRECOMMENDS:${PN} = "kernel-module-xt-hashlimit" -MODULE_NAME = "wireguard" - - -# WireGuard has been merged into Linux kernel >= 5.6 and therefore this compatibility module is no longer required. -# OE-core post dunfell has moved to use kernel 5.8 which now means we cant build this module in world builds -# for reference machines e.g. qemu -EXCLUDE_FROM_WORLD = "1" - diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb new file mode 100644 index 0000000000..d80bdd87ab --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20220627.bb @@ -0,0 +1,30 @@ +require wireguard.inc + +SRCREV = "18fbcd68a35a892527345dc5679d0b2d860ee004" + +SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat;protocol=https;branch=master" + +inherit module kernel-module-split + +DEPENDS = "virtual/kernel libmnl" + +# This module requires Linux 3.10 higher and several networking related +# configuration options. For exact kernel requirements visit: +# https://www.wireguard.io/install/#kernel-requirements + +EXTRA_OEMAKE:append = " \ + KERNELDIR=${STAGING_KERNEL_DIR} \ + " + +MAKE_TARGETS = "module" +MODULES_INSTALL_TARGET = "module-install" + +RRECOMMENDS:${PN} = "kernel-module-xt-hashlimit" +MODULE_NAME = "wireguard" + + +# WireGuard has been merged into Linux kernel >= 5.6 and therefore this compatibility module is no longer required. +# OE-core post dunfell has moved to use kernel 5.8 which now means we cant build this module in world builds +# for reference machines e.g. qemu +EXCLUDE_FROM_WORLD = "1" + diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb index 0c686aae2a..20435338c3 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20210914.bb @@ -16,11 +16,19 @@ do_install () { install } +PACKAGES += "${PN}-wg-quick" + FILES:${PN} = " \ + ${bindir}/wg \ ${sysconfdir} \ +" +FILES:${PN}-wg-quick = " \ + ${bindir}/wg-quick \ ${systemd_system_unitdir} \ - ${bindir} \ " -RDEPENDS:${PN} = "bash" -RRECOMMENDS:${PN} = "kernel-module-wireguard" +RDEPENDS:${PN}-wg-quick = "${PN} bash" +RRECOMMENDS:${PN} = " \ + kernel-module-wireguard \ + ${PN}-wg-quick \ + " diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch new file mode 100644 index 0000000000..672bc9514a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37032.patch @@ -0,0 +1,42 @@ +From 3c4821679f2362bcd38fcc7803f28a5210441ddb Mon Sep 17 00:00:00 2001 +From: Donald Sharp +Date: Thu, 21 Jul 2022 08:11:58 -0400 +Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is + expected + +Ensure that if the capability length specified is enough data. + +Signed-off-by: Donald Sharp + +CVE: CVE-2022-37032 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/3c4821679f2362bcd38fcc7803f28a5210441ddb] + +Signed-off-by: Yi Zhao +--- + bgpd/bgp_packet.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7c92a8d9e..bcd47e32d 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -2440,6 +2440,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt, + "%s CAPABILITY has action: %d, code: %u, length %u", + peer->host, action, hdr->code, hdr->length); + ++ if (hdr->length < sizeof(struct capability_mp_data)) { ++ zlog_info( ++ "%s Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d", ++ peer->host, sizeof(struct capability_mp_data), ++ hdr->length); ++ return BGP_Stop; ++ } ++ + /* Capability length check. */ + if ((pnt + hdr->length + 3) > end) { + zlog_info("%s Capability length error", peer->host); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch new file mode 100644 index 0000000000..3d18d0b90d --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-37035.patch @@ -0,0 +1,151 @@ +From db24300d56ad5831d9f6e4545ff2999b99e71bac Mon Sep 17 00:00:00 2001 +From: Mark Stapp +Date: Thu, 8 Sep 2022 16:14:36 -0400 +Subject: [PATCH] bgpd: avoid notify race between io and main pthreads + +The "bgp_notify_" apis in bgp_packet.c generate a notification +to a peer, usually during error handling. The io pthread wants +to send notifications in a couple of cases during early +received-packet validation - but the existing api interacts +with the peer struct itself, and that's not safe. + +Add a new api for use by the io pthread, and adjust the main +notify api so that it can avoid touching the peer struct. + +Signed-off-by: Mark Stapp + +CVE: CVE-2022-37035 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee] + +Signed-off-by: Yi Zhao +--- + bgpd/bgp_io.c | 17 ++++++++--------- + bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++---- + bgpd/bgp_packet.h | 2 ++ + 3 files changed, 38 insertions(+), 13 deletions(-) + +diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c +index 9b5a31f28..c736d02db 100644 +--- a/bgpd/bgp_io.c ++++ b/bgpd/bgp_io.c +@@ -37,7 +37,7 @@ + #include "bgpd/bgp_debug.h" // for bgp_debug_neighbor_events, bgp_type_str + #include "bgpd/bgp_errors.h" // for expanded error reference information + #include "bgpd/bgp_fsm.h" // for BGP_EVENT_ADD, bgp_event +-#include "bgpd/bgp_packet.h" // for bgp_notify_send_with_data, bgp_notify... ++#include "bgpd/bgp_packet.h" // for bgp_notify_io_invalid... + #include "bgpd/bgp_trace.h" // for frrtraces + #include "bgpd/bgpd.h" // for peer, BGP_MARKER_SIZE, bgp_master, bm + /* clang-format on */ +@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer) + return false; + + if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) { +- bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_NOT_SYNC); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0); + return false; + } + +@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer) + zlog_debug("%s unknown message type 0x%02x", peer->host, + type); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, +- 1); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1); + return false; + } + +@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer) + + uint16_t nsize = htons(size); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESLEN, +- (unsigned char *)&nsize, 2); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESLEN, ++ (unsigned char *)&nsize, 2); + return false; + } + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7c92a8d9e..a5ce5a527 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -736,8 +736,9 @@ static void bgp_write_notify(struct peer *peer) + * @param data Data portion + * @param datalen length of data portion + */ +-void bgp_notify_send_with_data(struct peer *peer, uint8_t code, +- uint8_t sub_code, uint8_t *data, size_t datalen) ++static void bgp_notify_send_internal(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, ++ size_t datalen, bool use_curr) + { + struct stream *s; + +@@ -769,8 +770,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + * If possible, store last packet for debugging purposes. This check is + * in place because we are sometimes called with a doppelganger peer, + * who tends to have a plethora of fields nulled out. ++ * ++ * Some callers should not attempt this - the io pthread for example ++ * should not touch internals of the peer struct. + */ +- if (peer->curr) { ++ if (use_curr && peer->curr) { + size_t packetsize = stream_get_endp(peer->curr); + assert(packetsize <= peer->max_packet_size); + memcpy(peer->last_reset_cause, peer->curr->data, packetsize); +@@ -853,7 +857,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + */ + void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code) + { +- bgp_notify_send_with_data(peer, code, sub_code, NULL, 0); ++ bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true); ++} ++ ++/* ++ * Enqueue notification; called from the main pthread, peer object access is ok. ++ */ ++void bgp_notify_send_with_data(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, size_t datalen) ++{ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, true); ++} ++ ++/* ++ * For use by the io pthread, queueing a notification but avoiding access to ++ * the peer object. ++ */ ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen) ++{ ++ /* Avoid touching the peer object */ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, false); + } + + /* +diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h +index 280d3ec17..898f88ff5 100644 +--- a/bgpd/bgp_packet.h ++++ b/bgpd/bgp_packet.h +@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *); + extern void bgp_notify_send(struct peer *, uint8_t, uint8_t); + extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t, + uint8_t *, size_t); ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen); + extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi, + uint8_t orf_type, uint8_t when_to_refresh, + int remove, uint8_t subtype); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 96be49b53f..658731567d 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -10,6 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ + file://CVE-2022-37035.patch \ + file://CVE-2022-37032.patch \ file://frr.pam \ " diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch index 4cd7290447..0eeddf752c 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch @@ -1,7 +1,8 @@ -From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001 +From 98c62e24fdd05d7e8bd8149840bad8eb0feb3fb1 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Fri, 29 Jan 2021 08:49:15 +0000 -Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit +Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and + 64bit With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves differently between 32bit and 64bit system as the openssl lib resides under @@ -15,12 +16,13 @@ So add the patch to fix the gap between 32bit and 64bit system. Upstream-Status: Inappropriate [configuration specific] Signed-off-by: Mingli Yu + --- m4/ac_add_search_path.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4 -index 8e0a819..961f587 100644 +index 8e0a819..e9585bc 100644 --- a/m4/ac_add_search_path.m4 +++ b/m4/ac_add_search_path.m4 @@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables @@ -34,6 +36,3 @@ index 8e0a819..961f587 100644 fi if test -d $1/include; then CPPFLAGS="-I$1/include $CPPFLAGS" --- -2.29.2 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch index 05a47f61ce..f8a52a63f5 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch @@ -1,4 +1,4 @@ -From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001 +From e86d5fd52f19b85da0b7cce660c6e65ec4c0f9bb Mon Sep 17 00:00:00 2001 From: Li xin Date: Fri, 21 Aug 2015 18:23:13 +0900 Subject: [PATCH] config_os_headers: Error Fix @@ -19,7 +19,7 @@ Signed-off-by: Li Xin 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers -index f07d512..2363b42 100644 +index 01c3376..6edd85f 100644 --- a/configure.d/config_os_headers +++ b/configure.d/config_os_headers @@ -395,8 +395,8 @@ then diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch index 22e591556a..a7881a8713 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch @@ -1,4 +1,4 @@ -From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001 +From 8097734b27fd146f358a4edd0d1a0d28309bd9a4 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 22 Jul 2016 18:34:39 +0000 Subject: [PATCH] get_pid_from_inode: Include limit.h @@ -14,7 +14,7 @@ Signed-off-by: Khem Raj 1 file changed, 1 insertion(+) diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c -index aee907d..7abaec2 100644 +index 5788e1d..ea380a6 100644 --- a/agent/mibgroup/util_funcs/get_pid_from_inode.c +++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c @@ -6,6 +6,7 @@ @@ -23,5 +23,5 @@ index aee907d..7abaec2 100644 #include +#include #include - #if HAVE_STDLIB_H + #ifdef HAVE_STDLIB_H #include diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch deleted file mode 100644 index 4fc9e54b49..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmpd-always-exit-after-displaying-usage.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 94ca941e06bef157bf0e13251f8ca1471daa9393 Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen -Date: Fri, 27 Aug 2021 14:21:45 +0300 -Subject: [PATCH] snmpd: always exit after displaying usage - -Currently, viewing the help text with -h results in snmpd being started -in the background, whereas this does not happen with --help. Similarly, -when an error is detected in command line syntax, the help text is -displayed but sometimes snmpd gets started anyway, depending on the -execution path. - -This patch makes snmpd consistently terminate whenever the usage -function gets called. It also removes the goto statements no longer -needed. - -Upstream-Status: Backport -[https://github.com/net-snmp/net-snmp/commit/94ca941e06bef157bf0e13251f8ca1471daa9393] - -Signed-off-by: Yi Zhao ---- - agent/snmpd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/agent/snmpd.c b/agent/snmpd.c -index f5aab0af8..90de12d99 100644 ---- a/agent/snmpd.c -+++ b/agent/snmpd.c -@@ -289,6 +289,8 @@ usage(char *prog) - " -S d|i|0-7\t\tuse -Ls instead\n" - "\n" - ); -+ SOCK_CLEANUP; -+ exit(1); - } - - static void -@@ -494,7 +496,6 @@ main(int argc, char *argv[]) - case '-': - if (strcasecmp(optarg, "help") == 0) { - usage(argv[0]); -- goto out; - } - if (strcasecmp(optarg, "version") == 0) { - version(); -@@ -783,7 +784,6 @@ main(int argc, char *argv[]) - fprintf(stderr, "%s: Illegal argument -X:" - "AgentX support not compiled in.\n", argv[0]); - usage(argv[0]); -- goto out; - #endif - break; - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch index 42352a6b00..af6334f726 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch @@ -1,4 +1,4 @@ -From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001 +From f4e1acd4f509dd26cf88da872bd5adcf884f4a5f Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 18 Sep 2015 00:28:45 -0400 Subject: [PATCH] snmplib/keytools.c: Don't check for return from @@ -17,7 +17,7 @@ Signed-off-by: Ovidiu Panait 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/snmplib/keytools.c b/snmplib/keytools.c -index 129a7c0..2fc1efc 100644 +index 14a452a..fb1694b 100644 --- a/snmplib/keytools.c +++ b/snmplib/keytools.c @@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch deleted file mode 100644 index c973bde721..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001 -From: Wenlin Kang -Date: Wed, 24 May 2017 16:45:34 +0800 -Subject: [PATCH] configure: fix a cc check issue. - -When has "." in cc value, the expression -$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);' -can't get corretly the cc's value. - -Signed-off-by: Wenlin Kang - ---- - configure.d/config_project_perl_python | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python -index 475c843..22d2ad3 100644 ---- a/configure.d/config_project_perl_python -+++ b/configure.d/config_project_perl_python -@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then - if test "x$enable_perl_cc_checks" != "xno" ; then - AC_MSG_CHECKING([for Perl cc]) - changequote(, ) -- PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'` -+ PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'` - changequote([, ]) - if test "x$PERLCC" != "x" ; then - AC_MSG_RESULT([$PERLCC]) diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch index bfddc63dd7..6e224188a4 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch @@ -1,4 +1,4 @@ -From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001 +From 6d655ba677563ac9d62d4d8eee59fdb39d486c02 Mon Sep 17 00:00:00 2001 From: Wenlin Kang Date: Wed, 24 May 2017 17:10:20 +0800 Subject: [PATCH] configure: fix incorrect variable @@ -14,10 +14,10 @@ Signed-off-by: Wenlin Kang 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in -index 912f6b2..a53d1b2 100644 +index f1cbbf5..1545be3 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt +@@ -173,7 +173,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt # # override LD_RUN_PATH to avoid dependencies on the build directory perlmodules: perlmakefiles subdirs diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch index 26dd014ce4..409c1e03c8 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch @@ -1,4 +1,4 @@ -From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001 +From ab1d77c52e84746e75506a2870783806bc77f396 Mon Sep 17 00:00:00 2001 From: "Roy.Li" Date: Fri, 16 Jan 2015 14:14:01 +0800 Subject: [PATCH] net-snmp: fix "libtool --finish" @@ -20,11 +20,11 @@ Signed-off-by: Roy.Li 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.top b/Makefile.top -index 6315401..fc0ee06 100644 +index a962c54..1ba5607 100644 --- a/Makefile.top +++ b/Makefile.top @@ -89,7 +89,7 @@ LIBREVISION = 0 - LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o + LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) @LD_NO_UNDEFINED@ -o LIB_EXTENSION = la LIB_VERSION = -LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir) diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch index 022eb958f3..35e93d636e 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch @@ -1,4 +1,4 @@ -From 1e3178835217ba89aa355e2b6b88e490f17be16d Mon Sep 17 00:00:00 2001 +From 5ad4eab43c1ea63ff343bba64d576440e8783e75 Mon Sep 17 00:00:00 2001 From: Zheng Ruoqin Date: Wed, 9 Jun 2021 15:47:30 +0900 Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP @@ -7,6 +7,7 @@ Upstream-Status: Pending Signed-off-by: Marian Florea Signed-off-by: Li Zhou +Signed-off-by: Ovidiu Panait --- agent/snmpd.c | 1 + @@ -14,19 +15,19 @@ Signed-off-by: Li Zhou 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/agent/snmpd.c b/agent/snmpd.c -index 1af439f..355b510 100644 +index 90de12d..1ccc4db 100644 --- a/agent/snmpd.c +++ b/agent/snmpd.c -@@ -1208,6 +1208,7 @@ receive(void) - snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", - netsnmp_get_version()); - update_config(); -+ snmp_store(app_name); - send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); - #if HAVE_SIGPROCMASK - ret = sigprocmask(SIG_UNBLOCK, &set, NULL); +@@ -1169,6 +1169,7 @@ snmpd_reconfig(void) + snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", + netsnmp_get_version()); + update_config(); ++ snmp_store(app_name); + send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); + #ifdef HAVE_SIGPROCMASK + ret = sigprocmask(SIG_UNBLOCK, &set, NULL); diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c -index 29c2a0f..ada961c 100644 +index 7b1746b..4a17e0d 100644 --- a/snmplib/snmpv3.c +++ b/snmplib/snmpv3.c @@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg, @@ -41,6 +42,3 @@ index 29c2a0f..ada961c 100644 engineBoots = 1; } --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch index f1ebe2bb61..c5a453abe2 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch @@ -1,4 +1,4 @@ -From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001 +From ad65b106d3cb3c6e595381be1c45a73c1ef6eb5e Mon Sep 17 00:00:00 2001 From: Chong Lu Date: Thu, 28 May 2020 09:46:34 -0500 Subject: [PATCH] net-snmp: add knob whether nlist.h are checked @@ -15,7 +15,7 @@ Signed-off-by: Chong Lu 1 file changed, 2 insertions(+) diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers -index 76ef58a..f07d512 100644 +index b9c8c31..01c3376 100644 --- a/configure.d/config_os_headers +++ b/configure.d/config_os_headers @@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h pthread.h regex.h ] dnl diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch index 2941a36092..c382c02d89 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch @@ -1,4 +1,4 @@ -From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001 +From b1b9980853b1083f0c8b9f628f8b4c3a484d4f91 Mon Sep 17 00:00:00 2001 From: Jackie Huang Date: Thu, 22 Jun 2017 10:25:08 +0800 Subject: [PATCH] net-snmp: fix for --disable-des @@ -15,7 +15,7 @@ Signed-off-by: Jackie Huang 1 file changed, 2 insertions(+) diff --git a/snmplib/scapi.c b/snmplib/scapi.c -index 00c9174..c6875e1 100644 +index 54fdd5c..0f7e931 100644 --- a/snmplib/scapi.c +++ b/snmplib/scapi.c @@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support); diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch index 807983f612..09ca532a7f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch @@ -1,4 +1,4 @@ -From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001 +From 36a5656db7ea75dd15f35a6c1728937c6e2b901c Mon Sep 17 00:00:00 2001 From: Jackie Huang Date: Wed, 14 Jan 2015 15:10:06 +0800 Subject: [PATCH] testing: add the output format for ptest diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch index bf1e7bedf2..c0b51c51e3 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch @@ -1,4 +1,4 @@ -From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001 +From b923cd38e2503b86aedf66b767fd7f51c9f25645 Mon Sep 17 00:00:00 2001 From: "douglas.royds" Date: Wed, 21 Nov 2018 13:52:18 +1300 Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for @@ -13,7 +13,7 @@ set in the environment to "yes" or "no" as appropriate for the target platform. 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4 -index 6f23c8e..8cea75a 100644 +index b6864d9..07ca922 100644 --- a/configure.d/config_os_misc4 +++ b/configure.d/config_os_misc4 @@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb deleted file mode 100644 index 30c0ce74cb..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb +++ /dev/null @@ -1,294 +0,0 @@ -SUMMARY = "Various tools relating to the Simple Network Management Protocol" -HOMEPAGE = "http://www.net-snmp.org/" -SECTION = "net" -LICENSE = "BSD-3-Clause & MIT" - -LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687" - -DEPENDS = "openssl" -DEPENDS:append:class-target = " pciutils" - -SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ - file://init \ - file://snmpd.conf \ - file://snmptrapd.conf \ - file://snmpd.service \ - file://snmptrapd.service \ - file://net-snmp-add-knob-whether-nlist.h-are-checked.patch \ - file://fix-libtool-finish.patch \ - file://net-snmp-testing-add-the-output-format-for-ptest.patch \ - file://run-ptest \ - file://0001-config_os_headers-Error-Fix.patch \ - file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \ - file://0001-get_pid_from_inode-Include-limit.h.patch \ - file://0002-configure-fix-a-cc-check-issue.patch \ - file://0004-configure-fix-incorrect-variable.patch \ - file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \ - file://net-snmp-fix-for-disable-des.patch \ - file://reproducibility-have-printcap.patch \ - file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ - file://0001-snmpd-always-exit-after-displaying-usage.patch \ - " -SRC_URI[sha256sum] = "eb7fd4a44de6cddbffd9a92a85ad1309e5c1054fb9d5a7dd93079c8953f48c3f" - -UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/" -UPSTREAM_CHECK_REGEX = "/net-snmp/(?P\d+(\.\d+)+)/" - -inherit autotools-brokensep update-rc.d siteinfo systemd pkgconfig perlnative ptest multilib_script multilib_header - -EXTRA_OEMAKE = "INSTALL_PREFIX=${D} OTHERLDFLAGS='${LDFLAGS}' HOST_CPPFLAGS='${BUILD_CPPFLAGS}'" - -PARALLEL_MAKE = "" -CCACHE = "" -CLEANBROKEN = "1" - -TARGET_CC_ARCH += "${LDFLAGS}" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} des smux" -PACKAGECONFIG[des] = "--enable-des, --disable-des" -PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils" -PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" -PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl" -PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no, perl" -PACKAGECONFIG[smux] = "" -PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd" - -EXTRA_OECONF = " \ - --enable-shared \ - --disable-manuals \ - --with-defaults \ - --with-install-prefix=${D} \ - --with-persistent-directory=${localstatedir}/lib/net-snmp \ - --with-endianness=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \ - --with-mib-modules='${MIB_MODULES}' \ -" - -MIB_MODULES = "" -MIB_MODULES:append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}" - -CACHED_CONFIGUREVARS = " \ - ac_cv_header_valgrind_valgrind_h=no \ - ac_cv_header_valgrind_memcheck_h=no \ - ac_cv_ETC_MNTTAB=/etc/mtab \ - lt_cv_shlibpath_overrides_runpath=yes \ - ac_cv_path_UNAMEPROG=${base_bindir}/uname \ - ac_cv_path_PSPROG=${base_bindir}/ps \ - ac_cv_file__etc_printcap=no \ - NETSNMP_CONFIGURE_OPTIONS= \ -" -PERLPROG = "${bindir}/env perl" -PERLPROG:class-native = "${bindir_native}/env perl" -PERLPROG:append = "${@bb.utils.contains('PACKAGECONFIG', 'perl', ' -I${WORKDIR}', '', d)}" -export PERLPROG - -HAS_PERL = "${@bb.utils.contains('PACKAGECONFIG', 'perl', '1', '0', d)}" - -PTEST_BUILD_HOST_FILES += "net-snmp-config gen-variables" - -do_configure:prepend() { - sed -i -e "s|I/usr/include|I${STAGING_INCDIR}|g" \ - "${S}"/configure \ - "${S}"/configure.d/config_os_libs2 - - if [ "${HAS_PERL}" = "1" ]; then - # this may need to be changed when package perl has any change. - cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/Config.pm ${WORKDIR}/ - cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/*/Config_heavy.pl ${WORKDIR}/ - sed -e "s@libpth => '/usr/lib.*@libpth => '${STAGING_DIR_TARGET}/${libdir} ${STAGING_DIR_TARGET}/${base_libdir}',@g" \ - -e "s@privlibexp => '/usr@privlibexp => '${STAGING_DIR_TARGET}/usr@g" \ - -e "s@scriptdir => '/usr@scriptdir => '${STAGING_DIR_TARGET}/usr@g" \ - -e "s@sitearchexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ - -e "s@sitelibexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ - -e "s@vendorarchexp => '/usr@vendorarchexp => '${STAGING_DIR_TARGET}/usr@g" \ - -e "s@vendorlibexp => '/usr@vendorlibexp => '${STAGING_DIR_TARGET}/usr@g" \ - -i ${WORKDIR}/Config.pm - fi - -} - -do_configure:append() { - sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=${STAGING_DIR_TARGET}\$\{includedir\}@g" \ - -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L${STAGING_DIR_TARGET}\$\{libdir\}@g" \ - -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L${STAGING_DIR_TARGET}\$\{libdir\} @g" \ - -i ${B}/net-snmp-config -} - -do_install:append() { - install -d ${D}${sysconfdir}/snmp - install -d ${D}${sysconfdir}/init.d - install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/snmpd - install -m 644 ${WORKDIR}/snmpd.conf ${D}${sysconfdir}/snmp/ - install -m 644 ${WORKDIR}/snmptrapd.conf ${D}${sysconfdir}/snmp/ - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/snmpd.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/snmptrapd.service ${D}${systemd_unitdir}/system - sed -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \ - -i ${D}${bindir}/net-snmp-create-v3-user - sed -e 's@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g' \ - -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ - -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ - -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ - -e 's@[^ ]*--sysroot=[^ "]*@@g' \ - -e 's@[^ ]*--with-libtool-sysroot=[^ "]*@@g' \ - -e 's@[^ ]*--with-install-prefix=[^ "]*@@g' \ - -e 's@[^ ]*PKG_CONFIG_PATH=[^ "]*@@g' \ - -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \ - -i ${D}${bindir}/net-snmp-config - - sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ - -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ - -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ - -i ${D}${libdir}/pkgconfig/netsnmp*.pc - - # ${STAGING_DIR_HOST} is empty for native builds, and the sed command below - # will result in errors if run for native. - if [ "${STAGING_DIR_HOST}" ]; then - sed -e 's@${STAGING_DIR_HOST}@@g' \ - -i ${D}${bindir}/net-snmp-config ${D}${libdir}/pkgconfig/netsnmp*.pc - fi - - sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=\$\{includedir\}@g" \ - -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L\$\{libdir\}@g" \ - -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L\$\{libdir\} @g" \ - -i ${D}${bindir}/net-snmp-config - - oe_multilib_header net-snmp/net-snmp-config.h - - if [ "${HAS_PERL}" = "1" ]; then - find ${D}${libdir}/ -type f -name "perllocal.pod" | xargs rm -f - fi -} - -do_install_ptest() { - install -d ${D}${PTEST_PATH} - for i in ${S}/dist ${S}/include ${B}/include ${S}/mibs ${S}/configure \ - ${B}/net-snmp-config ${S}/testing; do - if [ -e "$i" ]; then - cp -R --no-dereference --preserve=mode,links -v "$i" ${D}${PTEST_PATH} - fi - done - echo `autoconf -V|awk '/autoconf/{print $NF}'` > ${D}${PTEST_PATH}/dist/autoconf-version - - rmdlist="${D}${PTEST_PATH}/dist/net-snmp-solaris-build" - for i in $rmdlist; do - if [ -d "$i" ]; then - rm -rf "$i" - fi - done -} - -SYSROOT_PREPROCESS_FUNCS += "net_snmp_sysroot_preprocess" -SNMP_DBGDIR = "/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" - -net_snmp_sysroot_preprocess () { - if [ -e ${D}${bindir}/net-snmp-config ]; then - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/net-snmp-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - sed -e "s@-I/usr/include@-I${STAGING_INCDIR}@g" \ - -e "s@^prefix=.*@prefix=${STAGING_DIR_HOST}${prefix}@g" \ - -e "s@^exec_prefix=.*@exec_prefix=${STAGING_EXECPREFIXDIR}@g" \ - -e "s@^includedir=.*@includedir=${STAGING_INCDIR}@g" \ - -e "s@^libdir=.*@libdir=${STAGING_LIBDIR}@g" \ - -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=${S}@g" \ - -e "s@-ffile-prefix-map=${SNMP_DBGDIR}@-ffile-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ - -e "s@-fdebug-prefix-map=${SNMP_DBGDIR}@-fdebug-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ - -e "s@-fdebug-prefix-map= -fdebug-prefix-map=@-fdebug-prefix-map=${STAGING_DIR_NATIVE}= \ - -fdebug-prefix-map=${STAGING_DIR_HOST}=@g" \ - -e "s@--sysroot=@--sysroot=${STAGING_DIR_HOST}@g" \ - -e "s@--with-libtool-sysroot=@--with-libtool-sysroot=${STAGING_DIR_HOST}@g" \ - -e "s@--with-install-prefix=@--with-install-prefix=${D}@g" \ - -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/net-snmp-config - fi -} - -PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client \ - ${PN}-server-snmpd ${PN}-server-snmptrapd \ - ${PN}-lib-netsnmp ${PN}-lib-agent ${PN}-lib-helpers \ - ${PN}-lib-mibs ${PN}-lib-trapd" - -# perl module -PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'perl', '${PN}-perl-modules', '', d)}" - -ALLOW_EMPTY:${PN} = "1" -ALLOW_EMPTY:${PN}-server = "1" -ALLOW_EMPTY:${PN}-libs = "1" - -FILES:${PN}-perl-modules = "${libdir}/perl?/*" -RDEPENDS:${PN}-perl-modules = "perl" - -FILES:${PN}-libs = "" -FILES:${PN}-mibs = "${datadir}/snmp/mibs" -FILES:${PN}-server-snmpd = "${sbindir}/snmpd \ - ${sysconfdir}/snmp/snmpd.conf \ - ${sysconfdir}/init.d \ - ${systemd_unitdir}/system/snmpd.service \ -" - -FILES:${PN}-server-snmptrapd = "${sbindir}/snmptrapd \ - ${sysconfdir}/snmp/snmptrapd.conf \ - ${systemd_unitdir}/system/snmptrapd.service \ -" - -FILES:${PN}-lib-netsnmp = "${libdir}/libnetsnmp${SOLIBS}" -FILES:${PN}-lib-agent = "${libdir}/libnetsnmpagent${SOLIBS}" -FILES:${PN}-lib-helpers = "${libdir}/libnetsnmphelpers${SOLIBS}" -FILES:${PN}-lib-mibs = "${libdir}/libnetsnmpmibs${SOLIBS}" -FILES:${PN}-lib-trapd = "${libdir}/libnetsnmptrapd${SOLIBS}" - -FILES:${PN} = "" -FILES:${PN}-client = "${bindir}/* ${datadir}/snmp/" -FILES:${PN}-dbg += "${libdir}/.debug/ ${sbindir}/.debug/ ${bindir}/.debug/" -FILES:${PN}-dev += "${bindir}/mib2c \ - ${bindir}/mib2c-update \ - ${bindir}/net-snmp-config \ - ${bindir}/net-snmp-create-v3-user \ -" - -CONFFILES:${PN}-server-snmpd = "${sysconfdir}/snmp/snmpd.conf" -CONFFILES:${PN}-server-snmptrapd = "${sysconfdir}/snmp/snmptrapd.conf" - -INITSCRIPT_PACKAGES = "${PN}-server-snmpd" -INITSCRIPT_NAME:${PN}-server-snmpd = "snmpd" -INITSCRIPT_PARAMS:${PN}-server-snmpd = "start 90 2 3 4 5 . stop 60 0 1 6 ." - -SYSTEMD_PACKAGES = "${PN}-server-snmpd \ - ${PN}-server-snmptrapd" - -SYSTEMD_SERVICE:${PN}-server-snmpd = "snmpd.service" -SYSTEMD_SERVICE:${PN}-server-snmptrapd = "snmptrapd.service" - -RDEPENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'net-snmp-perl-modules', '', d)}" -RDEPENDS:${PN} += "net-snmp-client" -RDEPENDS:${PN}-server-snmpd += "net-snmp-mibs" -RDEPENDS:${PN}-server-snmptrapd += "net-snmp-server-snmpd ${PN}-lib-trapd" -RDEPENDS:${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd" -RDEPENDS:${PN}-client += "net-snmp-mibs net-snmp-libs" -RDEPENDS:${PN}-libs += "libpci \ - ${PN}-lib-netsnmp \ - ${PN}-lib-agent \ - ${PN}-lib-helpers \ - ${PN}-lib-mibs \ -" -RDEPENDS:${PN}-ptest += "perl \ - perl-module-test \ - perl-module-file-basename \ - perl-module-getopt-long \ - perl-module-file-temp \ - perl-module-data-dumper \ -" -RDEPENDS:${PN}-dev = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})" -RRECOMMENDS:${PN}-dbg = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})" - -RPROVIDES:${PN}-server-snmpd += "${PN}-server-snmpd-systemd" -RREPLACES:${PN}-server-snmpd += "${PN}-server-snmpd-systemd" -RCONFLICTS:${PN}-server-snmpd += "${PN}-server-snmpd-systemd" - -RPROVIDES:${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" -RREPLACES:${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" -RCONFLICTS:${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" - -LEAD_SONAME = "libnetsnmp.so" - -MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/net-snmp-config" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb new file mode 100644 index 0000000000..7af5147566 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -0,0 +1,292 @@ +SUMMARY = "Various tools relating to the Simple Network Management Protocol" +HOMEPAGE = "http://www.net-snmp.org/" +SECTION = "net" +LICENSE = "BSD-3-Clause & MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687" + +DEPENDS = "openssl" +DEPENDS:append:class-target = " pciutils" + +SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ + file://init \ + file://snmpd.conf \ + file://snmptrapd.conf \ + file://snmpd.service \ + file://snmptrapd.service \ + file://net-snmp-add-knob-whether-nlist.h-are-checked.patch \ + file://fix-libtool-finish.patch \ + file://net-snmp-testing-add-the-output-format-for-ptest.patch \ + file://run-ptest \ + file://0001-config_os_headers-Error-Fix.patch \ + file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \ + file://0001-get_pid_from_inode-Include-limit.h.patch \ + file://0004-configure-fix-incorrect-variable.patch \ + file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \ + file://net-snmp-fix-for-disable-des.patch \ + file://reproducibility-have-printcap.patch \ + file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + " +SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" + +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/" +UPSTREAM_CHECK_REGEX = "/net-snmp/(?P\d+(\.\d+)+)/" + +inherit autotools-brokensep update-rc.d siteinfo systemd pkgconfig perlnative ptest multilib_script multilib_header + +EXTRA_OEMAKE = "INSTALL_PREFIX=${D} OTHERLDFLAGS='${LDFLAGS}' HOST_CPPFLAGS='${BUILD_CPPFLAGS}'" + +PARALLEL_MAKE = "" +CCACHE = "" +CLEANBROKEN = "1" + +TARGET_CC_ARCH += "${LDFLAGS}" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} des smux" +PACKAGECONFIG[des] = "--enable-des, --disable-des" +PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils" +PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" +PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl" +PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no, perl" +PACKAGECONFIG[smux] = "" +PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd" + +EXTRA_OECONF = " \ + --enable-shared \ + --disable-manuals \ + --with-defaults \ + --with-install-prefix=${D} \ + --with-persistent-directory=${localstatedir}/lib/net-snmp \ + --with-endianness=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \ + --with-mib-modules='${MIB_MODULES}' \ +" + +MIB_MODULES = "" +MIB_MODULES:append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_header_valgrind_valgrind_h=no \ + ac_cv_header_valgrind_memcheck_h=no \ + ac_cv_ETC_MNTTAB=/etc/mtab \ + lt_cv_shlibpath_overrides_runpath=yes \ + ac_cv_path_UNAMEPROG=${base_bindir}/uname \ + ac_cv_path_PSPROG=${base_bindir}/ps \ + ac_cv_file__etc_printcap=no \ + NETSNMP_CONFIGURE_OPTIONS= \ +" +PERLPROG = "${bindir}/env perl" +PERLPROG:class-native = "${bindir_native}/env perl" +PERLPROG:append = "${@bb.utils.contains('PACKAGECONFIG', 'perl', ' -I${WORKDIR}', '', d)}" +export PERLPROG + +HAS_PERL = "${@bb.utils.contains('PACKAGECONFIG', 'perl', '1', '0', d)}" + +PTEST_BUILD_HOST_FILES += "net-snmp-config gen-variables" + +do_configure:prepend() { + sed -i -e "s|I/usr/include|I${STAGING_INCDIR}|g" \ + "${S}"/configure \ + "${S}"/configure.d/config_os_libs2 + + if [ "${HAS_PERL}" = "1" ]; then + # this may need to be changed when package perl has any change. + cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/Config.pm ${WORKDIR}/ + cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/*/Config_heavy.pl ${WORKDIR}/ + sed -e "s@libpth => '/usr/lib.*@libpth => '${STAGING_DIR_TARGET}/${libdir} ${STAGING_DIR_TARGET}/${base_libdir}',@g" \ + -e "s@privlibexp => '/usr@privlibexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@scriptdir => '/usr@scriptdir => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@sitearchexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@sitelibexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@vendorarchexp => '/usr@vendorarchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@vendorlibexp => '/usr@vendorlibexp => '${STAGING_DIR_TARGET}/usr@g" \ + -i ${WORKDIR}/Config.pm + fi + +} + +do_configure:append() { + sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=${STAGING_DIR_TARGET}\$\{includedir\}@g" \ + -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L${STAGING_DIR_TARGET}\$\{libdir\}@g" \ + -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L${STAGING_DIR_TARGET}\$\{libdir\} @g" \ + -i ${B}/net-snmp-config +} + +do_install:append() { + install -d ${D}${sysconfdir}/snmp + install -d ${D}${sysconfdir}/init.d + install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/snmpd + install -m 644 ${WORKDIR}/snmpd.conf ${D}${sysconfdir}/snmp/ + install -m 644 ${WORKDIR}/snmptrapd.conf ${D}${sysconfdir}/snmp/ + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/snmpd.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/snmptrapd.service ${D}${systemd_unitdir}/system + sed -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \ + -i ${D}${bindir}/net-snmp-create-v3-user + sed -e 's@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g' \ + -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*--sysroot=[^ "]*@@g' \ + -e 's@[^ ]*--with-libtool-sysroot=[^ "]*@@g' \ + -e 's@[^ ]*--with-install-prefix=[^ "]*@@g' \ + -e 's@[^ ]*PKG_CONFIG_PATH=[^ "]*@@g' \ + -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \ + -i ${D}${bindir}/net-snmp-config + + sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -i ${D}${libdir}/pkgconfig/netsnmp*.pc + + # ${STAGING_DIR_HOST} is empty for native builds, and the sed command below + # will result in errors if run for native. + if [ "${STAGING_DIR_HOST}" ]; then + sed -e 's@${STAGING_DIR_HOST}@@g' \ + -i ${D}${bindir}/net-snmp-config ${D}${libdir}/pkgconfig/netsnmp*.pc + fi + + sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=\$\{includedir\}@g" \ + -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L\$\{libdir\}@g" \ + -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L\$\{libdir\} @g" \ + -i ${D}${bindir}/net-snmp-config + + oe_multilib_header net-snmp/net-snmp-config.h + + if [ "${HAS_PERL}" = "1" ]; then + find ${D}${libdir}/ -type f -name "perllocal.pod" | xargs rm -f + fi +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH} + for i in ${S}/dist ${S}/include ${B}/include ${S}/mibs ${S}/configure \ + ${B}/net-snmp-config ${S}/testing; do + if [ -e "$i" ]; then + cp -R --no-dereference --preserve=mode,links -v "$i" ${D}${PTEST_PATH} + fi + done + echo `autoconf -V|awk '/autoconf/{print $NF}'` > ${D}${PTEST_PATH}/dist/autoconf-version + + rmdlist="${D}${PTEST_PATH}/dist/net-snmp-solaris-build" + for i in $rmdlist; do + if [ -d "$i" ]; then + rm -rf "$i" + fi + done +} + +SYSROOT_PREPROCESS_FUNCS += "net_snmp_sysroot_preprocess" +SNMP_DBGDIR = "/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" + +net_snmp_sysroot_preprocess () { + if [ -e ${D}${bindir}/net-snmp-config ]; then + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/net-snmp-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -e "s@-I/usr/include@-I${STAGING_INCDIR}@g" \ + -e "s@^prefix=.*@prefix=${STAGING_DIR_HOST}${prefix}@g" \ + -e "s@^exec_prefix=.*@exec_prefix=${STAGING_EXECPREFIXDIR}@g" \ + -e "s@^includedir=.*@includedir=${STAGING_INCDIR}@g" \ + -e "s@^libdir=.*@libdir=${STAGING_LIBDIR}@g" \ + -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=${S}@g" \ + -e "s@-ffile-prefix-map=${SNMP_DBGDIR}@-ffile-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ + -e "s@-fdebug-prefix-map=${SNMP_DBGDIR}@-fdebug-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ + -e "s@-fdebug-prefix-map= -fdebug-prefix-map=@-fdebug-prefix-map=${STAGING_DIR_NATIVE}= \ + -fdebug-prefix-map=${STAGING_DIR_HOST}=@g" \ + -e "s@--sysroot=@--sysroot=${STAGING_DIR_HOST}@g" \ + -e "s@--with-libtool-sysroot=@--with-libtool-sysroot=${STAGING_DIR_HOST}@g" \ + -e "s@--with-install-prefix=@--with-install-prefix=${D}@g" \ + -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/net-snmp-config + fi +} + +PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client \ + ${PN}-server-snmpd ${PN}-server-snmptrapd \ + ${PN}-lib-netsnmp ${PN}-lib-agent ${PN}-lib-helpers \ + ${PN}-lib-mibs ${PN}-lib-trapd" + +# perl module +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'perl', '${PN}-perl-modules', '', d)}" + +ALLOW_EMPTY:${PN} = "1" +ALLOW_EMPTY:${PN}-server = "1" +ALLOW_EMPTY:${PN}-libs = "1" + +FILES:${PN}-perl-modules = "${libdir}/perl?/*" +RDEPENDS:${PN}-perl-modules = "perl" + +FILES:${PN}-libs = "" +FILES:${PN}-mibs = "${datadir}/snmp/mibs" +FILES:${PN}-server-snmpd = "${sbindir}/snmpd \ + ${sysconfdir}/snmp/snmpd.conf \ + ${sysconfdir}/init.d \ + ${systemd_unitdir}/system/snmpd.service \ +" + +FILES:${PN}-server-snmptrapd = "${sbindir}/snmptrapd \ + ${sysconfdir}/snmp/snmptrapd.conf \ + ${systemd_unitdir}/system/snmptrapd.service \ +" + +FILES:${PN}-lib-netsnmp = "${libdir}/libnetsnmp${SOLIBS}" +FILES:${PN}-lib-agent = "${libdir}/libnetsnmpagent${SOLIBS}" +FILES:${PN}-lib-helpers = "${libdir}/libnetsnmphelpers${SOLIBS}" +FILES:${PN}-lib-mibs = "${libdir}/libnetsnmpmibs${SOLIBS}" +FILES:${PN}-lib-trapd = "${libdir}/libnetsnmptrapd${SOLIBS}" + +FILES:${PN} = "" +FILES:${PN}-client = "${bindir}/* ${datadir}/snmp/" +FILES:${PN}-dbg += "${libdir}/.debug/ ${sbindir}/.debug/ ${bindir}/.debug/" +FILES:${PN}-dev += "${bindir}/mib2c \ + ${bindir}/mib2c-update \ + ${bindir}/net-snmp-config \ + ${bindir}/net-snmp-create-v3-user \ +" + +CONFFILES:${PN}-server-snmpd = "${sysconfdir}/snmp/snmpd.conf" +CONFFILES:${PN}-server-snmptrapd = "${sysconfdir}/snmp/snmptrapd.conf" + +INITSCRIPT_PACKAGES = "${PN}-server-snmpd" +INITSCRIPT_NAME:${PN}-server-snmpd = "snmpd" +INITSCRIPT_PARAMS:${PN}-server-snmpd = "start 90 2 3 4 5 . stop 60 0 1 6 ." + +SYSTEMD_PACKAGES = "${PN}-server-snmpd \ + ${PN}-server-snmptrapd" + +SYSTEMD_SERVICE:${PN}-server-snmpd = "snmpd.service" +SYSTEMD_SERVICE:${PN}-server-snmptrapd = "snmptrapd.service" + +RDEPENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'net-snmp-perl-modules', '', d)}" +RDEPENDS:${PN} += "net-snmp-client" +RDEPENDS:${PN}-server-snmpd += "net-snmp-mibs" +RDEPENDS:${PN}-server-snmptrapd += "net-snmp-server-snmpd ${PN}-lib-trapd" +RDEPENDS:${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd" +RDEPENDS:${PN}-client += "net-snmp-mibs net-snmp-libs" +RDEPENDS:${PN}-libs += "libpci \ + ${PN}-lib-netsnmp \ + ${PN}-lib-agent \ + ${PN}-lib-helpers \ + ${PN}-lib-mibs \ +" +RDEPENDS:${PN}-ptest += "perl \ + perl-module-test \ + perl-module-file-basename \ + perl-module-getopt-long \ + perl-module-file-temp \ + perl-module-data-dumper \ +" +RDEPENDS:${PN}-dev = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})" +RRECOMMENDS:${PN}-dbg = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})" + +RPROVIDES:${PN}-server-snmpd += "${PN}-server-snmpd-systemd" +RREPLACES:${PN}-server-snmpd += "${PN}-server-snmpd-systemd" +RCONFLICTS:${PN}-server-snmpd += "${PN}-server-snmpd-systemd" + +RPROVIDES:${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" +RREPLACES:${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" +RCONFLICTS:${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" + +LEAD_SONAME = "libnetsnmp.so" + +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/net-snmp-config" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc index 136c65d8fd..a8ff21a125 100644 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc @@ -3,8 +3,9 @@ HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" SECTION = "net" # GPLv3 was added in version 2.41 as license option LICENSE = "GPL-2.0-only | GPL-3.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ - file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504 \ + " #at least versions 2.69 and prior are moved to the archive folder on the server SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV').split('.')[1]) > 69]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \ diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch deleted file mode 100644 index 6bd734d756..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001 -From: Simon Kelley -Date: Thu, 31 Mar 2022 21:35:20 +0100 -Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934 - refers. - -CVE: CVE-2022-0934 - -Upstream-Status: Backport -[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe] - -Signed-off-by: Yi Zhao ---- - CHANGELOG | 3 +++ - src/rfc3315.c | 48 +++++++++++++++++++++++++++--------------------- - 2 files changed, 30 insertions(+), 21 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 5e54df9..a28da2a 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,4 +1,7 @@ - version 2.86 -+ Fix write-after-free error in DHCPv6 server code. -+ CVE-2022-0934 refers. -+ - Handle DHCPREBIND requests in the DHCPv6 server code. - Thanks to Aichun Li for spotting this omission, and the initial - patch. -diff --git a/src/rfc3315.c b/src/rfc3315.c -index 5c2ff97..6ecfeeb 100644 ---- a/src/rfc3315.c -+++ b/src/rfc3315.c -@@ -33,9 +33,9 @@ struct state { - unsigned int mac_len, mac_type; - }; - --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now); --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now); -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now); - static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts); - static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string); - static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string); -@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if - } - - /* This cost me blood to write, it will probably cost you blood to understand - srk. */ --static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, -+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, - struct in6_addr *client_addr, int is_unicast, time_t now) - { - void *end = inbuff + sz; - void *opts = inbuff + 34; -- int msg_type = *((unsigned char *)inbuff); -+ int msg_type = *inbuff; - unsigned char *outmsgtypep; - void *opt; - struct dhcp_vendor *vendor; -@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, - return 1; - } - --static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now) -+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now) - { - void *opt; -- int i, o, o1, start_opts; -+ int i, o, o1, start_opts, start_msg; - struct dhcp_opt *opt_cfg; - struct dhcp_netid *tagif; - struct dhcp_config *config = NULL; - struct dhcp_netid known_id, iface_id, v6_id; -- unsigned char *outmsgtypep; -+ unsigned char outmsgtype; - struct dhcp_vendor *vendor; - struct dhcp_context *context_tmp; - struct dhcp_mac *mac_opt; -@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - v6_id.next = state->tags; - state->tags = &v6_id; - -- /* copy over transaction-id, and save pointer to message type */ -- if (!(outmsgtypep = put_opt6(inbuff, 4))) -+ start_msg = save_counter(-1); -+ /* copy over transaction-id */ -+ if (!put_opt6(inbuff, 4)) - return 0; - start_opts = save_counter(-1); -- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16; -- -+ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16; -+ - /* We're going to be linking tags from all context we use. - mark them as unused so we don't link one twice and break the list */ - for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current) -@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE)) - - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - o1 = new_opt6(OPTION6_STATUS_CODE); - put_opt6_short(DHCP6USEMULTI); - put_opt6_string("Use multicast"); -@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - struct dhcp_netid *solicit_tags; - struct dhcp_context *c; - -- *outmsgtypep = DHCP6ADVERTISE; -+ outmsgtype = DHCP6ADVERTISE; - - if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0)) - { -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - o = new_opt6(OPTION6_RAPID_COMMIT); - end_opt6(o); -@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int start = save_counter(-1); - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - state->lease_allocate = 1; - - log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL); -@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int address_assigned = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL); - -@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - int good_addr = 0; - - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPCONFIRM", NULL, NULL); - -@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname); - if (ignore) - return 0; -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - tagif = add_options(state, 1); - break; - } -@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6RELEASE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPRELEASE", NULL, NULL); - -@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - case DHCP6DECLINE: - { - /* set reply message type */ -- *outmsgtypep = DHCP6REPLY; -+ outmsgtype = DHCP6REPLY; - - log6_quiet(state, "DHCPDECLINE", NULL, NULL); - -@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ - } - - } -- -+ -+ /* Fill in the message type. Note that we store the offset, -+ not a direct pointer, since the packet memory may have been -+ reallocated. */ -+ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype; -+ - log_tags(tagif, state->xid); - log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1)); - --- -2.25.1 - diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb deleted file mode 100644 index 0f7880ce8c..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb +++ /dev/null @@ -1,8 +0,0 @@ -require dnsmasq.inc - -SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512" -SRC_URI += "\ - file://lua.patch \ - file://CVE-2022-0934.patch \ -" - diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb new file mode 100644 index 0000000000..793b61d712 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb @@ -0,0 +1,7 @@ +require dnsmasq.inc + +SRC_URI[dnsmasq-2.87.sha256sum] = "ae39bffde9c37e4d64849b528afeb060be6bad6d1044a3bd94a49fce41357284" +SRC_URI += "\ + file://lua.patch \ +" + diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb deleted file mode 100644 index 6dd3ec3a9a..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.3.bb +++ /dev/null @@ -1,81 +0,0 @@ -SUMMARY = "Hierarchical, reference counted memory pool system with destructors" -HOMEPAGE = "http://ldb.samba.org" -SECTION = "libs" -LICENSE = "LGPL-3.0-or-later & LGPL-2.1-or-later & GPL-3.0-or-later" - -DEPENDS += "libtdb libtalloc libtevent popt" -RDEPENDS:pyldb += "python3" - -SRC_URI = "http://samba.org/ftp/ldb/ldb-${PV}.tar.gz \ - file://0001-do-not-import-target-module-while-cross-compile.patch \ - file://0002-ldb-Add-configure-options-for-packages.patch \ - file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ - file://libldb-fix-musl-libc-conflict-type-error.patch \ - " - -PACKAGECONFIG ??= "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'acl', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} \ -" -PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" -PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" -PACKAGECONFIG[ldap] = ",,openldap" -PACKAGECONFIG[libaio] = "--with-libaio,--without-libaio,libaio" -PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" -PACKAGECONFIG[valgrind] = "--with-valgrind,--without-valgrind,valgrind" -PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb," - -SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'ldap', '', 'file://0003-avoid-openldap-unless-wanted.patch', d)}" - -LIC_FILES_CHKSUM = "file://pyldb.h;endline=24;md5=dfbd238cecad76957f7f860fbe9adade \ - file://man/ldb.3.xml;beginline=261;endline=262;md5=137f9fd61040c1505d1aa1019663fd08 \ - file://tools/ldbdump.c;endline=19;md5=a7d4fc5d1f75676b49df491575a86a42" - -SRC_URI[md5sum] = "6824f69ea3bb58cb8a3be4c179e7569a" -SRC_URI[sha256sum] = "9ef39700ff05b3e8f5801d2a39fe1ba023218650f81c9d377caca22f49076807" - -inherit pkgconfig waf-samba - -S = "${WORKDIR}/ldb-${PV}" - -#cross_compile cannot use preforked process, since fork process earlier than point subproces.popen -#to cross Popen -export WAF_NO_PREFORK="yes" - -EXTRA_OECONF += "--disable-rpath \ - --disable-rpath-install \ - --bundled-libraries=cmocka \ - --builtin-libraries=replace \ - --with-modulesdir=${libdir}/ldb/modules \ - --with-privatelibdir=${libdir}/ldb \ - --with-libiconv=${STAGING_DIR_HOST}${prefix}\ - " - -PACKAGES =+ "pyldb pyldb-dbg pyldb-dev" - -NOAUTOPACKAGEDEBUG = "1" - -FILES:${PN} += "${libdir}/ldb/*" -FILES:${PN}-dbg += "${bindir}/.debug/* \ - ${libdir}/.debug/* \ - ${libdir}/ldb/.debug/* \ - ${libdir}/ldb/modules/ldb/.debug/*" - -FILES:pyldb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ - ${libdir}/libpyldb-util.*.so.* \ - " -FILES:pyldb-dbg = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug \ - ${libdir}/.debug/libpyldb-util.*.so.*" -FILES:pyldb-dev = "${libdir}/libpyldb-util.*.so" - -# Prevent third_party/waf/waflib/Configure.py checking host's path which is -# incorrect for cross building. -export PREFIX = "/" -export LIBDIR = "${libdir}" -export BINDIR = "${bindir}" - -do_configure:prepend() { - # For a clean rebuild - rm -fr bin/ -} diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb new file mode 100644 index 0000000000..af5f0427d4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.3.4.bb @@ -0,0 +1,81 @@ +SUMMARY = "Hierarchical, reference counted memory pool system with destructors" +HOMEPAGE = "http://ldb.samba.org" +SECTION = "libs" +LICENSE = "LGPL-3.0-or-later & LGPL-2.1-or-later & GPL-3.0-or-later" + +DEPENDS += "libtdb libtalloc libtevent popt" +RDEPENDS:pyldb += "python3" + +SRC_URI = "http://samba.org/ftp/ldb/ldb-${PV}.tar.gz \ + file://0001-do-not-import-target-module-while-cross-compile.patch \ + file://0002-ldb-Add-configure-options-for-packages.patch \ + file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ + file://libldb-fix-musl-libc-conflict-type-error.patch \ + " + +PACKAGECONFIG ??= "\ + ${@bb.utils.filter('DISTRO_FEATURES', 'acl', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} \ +" +PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" +PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" +PACKAGECONFIG[ldap] = ",,openldap" +PACKAGECONFIG[libaio] = "--with-libaio,--without-libaio,libaio" +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" +PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" +PACKAGECONFIG[valgrind] = "--with-valgrind,--without-valgrind,valgrind" +PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb," + +SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'ldap', '', 'file://0003-avoid-openldap-unless-wanted.patch', d)}" + +LIC_FILES_CHKSUM = "file://pyldb.h;endline=24;md5=dfbd238cecad76957f7f860fbe9adade \ + file://man/ldb.3.xml;beginline=261;endline=262;md5=137f9fd61040c1505d1aa1019663fd08 \ + file://tools/ldbdump.c;endline=19;md5=a7d4fc5d1f75676b49df491575a86a42" + +SRC_URI[md5sum] = "b01d6913a06901c22c5bc6caedc548ac" +SRC_URI[sha256sum] = "f2e88dcab7b6007d92724b62f8a16e7c6e77275885c60eb4f87097e4aa4082c1" + +inherit pkgconfig waf-samba + +S = "${WORKDIR}/ldb-${PV}" + +#cross_compile cannot use preforked process, since fork process earlier than point subproces.popen +#to cross Popen +export WAF_NO_PREFORK="yes" + +EXTRA_OECONF += "--disable-rpath \ + --disable-rpath-install \ + --bundled-libraries=cmocka \ + --builtin-libraries=replace \ + --with-modulesdir=${libdir}/ldb/modules \ + --with-privatelibdir=${libdir}/ldb \ + --with-libiconv=${STAGING_DIR_HOST}${prefix}\ + " + +PACKAGES =+ "pyldb pyldb-dbg pyldb-dev" + +NOAUTOPACKAGEDEBUG = "1" + +FILES:${PN} += "${libdir}/ldb/*" +FILES:${PN}-dbg += "${bindir}/.debug/* \ + ${libdir}/.debug/* \ + ${libdir}/ldb/.debug/* \ + ${libdir}/ldb/modules/ldb/.debug/*" + +FILES:pyldb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ + ${libdir}/libpyldb-util.*.so.* \ + " +FILES:pyldb-dbg = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug \ + ${libdir}/.debug/libpyldb-util.*.so.*" +FILES:pyldb-dev = "${libdir}/libpyldb-util.*.so" + +# Prevent third_party/waf/waflib/Configure.py checking host's path which is +# incorrect for cross building. +export PREFIX = "/" +export LIBDIR = "${libdir}" +export BINDIR = "${bindir}" + +do_configure:prepend() { + # For a clean rebuild + rm -fr bin/ +} diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch new file mode 100644 index 0000000000..98c62eed49 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch @@ -0,0 +1,29 @@ +From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 22 Aug 2022 20:54:17 -0700 +Subject: [PATCH] wscript: Widen the search for tags + +Default is to look for annotated tags, howveer when using devtool we +create our own git tree from release tarballs which will have tags but +they are not annotated, therefore broaden the search to include all tags + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Khem Raj +--- + wscript | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wscript b/wscript +index 879ded1..dff835d 100644 +--- a/wscript ++++ b/wscript +@@ -177,7 +177,7 @@ def configure(ctx): + if build_desc: + build_desc = ' ' + build_desc + if ctx.env.BIN_GIT: +- cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty") ++ cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty") + git_short_hash = ctx.cmd_and_log(cmd).strip() + git_short_hash = '-'.join(git_short_hash.split('-')[1:]) + diff --git a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb index 3efac7d983..bed0e2e108 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb @@ -16,7 +16,9 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \ file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \ file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \ file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \ - file://volatiles.ntpsec" + file://volatiles.ntpsec \ + file://0001-wscript-Widen-the-search-for-tags.patch \ + " SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a" @@ -54,7 +56,7 @@ export PYTAG = "cpython${@ d.getVar('PYTHON_BASEVERSION').replace('.', '')}" export pyext_PATTERN = "%s.so" export PYTHON_LDFLAGS = "-lpthread -ldl" -CFLAGS:append = " -I${PYTHON_INCLUDE_DIR}" +CFLAGS:append = " -I${PYTHON_INCLUDE_DIR} -D_GNU_SOURCE" EXTRA_OECONF = "--cross-compiler='${CC}' \ --cross-cflags='${CFLAGS}' \ diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch new file mode 100644 index 0000000000..4140c46d07 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools/0001-Properly-check-authorization-on-incoming-guestOps-re.patch @@ -0,0 +1,43 @@ +From 70a74758bfe0042c27f15ce590fb21a2bc54d745 Mon Sep 17 00:00:00 2001 +From: John Wolfe +Date: Sun, 21 Aug 2022 07:56:49 -0700 +Subject: [PATCH] Properly check authorization on incoming guestOps requests. + +Fix public pipe request checks. Only a SessionRequest type should +be accepted on the public pipe. + +CVE: CVE-2022-31676 + +Upstream-Status: Backport +[https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745] + +Signed-off-by: Yi Zhao +--- + open-vm-tools/vgauth/serviceImpl/proto.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/open-vm-tools/vgauth/serviceImpl/proto.c b/open-vm-tools/vgauth/serviceImpl/proto.c +index db7159ee..6c672601 100644 +--- a/open-vm-tools/vgauth/serviceImpl/proto.c ++++ b/open-vm-tools/vgauth/serviceImpl/proto.c +@@ -1,5 +1,5 @@ + /********************************************************* +- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved. ++ * Copyright (C) 2011-2016,2019-2022 VMware, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published +@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn, + VGAuthError err; + gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn); + ++ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) { ++ return VGAUTH_E_PERMISSION_DENIED; ++ } ++ + switch (req->reqType) { + /* + * This comes over the public connection; alwsys let it through. +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb index 1c3545f960..4670a85a67 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb @@ -44,6 +44,7 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste file://0001-Make-HgfsConvertFromNtTimeNsec-aware-of-64-bit-time_.patch;patchdir=.. \ file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \ file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \ + file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \ " UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb deleted file mode 100644 index 56db66b8eb..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.1.bb +++ /dev/null @@ -1,21 +0,0 @@ -SUMMARY = "Use previously captured traffic to test network devices" - -HOMEPAGE = "https://tcpreplay.appneta.com/" - -SECTION = "net" - -LICENSE = "GPL-3.0-only" -LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" - -SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" - -SRC_URI[sha256sum] = "cb67b6491a618867fc4f9848f586019f1bb2ebd149f393afac5544ee55e4544f" - -UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases" - -DEPENDS = "libpcap" - -EXTRA_OECONF += "--with-libpcap=${STAGING_DIR_HOST}/usr" - -inherit siteinfo autotools-brokensep - diff --git a/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb new file mode 100644 index 0000000000..165a0e735b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb @@ -0,0 +1,21 @@ +SUMMARY = "Use previously captured traffic to test network devices" + +HOMEPAGE = "https://tcpreplay.appneta.com/" + +SECTION = "net" + +LICENSE = "GPL-3.0-only" +LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" + +SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" + +SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" + +UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases" + +DEPENDS = "libpcap" + +EXTRA_OECONF += "--with-libpcap=${STAGING_DIR_HOST}/usr" + +inherit siteinfo autotools-brokensep + diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch b/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch new file mode 100644 index 0000000000..0b987700f5 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/files/CVE-2022-3190.patch @@ -0,0 +1,145 @@ +From 4585d515b962f3b3a5e81caa64e13e8d9ed2e431 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Mon, 26 Sep 2022 12:47:00 +0530 +Subject: [PATCH] CVE-2022-3190 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/67326401a595fffbc67eeed48eb6c55d66a55f67] +CVE : CVE-2022-3190 +Signed-off-by: Hitendra Prajapati +--- + epan/dissectors/packet-f5ethtrailer.c | 108 +++++++++++++------------- + 1 file changed, 56 insertions(+), 52 deletions(-) + +diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c +index ed77dfd..b15b0d4 100644 +--- a/epan/dissectors/packet-f5ethtrailer.c ++++ b/epan/dissectors/packet-f5ethtrailer.c +@@ -2741,69 +2741,73 @@ dissect_dpt_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d + static gint + dissect_old_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) + { +- proto_tree *type_tree = NULL; +- proto_item *ti = NULL; + guint offset = 0; +- guint processed = 0; +- f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; +- guint8 type; +- guint8 len; +- guint8 ver; + + /* While we still have data in the trailer. For old format trailers, this needs + * type, length, version (3 bytes) and for new format trailers, the magic header (4 bytes). + * All old format trailers are at least 4 bytes long, so just check for length of magic. + */ +- while (tvb_reported_length_remaining(tvb, offset)) { +- type = tvb_get_guint8(tvb, offset); +- len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; +- ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); +- +- if (len <= tvb_reported_length_remaining(tvb, offset) && type >= F5TYPE_LOW +- && type <= F5TYPE_HIGH && len >= F5_MIN_SANE && len <= F5_MAX_SANE +- && ver <= F5TRAILER_VER_MAX) { +- /* Parse out the specified trailer. */ +- switch (type) { +- case F5TYPE_LOW: +- ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); +- +- processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_low = 1; +- } +- break; +- case F5TYPE_MED: +- ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); +- +- processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_med = 1; +- } +- break; +- case F5TYPE_HIGH: +- ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); +- +- processed = +- dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_high = 1; +- } +- break; ++ while (tvb_reported_length_remaining(tvb, offset) >= F5_MIN_SANE) { ++ /* length field does not include the type and length bytes. Add them back in */ ++ guint8 len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; ++ if (len > tvb_reported_length_remaining(tvb, offset) ++ || len < F5_MIN_SANE || len > F5_MAX_SANE) { ++ /* Invalid length - either a malformed trailer, corrupt packet, or not f5ethtrailer */ ++ return offset; ++ } ++ guint8 type = tvb_get_guint8(tvb, offset); ++ guint8 ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); ++ ++ /* Parse out the specified trailer. */ ++ proto_tree *type_tree = NULL; ++ proto_item *ti = NULL; ++ f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; ++ guint processed = 0; ++ ++ switch (type) { ++ case F5TYPE_LOW: ++ ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); ++ ++ processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_low = 1; + } +- if (processed == 0) { +- proto_item_set_len(ti, 1); +- return offset; ++ break; ++ case F5TYPE_MED: ++ ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); ++ ++ processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_med = 1; ++ } ++ break; ++ case F5TYPE_HIGH: ++ ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); ++ ++ processed = ++ dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_high = 1; + } ++ break; ++ default: ++ /* Unknown type - malformed trailer, corrupt packet, or not f5ethtrailer - bali out*/ ++ return offset; ++ } ++ if (processed == 0) { ++ /* couldn't process trailer - bali out */ ++ proto_item_set_len(ti, 1); ++ return offset; + } + offset += processed; + } +-return offset; ++ return offset; + } /* dissect_old_trailer() */ + + /*---------------------------------------------------------------------------*/ +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 38fdbce892..1a4aedc139 100644 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb @@ -15,6 +15,7 @@ SRC_URI += " \ file://0002-flex-Remove-line-directives.patch \ file://0003-bison-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ + file://CVE-2022-3190.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" diff --git a/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch b/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch new file mode 100644 index 0000000000..4fd36ab8ab --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-core/safec/safec/0001-strpbrk_s-Remove-unused-variable-len.patch @@ -0,0 +1,42 @@ +From b1d7cc6495c541cdd99399b4d1a835997376dcbf Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 22 Aug 2022 23:42:33 -0700 +Subject: [PATCH] strpbrk_s: Remove unused variable len + +Fixes +error: variable 'len' set but not used [-Werror,-Wunused-but-set-variable] + +Upstream-Status: Submitted [https://github.com/rurban/safeclib/pull/123] +Signed-off-by: Khem Raj +--- + src/extstr/strpbrk_s.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/extstr/strpbrk_s.c b/src/extstr/strpbrk_s.c +index 5bb7a0f8..2cf8a8be 100644 +--- a/src/extstr/strpbrk_s.c ++++ b/src/extstr/strpbrk_s.c +@@ -79,7 +79,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + #endif + { + char *ps; +- rsize_t len; + + CHK_SRC_NULL("strpbrk_s", firstp) + *firstp = NULL; +@@ -121,7 +120,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + while (*dest && dmax) { + + ps = src; +- len = slen; + while (*ps) { + + /* check for a match with the substring */ +@@ -130,7 +128,6 @@ EXPORT errno_t _strpbrk_s_chk(char *dest, rsize_t dmax, char *src, rsize_t slen, + return RCNEGATE(EOK); + } + ps++; +- len--; + } + dest++; + dmax--; diff --git a/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb b/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb index 5ffe7d7528..9dd6f1c7cc 100644 --- a/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-core/safec/safec_3.7.1.bb @@ -9,7 +9,8 @@ inherit autotools pkgconfig S = "${WORKDIR}/git" SRCREV = "f9add9245b97c7bda6e28cceb0ee37fb7e254fd8" SRC_URI = "git://github.com/rurban/safeclib.git;branch=master;protocol=https \ -" + file://0001-strpbrk_s-Remove-unused-variable-len.patch \ + " COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64|mips).*-linux' diff --git a/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch b/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch new file mode 100644 index 0000000000..312809d1d2 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/lmdb/files/0001-make-set-soname-on-liblmdb.patch @@ -0,0 +1,22 @@ +From b4d418bf3f78748d84e3cfb110833443eef34284 Mon Sep 17 00:00:00 2001 +From: Justin Bronder +Date: Thu, 25 Aug 2022 17:22:20 -0400 +Subject: [PATCH] make: set soname on liblmdb + +--- + libraries/liblmdb/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/liblmdb/Makefile b/libraries/liblmdb/Makefile +index 1ec74e6..ea08cd6 100644 +--- a/libraries/liblmdb/Makefile ++++ b/libraries/liblmdb/Makefile +@@ -66,7 +66,7 @@ liblmdb.a: mdb.o midl.o + + liblmdb$(SOEXT): mdb.lo midl.lo + # $(CC) $(LDFLAGS) -pthread -shared -Wl,-Bsymbolic -o $@ mdb.o midl.o $(SOLIBS) +- $(CC) $(LDFLAGS) -pthread -shared -o $@ mdb.lo midl.lo $(SOLIBS) ++ $(CC) $(LDFLAGS) -pthread -shared -Wl,-soname,$@ -o $@ mdb.lo midl.lo $(SOLIBS) + + mdb_stat: mdb_stat.o liblmdb.a + mdb_copy: mdb_copy.o liblmdb.a diff --git a/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb b/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb index b58a36c446..a76d388d70 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/lmdb/lmdb_0.9.29.bb @@ -11,16 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972" SRC_URI = "git://github.com/LMDB/lmdb.git;nobranch=1;protocol=https \ file://run-ptest \ file://0001-Makefile-use-libprefix-instead-of-libdir.patch \ + file://0001-make-set-soname-on-liblmdb.patch;patchdir=../.. \ " SRCREV = "8ad7be2510414b9506ec9f9e24f24d04d9b04a1a" -inherit base ptest +inherit ptest S = "${WORKDIR}/git/libraries/liblmdb" -LDFLAGS += "-Wl,-soname,lib${PN}.so.${PV}" - do_compile() { oe_runmake CC="${CC}" SOEXT=".so.${PV}" LDFLAGS="${LDFLAGS}" } diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch index 101a748776..52ca276da6 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -30,7 +30,16 @@ diff --git a/src/common/config_info.c b/src/common/config_info.c index e72e729..b482c20 100644 --- a/src/common/config_info.c +++ b/src/common/config_info.c -@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) +@@ -38,7 +38,7 @@ + int i = 0; + + /* Adjust this to match the number of items filled below */ +- *configdata_len = 23; ++ *configdata_len = 14; + configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData)); + + configdata[i].name = pstrdup("BINDIR"); +@@ -123,74 +123,6 @@ configdata[i].setting = pstrdup(path); i++; diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index 2256bccece..4a576d7172 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From 07e605015fad0621c3e67133ff9330a5c6318daa Mon Sep 17 00:00:00 2001 +From 258c6bd2ad96f2c42f1cb5f4c84e4ca5865059f0 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check @@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 04ef7be..0eb595b 100644 +index ffe878e..c39799b 100644 --- a/configure.ac +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [14.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.5], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc index bef33e6bb4..60d44ce979 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql.inc @@ -205,7 +205,7 @@ do_install:append() { # multiple server config directory install -d -m 700 ${D}${sysconfdir}/default/${BPN} - if [ "${@d.getVar('enable_pam')}" = "pam" ]; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/pam.d install -m 644 ${WORKDIR}/postgresql.pam ${D}${sysconfdir}/pam.d/postgresql fi diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb deleted file mode 100644 index 1daab22f92..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.4.bb +++ /dev/null @@ -1,18 +0,0 @@ -require postgresql.inc - -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3" - -SRC_URI += "\ - file://not-check-libperl.patch \ - file://0001-Add-support-for-RISC-V.patch \ - file://0001-Improve-reproducibility.patch \ - file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ - file://remove_duplicate.patch \ - file://0001-config_info.c-not-expose-build-info.patch \ -" - -SRC_URI[sha256sum] = "c23b6237c5231c791511bdc79098617d6852e9e3bdf360efd8b5d15a1a3d8f6a" - -CVE_CHECK_IGNORE += "\ - CVE-2017-8806 \ -" diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb new file mode 100644 index 0000000000..1551d34053 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb @@ -0,0 +1,18 @@ +require postgresql.inc + +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3" + +SRC_URI += "\ + file://not-check-libperl.patch \ + file://0001-Add-support-for-RISC-V.patch \ + file://0001-Improve-reproducibility.patch \ + file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ + file://remove_duplicate.patch \ + file://0001-config_info.c-not-expose-build-info.patch \ +" + +SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" + +CVE_CHECK_IGNORE += "\ + CVE-2017-8806 \ +" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache new file mode 100755 index 0000000000..f596207648 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache @@ -0,0 +1,77 @@ +#!/usr/bin/env node + +/// Usage: oe-npm-cache +/// ... meta - metainformation about package +/// tgz - tarball + +const process = require("node:process"); + +module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); + +const cacache = require('cacache') +const fs = require('fs') + +// argv[0] is 'node', argv[1] is this script +const cache_dir = process.argv[2] +const type = process.argv[3] +const key = process.argv[4] +const file = process.argv[5] + +const data = fs.readFileSync(file) + +// metadata content is highly nodejs dependent; when cache entries are not +// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' +// (CachePolicy::satisfies()) +const xlate = { + 'meta': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', + }, + resHeaders: { + "content-type": "application/json", + "status": 200, + }, + options: { + compress: true, + } + }; + }, + }, + + 'tgz': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': '*/*', + }, + resHeaders: { + "content-type": "application/octet-stream", + "status": 200, + }, + options: { + compress: true, + }, + }; + }, + }, +}; + +const info = xlate[type]; +let opts = {} + +if (info.metadata) { + opts['metadata'] = info.metadata(); +} + +cacache.put(cache_dir, info.key_prefix + key, data, opts) + .then(integrity => { + console.log(`Saved content of ${key} (${file}).`); +}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb new file mode 100644 index 0000000000..a61dd5018f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "OE helper for manipulating npm cache" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +SRC_URI = "\ + file://oe-npm-cache \ +" + +inherit native + +B = "${WORKDIR}/build" + +do_configure() { + sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' +} + +do_install() { + install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache +} + +RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb new file mode 100644 index 0000000000..624ab2621a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.10.bb @@ -0,0 +1,286 @@ +SUMMARY = "A server-side, HTML-embedded scripting language" +HOMEPAGE = "http://www.php.net" +SECTION = "console/network" + +LICENSE = "PHP-3.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=99532e0f6620bc9bca34f12fadaee33c" + +BBCLASSEXTEND = "native" +DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" +DEPENDS:append:libc-musl = " libucontext" +DEPENDS:class-native = "zlib-native libxml2-native" + +PHP_MAJOR_VERSION = "${@d.getVar('PV').split('.')[0]}" + +SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ + file://0002-build-php.m4-don-t-unset-cache-variables.patch \ + file://0003-php-remove-host-specific-info-from-header-file.patch \ + file://0004-configure.ac-don-t-include-build-libtool.m4.patch \ + file://0009-php-don-t-use-broken-wrapper-for-mkdir.patch \ + file://0010-iconv-fix-detection.patch \ + " + +SRC_URI:append:class-target = " \ + file://0001-ext-opcache-config.m4-enable-opcache.patch \ + file://0005-pear-fix-Makefile.frag-for-Yocto.patch \ + file://0006-ext-phar-Makefile.frag-Fix-phar-packaging.patch \ + file://0007-sapi-cli-config.m4-fix-build-directory.patch \ + file://0008-ext-imap-config.m4-fix-include-paths.patch \ + file://php-fpm.conf \ + file://php-fpm-apache.conf \ + file://70_mod_php${PHP_MAJOR_VERSION}.conf \ + file://php-fpm.service \ + " + +S = "${WORKDIR}/php-${PV}" +SRC_URI[sha256sum] = "2de8e0402285f7c56887defe651922308aded58ba60befcf3b77720209e31f10" + +CVE_CHECK_IGNORE += "\ + CVE-2007-2728 \ + CVE-2007-3205 \ + CVE-2007-4596 \ +" + +inherit autotools pkgconfig python3native gettext + +# phpize is not scanned for absolute paths by default (but php-config is). +# +SSTATE_SCAN_FILES += "phpize" +SSTATE_SCAN_FILES += "build-defs.h" + +PHP_LIBDIR = "${libdir}/php${PHP_MAJOR_VERSION}" + +# Common EXTRA_OECONF +COMMON_EXTRA_OECONF = "--enable-sockets \ + --enable-pcntl \ + --enable-shared \ + --disable-rpath \ + --with-pic \ + --libdir=${PHP_LIBDIR} \ +" +EXTRA_OECONF = "--enable-mbstring \ + --enable-fpm \ + --with-libdir=${baselib} \ + --with-gettext=${STAGING_LIBDIR}/.. \ + --with-zlib=${STAGING_LIBDIR}/.. \ + --with-iconv=${STAGING_LIBDIR}/.. \ + --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ + --with-config-file-path=${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} \ + ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '', 'ac_cv_lib_pam_pam_start=no', d)} \ + ${COMMON_EXTRA_OECONF} \ +" + +EXTRA_OECONF:append:riscv64 = " --with-pcre-jit=no" +EXTRA_OECONF:append:riscv32 = " --with-pcre-jit=no" +# Needs fibers assembly implemented for rv32 +# for example rv64 implementation is below +# see https://github.com/php/php-src/commit/70b02d75f2abe3a292d49c4a4e9e4f850c2fee68 +EXTRA_OECONF:append:riscv32:libc-musl = " --disable-fiber-asm" + +CACHED_CONFIGUREVARS += "ac_cv_func_dlopen=no ac_cv_lib_dl_dlopen=yes" + +EXTRA_OECONF:class-native = " \ + --with-zlib=${STAGING_LIBDIR_NATIVE}/.. \ + --without-iconv \ + ${COMMON_EXTRA_OECONF} \ +" + +PACKAGECONFIG ??= "mysql sqlite3 imap opcache openssl \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ +" +PACKAGECONFIG:class-native = "" + +PACKAGECONFIG[zip] = "--with-zip --with-zlib-dir=${STAGING_EXECPREFIXDIR},,libzip" + +PACKAGECONFIG[mysql] = "--with-mysqli=mysqlnd \ + --with-pdo-mysql=mysqlnd \ + ,--without-mysqli --without-pdo-mysql \ + ,mysql5" + +PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_LIBDIR}/.. \ + --with-pdo-sqlite=${STAGING_LIBDIR}/.. \ + ,--without-sqlite3 --without-pdo-sqlite \ + ,sqlite3" +PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,postgresql" +PACKAGECONFIG[soap] = "--enable-soap, --disable-soap, libxml2" +PACKAGECONFIG[apache2] = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs,,apache2-native apache2" +PACKAGECONFIG[pam] = ",,libpam" +PACKAGECONFIG[imap] = "--with-imap=${STAGING_DIR_HOST} \ + --with-imap-ssl=${STAGING_DIR_HOST} \ + ,--without-imap --without-imap-ssl \ + ,uw-imap" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[opcache] = "--enable-opcache,--disable-opcache" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[valgrind] = "--with-valgrind=${STAGING_DIR_TARGET}/usr,--with-valgrind=no,valgrind" +PACKAGECONFIG[mbregex] = "--enable-mbregex, --disable-mbregex, oniguruma" +PACKAGECONFIG[mbstring] = "--enable-mbstring,," + +export HOSTCC = "${BUILD_CC}" +export PHP_NATIVE_DIR = "${STAGING_BINDIR_NATIVE}" +export PHP_PEAR_PHP_BIN = "${STAGING_BINDIR_NATIVE}/php" +CFLAGS += " -D_GNU_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" + +# Adding these flags enables dynamic library support, which is disabled by +# default when cross compiling +# See https://bugs.php.net/bug.php?id=60109 +CFLAGS += " -DHAVE_LIBDL " +LDFLAGS += " -ldl " +LDFLAGS:append:libc-musl = " -lucontext " + +EXTRA_OEMAKE = "INSTALL_ROOT=${D}" + +acpaths = "" + +do_configure:prepend () { + rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 + find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_SBINDIR_NATIVE}/httpd!' +} + +do_configure:append() { + # No, libtool, we really don't want rpath set... + sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool + sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool +} + +do_install:append:class-native() { + rm -rf ${D}/${PHP_LIBDIR}/php/.registry + rm -rf ${D}/${PHP_LIBDIR}/php/.channels + rm -rf ${D}/${PHP_LIBDIR}/php/.[a-z]* +} + +do_install:prepend() { + cat ${ACLOCALDIR}/libtool.m4 ${ACLOCALDIR}/lt~obsolete.m4 ${ACLOCALDIR}/ltoptions.m4 \ + ${ACLOCALDIR}/ltsugar.m4 ${ACLOCALDIR}/ltversion.m4 > ${S}/build/libtool.m4 +} + +do_install:prepend:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then + # Install dummy config file so apxs doesn't fail + install -d ${D}${sysconfdir}/apache2 + printf "\nLoadModule dummy_module modules/mod_dummy.so\n" > ${D}${sysconfdir}/apache2/httpd.conf + fi +} + +# fixme +do_install:append:class-target() { + install -d ${D}${sysconfdir}/ + rm -rf ${D}/.registry + rm -rf ${D}/.channels + rm -rf ${D}/.[a-z]* + rm -rf ${D}/var + rm -f ${D}/${sysconfdir}/php-fpm.conf.default + install -m 0644 ${WORKDIR}/php-fpm.conf ${D}/${sysconfdir}/php-fpm.conf + install -d ${D}/${sysconfdir}/apache2/conf.d + install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf + install -d ${D}${sysconfdir}/init.d + sed -i 's:=/usr/sbin:=${sbindir}:g' ${B}/sapi/fpm/init.d.php-fpm + sed -i 's:=/etc:=${sysconfdir}:g' ${B}/sapi/fpm/init.d.php-fpm + sed -i 's:=/var:=${localstatedir}:g' ${B}/sapi/fpm/init.d.php-fpm + install -m 0755 ${B}/sapi/fpm/init.d.php-fpm ${D}${sysconfdir}/init.d/php-fpm + install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/php-fpm.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ + ${D}${systemd_unitdir}/system/php-fpm.service + fi + + if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/apache2/modules.d + install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} + install -m 644 ${WORKDIR}/70_mod_php${PHP_MAJOR_VERSION}.conf ${D}${sysconfdir}/apache2/modules.d + sed -i s,lib/,${libexecdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php${PHP_MAJOR_VERSION}.conf + cat ${S}/php.ini-production | \ + sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ + > ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION}/php.ini + rm -f ${D}${sysconfdir}/apache2/httpd.conf* + fi +} + +SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" + +php_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + + sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize + sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config +} + +MODPHP_PACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', '${PN}-modphp', '', d)}" + +PACKAGES = "${PN}-dbg ${PN}-cli ${PN}-phpdbg ${PN}-cgi ${PN}-fpm ${PN}-fpm-apache2 ${PN}-pear ${PN}-phar ${MODPHP_PACKAGE} ${PN}-dev ${PN}-staticdev ${PN}-doc ${PN}-opcache ${PN}" + +RDEPENDS:${PN} += "libgcc" +RDEPENDS:${PN}-pear = "${PN}" +RDEPENDS:${PN}-phar = "${PN}-cli" +RDEPENDS:${PN}-cli = "${PN}" +RDEPENDS:${PN}-modphp = "${PN} apache2" +RDEPENDS:${PN}-opcache = "${PN}" + +ALLOW_EMPTY:${PN} = "1" + +INITSCRIPT_PACKAGES = "${PN}-fpm" +inherit update-rc.d + +# WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php: ELF binary /usr/libexec/apache2/modules/libphp.so has relocations in .text [textrel] +#WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php-opcache: ELF binary /usr/lib/php8/extensions/no-debug-zts-20200930/opcache.so has relocations in .text [textrel] +INSANE_SKIP:${PN}:append:x86 = " textrel" +INSANE_SKIP:${PN}-opcache:append:x86 = " textrel" + +FILES:${PN}-dbg =+ "${bindir}/.debug \ + ${libexecdir}/apache2/modules/.debug" +FILES:${PN}-doc += "${PHP_LIBDIR}/php/doc" +FILES:${PN}-cli = "${bindir}/php" +FILES:${PN}-phpdbg = "${bindir}/phpdbg" +FILES:${PN}-phar = "${bindir}/phar*" +FILES:${PN}-cgi = "${bindir}/php-cgi" +FILES:${PN}-fpm = "${sbindir}/php-fpm ${sysconfdir}/php-fpm.conf ${datadir}/fpm ${sysconfdir}/init.d/php-fpm ${systemd_unitdir}/system/php-fpm.service ${sysconfdir}/php-fpm.d/www.conf.default" +FILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" +CONFFILES:${PN}-fpm = "${sysconfdir}/php-fpm.conf" +CONFFILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" +INITSCRIPT_NAME:${PN}-fpm = "php-fpm" +INITSCRIPT_PARAMS:${PN}-fpm = "defaults 60" +FILES:${PN}-pear = "${bindir}/pear* ${bindir}/pecl ${PHP_LIBDIR}/php/PEAR \ + ${PHP_LIBDIR}/php/PEAR*.php ${PHP_LIBDIR}/php/System.php \ + ${PHP_LIBDIR}/php/peclcmd.php ${PHP_LIBDIR}/php/pearcmd.php \ + ${PHP_LIBDIR}/php/.channels ${PHP_LIBDIR}/php/.channels/.alias \ + ${PHP_LIBDIR}/php/.registry ${PHP_LIBDIR}/php/Archive/Tar.php \ + ${PHP_LIBDIR}/php/Console/Getopt.php ${PHP_LIBDIR}/php/OS/Guess.php \ + ${PHP_LIBDIR}/php/data/PEAR \ + ${sysconfdir}/pear.conf" +FILES:${PN}-dev = "${includedir}/php ${PHP_LIBDIR}/build ${bindir}/phpize \ + ${bindir}/php-config ${PHP_LIBDIR}/php/.depdb \ + ${PHP_LIBDIR}/php/.depdblock ${PHP_LIBDIR}/php/.filemap \ + ${PHP_LIBDIR}/php/.lock ${PHP_LIBDIR}/php/test" +FILES:${PN}-staticdev += "${PHP_LIBDIR}/extensions/*/*.a" +FILES:${PN}-opcache = "${PHP_LIBDIR}/extensions/*/opcache${SOLIBSDEV}" +FILES:${PN} = "${PHP_LIBDIR}/php" +FILES:${PN} += "${bindir} ${libexecdir}/apache2" + +SUMMARY:${PN}-modphp = "PHP module for the Apache HTTP server" +FILES:${PN}-modphp = "${libdir}/apache2 ${sysconfdir}" + +MODPHP_OLDPACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'modphp', '', d)}" +RPROVIDES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" +RREPLACES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" +RCONFLICTS:${PN}-modphp = "${MODPHP_OLDPACKAGE}" + +do_install:append:class-native() { + create_wrapper ${D}${bindir}/php \ + PHP_PEAR_SYSCONF_DIR=${sysconfdir}/ +} + +# Fails to build with thumb-1 (qemuarm) +# | {standard input}: Assembler messages: +# | {standard input}:3719: Error: selected processor does not support Thumb mode `smull r0,r2,r9,r3' +# | {standard input}:3720: Error: unshifted register required -- `sub r2,r2,r0,asr#31' +# | {standard input}:3796: Error: selected processor does not support Thumb mode `smull r0,r2,r3,r3' +# | {standard input}:3797: Error: unshifted register required -- `sub r2,r2,r0,asr#31' +# | make: *** [ext/standard/math.lo] Error 1 +ARM_INSTRUCTION_SET = "arm" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb deleted file mode 100644 index d5cf7d8b21..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.8.bb +++ /dev/null @@ -1,286 +0,0 @@ -SUMMARY = "A server-side, HTML-embedded scripting language" -HOMEPAGE = "http://www.php.net" -SECTION = "console/network" - -LICENSE = "PHP-3.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=99532e0f6620bc9bca34f12fadaee33c" - -BBCLASSEXTEND = "native" -DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" -DEPENDS:append:libc-musl = " libucontext" -DEPENDS:class-native = "zlib-native libxml2-native" - -PHP_MAJOR_VERSION = "${@d.getVar('PV').split('.')[0]}" - -SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ - file://0002-build-php.m4-don-t-unset-cache-variables.patch \ - file://0003-php-remove-host-specific-info-from-header-file.patch \ - file://0004-configure.ac-don-t-include-build-libtool.m4.patch \ - file://0009-php-don-t-use-broken-wrapper-for-mkdir.patch \ - file://0010-iconv-fix-detection.patch \ - " - -SRC_URI:append:class-target = " \ - file://0001-ext-opcache-config.m4-enable-opcache.patch \ - file://0005-pear-fix-Makefile.frag-for-Yocto.patch \ - file://0006-ext-phar-Makefile.frag-Fix-phar-packaging.patch \ - file://0007-sapi-cli-config.m4-fix-build-directory.patch \ - file://0008-ext-imap-config.m4-fix-include-paths.patch \ - file://php-fpm.conf \ - file://php-fpm-apache.conf \ - file://70_mod_php${PHP_MAJOR_VERSION}.conf \ - file://php-fpm.service \ - " - -S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "b8815a5a02431453d4261e3598bd1f28516e4c0354f328c12890f257870e4c01" - -CVE_CHECK_IGNORE += "\ - CVE-2007-2728 \ - CVE-2007-3205 \ - CVE-2007-4596 \ -" - -inherit autotools pkgconfig python3native gettext - -# phpize is not scanned for absolute paths by default (but php-config is). -# -SSTATE_SCAN_FILES += "phpize" -SSTATE_SCAN_FILES += "build-defs.h" - -PHP_LIBDIR = "${libdir}/php${PHP_MAJOR_VERSION}" - -# Common EXTRA_OECONF -COMMON_EXTRA_OECONF = "--enable-sockets \ - --enable-pcntl \ - --enable-shared \ - --disable-rpath \ - --with-pic \ - --libdir=${PHP_LIBDIR} \ -" -EXTRA_OECONF = "--enable-mbstring \ - --enable-fpm \ - --with-libdir=${baselib} \ - --with-gettext=${STAGING_LIBDIR}/.. \ - --with-zlib=${STAGING_LIBDIR}/.. \ - --with-iconv=${STAGING_LIBDIR}/.. \ - --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ - --with-config-file-path=${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} \ - ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'pam', '', 'ac_cv_lib_pam_pam_start=no', d)} \ - ${COMMON_EXTRA_OECONF} \ -" - -EXTRA_OECONF:append:riscv64 = " --with-pcre-jit=no" -EXTRA_OECONF:append:riscv32 = " --with-pcre-jit=no" -# Needs fibers assembly implemented for rv32 -# for example rv64 implementation is below -# see https://github.com/php/php-src/commit/70b02d75f2abe3a292d49c4a4e9e4f850c2fee68 -EXTRA_OECONF:append:riscv32:libc-musl = " --disable-fiber-asm" - -CACHED_CONFIGUREVARS += "ac_cv_func_dlopen=no ac_cv_lib_dl_dlopen=yes" - -EXTRA_OECONF:class-native = " \ - --with-zlib=${STAGING_LIBDIR_NATIVE}/.. \ - --without-iconv \ - ${COMMON_EXTRA_OECONF} \ -" - -PACKAGECONFIG ??= "mysql sqlite3 imap opcache openssl \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ -" -PACKAGECONFIG:class-native = "" - -PACKAGECONFIG[zip] = "--with-zip --with-zlib-dir=${STAGING_EXECPREFIXDIR},,libzip" - -PACKAGECONFIG[mysql] = "--with-mysqli=mysqlnd \ - --with-pdo-mysql=mysqlnd \ - ,--without-mysqli --without-pdo-mysql \ - ,mysql5" - -PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_LIBDIR}/.. \ - --with-pdo-sqlite=${STAGING_LIBDIR}/.. \ - ,--without-sqlite3 --without-pdo-sqlite \ - ,sqlite3" -PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,postgresql" -PACKAGECONFIG[soap] = "--enable-soap, --disable-soap, libxml2" -PACKAGECONFIG[apache2] = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs,,apache2-native apache2" -PACKAGECONFIG[pam] = ",,libpam" -PACKAGECONFIG[imap] = "--with-imap=${STAGING_DIR_HOST} \ - --with-imap-ssl=${STAGING_DIR_HOST} \ - ,--without-imap --without-imap-ssl \ - ,uw-imap" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[opcache] = "--enable-opcache,--disable-opcache" -PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" -PACKAGECONFIG[valgrind] = "--with-valgrind=${STAGING_DIR_TARGET}/usr,--with-valgrind=no,valgrind" -PACKAGECONFIG[mbregex] = "--enable-mbregex, --disable-mbregex, oniguruma" -PACKAGECONFIG[mbstring] = "--enable-mbstring,," - -export HOSTCC = "${BUILD_CC}" -export PHP_NATIVE_DIR = "${STAGING_BINDIR_NATIVE}" -export PHP_PEAR_PHP_BIN = "${STAGING_BINDIR_NATIVE}/php" -CFLAGS += " -D_GNU_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" - -# Adding these flags enables dynamic library support, which is disabled by -# default when cross compiling -# See https://bugs.php.net/bug.php?id=60109 -CFLAGS += " -DHAVE_LIBDL " -LDFLAGS += " -ldl " -LDFLAGS:append:libc-musl = " -lucontext " - -EXTRA_OEMAKE = "INSTALL_ROOT=${D}" - -acpaths = "" - -do_configure:prepend () { - rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 - find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_SBINDIR_NATIVE}/httpd!' -} - -do_configure:append() { - # No, libtool, we really don't want rpath set... - sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool - sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -} - -do_install:append:class-native() { - rm -rf ${D}/${PHP_LIBDIR}/php/.registry - rm -rf ${D}/${PHP_LIBDIR}/php/.channels - rm -rf ${D}/${PHP_LIBDIR}/php/.[a-z]* -} - -do_install:prepend() { - cat ${ACLOCALDIR}/libtool.m4 ${ACLOCALDIR}/lt~obsolete.m4 ${ACLOCALDIR}/ltoptions.m4 \ - ${ACLOCALDIR}/ltsugar.m4 ${ACLOCALDIR}/ltversion.m4 > ${S}/build/libtool.m4 -} - -do_install:prepend:class-target() { - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then - # Install dummy config file so apxs doesn't fail - install -d ${D}${sysconfdir}/apache2 - printf "\nLoadModule dummy_module modules/mod_dummy.so\n" > ${D}${sysconfdir}/apache2/httpd.conf - fi -} - -# fixme -do_install:append:class-target() { - install -d ${D}${sysconfdir}/ - rm -rf ${D}/.registry - rm -rf ${D}/.channels - rm -rf ${D}/.[a-z]* - rm -rf ${D}/var - rm -f ${D}/${sysconfdir}/php-fpm.conf.default - install -m 0644 ${WORKDIR}/php-fpm.conf ${D}/${sysconfdir}/php-fpm.conf - install -d ${D}/${sysconfdir}/apache2/conf.d - install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf - install -d ${D}${sysconfdir}/init.d - sed -i 's:=/usr/sbin:=${sbindir}:g' ${B}/sapi/fpm/init.d.php-fpm - sed -i 's:=/etc:=${sysconfdir}:g' ${B}/sapi/fpm/init.d.php-fpm - sed -i 's:=/var:=${localstatedir}:g' ${B}/sapi/fpm/init.d.php-fpm - install -m 0755 ${B}/sapi/fpm/init.d.php-fpm ${D}${sysconfdir}/init.d/php-fpm - install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/php-fpm.service ${D}${systemd_unitdir}/system/ - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ - ${D}${systemd_unitdir}/system/php-fpm.service - fi - - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/apache2/modules.d - install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} - install -m 644 ${WORKDIR}/70_mod_php${PHP_MAJOR_VERSION}.conf ${D}${sysconfdir}/apache2/modules.d - sed -i s,lib/,${libexecdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php${PHP_MAJOR_VERSION}.conf - cat ${S}/php.ini-production | \ - sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ - > ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION}/php.ini - rm -f ${D}${sysconfdir}/apache2/httpd.conf* - fi -} - -SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" - -php_sysroot_preprocess () { - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - - sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize - sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config -} - -MODPHP_PACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', '${PN}-modphp', '', d)}" - -PACKAGES = "${PN}-dbg ${PN}-cli ${PN}-phpdbg ${PN}-cgi ${PN}-fpm ${PN}-fpm-apache2 ${PN}-pear ${PN}-phar ${MODPHP_PACKAGE} ${PN}-dev ${PN}-staticdev ${PN}-doc ${PN}-opcache ${PN}" - -RDEPENDS:${PN} += "libgcc" -RDEPENDS:${PN}-pear = "${PN}" -RDEPENDS:${PN}-phar = "${PN}-cli" -RDEPENDS:${PN}-cli = "${PN}" -RDEPENDS:${PN}-modphp = "${PN} apache2" -RDEPENDS:${PN}-opcache = "${PN}" - -ALLOW_EMPTY:${PN} = "1" - -INITSCRIPT_PACKAGES = "${PN}-fpm" -inherit update-rc.d - -# WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php: ELF binary /usr/libexec/apache2/modules/libphp.so has relocations in .text [textrel] -#WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php-opcache: ELF binary /usr/lib/php8/extensions/no-debug-zts-20200930/opcache.so has relocations in .text [textrel] -INSANE_SKIP:${PN}:append:x86 = " textrel" -INSANE_SKIP:${PN}-opcache:append:x86 = " textrel" - -FILES:${PN}-dbg =+ "${bindir}/.debug \ - ${libexecdir}/apache2/modules/.debug" -FILES:${PN}-doc += "${PHP_LIBDIR}/php/doc" -FILES:${PN}-cli = "${bindir}/php" -FILES:${PN}-phpdbg = "${bindir}/phpdbg" -FILES:${PN}-phar = "${bindir}/phar*" -FILES:${PN}-cgi = "${bindir}/php-cgi" -FILES:${PN}-fpm = "${sbindir}/php-fpm ${sysconfdir}/php-fpm.conf ${datadir}/fpm ${sysconfdir}/init.d/php-fpm ${systemd_unitdir}/system/php-fpm.service ${sysconfdir}/php-fpm.d/www.conf.default" -FILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" -CONFFILES:${PN}-fpm = "${sysconfdir}/php-fpm.conf" -CONFFILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" -INITSCRIPT_NAME:${PN}-fpm = "php-fpm" -INITSCRIPT_PARAMS:${PN}-fpm = "defaults 60" -FILES:${PN}-pear = "${bindir}/pear* ${bindir}/pecl ${PHP_LIBDIR}/php/PEAR \ - ${PHP_LIBDIR}/php/PEAR*.php ${PHP_LIBDIR}/php/System.php \ - ${PHP_LIBDIR}/php/peclcmd.php ${PHP_LIBDIR}/php/pearcmd.php \ - ${PHP_LIBDIR}/php/.channels ${PHP_LIBDIR}/php/.channels/.alias \ - ${PHP_LIBDIR}/php/.registry ${PHP_LIBDIR}/php/Archive/Tar.php \ - ${PHP_LIBDIR}/php/Console/Getopt.php ${PHP_LIBDIR}/php/OS/Guess.php \ - ${PHP_LIBDIR}/php/data/PEAR \ - ${sysconfdir}/pear.conf" -FILES:${PN}-dev = "${includedir}/php ${PHP_LIBDIR}/build ${bindir}/phpize \ - ${bindir}/php-config ${PHP_LIBDIR}/php/.depdb \ - ${PHP_LIBDIR}/php/.depdblock ${PHP_LIBDIR}/php/.filemap \ - ${PHP_LIBDIR}/php/.lock ${PHP_LIBDIR}/php/test" -FILES:${PN}-staticdev += "${PHP_LIBDIR}/extensions/*/*.a" -FILES:${PN}-opcache = "${PHP_LIBDIR}/extensions/*/opcache${SOLIBSDEV}" -FILES:${PN} = "${PHP_LIBDIR}/php" -FILES:${PN} += "${bindir} ${libexecdir}/apache2" - -SUMMARY:${PN}-modphp = "PHP module for the Apache HTTP server" -FILES:${PN}-modphp = "${libdir}/apache2 ${sysconfdir}" - -MODPHP_OLDPACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'modphp', '', d)}" -RPROVIDES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" -RREPLACES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" -RCONFLICTS:${PN}-modphp = "${MODPHP_OLDPACKAGE}" - -do_install:append:class-native() { - create_wrapper ${D}${bindir}/php \ - PHP_PEAR_SYSCONF_DIR=${sysconfdir}/ -} - -# Fails to build with thumb-1 (qemuarm) -# | {standard input}: Assembler messages: -# | {standard input}:3719: Error: selected processor does not support Thumb mode `smull r0,r2,r9,r3' -# | {standard input}:3720: Error: unshifted register required -- `sub r2,r2,r0,asr#31' -# | {standard input}:3796: Error: selected processor does not support Thumb mode `smull r0,r2,r3,r3' -# | {standard input}:3797: Error: unshifted register required -- `sub r2,r2,r0,asr#31' -# | make: *** [ext/standard/math.lo] Error 1 -ARM_INSTRUCTION_SET = "arm" diff --git a/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb b/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb index cd586897a4..599416cb2a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb @@ -29,6 +29,9 @@ EXTRA_OECMAKE += "${PLATFORM_CMAKE_FLAGS}" PACKAGE_BEFORE_PN += "${PN}-examples-python ${PN}-examples" FILES:${PN}-examples-python = "${bindir}/py*" FILES:${PN}-examples = "${bindir}" +# cec-client doesn't link with libcec, but uses LibCecInitialise to dlopen libcec, so do_package +# cannot add the runtime dependency automatically +RDEPENDS:${PN}-examples = "${PN}" RDEPENDS:${PN}-examples-python = "python3-${BPN} python3-core" # Create the wrapper for python3 diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch index fa273d4503..218c860fbd 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch @@ -1,4 +1,4 @@ -From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001 +From 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sun, 15 May 2022 05:04:10 +0000 Subject: [PATCH] Make netgroup support optional @@ -37,12 +37,12 @@ Signed-off-by: Marta Rybczynska 9 files changed, 43 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac -index 59858df..5a7fc11 100644 +index 18e4223..0f87ea0 100644 --- a/configure.ac +++ b/configure.ac -@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) +@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + CC="$PTHREAD_CC" + AC_CHECK_FUNCS([pthread_condattr_setclock]) -AC_CHECK_FUNCS(clearenv fdatasync) +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) @@ -50,7 +50,7 @@ index 59858df..5a7fc11 100644 if test "x$GCC" = "xyes"; then LDFLAGS="-Wl,--as-needed $LDFLAGS" diff --git a/meson.build b/meson.build -index 733bbff..d840926 100644 +index 7506231..2d9d67a 100644 --- a/meson.build +++ b/meson.build @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) @@ -164,10 +164,10 @@ index 056d9a8..36c2f3d 100644 } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 5027815..bcb040c 100644 +index 11e91c0..9ee0391 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); @@ -175,7 +175,7 @@ index 5027815..bcb040c 100644 JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, { is_in_netgroup = true; } @@ -233,7 +233,7 @@ index 3701ba1..e1d211e 100644 return g_test_run (); } diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index f97e0e0..fc52149 100644 +index 2103b17..b187a2f 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -137,12 +137,14 @@ test_get_admin_identities (void) diff --git a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb index 9085c6d2fe..4ec0dc6ca3 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb @@ -82,3 +82,6 @@ do_configure:prepend() { } BBCLASSEXTEND = "native nativesdk" + +#CVE-2019-14906 is a RHEL specific vulnerability. +CVE_CHECK_IGNORE += "CVE-2019-14906" diff --git a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch new file mode 100644 index 0000000000..8d5b8b6cbb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/files/0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch @@ -0,0 +1,128 @@ +From 7a8c6a06c86e133e4346b1dc66483bd8d0d3c716 Mon Sep 17 00:00:00 2001 +From: John Ogness +Date: Tue, 24 Aug 2021 21:10:43 +0200 +Subject: [PATCH] minicoredumper: retry elf parsing as long as needed + +As was reported in github issue #2 ("maximum number of tries +insufficient, in rare cases, for elf parse"), the number of retries +for parsing a process may be insufficient. Rather than setting an +upper limit on the maximum number of retries, track the number of +headers seen. As long as the number of seen headers is greater than +the previous try, try again. + +In order to avoid introducing any new issues, preserve the behavior +of retrying at least 10 times, even if no new headers are seen. + +Reported-by: github.com/ssajal-wr +Signed-off-by: John Ogness + +Upstream-Status: Backport [7a8c6a06c86e133e4346b1dc66483bd8d0d3c716] + +Signed-off-by: Sakib Sajal +--- + src/minicoredumper/corestripper.c | 30 +++++++++++++++++++++++------- + 1 file changed, 23 insertions(+), 7 deletions(-) + +diff --git a/src/minicoredumper/corestripper.c b/src/minicoredumper/corestripper.c +index d96d1df..c96b350 100644 +--- a/src/minicoredumper/corestripper.c ++++ b/src/minicoredumper/corestripper.c +@@ -761,7 +761,7 @@ static int init_log(struct dump_info *di) + typedef int elf_parse_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr); + + static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, +- elf_parse_cb *callback) ++ elf_parse_cb *callback, size_t *phnum_found) + { + GElf_Ehdr ehdr_mem; + GElf_Ehdr *ehdr; +@@ -770,6 +770,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, + size_t phnum; + size_t cnt; + ++ if (phnum_found) ++ *phnum_found = 0; ++ + /* start from beginning of core */ + if (lseek64(di->elf_fd, 0, SEEK_SET) == -1) { + info("lseek failed: %s", strerror(errno)); +@@ -809,6 +812,9 @@ static int do_elf_ph_parse(struct dump_info *di, GElf_Phdr *type, + goto out; + } + ++ if (phnum_found) ++ *phnum_found = phnum; ++ + for (cnt = 0; cnt < phnum; cnt++) { + GElf_Phdr phdr_mem; + GElf_Phdr *phdr; +@@ -891,7 +897,7 @@ static int vma_cb(struct dump_info *di, Elf *elf, GElf_Phdr *phdr) + /* + * Tries to parse the found ELF headers and reads all vmas from it. + */ +-static int parse_vma_info(struct dump_info *di) ++static int parse_vma_info(struct dump_info *di, size_t *phnum_found) + { + unsigned long min_off = ULONG_MAX; + unsigned long max_len = 0; +@@ -911,7 +917,7 @@ static int parse_vma_info(struct dump_info *di) + memset(&type, 0, sizeof(type)); + type.p_type = PT_LOAD; + type.p_flags = PF_R; +- if (do_elf_ph_parse(di, &type, vma_cb) != 0) ++ if (do_elf_ph_parse(di, &type, vma_cb, phnum_found) != 0) + return -1; + + for (v = di->vma; v; v = v->next) { +@@ -1614,8 +1620,10 @@ int add_core_data(struct dump_info *di, off64_t dest_offset, size_t len, + */ + static int init_src_core(struct dump_info *di, int src) + { ++ size_t last_phnum = 0; + int tries = 0; + int ret = -1; ++ size_t phnum; + size_t len; + char *buf; + long pos; +@@ -1642,7 +1650,7 @@ again: + goto out; + + /* try to elf-parse the core to read vma info */ +- ret = parse_vma_info(di); ++ ret = parse_vma_info(di, &phnum); + + /* restore our position */ + if (lseek64(di->elf_fd, pos, SEEK_SET) == -1) +@@ -1653,9 +1661,17 @@ again: + + tries++; + +- /* maybe try again */ +- if (tries < 10) ++ if (phnum > last_phnum) { ++ /* new headers found, keep trying */ ++ last_phnum = phnum; + goto again; ++ } else if (tries < 10) { ++ /* ++ * even if no new headers are found, ++ * retry at least 10 times ++ */ ++ goto again; ++ } + + goto out; + } +@@ -2106,7 +2122,7 @@ static int dump_stacks(struct dump_info *di) + /* find and set the first task */ + memset(&type, 0, sizeof(type)); + type.p_type = PT_NOTE; +- do_elf_ph_parse(di, &type, note_cb); ++ do_elf_ph_parse(di, &type, note_cb, NULL); + } + + if (di->first_pid) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb index bf99152942..0b934ee2d8 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/minicoredumper/minicoredumper_2.0.1.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/diamon/minicoredumper;protocol=https;branch=master \ file://0001-replace-pthread_mutexattr_setrobust_np-with-pthread_.patch \ file://minicoredumper.service \ file://minicoredumper.init \ + file://0001-minicoredumper-retry-elf-parsing-as-long-as-needed.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch index 740bcb5a7f..b023c80ae4 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch @@ -18,11 +18,9 @@ Signed-off-by: Yi Zhao bindings/swig/src/auditswig.i | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) -diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am -index dd9d934..61b486d 100644 --- a/bindings/swig/python3/Makefile.am +++ b/bindings/swig/python3/Makefile.am -@@ -22,6 +22,7 @@ +@@ -23,6 +23,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) @@ -30,7 +28,7 @@ index dd9d934..61b486d 100644 LIBS = $(top_builddir)/lib/libaudit.la SWIG_FLAGS = -python -py3 -modern SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) -@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/li _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la nodist__audit_la_SOURCES = audit_wrap.c audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i @@ -39,8 +37,6 @@ index dd9d934..61b486d 100644 CLEANFILES = audit.py* audit_wrap.c *~ -diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i -index 21aafca..dd0f62c 100644 --- a/bindings/swig/src/auditswig.i +++ b/bindings/swig/src/auditswig.i @@ -39,7 +39,7 @@ signed @@ -48,10 +44,7 @@ index 21aafca..dd0f62c 100644 typedef unsigned __u32; typedef unsigned uid_t; -%include "/usr/include/linux/audit.h" -+%include "linux/audit.h" ++%include "../lib/audit.h" #define __extension__ /*nothing*/ %include %include "../lib/libaudit.h" --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb deleted file mode 100644 index d77aec2964..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.7.bb +++ /dev/null @@ -1,108 +0,0 @@ -SUMMARY = "User space tools for kernel auditing" -DESCRIPTION = "The audit package contains the user space utilities for \ -storing and searching the audit records generated by the audit subsystem \ -in the Linux kernel." -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" -SECTION = "base" -LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \ - file://Fixed-swig-host-contamination-issue.patch \ - file://auditd \ - file://auditd.service \ - file://audit-volatile.conf \ -" - -S = "${WORKDIR}/git" -SRCREV = "f60b2d8f55c74be798a7f5bcbd6c587987f2578a" - -inherit autotools python3native update-rc.d systemd - -UPDATERCPN = "auditd" -INITSCRIPT_NAME = "auditd" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE:auditd = "auditd.service" - -DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" - -EXTRA_OECONF = " --with-libwrap \ - --enable-gssapi-krb5=no \ - --with-libcap-ng=yes \ - --with-python3=yes \ - --libdir=${base_libdir} \ - --sbindir=${base_sbindir} \ - --without-python \ - --without-golang \ - --disable-zos-remote \ - --with-arm=yes \ - --with-aarch64=yes \ - " - -EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - STDINC='${STAGING_INCDIR}' \ - pkgconfigdir=${libdir}/pkgconfig \ - " - -SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ -interface to the audit system, audispd. These plugins can do things \ -like relay events to remote machines or analyze events for suspicious \ -behavior." - -PACKAGES =+ "audispd-plugins" -PACKAGES += "auditd ${PN}-python" - -FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*" -FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ - ${sysconfdir}/audit/plugins.d/au-remote.conf \ - ${sysconfdir}/audit/plugins.d/syslog.conf \ - ${base_sbindir}/audisp-remote \ - ${base_sbindir}/audisp-syslog \ - ${localstatedir}/spool/audit \ - " -FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" - -CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" - -do_install:append() { - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la - - # reuse auditd config - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default - mv ${D}/etc/sysconfig/auditd ${D}/etc/default - rmdir ${D}/etc/sysconfig/ - - # replace init.d - install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd - rm -rf ${D}/etc/rc.d - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - - install -d ${D}${sysconfdir}/tmpfiles.d/ - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ - fi - - # audit-2.5 doesn't install any rules by default, so we do that here - mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d - cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules - - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules - - # Based on the audit.spec "Copy default rules into place on new installation" - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules - - # Create /var/spool/audit directory for audisp-remote - install -m 0700 -d ${D}${localstatedir}/spool/audit -} diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb new file mode 100644 index 0000000000..c17899d4f6 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb @@ -0,0 +1,115 @@ +SUMMARY = "User space tools for kernel auditing" +DESCRIPTION = "The audit package contains the user space utilities for \ +storing and searching the audit records generated by the audit subsystem \ +in the Linux kernel." +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" +SECTION = "base" +LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" + +SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \ + file://Fixed-swig-host-contamination-issue.patch \ + file://auditd \ + file://auditd.service \ + file://audit-volatile.conf \ +" + +S = "${WORKDIR}/git" +SRCREV = "54a62e78792fe583267cf80da717ee480b8f42bc" + +inherit autotools python3native update-rc.d systemd + +UPDATERCPN = "auditd" +INITSCRIPT_NAME = "auditd" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_PACKAGES = "auditd" +SYSTEMD_SERVICE:auditd = "auditd.service" + +DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" + +EXTRA_OECONF = " --with-libwrap \ + --enable-gssapi-krb5=no \ + --with-libcap-ng=yes \ + --with-python3=yes \ + --libdir=${base_libdir} \ + --sbindir=${base_sbindir} \ + --without-python \ + --without-golang \ + --disable-zos-remote \ + --with-arm=yes \ + --with-aarch64=yes \ + " + +EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ + PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ + pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ + STDINC='${STAGING_INCDIR}' \ + pkgconfigdir=${libdir}/pkgconfig \ + " + +SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +interface to the audit system, audispd. These plugins can do things \ +like relay events to remote machines or analyze events for suspicious \ +behavior." + +PACKAGES =+ "audispd-plugins" +PACKAGES += "auditd ${PN}-python" + +FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*" +FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ + ${sysconfdir}/audit/plugins.d/au-remote.conf \ + ${sysconfdir}/audit/plugins.d/syslog.conf \ + ${base_sbindir}/audisp-remote \ + ${base_sbindir}/audisp-syslog \ + ${localstatedir}/spool/audit \ + " +FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" + +CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" + +do_configure:prepend() { + sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h + sed -i -e 's|#include |#include "audit.h"|g' ${S}/lib/libaudit.h +} + +do_install:append() { + sed -i -e 's|#include "audit.h"|#include |g' ${D}${includedir}/libaudit.h + + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la + + # reuse auditd config + [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default + mv ${D}/etc/sysconfig/auditd ${D}/etc/default + rmdir ${D}/etc/sysconfig/ + + # replace init.d + install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd + rm -rf ${D}/etc/rc.d + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + # install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system + + install -d ${D}${sysconfdir}/tmpfiles.d/ + install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ + fi + + # audit-2.5 doesn't install any rules by default, so we do that here + mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d + cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules + + chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d + chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules + + # Based on the audit.spec "Copy default rules into place on new installation" + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules + + # Create /var/spool/audit directory for audisp-remote + install -m 0700 -d ${D}${localstatedir}/spool/audit +} diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch new file mode 100644 index 0000000000..5ac5170721 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-Fix-deprecared-function-prototypes.patch @@ -0,0 +1,115 @@ +From 6379331cd0647fc6f149f55e4505a9a92e4f159f Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 22 Aug 2022 22:43:26 -0700 +Subject: [PATCH] Fix deprecared function prototypes + +Fixes following errors: +error: a function definition without a prototype is deprecated in all versions of C and is not supported in C2x [-Werror,-Wdeprecated-non-prototype] + +Upstream-Status: Submitted [https://github.com/libgd/libgd/pull/835] +Signed-off-by: Khem Raj +--- + src/gd_nnquant.c | 32 +++++++------------------------- + src/gd_tiff.c | 4 +--- + 2 files changed, 8 insertions(+), 28 deletions(-) + +diff --git a/src/gd_nnquant.c b/src/gd_nnquant.c +index 8b9aa794..013f7160 100644 +--- a/src/gd_nnquant.c ++++ b/src/gd_nnquant.c +@@ -112,12 +112,7 @@ typedef struct { + + /* Initialise network in range (0,0,0,0) to (255,255,255,255) and set parameters + ----------------------------------------------------------------------- */ +-static void initnet(nnq, thepic, len, sample, colours) +-nn_quant *nnq; +-unsigned char *thepic; +-int len; +-int sample; +-int colours; ++static void initnet(nn_quant *nnq, unsigned char *thepic, int len, int sample, int colours) + { + register int i; + register int *p; +@@ -163,9 +158,7 @@ static void unbiasnet(nn_quant *nnq) + } + + /* Output colormap to unsigned char ptr in RGBA format */ +-static void getcolormap(nnq, map) +-nn_quant *nnq; +-unsigned char *map; ++static void getcolormap(nn_quant *nnq, unsigned char *map) + { + int i,j; + for(j=0; j < nnq->netsize; j++) { +@@ -232,9 +225,7 @@ static void inxbuild(nn_quant *nnq) + + /* Search for ABGR values 0..255 (after net is unbiased) and return colour index + ---------------------------------------------------------------------------- */ +-static unsigned int inxsearch(nnq, al,b,g,r) +-nn_quant *nnq; +-register int al, b, g, r; ++static unsigned int inxsearch(nn_quant *nnq, int al, int b, int g, int r) + { + register int i, j, dist, a, bestd; + register int *p; +@@ -306,9 +297,7 @@ register int al, b, g, r; + + /* Search for biased ABGR values + ---------------------------- */ +-static int contest(nnq, al,b,g,r) +-nn_quant *nnq; +-register int al,b,g,r; ++static int contest(nn_quant *nnq, int al, int b, int g, int r) + { + /* finds closest neuron (min dist) and updates freq */ + /* finds best neuron (min dist-bias) and returns position */ +@@ -362,9 +351,7 @@ register int al,b,g,r; + /* Move neuron i towards biased (a,b,g,r) by factor alpha + ---------------------------------------------------- */ + +-static void altersingle(nnq, alpha,i,al,b,g,r) +-nn_quant *nnq; +-register int alpha,i,al,b,g,r; ++static void altersingle(nn_quant *nnq, int alpha, int i,int al, int b, int g, int r) + { + register int *n; + +@@ -382,10 +369,7 @@ register int alpha,i,al,b,g,r; + /* Move adjacent neurons by precomputed alpha*(1-((i-j)^2/[r]^2)) in radpower[|i-j|] + --------------------------------------------------------------------------------- */ + +-static void alterneigh(nnq, rad,i,al,b,g,r) +-nn_quant *nnq; +-int rad,i; +-register int al,b,g,r; ++static void alterneigh(nn_quant *nnq, int rad, int i, int al,int b,int g, int r) + { + register int j,k,lo,hi,a; + register int *p, *q; +@@ -429,9 +413,7 @@ register int al,b,g,r; + /* Main Learning Loop + ------------------ */ + +-static void learn(nnq, verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */ +-nn_quant *nnq; +-int verbose; ++static void learn(nn_quant *nnq, int verbose) /* Stu: N.B. added parameter so that main() could control verbosity. */ + { + register int i,j,al,b,g,r; + int radius,rad,alpha,step,delta,samplepixels; +diff --git a/src/gd_tiff.c b/src/gd_tiff.c +index 7f72b610..3d90e61a 100644 +--- a/src/gd_tiff.c ++++ b/src/gd_tiff.c +@@ -446,9 +446,7 @@ BGD_DECLARE(void) gdImageTiffCtx(gdImagePtr image, gdIOCtx *out) + } + + /* Check if we are really in 8bit mode */ +-static int checkColorMap(n, r, g, b) +-int n; +-uint16_t *r, *g, *b; ++static int checkColorMap(int n, uint16_t *r, uint16_t *g, uint16_t *b) + { + while (n-- > 0) + if (*r++ >= 256 || *g++ >= 256 || *b++ >= 256) diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb index 9d4ee1fe4b..cc2c1571e6 100644 --- a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb +++ b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.3.3.bb @@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ace63adfdac78400fc30fa22ee9c1bb1" DEPENDS = "freetype libpng jpeg zlib tiff" SRC_URI = "git://github.com/libgd/libgd.git;nobranch=1;protocol=https \ + file://0001-Fix-deprecared-function-prototypes.patch \ " SRCREV = "b5319a41286107b53daa0e08e402aa1819764bdc" diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb index 7ec6ae15f6..947ca75388 100644 --- a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.18.bb @@ -49,6 +49,7 @@ do_configure:prepend() { do_compile:prepend() { sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in + echo "" > ${B}/xrdp_configure_options.h } do_install:append() { diff --git a/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb b/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb index 8545eb50f7..a9eec69502 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.16.bb @@ -5,7 +5,7 @@ protocols should be able to share." HOMEPAGE = "http://search.cpan.org/dist/Authen-SASL/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://lib/Authen/SASL/Perl.pm;beginline=1;endline=3;md5=17123315bbcda19f484c07227594a609" DEPENDS = "perl" diff --git a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb index 51a2ad3498..43b7f4d5a9 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-hmac-perl_1.03.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Keyed-Hashing for Message Authentication" HOMEPAGE = "http://search.cpan.org/~gaas/Digest-HMAC-1.03/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=13;endline=17;md5=da980cdc026faa065e5d5004115334e6" RDEPENDS:${PN} = "libdigest-sha1-perl perl-module-extutils-makemaker perl-module-digest-md5" diff --git a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb index cd63675128..df89c9bcdb 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libdigest/libdigest-sha1-perl_2.13.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Digest::SHA1 - Perl interface to the SHA-1 algorithm" HOMEPAGE = "http://search.cpan.org/~gaas/Digest-SHA1-2.13/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=10;endline=14;md5=ff5867ebb4bc1103a7a416aef2fce00a" SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/Digest-SHA1-${PV}.tar.gz \ diff --git a/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb b/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb index 1d04f0054f..6249fd1d78 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb @@ -9,7 +9,7 @@ mod_perl." HOMEPAGE = "http://search.cpan.org/dist/IO-Socket-SSL/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://META.yml;beginline=12;endline=12;md5=963ce28228347875ace682de56eef8e8" RDEPENDS:${PN} += "\ diff --git a/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb b/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb index 389be2c16c..203db7b10c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libipc/libipc-signal-perl_1.00.bb @@ -5,7 +5,7 @@ dealing with signals." HOMEPAGE = "http://search.cpan.org/~rosch/IPC-Signal-1.00/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=16;endline=18;md5=f36550f59a0ae5e6e3b0be6a4da60d26" S = "${WORKDIR}/IPC-Signal-${PV}" diff --git a/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb b/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb index 2c06728ed2..d1f6f8c59c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libmime/libmime-types-perl_2.17.bb @@ -8,7 +8,7 @@ one known mime type." HOMEPAGE = "http://search.cpan.org/~markov/MIME-Types-${PV}" SECTION = "libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://META.yml;beginline=11;endline=11;md5=963ce28228347875ace682de56eef8e8" SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MA/MARKOV/MIME-Types-${PV}.tar.gz \ diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb index 293f421205..dcc5ea88b1 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb @@ -6,7 +6,7 @@ deleting or modifying entries." SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=3;endline=5;md5=4d6588c2fa0d38ae162f6314d201d89e" SRC_URI = "${CPAN_MIRROR}/authors/id/M/MA/MARSCHAP/perl-ldap-${PV}.tar.gz" diff --git a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb index d7d4201048..d1365f269c 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libnet/libnet-telnet-perl_3.05.bb @@ -11,7 +11,7 @@ shell." HOMEPAGE = "http://search.cpan.org/dist/Net-Telnet/" SECTION = "Development/Libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=4;endline=7;md5=e94ab3b72335e3cdadd6c1ff736dd714" SRC_URI = "http://search.cpan.org/CPAN/authors/id/J/JR/JROGERS/Net-Telnet-${PV}.tar.gz" diff --git a/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb b/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb index ffd87ed0b5..643a704a1d 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libproc/libproc-waitstat-perl_1.00.bb @@ -5,7 +5,7 @@ on wait status values." HOMEPAGE = "http://search.cpan.org/~rosch/Proc-WaitStat/" SECTION = "libraries" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://README;beginline=21;endline=23;md5=f36550f59a0ae5e6e3b0be6a4da60d26" RDEPENDS:${PN} += "perl libipc-signal-perl" diff --git a/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb b/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb index c2898a9012..c2ea47ae5b 100644 --- a/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb +++ b/meta-openembedded/meta-perl/recipes-perl/libxml/libxml-libxml-perl_2.0134.bb @@ -8,7 +8,7 @@ your programs." HOMEPAGE = "http://search.cpan.org/dist/XML-LibXML-1.99/" SECTION = "libs" -LICENSE = "Artistic-1.0|GPL-1.0-or-later" +LICENSE = "Artistic-1.0 | GPL-1.0-or-later" DEPENDS += "libxml2 \ libxml-sax-perl-native \ zlib \ diff --git a/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb b/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb index 413ca4d527..6fb3a1bcc3 100644 --- a/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb +++ b/meta-raspberrypi/recipes-bsp/bootfiles/rpi-cmdline.bb @@ -62,7 +62,7 @@ CMDLINE = " \ " do_compile() { - echo "${@' '.join('${CMDLINE}'.split())}" > "${WORKDIR}/cmdline.txt" + echo "${@' '.join(d.getVar('CMDLINE').split())}" > "${WORKDIR}/cmdline.txt" } do_deploy() { diff --git a/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc b/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc index e5974e49d0..a7404400e3 100644 --- a/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc +++ b/meta-raspberrypi/recipes-bsp/common/raspberrypi-firmware.inc @@ -1,9 +1,9 @@ -RPIFW_DATE ?= "20220331" +RPIFW_DATE ?= "20220830" RPIFW_SRC_URI ?= "https://archive.raspberrypi.com/debian/pool/main/r/raspberrypi-firmware/raspberrypi-firmware_1.${RPIFW_DATE}.orig.tar.xz" RPIFW_S ?= "${WORKDIR}/raspberrypi-firmware-1.${RPIFW_DATE}" SRC_URI = "${RPIFW_SRC_URI}" -SRC_URI[sha256sum] = "8758f10797bd52a7373cc5b39bd46d0d9f882d501ccb9535a72a3fe8a8d329c3" +SRC_URI[sha256sum] = "2b27e4b3c4d2664a0a1d0dd8602bd80ea41dd006eb0ad9c67d7b659c9c8bb4e5" PV = "${RPIFW_DATE}" diff --git a/poky/bitbake/bin/bitbake-prserv b/poky/bitbake/bin/bitbake-prserv index 323df66dd0..5be42f3ce5 100755 --- a/poky/bitbake/bin/bitbake-prserv +++ b/poky/bitbake/bin/bitbake-prserv @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/bin/bitbake-worker b/poky/bitbake/bin/bitbake-worker index 9d850ec77c..2f3e9f72f9 100755 --- a/poky/bitbake/bin/bitbake-worker +++ b/poky/bitbake/bin/bitbake-worker @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/bin/git-make-shallow b/poky/bitbake/bin/git-make-shallow index 1d00fbf183..d0532c5ab8 100755 --- a/poky/bitbake/bin/git-make-shallow +++ b/poky/bitbake/bin/git-make-shallow @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst index f9d9e617f3..9c269ca837 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst @@ -688,6 +688,8 @@ Here is an example URL:: It can also be used when setting mirrors definitions using the :term:`PREMIRRORS` variable. +.. _crate-fetcher: + Crate Fetcher (``crate://``) ---------------------------- @@ -704,6 +706,80 @@ Here is an example URL:: SRC_URI = "crate://crates.io/glob/0.2.11" +.. _npm-fetcher: + +NPM Fetcher (``npm://``) +------------------------ + +This submodule fetches source code from an +`NPM `__ +Javascript package registry. + +The format for the :term:`SRC_URI` setting must be:: + + SRC_URI = "npm://some.registry.url;ParameterA=xxx;ParameterB=xxx;..." + +This fetcher supports the following parameters: + +- *"package":* The NPM package name. This is a mandatory parameter. + +- *"version":* The NPM package version. This is a mandatory parameter. + +- *"downloadfilename":* Specifies the filename used when storing the downloaded file. + +- *"destsuffix":* Specifies the directory to use to unpack the package (default: ``npm``). + +Note that NPM fetcher only fetches the package source itself. The dependencies +can be fetched through the `npmsw-fetcher`_. + +Here is an example URL with both fetchers:: + + SRC_URI = " \ + npm://registry.npmjs.org/;package=cute-files;version=${PV} \ + npmsw://${THISDIR}/${BPN}/npm-shrinkwrap.json \ + " + +See :yocto_docs:`Creating Node Package Manager (NPM) Packages +` +in the Yocto Project manual for details about using +:yocto_docs:`devtool ` +to automatically create a recipe from an NPM URL. + +.. _npmsw-fetcher: + +NPM shrinkwrap Fetcher (``npmsw://``) +------------------------------------- + +This submodule fetches source code from an +`NPM shrinkwrap `__ +description file, which lists the dependencies +of an NPM package while locking their versions. + +The format for the :term:`SRC_URI` setting must be:: + + SRC_URI = "npmsw://some.registry.url;ParameterA=xxx;ParameterB=xxx;..." + +This fetcher supports the following parameters: + +- *"dev":* Set this parameter to ``1`` to install "devDependencies". + +- *"destsuffix":* Specifies the directory to use to unpack the dependencies + (``${S}`` by default). + +Note that the shrinkwrap file can also be provided by the recipe for +the package which has such dependencies, for example:: + + SRC_URI = " \ + npm://registry.npmjs.org/;package=cute-files;version=${PV} \ + npmsw://${THISDIR}/${BPN}/npm-shrinkwrap.json \ + " + +Such a file can automatically be generated using +:yocto_docs:`devtool ` +as described in the :yocto_docs:`Creating Node Package Manager (NPM) Packages +` +section of the Yocto Project. + Other Fetchers -------------- @@ -713,8 +789,6 @@ Fetch submodules also exist for the following: - Mercurial (``hg://``) -- npm (``npm://``) - - OSC (``osc://``) - Secure FTP (``sftp://``) diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst index af4b135867..337821612c 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst @@ -195,22 +195,45 @@ value. However, if ``A`` is not set, the variable is set to "aval". Setting a weak default value (??=) ---------------------------------- -It is possible to use a "weaker" assignment than in the previous section -by using the "??=" operator. This assignment behaves identical to "?=" -except that the assignment is made at the end of the parsing process -rather than immediately. Consequently, when multiple "??=" assignments -exist, the last one is used. Also, any "=" or "?=" assignment will -override the value set with "??=". Here is an example:: - - A ??= "somevalue" - A ??= "someothervalue" - -If ``A`` is set before the above statements are -parsed, the variable retains its value. If ``A`` is not set, the -variable is set to "someothervalue". - -Again, this assignment is a "lazy" or "weak" assignment because it does -not occur until the end of the parsing process. +The weak default value of a variable is the value which that variable +will expand to if no value has been assigned to it via any of the other +assignment operators. The "??=" operator takes effect immediately, replacing +any previously defined weak default value. Here is an example:: + + W ??= "x" + A := "${W}" # Immediate variable expansion + W ??= "y" + B := "${W}" # Immediate variable expansion + W ??= "z" + C = "${W}" + W ?= "i" + +After parsing we will have:: + + A = "x" + B = "y" + C = "i" + W = "i" + +Appending and prepending non-override style will not substitute the weak +default value, which means that after parsing:: + + W ??= "x" + W += "y" + +we will have:: + + W = " y" + +On the other hand, override-style appends/prepends/removes are applied after +any active weak default value has been substituted:: + + W ??= "x" + W:append = "y" + +After parsing we will have:: + + W = "xy" Immediate variable expansion (:=) --------------------------------- diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst index af4ff9805c..12aef3cbb7 100644 --- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst +++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-ref-variables.rst @@ -401,7 +401,7 @@ overview of their function and contents. Example usage:: - BB_HASHSERVE_UPSTREAM = "typhoon.yocto.io:8687" + BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" :term:`BB_INVALIDCONF` Used in combination with the ``ConfigParsed`` event to trigger diff --git a/poky/bitbake/lib/bb/COW.py b/poky/bitbake/lib/bb/COW.py index 23c22b65ef..76bc08a3ea 100644 --- a/poky/bitbake/lib/bb/COW.py +++ b/poky/bitbake/lib/bb/COW.py @@ -3,6 +3,8 @@ # # Copyright (C) 2006 Tim Ansell # +# SPDX-License-Identifier: GPL-2.0-only +# # Please Note: # Be careful when using mutable types (ie Dict and Lists) - operations involving these are SLOW. # Assign a file to __warn__ to get warnings about slow operations. diff --git a/poky/bitbake/lib/bb/asyncrpc/__init__.py b/poky/bitbake/lib/bb/asyncrpc/__init__.py index c2f2b3c00b..9a85e9965b 100644 --- a/poky/bitbake/lib/bb/asyncrpc/__init__.py +++ b/poky/bitbake/lib/bb/asyncrpc/__init__.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/asyncrpc/client.py b/poky/bitbake/lib/bb/asyncrpc/client.py index 34960197d1..fa042bbe87 100644 --- a/poky/bitbake/lib/bb/asyncrpc/client.py +++ b/poky/bitbake/lib/bb/asyncrpc/client.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # @@ -29,7 +31,17 @@ class AsyncClient(object): async def connect_unix(self, path): async def connect_sock(): - return await asyncio.open_unix_connection(path) + # AF_UNIX has path length issues so chdir here to workaround + cwd = os.getcwd() + try: + os.chdir(os.path.dirname(path)) + # The socket must be opened synchronously so that CWD doesn't get + # changed out from underneath us so we pass as a sock into asyncio + sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0) + sock.connect(os.path.basename(path)) + finally: + os.chdir(cwd) + return await asyncio.open_unix_connection(sock=sock) self._connect_sock = connect_sock @@ -148,14 +160,8 @@ class Client(object): setattr(self, m, self._get_downcall_wrapper(downcall)) def connect_unix(self, path): - # AF_UNIX has path length issues so chdir here to workaround - cwd = os.getcwd() - try: - os.chdir(os.path.dirname(path)) - self.loop.run_until_complete(self.client.connect_unix(os.path.basename(path))) - self.loop.run_until_complete(self.client.connect()) - finally: - os.chdir(cwd) + self.loop.run_until_complete(self.client.connect_unix(path)) + self.loop.run_until_complete(self.client.connect()) @property def max_chunk(self): diff --git a/poky/bitbake/lib/bb/asyncrpc/serv.py b/poky/bitbake/lib/bb/asyncrpc/serv.py index b4cffff213..e14df18e71 100644 --- a/poky/bitbake/lib/bb/asyncrpc/serv.py +++ b/poky/bitbake/lib/bb/asyncrpc/serv.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/codeparser.py b/poky/bitbake/lib/bb/codeparser.py index 3b3c3b41ff..9d66d3ae41 100644 --- a/poky/bitbake/lib/bb/codeparser.py +++ b/poky/bitbake/lib/bb/codeparser.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/compress/_pipecompress.py b/poky/bitbake/lib/bb/compress/_pipecompress.py index 5de17a82e2..4a403d62cf 100644 --- a/poky/bitbake/lib/bb/compress/_pipecompress.py +++ b/poky/bitbake/lib/bb/compress/_pipecompress.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # # Helper library to implement streaming compression and decompression using an diff --git a/poky/bitbake/lib/bb/compress/lz4.py b/poky/bitbake/lib/bb/compress/lz4.py index 0f6bc51a5b..88b0989322 100644 --- a/poky/bitbake/lib/bb/compress/lz4.py +++ b/poky/bitbake/lib/bb/compress/lz4.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/compress/zstd.py b/poky/bitbake/lib/bb/compress/zstd.py index 50c42133fb..cdbbe9d60f 100644 --- a/poky/bitbake/lib/bb/compress/zstd.py +++ b/poky/bitbake/lib/bb/compress/zstd.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/cooker.py b/poky/bitbake/lib/bb/cooker.py index 6da9291f9c..2adf4d297d 100644 --- a/poky/bitbake/lib/bb/cooker.py +++ b/poky/bitbake/lib/bb/cooker.py @@ -13,7 +13,6 @@ import sys, os, glob, os.path, re, time import itertools import logging import multiprocessing -import sre_constants import threading from io import StringIO, UnsupportedOperation from contextlib import closing @@ -1907,7 +1906,7 @@ class CookerCollectFiles(object): try: re.compile(mask) bbmasks.append(mask) - except sre_constants.error: + except re.error: collectlog.critical("BBMASK contains an invalid regular expression, ignoring: %s" % mask) # Then validate the combined regular expressions. This should never @@ -1915,7 +1914,7 @@ class CookerCollectFiles(object): bbmask = "|".join(bbmasks) try: bbmask_compiled = re.compile(bbmask) - except sre_constants.error: + except re.error: collectlog.critical("BBMASK is not a valid regular expression, ignoring: %s" % bbmask) bbmask = None diff --git a/poky/bitbake/lib/bb/daemonize.py b/poky/bitbake/lib/bb/daemonize.py index 4957bfd4b8..7689404436 100644 --- a/poky/bitbake/lib/bb/daemonize.py +++ b/poky/bitbake/lib/bb/daemonize.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/event.py b/poky/bitbake/lib/bb/event.py index df020551e3..97668601a1 100644 --- a/poky/bitbake/lib/bb/event.py +++ b/poky/bitbake/lib/bb/event.py @@ -132,8 +132,14 @@ def print_ui_queue(): if not _uiready: from bb.msg import BBLogFormatter # Flush any existing buffered content - sys.stdout.flush() - sys.stderr.flush() + try: + sys.stdout.flush() + except: + pass + try: + sys.stderr.flush() + except: + pass stdout = logging.StreamHandler(sys.stdout) stderr = logging.StreamHandler(sys.stderr) formatter = BBLogFormatter("%(levelname)s: %(message)s") diff --git a/poky/bitbake/lib/bb/exceptions.py b/poky/bitbake/lib/bb/exceptions.py index ecbad59970..801db9c82f 100644 --- a/poky/bitbake/lib/bb/exceptions.py +++ b/poky/bitbake/lib/bb/exceptions.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/fetch2/__init__.py b/poky/bitbake/lib/bb/fetch2/__init__.py index ac557176d7..a31406263f 100644 --- a/poky/bitbake/lib/bb/fetch2/__init__.py +++ b/poky/bitbake/lib/bb/fetch2/__init__.py @@ -1097,6 +1097,8 @@ def try_mirror_url(fetch, origud, ud, ld, check = False): def ensure_symlink(target, link_name): if not os.path.exists(link_name): + dirname = os.path.dirname(link_name) + bb.utils.mkdirhier(dirname) if os.path.islink(link_name): # Broken symbolic link os.unlink(link_name) diff --git a/poky/bitbake/lib/bb/fetch2/gitsm.py b/poky/bitbake/lib/bb/fetch2/gitsm.py index c5c23d5260..25d5db0e5b 100644 --- a/poky/bitbake/lib/bb/fetch2/gitsm.py +++ b/poky/bitbake/lib/bb/fetch2/gitsm.py @@ -88,7 +88,7 @@ class GitSM(Git): subrevision[m] = module_hash.split()[2] # Convert relative to absolute uri based on parent uri - if uris[m].startswith('..'): + if uris[m].startswith('..') or uris[m].startswith('./'): newud = copy.copy(ud) newud.path = os.path.realpath(os.path.join(newud.path, uris[m])) uris[m] = Git._get_repo_url(self, newud) @@ -115,6 +115,9 @@ class GitSM(Git): # This has to be a file reference proto = "file" url = "gitsm://" + uris[module] + if "{}{}".format(ud.host, ud.path) in url: + raise bb.fetch2.FetchError("Submodule refers to the parent repository. This will cause deadlock situation in current version of Bitbake." \ + "Consider using git fetcher instead.") url += ';protocol=%s' % proto url += ";name=%s" % module diff --git a/poky/bitbake/lib/bb/fetch2/npm.py b/poky/bitbake/lib/bb/fetch2/npm.py index 8f7c10ac9b..8a179a339a 100644 --- a/poky/bitbake/lib/bb/fetch2/npm.py +++ b/poky/bitbake/lib/bb/fetch2/npm.py @@ -156,7 +156,7 @@ class Npm(FetchMethod): raise ParameterError("Invalid 'version' parameter", ud.url) # Extract the 'registry' part of the url - ud.registry = re.sub(r"^npm://", "http://", ud.url.split(";")[0]) + ud.registry = re.sub(r"^npm://", "https://", ud.url.split(";")[0]) # Using the 'downloadfilename' parameter as local filename # or the npm package name. diff --git a/poky/bitbake/lib/bb/fetch2/osc.py b/poky/bitbake/lib/bb/fetch2/osc.py index eb0f82c8e6..bf4c2f0511 100644 --- a/poky/bitbake/lib/bb/fetch2/osc.py +++ b/poky/bitbake/lib/bb/fetch2/osc.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # """ diff --git a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py index ee9bd760ce..68415735fd 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/BBHandler.py @@ -178,10 +178,10 @@ def feeder(lineno, s, fn, root, statements, eof=False): if s and s[0] == '#': if len(__residue__) != 0 and __residue__[0][0] != "#": - bb.fatal("There is a comment on line %s of file %s (%s) which is in the middle of a multiline expression.\nBitbake used to ignore these but no longer does so, please fix your metadata as errors are likely as a result of this change." % (lineno, fn, s)) + bb.fatal("There is a comment on line %s of file %s:\n'''\n%s\n'''\nwhich is in the middle of a multiline expression. This syntax is invalid, please correct it." % (lineno, fn, s)) if len(__residue__) != 0 and __residue__[0][0] == "#" and (not s or s[0] != "#"): - bb.fatal("There is a confusing multiline, partially commented expression on line %s of file %s (%s).\nPlease clarify whether this is all a comment or should be parsed." % (lineno, fn, s)) + bb.fatal("There is a confusing multiline partially commented expression on line %s of file %s:\n%s\nPlease clarify whether this is all a comment or should be parsed." % (lineno - len(__residue__), fn, "\n".join(__residue__))) if s and s[-1] == '\\': __residue__.append(s[:-1]) diff --git a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py index b895d5b5ef..451e68dd66 100644 --- a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py +++ b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py @@ -125,16 +125,21 @@ def handle(fn, data, include): s = f.readline() if not s: break + origlineno = lineno + origline = s w = s.strip() # skip empty lines if not w: continue s = s.rstrip() while s[-1] == '\\': - s2 = f.readline().rstrip() + line = f.readline() + origline += line + s2 = line.rstrip() lineno = lineno + 1 if (not s2 or s2 and s2[0] != "#") and s[0] == "#" : - bb.fatal("There is a confusing multiline, partially commented expression on line %s of file %s (%s).\nPlease clarify whether this is all a comment or should be parsed." % (lineno, fn, s)) + bb.fatal("There is a confusing multiline, partially commented expression starting on line %s of file %s:\n%s\nPlease clarify whether this is all a comment or should be parsed." % (origlineno, fn, origline)) + s = s[:-1] + s2 # skip comments if s[0] == '#': @@ -147,8 +152,6 @@ def handle(fn, data, include): if oldfile: data.setVar('FILE', oldfile) - f.close() - for f in confFilters: f(fn, data) diff --git a/poky/bitbake/lib/bb/process.py b/poky/bitbake/lib/bb/process.py index be2c15a188..4c7b6d39df 100644 --- a/poky/bitbake/lib/bb/process.py +++ b/poky/bitbake/lib/bb/process.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py index f34f1568e2..48e25401ba 100644 --- a/poky/bitbake/lib/bb/runqueue.py +++ b/poky/bitbake/lib/bb/runqueue.py @@ -24,6 +24,7 @@ import pickle from multiprocessing import Process import shlex import pprint +import time bblogger = logging.getLogger("BitBake") logger = logging.getLogger("BitBake.RunQueue") @@ -159,6 +160,55 @@ class RunQueueScheduler(object): self.buildable.append(tid) self.rev_prio_map = None + self.is_pressure_usable() + + def is_pressure_usable(self): + """ + If monitoring pressure, return True if pressure files can be open and read. For example + openSUSE /proc/pressure/* files have readable file permissions but when read the error EOPNOTSUPP (Operation not supported) + is returned. + """ + if self.rq.max_cpu_pressure or self.rq.max_io_pressure or self.rq.max_memory_pressure: + try: + with open("/proc/pressure/cpu") as cpu_pressure_fds, \ + open("/proc/pressure/io") as io_pressure_fds, \ + open("/proc/pressure/memory") as memory_pressure_fds: + + self.prev_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1] + self.prev_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1] + self.prev_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1] + self.prev_pressure_time = time.time() + self.check_pressure = True + except: + bb.note("The /proc/pressure files can't be read. Continuing build without monitoring pressure") + self.check_pressure = False + else: + self.check_pressure = False + + def exceeds_max_pressure(self): + """ + Monitor the difference in total pressure at least once per second, if + BB_PRESSURE_MAX_{CPU|IO|MEMORY} are set, return True if above threshold. + """ + if self.check_pressure: + with open("/proc/pressure/cpu") as cpu_pressure_fds, \ + open("/proc/pressure/io") as io_pressure_fds, \ + open("/proc/pressure/memory") as memory_pressure_fds: + # extract "total" from /proc/pressure/{cpu|io} + curr_cpu_pressure = cpu_pressure_fds.readline().split()[4].split("=")[1] + curr_io_pressure = io_pressure_fds.readline().split()[4].split("=")[1] + curr_memory_pressure = memory_pressure_fds.readline().split()[4].split("=")[1] + exceeds_cpu_pressure = self.rq.max_cpu_pressure and (float(curr_cpu_pressure) - float(self.prev_cpu_pressure)) > self.rq.max_cpu_pressure + exceeds_io_pressure = self.rq.max_io_pressure and (float(curr_io_pressure) - float(self.prev_io_pressure)) > self.rq.max_io_pressure + exceeds_memory_pressure = self.rq.max_memory_pressure and (float(curr_memory_pressure) - float(self.prev_memory_pressure)) > self.rq.max_memory_pressure + now = time.time() + if now - self.prev_pressure_time > 1.0: + self.prev_cpu_pressure = curr_cpu_pressure + self.prev_io_pressure = curr_io_pressure + self.prev_memory_pressure = curr_memory_pressure + self.prev_pressure_time = now + return (exceeds_cpu_pressure or exceeds_io_pressure or exceeds_memory_pressure) + return False def next_buildable_task(self): """ @@ -172,6 +222,12 @@ class RunQueueScheduler(object): if not buildable: return None + # Bitbake requires that at least one task be active. Only check for pressure if + # this is the case, otherwise the pressure limitation could result in no tasks + # being active and no new tasks started thereby, at times, breaking the scheduler. + if self.rq.stats.active and self.exceeds_max_pressure(): + return None + # Filter out tasks that have a max number of threads that have been exceeded skip_buildable = {} for running in self.rq.runq_running.difference(self.rq.runq_complete): @@ -1699,6 +1755,9 @@ class RunQueueExecute: self.number_tasks = int(self.cfgData.getVar("BB_NUMBER_THREADS") or 1) self.scheduler = self.cfgData.getVar("BB_SCHEDULER") or "speed" + self.max_cpu_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_CPU") + self.max_io_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_IO") + self.max_memory_pressure = self.cfgData.getVar("BB_PRESSURE_MAX_MEMORY") self.sq_buildable = set() self.sq_running = set() @@ -1733,6 +1792,29 @@ class RunQueueExecute: if self.number_tasks <= 0: bb.fatal("Invalid BB_NUMBER_THREADS %s" % self.number_tasks) + lower_limit = 1.0 + upper_limit = 1000000.0 + if self.max_cpu_pressure: + self.max_cpu_pressure = float(self.max_cpu_pressure) + if self.max_cpu_pressure < lower_limit: + bb.fatal("Invalid BB_PRESSURE_MAX_CPU %s, minimum value is %s." % (self.max_cpu_pressure, lower_limit)) + if self.max_cpu_pressure > upper_limit: + bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_CPU is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_cpu_pressure)) + + if self.max_io_pressure: + self.max_io_pressure = float(self.max_io_pressure) + if self.max_io_pressure < lower_limit: + bb.fatal("Invalid BB_PRESSURE_MAX_IO %s, minimum value is %s." % (self.max_io_pressure, lower_limit)) + if self.max_io_pressure > upper_limit: + bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_IO is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure)) + + if self.max_memory_pressure: + self.max_memory_pressure = float(self.max_memory_pressure) + if self.max_memory_pressure < lower_limit: + bb.fatal("Invalid BB_PRESSURE_MAX_MEMORY %s, minimum value is %s." % (self.max_memory_pressure, lower_limit)) + if self.max_memory_pressure > upper_limit: + bb.warn("Your build will be largely unregulated since BB_PRESSURE_MAX_MEMORY is set to %s. It is very unlikely that such high pressure will be experienced." % (self.max_io_pressure)) + # List of setscene tasks which we've covered self.scenequeue_covered = set() # List of tasks which are covered (including setscene ones) @@ -2172,10 +2254,9 @@ class RunQueueExecute: # No more tasks can be run. If we have deferred setscene tasks we should run them. if self.sq_deferred: - tid = self.sq_deferred.pop(list(self.sq_deferred.keys())[0]) - logger.warning("Runqeueue deadlocked on deferred tasks, forcing task %s" % tid) - if tid not in self.runq_complete: - self.sq_task_failoutright(tid) + deferred_tid = list(self.sq_deferred.keys())[0] + blocking_tid = self.sq_deferred.pop(deferred_tid) + logger.warning("Runqeueue deadlocked on deferred tasks, forcing task %s blocked by %s" % (deferred_tid, blocking_tid)) return True if self.failed_tids: @@ -2299,6 +2380,9 @@ class RunQueueExecute: self.rqdata.runtaskentries[hashtid].unihash = unihash bb.parse.siggen.set_unihash(hashtid, unihash) toprocess.add(hashtid) + if torehash: + # Need to save after set_unihash above + bb.parse.siggen.save_unitaskhashes() # Work out all tasks which depend upon these total = set() @@ -2438,11 +2522,14 @@ class RunQueueExecute: if update_tasks: self.sqdone = False - for tid in [t[0] for t in update_tasks]: - h = pending_hash_index(tid, self.rqdata) - if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]: - self.sq_deferred[tid] = self.sqdata.hashes[h] - bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h])) + for mc in sorted(self.sqdata.multiconfigs): + for tid in sorted([t[0] for t in update_tasks]): + if mc_from_tid(tid) != mc: + continue + h = pending_hash_index(tid, self.rqdata) + if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]: + self.sq_deferred[tid] = self.sqdata.hashes[h] + bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h])) update_scenequeue_data([t[0] for t in update_tasks], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False) for (tid, harddepfail, origvalid) in update_tasks: diff --git a/poky/bitbake/lib/bb/siggen.py b/poky/bitbake/lib/bb/siggen.py index 9fa568f614..9a20fc8e5f 100644 --- a/poky/bitbake/lib/bb/siggen.py +++ b/poky/bitbake/lib/bb/siggen.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # @@ -419,7 +421,7 @@ class SignatureGeneratorBasic(SignatureGenerator): bb.error("Taskhash mismatch %s versus %s for %s" % (computed_taskhash, self.taskhash[tid], tid)) sigfile = sigfile.replace(self.taskhash[tid], computed_taskhash) - fd, tmpfile = tempfile.mkstemp(dir=os.path.dirname(sigfile), prefix="sigtask.") + fd, tmpfile = bb.utils.mkstemp(dir=os.path.dirname(sigfile), prefix="sigtask.") try: with bb.compress.zstd.open(fd, "wt", encoding="utf-8", num_threads=1) as f: json.dump(data, f, sort_keys=True, separators=(",", ":"), cls=SetEncoder) diff --git a/poky/bitbake/lib/bb/tests/compression.py b/poky/bitbake/lib/bb/tests/compression.py index d3ddf67f1c..95af3f96d7 100644 --- a/poky/bitbake/lib/bb/tests/compression.py +++ b/poky/bitbake/lib/bb/tests/compression.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/tests/cooker.py b/poky/bitbake/lib/bb/tests/cooker.py index c82d4b7b81..9e524ae345 100644 --- a/poky/bitbake/lib/bb/tests/cooker.py +++ b/poky/bitbake/lib/bb/tests/cooker.py @@ -1,6 +1,8 @@ # # BitBake Tests for cooker.py # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bb/tests/parse.py b/poky/bitbake/lib/bb/tests/parse.py index 2898f9bb14..1a3b74934d 100644 --- a/poky/bitbake/lib/bb/tests/parse.py +++ b/poky/bitbake/lib/bb/tests/parse.py @@ -194,3 +194,26 @@ deltask ${EMPTYVAR} self.assertTrue('addtask ignored: " do_patch"' in stdout) #self.assertTrue('dependent task do_foo for do_patch does not exist' in stdout) + broken_multiline_comment = """ +# First line of comment \\ +# Second line of comment \\ + +""" + def test_parse_broken_multiline_comment(self): + f = self.parsehelper(self.broken_multiline_comment) + with self.assertRaises(bb.BBHandledException): + d = bb.parse.handle(f.name, self.d)[''] + + + comment_in_var = """ +VAR = " \\ + SOMEVAL \\ +# some comment \\ + SOMEOTHERVAL \\ +" +""" + def test_parse_comment_in_var(self): + f = self.parsehelper(self.comment_in_var) + with self.assertRaises(bb.BBHandledException): + d = bb.parse.handle(f.name, self.d)[''] + diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py index d11da978d7..92d44c5260 100644 --- a/poky/bitbake/lib/bb/utils.py +++ b/poky/bitbake/lib/bb/utils.py @@ -28,6 +28,8 @@ import signal import collections import copy import ctypes +import random +import tempfile from subprocess import getstatusoutput from contextlib import contextmanager from ctypes import cdll @@ -429,12 +431,14 @@ def better_eval(source, locals, extraglobals = None): return eval(source, ctx, locals) @contextmanager -def fileslocked(files): +def fileslocked(files, *args, **kwargs): """Context manager for locking and unlocking file locks.""" locks = [] if files: for lockfile in files: - locks.append(bb.utils.lockfile(lockfile)) + l = bb.utils.lockfile(lockfile, *args, **kwargs) + if l is not None: + locks.append(l) try: yield @@ -692,8 +696,8 @@ def remove(path, recurse=False, ionice=False): return if recurse: for name in glob.glob(path): - if _check_unsafe_delete_path(path): - raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % path) + if _check_unsafe_delete_path(name): + raise Exception('bb.utils.remove: called with dangerous path "%s" and recurse=True, refusing to delete!' % name) # shutil.rmtree(name) would be ideal but its too slow cmd = [] if ionice: @@ -751,7 +755,7 @@ def movefile(src, dest, newmtime = None, sstat = None): if not sstat: sstat = os.lstat(src) except Exception as e: - print("movefile: Stating source file failed...", e) + logger.warning("movefile: Stating source file failed...", e) return None destexists = 1 @@ -779,7 +783,7 @@ def movefile(src, dest, newmtime = None, sstat = None): os.unlink(src) return os.lstat(dest) except Exception as e: - print("movefile: failed to properly create symlink:", dest, "->", target, e) + logger.warning("movefile: failed to properly create symlink:", dest, "->", target, e) return None renamefailed = 1 @@ -796,7 +800,7 @@ def movefile(src, dest, newmtime = None, sstat = None): except Exception as e: if e.errno != errno.EXDEV: # Some random error. - print("movefile: Failed to move", src, "to", dest, e) + logger.warning("movefile: Failed to move", src, "to", dest, e) return None # Invalid cross-device-link 'bind' mounted or actually Cross-Device @@ -808,13 +812,13 @@ def movefile(src, dest, newmtime = None, sstat = None): bb.utils.rename(destpath + "#new", destpath) didcopy = 1 except Exception as e: - print('movefile: copy', src, '->', dest, 'failed.', e) + logger.warning('movefile: copy', src, '->', dest, 'failed.', e) return None else: #we don't yet handle special, so we need to fall back to /bin/mv a = getstatusoutput("/bin/mv -f " + "'" + src + "' '" + dest + "'") if a[0] != 0: - print("movefile: Failed to move special file:" + src + "' to '" + dest + "'", a) + logger.warning("movefile: Failed to move special file:" + src + "' to '" + dest + "'", a) return None # failure try: if didcopy: @@ -822,7 +826,7 @@ def movefile(src, dest, newmtime = None, sstat = None): os.chmod(destpath, stat.S_IMODE(sstat[stat.ST_MODE])) # Sticky is reset on chown os.unlink(src) except Exception as e: - print("movefile: Failed to chown/chmod/unlink", dest, e) + logger.warning("movefile: Failed to chown/chmod/unlink", dest, e) return None if newmtime: @@ -1754,3 +1758,22 @@ def is_local_uid(uid=''): if str(uid) == line_split[2]: return True return False + +def mkstemp(suffix=None, prefix=None, dir=None, text=False): + """ + Generates a unique filename, independent of time. + + mkstemp() in glibc (at least) generates unique file names based on the + current system time. When combined with highly parallel builds, and + operating over NFS (e.g. shared sstate/downloads) this can result in + conflicts and race conditions. + + This function adds additional entropy to the file name so that a collision + is independent of time and thus extremely unlikely. + """ + entropy = "".join(random.choices("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890", k=20)) + if prefix: + prefix = prefix + entropy + else: + prefix = tempfile.gettempprefix() + entropy + return tempfile.mkstemp(suffix=suffix, prefix=prefix, dir=dir, text=text) diff --git a/poky/bitbake/lib/bblayers/__init__.py b/poky/bitbake/lib/bblayers/__init__.py index 4e7c09da04..78efd29750 100644 --- a/poky/bitbake/lib/bblayers/__init__.py +++ b/poky/bitbake/lib/bblayers/__init__.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/action.py b/poky/bitbake/lib/bblayers/action.py index 6723e2c605..454c251410 100644 --- a/poky/bitbake/lib/bblayers/action.py +++ b/poky/bitbake/lib/bblayers/action.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/common.py b/poky/bitbake/lib/bblayers/common.py index 6c76ef3505..f7b9cee371 100644 --- a/poky/bitbake/lib/bblayers/common.py +++ b/poky/bitbake/lib/bblayers/common.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/layerindex.py b/poky/bitbake/lib/bblayers/layerindex.py index 7936516209..0ac8fd2ec7 100644 --- a/poky/bitbake/lib/bblayers/layerindex.py +++ b/poky/bitbake/lib/bblayers/layerindex.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/bblayers/query.py b/poky/bitbake/lib/bblayers/query.py index 525d4f0d47..9142ec4474 100644 --- a/poky/bitbake/lib/bblayers/query.py +++ b/poky/bitbake/lib/bblayers/query.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/__init__.py b/poky/bitbake/lib/prserv/__init__.py index 9961040b58..38ced818ad 100644 --- a/poky/bitbake/lib/prserv/__init__.py +++ b/poky/bitbake/lib/prserv/__init__.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/client.py b/poky/bitbake/lib/prserv/client.py index a3f19ddafc..69ab7a4ac9 100644 --- a/poky/bitbake/lib/prserv/client.py +++ b/poky/bitbake/lib/prserv/client.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/db.py b/poky/bitbake/lib/prserv/db.py index 2710d4a225..b4bda7078c 100644 --- a/poky/bitbake/lib/prserv/db.py +++ b/poky/bitbake/lib/prserv/db.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/prserv/serv.py b/poky/bitbake/lib/prserv/serv.py index 0a20b927c7..c686b2065c 100644 --- a/poky/bitbake/lib/prserv/serv.py +++ b/poky/bitbake/lib/prserv/serv.py @@ -1,4 +1,6 @@ # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/toaster/manage.py b/poky/bitbake/lib/toaster/manage.py index ae32619d12..f8de49c264 100755 --- a/poky/bitbake/lib/toaster/manage.py +++ b/poky/bitbake/lib/toaster/manage.py @@ -1,5 +1,7 @@ #!/usr/bin/env python3 # +# Copyright BitBake Contributors +# # SPDX-License-Identifier: GPL-2.0-only # diff --git a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml index ed86114ebe..20fcc01767 100644 --- a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml +++ b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml @@ -42,7 +42,7 @@ kirkstone - Yocto Project 3.5 "Kirkstone" + Yocto Project 4.0 "Kirkstone" 1 kirkstone Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=kirkstone">Yocto Project Kirkstone branch</a>. diff --git a/poky/documentation/brief-yoctoprojectqs/index.rst b/poky/documentation/brief-yoctoprojectqs/index.rst index a982eae207..cef91c6476 100644 --- a/poky/documentation/brief-yoctoprojectqs/index.rst +++ b/poky/documentation/brief-yoctoprojectqs/index.rst @@ -64,6 +64,7 @@ following requirements: - tar &MIN_TAR_VERSION; or greater - Python &MIN_PYTHON_VERSION; or greater. - gcc &MIN_GCC_VERSION; or greater. + - GNU make &MIN_MAKE_VERSION; or greater If your build host does not meet any of these three listed version requirements, you can take steps to prepare the system so that you diff --git a/poky/documentation/dev-manual/common-tasks.rst b/poky/documentation/dev-manual/common-tasks.rst index b228c75aab..fbe8a29896 100644 --- a/poky/documentation/dev-manual/common-tasks.rst +++ b/poky/documentation/dev-manual/common-tasks.rst @@ -2562,7 +2562,7 @@ Recipe Syntax Understanding recipe file syntax is important for writing recipes. The following list overviews the basic items that make up a BitBake recipe file. For more complete BitBake syntax descriptions, see the -":doc:`bitbake-user-manual/bitbake-user-manual-metadata`" +":doc:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata`" chapter of the BitBake User Manual. - *Variable Assignments and Manipulations:* Variable assignments allow diff --git a/poky/documentation/migration-guides/release-3.4.rst b/poky/documentation/migration-guides/release-3.4.rst index 81476c4adb..66023108c7 100644 --- a/poky/documentation/migration-guides/release-3.4.rst +++ b/poky/documentation/migration-guides/release-3.4.rst @@ -7,4 +7,6 @@ Release 3.4 (honister) release-notes-3.4 release-notes-3.4.1 release-notes-3.4.2 + release-notes-3.4.3 + release-notes-3.4.4 diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst index 7062f9d241..9f67daaffb 100644 --- a/poky/documentation/migration-guides/release-4.0.rst +++ b/poky/documentation/migration-guides/release-4.0.rst @@ -5,3 +5,7 @@ Release 4.0 (kirkstone) migration-4.0 release-notes-4.0 + release-notes-4.0.1 + release-notes-4.0.2 + release-notes-4.0.3 + release-notes-4.0.4 diff --git a/poky/documentation/migration-guides/release-notes-3.4.3.rst b/poky/documentation/migration-guides/release-notes-3.4.3.rst new file mode 100644 index 0000000000..5e118d9b02 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-3.4.3.rst @@ -0,0 +1,197 @@ +Release notes for 3.4.3 (honister) +---------------------------------- + +Security Fixes in 3.4.3 +~~~~~~~~~~~~~~~~~~~~~~~ + +- ghostscript: fix :cve:`2021-3781` +- ghostscript: fix :cve:`2021-45949` +- tiff: Add backports for two CVEs from upstream (:cve:`2022-0561` & :cve:`2022-0562`) +- gcc : Fix :cve:`2021-46195` +- virglrenderer: fix `CVE-2022-0135 `__ and `CVE-2022-0175 `__ +- binutils: Add fix for :cve:`2021-45078` + + +Fixes in 3.4.3 +~~~~~~~~~~~~~~ + +- Revert "cve-check: add lockfile to task" +- asciidoc: update git repository +- bitbake: build: Tweak exception handling for setscene tasks +- bitbake: contrib: Fix hash server Dockerfile dependencies +- bitbake: cooker: Improve parsing failure from handled exception usability +- bitbake: data_smart: Fix overrides file/line message additions +- bitbake: fetch2: ssh: username and password are optional +- bitbake: tests/fetch: Handle upstream master -> main branch change +- bitbake: utils: Ensure shell function failure in python logging is correct +- build-appliance-image: Update to honister head revision +- build-appliance-image: Update to honister head revision +- coreutils: remove obsolete ignored CVE list +- crate-fetch: fix setscene failures +- cups: Add --with-dbusdir to EXTRA_OECONF for deterministic build +- cve-check: create directory of CVE_CHECK_MANIFEST before copy +- cve-check: get_cve_info should open the database read-only +- default-distrovars.inc: Switch connectivity check to a yoctoproject.org page +- depmodwrapper-cross: add config directory option +- devtool: deploy-target: Remove stripped binaries in pseudo context +- devtool: explicitly set main or master branches in upgrades when available +- docs: fix hardcoded link warning messages +- documentation: conf.py: update for 3.4.2 +- documentation: prepare for 3.4.3 release +- expat: Upgrade to 2.4.7 +- gcc-target: fix glob to remove gcc- binary +- gcsections: add nativesdk-cairo to exclude list +- go: update to 1.16.15 +- gst-devtools: 1.18.5 -> 1.18.6 +- gst-examples: 1.18.5 -> 1.18.6 +- gstreamer1.0-libav: 1.18.5 -> 1.18.6 +- gstreamer1.0-omx: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-bad: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-base: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-good: 1.18.5 -> 1.18.6 +- gstreamer1.0-plugins-ugly: 1.18.5 -> 1.18.6 +- gstreamer1.0-python: 1.18.5 -> 1.18.6 +- gstreamer1.0-rtsp-server: 1.18.5 -> 1.18.6 +- gstreamer1.0-vaapi: 1.18.5 -> 1.18.6 +- gstreamer1.0: 1.18.5 -> 1.18.6 +- harfbuzz: upgrade 2.9.0 -> 2.9.1 +- initramfs-framework: unmount automounts before switch_root +- kernel-devsrc: do not copy Module.symvers file during install +- libarchive : update to 3.5.3 +- libpcap: Disable DPDK explicitly +- libxml-parser-perl: Add missing RDEPENDS +- linux-firmware: upgrade 20211216 -> 20220209 +- linux-yocto/5.10: Fix ramoops/ftrace +- linux-yocto/5.10: features/zram: remove CONFIG_ZRAM_DEF_COMP +- linux-yocto/5.10: fix dssall build error with binutils 2.3.8 +- linux-yocto/5.10: ppc/riscv: fix build with binutils 2.3.8 +- linux-yocto/5.10: update genericx86* machines to v5.10.99 +- linux-yocto/5.10: update to v5.10.103 +- mc: fix build if ncurses have been configured without wide characters +- oeqa/buildtools: Switch to our webserver instead of example.com +- patch.py: Prevent git repo reinitialization +- perl: Improve and update module RPDEPENDS +- poky.conf: bump version for 3.4.3 honister release +- qemuboot: Fix build error if UNINATIVE_LOADER is unset +- quilt: Disable external sendmail for deterministic build +- recipetool: Fix circular reference in SRC_URI +- releases: update to include 3.3.5 +- releases: update to include 3.4.2 +- rootfs-postcommands: amend systemd_create_users add user to group check +- ruby: update 3.0.2 -> 3.0.3 +- scripts/runqemu-ifdown: Don't treat the last iptables command as special +- sdk: fix search for dynamic loader +- selftest: recipetool: Correct the URI for socat +- sstate: inside the threadedpool don't write to the shared localdata +- uninative: Upgrade to 3.5 +- util-linux: upgrade to 2.37.4 +- vim: Update to 8.2.4524 for further CVE fixes +- wic: Use custom kernel path if provided +- wireless-regdb: upgrade 2021.08.28 -> 2022.02.18 +- zip: modify when match.S is built + +Contributors to 3.4.3 +~~~~~~~~~~~~~~~~~~~~~ + +- Alexander Kanavin +- Anuj Mittal +- Bill Pittman +- Bruce Ashfield +- Chee Yang Lee +- Christian Eggers +- Daniel Gomez +- Daniel Müller +- Daniel Wagenknecht +- Florian Amstutz +- Joe Slater +- Jose Quaresma +- Justin Bronder +- Lee Chee Yang +- Michael Halstead +- Michael Opdenacker +- Oleksandr Ocheretnyi +- Oleksandr Suvorov +- Pavel Zhukov +- Peter Kjellerstedt +- Richard Purdie +- Robert Yang +- Ross Burton +- Sakib Sajal +- Saul Wold +- Sean Anderson +- Stefan Herbrechtsmeier +- Tamizharasan Kumar +- Tean Cunningham +- Zoltán Böszörményi +- pgowda +- wangmy + +Repositories / Downloads for 3.4.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/poky/ +- Branch: :yocto_git:`honister ` +- Tag: `yocto-3.4.3 `__ +- Git Revision: :yocto_git:`ee68ae307fd951b9de6b31dc6713ea29186b7749 ` +- Release Artefact: poky-ee68ae307fd951b9de6b31dc6713ea29186b7749 +- sha: 92c3d73c3e74f0e1d5c2ab2836ce3a3accbe47772cea70df3755845e0db1379b +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/poky-ee68ae307fd951b9de6b31dc6713ea29186b7749.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/poky-ee68ae307fd951b9de6b31dc6713ea29186b7749.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`honister ` +- Tag: :oe_git:`yocto-3.4.3 ` +- Git Revision: :oe_git:`ebca8f3ac9372b7ebb3d39e8f7f930b63b481448 ` +- Release Artefact: oecore-ebca8f3ac9372b7ebb3d39e8f7f930b63b481448 +- sha: f28e503f6f6c0bcd9192dbd528f8e3c7bcea504c089117e0094d9a4f315f4b9f +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/oecore-ebca8f3ac9372b7ebb3d39e8f7f930b63b481448.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/oecore-ebca8f3ac9372b7ebb3d39e8f7f930b63b481448.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/meta-mingw +- Branch: :yocto_git:`honister ` +- Tag: :yocto_git:`yocto-3.4.3 ` +- Git Revision: :yocto_git:`f5d761cbd5c957e4405c5d40b0c236d263c916a8 ` +- Release Artefact: meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8 +- sha: d4305d638ef80948584526c8ca386a8cf77933dffb8a3b8da98d26a5c40fcc11 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/meta-gplv2 +- Branch: :yocto_git:`honister ` +- Tag: :yocto_git:`yocto-3.4.3 ` +- Git Revision: :yocto_git:`f04e4369bf9dd3385165281b9fa2ed1043b0e400 ` +- Release Artefact: meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400 +- sha: ef8e2b1ec1fb43dbee4ff6990ac736315c7bc2d8c8e79249e1d337558657d3fe +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`1.52 ` +- Tag: :oe_git:`yocto-3.4.3 ` +- Git Revision: :oe_git:`43dcb2b2a2b95a5c959be57bca94fb7190ea6257 ` +- Release Artefact: bitbake-43dcb2b2a2b95a5c959be57bca94fb7190ea6257 +- sha: 92497ff97fed81dcc6d3e202969fb63ca983a8f5d9d91cafc6aee88312f79cf9 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.3/bitbake-43dcb2b2a2b95a5c959be57bca94fb7190ea6257.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.3/bitbake-43dcb2b2a2b95a5c959be57bca94fb7190ea6257.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/yocto-docs +- Branch: :yocto_git:`honister ` +- Tag: :yocto_git:`yocto-3.4.3 ` +- Git Revision: :yocto_git:`15f46f97d9cad558c19fc1dc19cfbe3720271d04 ` diff --git a/poky/documentation/migration-guides/release-notes-3.4.4.rst b/poky/documentation/migration-guides/release-notes-3.4.4.rst new file mode 100644 index 0000000000..91beba0062 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-3.4.4.rst @@ -0,0 +1,155 @@ +Release notes for 3.4.4 (honister) +---------------------------------- + +Security Fixes in 3.4.4 +~~~~~~~~~~~~~~~~~~~~~~~ + +- tiff: fix :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909` and :cve:`2022-0924` +- xz: fix `CVE-2022-1271 `__ +- unzip: fix `CVE-2021-4217 `__ +- zlib: fix :cve:`2018-25032` +- grub: ignore :cve:`2021-46705` + +Fixes in 3.4.4 +~~~~~~~~~~~~~~ + +- alsa-tools: Ensure we install correctly +- bitbake.conf: mark all directories as safe for git to read +- bitbake: knotty: display active tasks when printing keepAlive() message +- bitbake: knotty: reduce keep-alive timeout from 5000s (83 minutes) to 10 minutes +- bitbake: server/process: Disable gc around critical section +- bitbake: server/xmlrpcserver: Add missing xmlrpcclient import +- bitbake: toaster: Fix IMAGE_INSTALL issues with _append vs :append +- bitbake: toaster: fixtures replace gatesgarth +- build-appliance-image: Update to honister head revision +- conf.py/poky.yaml: Move version information to poky.yaml and read in conf.py +- conf/machine: fix QEMU x86 sound options +- devupstream: fix handling of SRC_URI +- documentation: update for 3.4.4 release +- externalsrc/devtool: Fix to work with fixed export funcition flags handling +- gmp: add missing COPYINGv3 +- gnu-config: update SRC_URI +- libxml2: fix CVE-2022-23308 regression +- libxml2: move to gitlab.gnome.org +- libxml2: update to 2.9.13 +- libxshmfence: Correct LICENSE to HPND +- license_image.bbclass: close package.manifest file +- linux-firmware: correct license for ar3k firmware +- linux-firmware: upgrade 20220310 -> 20220411 +- linux-yocto-rt/5.10: update to -rt61 +- linux-yocto/5.10: cfg/debug: add configs for kcsan +- linux-yocto/5.10: split vtpm for more granular inclusion +- linux-yocto/5.10: update to v5.10.109 +- linux-yocto: nohz_full boot arg fix +- oe-pkgdata-util: Adapt to the new variable override syntax +- oeqa/selftest/devtool: ensure Git username is set before upgrade tests +- poky.conf: bump version for 3.4.4 release +- pseudo: Add patch to workaround paths with crazy lengths +- pseudo: Fix handling of absolute links +- sanity: Add warning for local hasheqiv server with remote sstate mirrors +- scripts/runqemu: Fix memory limits for qemux86-64 +- shadow-native: Simplify and fix syslog disable patch +- tiff: Add marker for CVE-2022-1056 being fixed +- toaster: Fix broken overrides usage +- u-boot: Inherit pkgconfig +- uninative: Upgrade to 3.6 with gcc 12 support +- vim: Upgrade 8.2.4524 -> 8.2.4681 +- virglrenderer: update SRC_URI +- webkitgtk: update to 2.32.4 +- wireless-regdb: upgrade 2022.02.18 -> 2022.04.08 + +Known Issues +~~~~~~~~~~~~ + +There were a couple of known autobuilder intermittent bugs that occurred during release testing but these are not regressions in the release. + +Contributors to 3.4.4 +~~~~~~~~~~~~~~~~~~~~~ + +- Alexandre Belloni +- Anuj Mittal +- Bruce Ashfield +- Chee Yang Lee +- Dmitry Baryshkov +- Joe Slater +- Konrad Weihmann +- Martin Jansa +- Michael Opdenacker +- Minjae Kim +- Peter Kjellerstedt +- Ralph Siemsen +- Richard Purdie +- Ross Burton +- Tim Orling +- wangmy +- zhengruoqin + +Repositories / Downloads for 3.4.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/poky/ +- Branch: :yocto_git:`honister ` +- Tag: `yocto-3.4.4 `__ +- Git Revision: :yocto_git:`780eeec8851950ee6ac07a2a398ba937206bd2e4 ` +- Release Artefact: poky-780eeec8851950ee6ac07a2a398ba937206bd2e4 +- sha: 09558927064454ec2492da376156b716d9fd14aae57196435d742db7bfdb4b95 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/poky-780eeec8851950ee6ac07a2a398ba937206bd2e4.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/poky-780eeec8851950ee6ac07a2a398ba937206bd2e4.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`honister ` +- Tag: :oe_git:`yocto-3.4.4 ` +- Git Revision: :oe_git:`1a6f5e27249afb6fb4d47c523b62b5dd2482a69d ` +- Release Artefact: oecore-1a6f5e27249afb6fb4d47c523b62b5dd2482a69d +- sha: b8354ca457756384139a579b9e51f1ba854013c99add90c0c4c6ef68421fede5 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/oecore-1a6f5e27249afb6fb4d47c523b62b5dd2482a69d.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/oecore-1a6f5e27249afb6fb4d47c523b62b5dd2482a69d.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/meta-mingw +- Branch: :yocto_git:`honister ` +- Tag: :yocto_git:`yocto-3.4.4 ` +- Git Revision: :yocto_git:`f5d761cbd5c957e4405c5d40b0c236d263c916a8 ` +- Release Artefact: meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8 +- sha: d4305d638ef80948584526c8ca386a8cf77933dffb8a3b8da98d26a5c40fcc11 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/meta-mingw-f5d761cbd5c957e4405c5d40b0c236d263c916a8.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/meta-gplv2 +- Branch: :yocto_git:`honister ` +- Tag: :yocto_git:`yocto-3.4.4 ` +- Git Revision: :yocto_git:`f04e4369bf9dd3385165281b9fa2ed1043b0e400 ` +- Release Artefact: meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400 +- sha: ef8e2b1ec1fb43dbee4ff6990ac736315c7bc2d8c8e79249e1d337558657d3fe +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/meta-gplv2-f04e4369bf9dd3385165281b9fa2ed1043b0e400.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`1.52 ` +- Tag: :oe_git:`yocto-3.4.4 ` +- Git Revision: :oe_git:`c2d8f9b2137bd4a98eb0f51519493131773e7517 ` +- Release Artefact: bitbake-c2d8f9b2137bd4a98eb0f51519493131773e7517 +- sha: a8b6217f2d63975bbf49f430e11046608023ee2827faa893b15d9a0d702cf833 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-3.4.4/bitbake-c2d8f9b2137bd4a98eb0f51519493131773e7517.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-3.4.4/bitbake-c2d8f9b2137bd4a98eb0f51519493131773e7517.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/yocto-docs +- Branch: :yocto_git:`honister ` +- Tag: :yocto_git:`yocto-3.4.4 ` +- Git Revision: :yocto_git:`5ead7d39aaf9044078dff27f462e29a8e31d89e4 ` diff --git a/poky/documentation/migration-guides/release-notes-4.0.1.rst b/poky/documentation/migration-guides/release-notes-4.0.1.rst new file mode 100644 index 0000000000..81da6e5f2d --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.1.rst @@ -0,0 +1,248 @@ +Release notes for 4.0.1 (kirkstone) +----------------------------------- + +Security Fixes in 4.0.1 +~~~~~~~~~~~~~~~~~~~~~~~ + +- linux-yocto/5.15: fix :cve:`2022-28796` +- python3: ignore :cve:`2015-20107` +- e2fsprogs: fix :cve:`2022-1304` +- lua: fix :cve:`2022-28805` +- busybox: fix :cve:`2022-28391` + +Fixes in 4.0.1 +~~~~~~~~~~~~~~ + +- abi_version/sstate: Bump hashequiv and sstate versions due to git changes +- apt: add apt selftest to test signed package feeds +- apt: upgrade 2.4.4 -> 2.4.5 +- arch-armv8-2a.inc: fix a typo in TUNEVALID variable +- babeltrace: Disable warnings as errors +- base: Avoid circular references to our own scripts +- base: Drop git intercept +- build-appliance-image: Update to kirkstone head revision +- build-appliance: Switch to kirkstone branch +- buildtools-tarball: Only add cert envvars if certs are included +- busybox: Use base_bindir instead of hardcoding /bin path +- cases/buildepoxy.py: fix typo +- create-spdx: delete virtual/kernel dependency to fix FreeRTOS build +- create-spdx: fix error when symlink cannot be created +- cve-check: add JSON format to summary output +- cve-check: fix symlinks where link and output path are equal +- cve-check: no need to depend on the fetch task +- cve-update-db-native: let the user to drive the update interval +- cve-update-db-native: update the CVE database once a day only +- cve_check: skip remote patches that haven't been fetched when searching for CVE tags +- dev-manual: add command used to add the signed-off-by line. +- devshell.bbclass: Allow devshell & pydevshell to use the network +- docs: conf.py: fix cve extlinks caption for sphinx <4.0 +- docs: migration-guides: migration-3.4: mention that hardcoded password are supported if hashed +- docs: migration-guides: release-notes-4.0: fix risc-v typo +- docs: migration-guides: release-notes-4.0: replace kernel placeholder with correct recipe name +- docs: ref-manual: variables: add hashed password example in EXTRA_USERS_PARAMS +- docs: set_versions.py: add information about obsolescence of a release +- docs: set_versions.py: fix latest release of a branch being shown twice in switchers.js +- docs: set_versions.py: fix latest version of an active release shown as obsolete +- docs: set_versions.py: mark as obsolete only branches and old tags from obsolete releases +- docs: sphinx-static: switchers.js.in: do not mark branches as outdated +- docs: sphinx-static: switchers.js.in: fix broken switcher for branches +- docs: sphinx-static: switchers.js.in: improve obsolete version detection +- docs: sphinx-static: switchers.js.in: remove duplicate for outdated versions +- docs: sphinx-static: switchers.js.in: rename all_versions to switcher_versions +- docs: update Bitbake objects.inv location for master branch +- documentation/brief-yoctoprojectqs: add directory for local.conf +- gcompat: Fix build when usrmerge distro feature is enabled +- git: correct license +- git: upgrade 2.35.2 -> 2.35.3 +- glib: upgrade 2.72.0 -> 2.72.1 +- glibc: ptest: Fix glibc-tests package issue +- gnupg: Disable FORTIFY_SOURCES on mips +- go.bbclass: disable the use of the default configuration file +- gstreamer1.0-plugins-bad: drop patch +- gstreamer1.0-plugins-good: Fix libsoup dependency +- gstreamer1.0: Minor documentation addition +- install/devshell: Introduce git intercept script due to fakeroot issues +- kernel-yocto.bbclass: Fixup do_kernel_configcheck usage of KMETA +- libc-glibc: Use libxcrypt to provide virtual/crypt +- libgit2: upgrade 1.4.2 -> 1.4.3 +- libsoup: upgrade 3.0.5 -> 3.0.6 +- libusb1: upgrade 1.0.25 -> 1.0.26 +- linux-firmware: correct license for ar3k firmware +- linux-firmware: upgrade 20220310 -> 20220411 +- linux-yocto/5.10: base: enable kernel crypto userspace API +- linux-yocto/5.10: update to v5.10.112 +- linux-yocto/5.15: arm: poky-tiny cleanup and fixes +- linux-yocto/5.15: base: enable kernel crypto userspace API +- linux-yocto/5.15: fix -standard kernel build issue +- linux-yocto/5.15: fix ppc boot +- linux-yocto/5.15: fix qemuarm graphical boot +- linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context +- linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction +- linux-yocto/5.15: update to v5.15.36 +- linux-yocto: enable powerpc-debug fragment +- mdadm: Drop clang specific cflags +- migration-3.4: add missing entry on EXTRA_USERS_PARAMS +- migration-guides: add release notes for 4.0 +- migration-guides: complete migration guide for 4.0 +- migration-guides: release-notes-4.0: mention LTS release +- migration-guides: release-notes-4.0: update 'Repositories / Downloads' section +- migration-guides: stop including documents with ".. include" +- musl: Fix build when usrmerge distro feature is enabled +- ncurses: use COPYING file +- neard: Switch SRC_URI to git repo +- oeqa/selftest: add test for git working correctly inside pseudo +- openssl: minor security upgrade 3.0.2 -> 3.0.3 +- package.bbclass: Prevent perform_packagecopy from removing /sysroot-only +- package: Ensure we track whether PRSERV was active or not +- package_manager: fix missing dependency on gnupg when signing deb package feeds +- poky-tiny: enable qemuarmv5/qemuarm64 and cleanups +- poky.conf: bump version for 4.0.1 release +- qemu.bbclass: Extend ppc/ppc64 extra options +- qemuarm64: use virtio pci interfaces +- qemuarmv5: use arm-versatile-926ejs KMACHINE +- ref-manual: Add XZ_THREADS and XZ_MEMLIMIT +- ref-manual: add KERNEL_DEBUG_TIMESTAMPS +- ref-manual: add ZSTD_THREADS +- ref-manual: add a note about hard-coded passwords +- ref-manual: add empty-dirs QA check and QA_EMPTY_DIRS* +- ref-manual: add mention of vendor filtering to CVE_PRODUCT +- ref-manual: mention wildcarding support in INCOMPATIBLE_LICENSE +- releases: update for yocto 4.0 +- rootfs-postcommands: fix symlinks where link and output path are equal +- ruby: upgrade 3.1.1 -> 3.1.2 +- sanity: skip make 4.2.1 warning for debian +- scripts/git: Ensure we don't have circular references +- scripts: Make git intercept global +- seatd: Disable overflow warning as error on ppc64/musl +- selftest/lic_checksum: Add test for filename containing space +- set_versions: update for 4.0 release +- staging: Ensure we filter out ourselves +- strace: fix ptest failure in landlock +- subversion: upgrade to 1.14.2 +- systemd-boot: remove outdated EFI_LD comment +- systemtap: Fix build with gcc-12 +- terminal.py: Restore error output from Terminal +- u-boot: Correct the SRC_URI +- u-boot: Inherit pkgconfig +- update_udev_hwdb: fix multilib issue with systemd +- util-linux: Create u-a symlink for findfs utility +- virgl: skip headless test on alma 8.6 +- webkitgtk: adjust patch status +- wic: do not use PARTLABEL for msdos partition tables +- wireless-regdb: upgrade 2022.02.18 -> 2022.04.08 +- xserver-xorg: Fix build with gcc12 +- yocto-bsps: update to v5.15.36 + +Contributors to 4.0.1 +~~~~~~~~~~~~~~~~~~~~~ + +- Abongwa Amahnui Bonalais +- Alexander Kanavin +- Bruce Ashfield +- Carlos Rafael Giani +- Chen Qi +- Davide Gardenal +- Dmitry Baryshkov +- Ferry Toth +- Henning Schild +- Jon Mason +- Justin Bronder +- Kai Kang +- Khem Raj +- Konrad Weihmann +- Lee Chee Yang +- Marta Rybczynska +- Martin Jansa +- Matt Madison +- Michael Halstead +- Michael Opdenacker +- Naveen Saini +- Nicolas Dechesne +- Paul Eggleton +- Paul Gortmaker +- Paulo Neves +- Peter Kjellerstedt +- Peter Marko +- Pgowda +- Portia +- Quentin Schulz +- Rahul Kumar +- Richard Purdie +- Robert Joslyn +- Robert Yang +- Roland Hieber +- Ross Burton +- Russ Dill +- Steve Sakoman +- wangmy +- zhengruoqin + +Repositories / Downloads for 4.0.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.1 ` +- Git Revision: :yocto_git:`8c489602f218bcf21de0d3c9f8cf620ea5f06430 ` +- Release Artefact: poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430 +- sha: 65c545a316bd8efb13ae1358eeccc8953543be908008103b51f7f90aed960d00 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/poky-8c489602f218bcf21de0d3c9f8cf620ea5f06430.tar.bz2 + +openembedded-core + +- Repository Location: :oe_git:`/openembedded-core` +- Branch: :oe_git:`kirkstone ` +- Tag: :oe_git:`yocto-4.0.1 ` +- Git Revision: :oe_git:`cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee ` +- Release Artefact: oecore-cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee +- sha: 43981b8fad82f601618a133dffbec839524f0d0a055efc3d8f808cbfd811ab17 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/oecore-cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/oecore-cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.1 ` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 ` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.1 ` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a ` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: :oe_git:`/bitbake` +- Branch: :oe_git:`2.0 ` +- Tag: :oe_git:`yocto-4.0 ` +- Git Revision: :oe_git:`59c16ae6c55c607c56efd2287537a1b97ba2bf52 ` +- Release Artefact: bitbake-59c16ae6c55c607c56efd2287537a1b97ba2bf52 +- sha: 3ae466c31f738fc45c3d7c6f665952d59f01697f2667ea42f0544d4298dd6ef0 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.1/bitbake-59c16ae6c55c607c56efd2287537a1b97ba2bf52.tar.bz2, + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.1/bitbake-59c16ae6c55c607c56efd2287537a1b97ba2bf52.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.1 ` +- Git Revision: :yocto_git:`4ec9df3336a425719a9a35532504731ce56984ca ` diff --git a/poky/documentation/migration-guides/release-notes-4.0.2.rst b/poky/documentation/migration-guides/release-notes-4.0.2.rst new file mode 100644 index 0000000000..cb10068b8d --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.2.rst @@ -0,0 +1,296 @@ +Release notes for Yocto-4.0.2 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- libxslt: Mark :cve:`2022-29824` as not applying +- tiff: Add jbig PACKAGECONFIG and clarify IGNORE :cve:`2022-1210` +- tiff: mark :cve:`2022-1622` and :cve:`2022-1623` as invalid +- pcre2:fix :cve:`2022-1586` Out-of-bounds read +- curl: fix :cve:`2022-22576`, :cve:`2022-27775`, :cve:`2022-27776`, :cve:`2022-27774`, :cve:`2022-30115`, :cve:`2022-27780`, :cve:`2022-27781`, :cve:`2022-27779` and :cve:`2022-27782` +- qemu: fix :cve:`2021-4206` and :cve:`2021-4207` +- freetype: fix :cve:`2022-27404`, :cve:`2022-27405` and :cve:`2022-27406` + +Fixes in Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~ + +- alsa-plugins: fix libavtp vs. avtp packageconfig +- archiver: don't use machine variables in shared recipes +- archiver: use bb.note instead of echo +- baremetal-image: fix broken symlink in do_rootfs +- base-passwd: Disable shell for default users +- bash: submit patch upstream +- bind: upgrade 9.18.1 -> 9.18.2 +- binutils: Bump to latest 2.38 release branch +- bitbake.conf: Make TCLIBC and TCMODE lazy assigned +- bitbake: build: Add clean_stamp API function to allow removal of task stamps +- bitbake: data: Do not depend on vardepvalueexclude flag +- bitbake: fetch2/osc: Small fixes for osc fetcher +- bitbake: server/process: Fix logging issues where only the first message was displayed +- build-appliance-image: Update to kirkstone head revision +- buildhistory.bbclass: fix shell syntax when using dash +- cairo: Add missing GPLv3 license checksum entry +- classes: rootfs-postcommands: add skip option to overlayfs_qa_check +- cronie: upgrade 1.6.0 -> 1.6.1 +- cups: upgrade 2.4.1 -> 2.4.2 +- cve-check.bbclass: Added do_populate_sdk[recrdeptask]. +- cve-check: Add helper for symlink handling +- cve-check: Allow warnings to be disabled +- cve-check: Fix report generation +- cve-check: Only include installed packages for rootfs manifest +- cve-check: add support for Ignored CVEs +- cve-check: fix return type in check_cves +- cve-check: move update_symlinks to a library +- cve-check: write empty fragment files in the text mode +- cve-extra-exclusions: Add kernel CVEs +- cve-update-db-native: make it possible to disable database updates +- devtool: Fix _copy_file() TypeError +- e2fsprogs: add alternatives handling of lsattr as well +- e2fsprogs: update upstream status +- efivar: add musl libc compatibility +- epiphany: upgrade 42.0 -> 42.2 +- ffmpeg: upgrade 5.0 -> 5.0.1 +- fribidi: upgrade 1.0.11 -> 1.0.12 +- gcc-cross-canadian: Add nativesdk-zstd dependency +- gcc-source: Fix incorrect task dependencies from ${B} +- gcc: Upgrade to 11.3 release +- gcc: depend on zstd-native +- git: fix override syntax in RDEPENDS +- glib-2.0: upgrade 2.72.1 -> 2.72.2 +- glibc: Drop make-native dependency +- go: upgrade 1.17.8 -> 1.17.10 +- gst-devtools: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2 +- gstreamer1.0: upgrade 1.20.1 -> 1.20.2 +- gtk+3: upgrade 3.24.33 -> 3.24.34 +- gtk-doc: Fix potential shebang overflow on gtkdoc-mkhtml2 +- image.bbclass: allow overriding dependency on virtual/kernel:do_deploy +- insane.bbclass: make sure to close .patch files +- iso-codes: upgrade 4.9.0 -> 4.10.0 +- kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task +- libcgroup: upgrade 2.0.1 -> 2.0.2 +- liberror-perl: Update sstate/equiv versions to clean cache +- libinput: upgrade 1.19.3 -> 1.19.4 +- libpcre2: upgrade 10.39 -> 10.40 +- librepo: upgrade 1.14.2 -> 1.14.3 +- libseccomp: Add missing files for ptests +- libseccomp: Correct LIC_FILES_CHKSUM +- libxkbcommon: upgrade 1.4.0 -> 1.4.1 +- libxml2: Upgrade 2.9.13 -> 2.9.14 +- license.bbclass: Bound beginline and endline in copy_license_files() +- license_image.bbclass: Make QA errors fail the build +- linux-firmware: add support for building snapshots +- linux-firmware: package new Qualcomm firmware +- linux-firmware: replace mkdir by install +- linux-firmware: split ath3k firmware +- linux-firmware: upgrade to 20220610 +- linux-yocto/5.10: update to v5.10.119 +- linux-yocto/5.15: Enable MDIO bus config +- linux-yocto/5.15: bpf: explicitly disable unpriv eBPF by default +- linux-yocto/5.15: cfg/xen: Move x86 configs to separate file +- linux-yocto/5.15: update to v5.15.44 +- local.conf.sample: Update sstate url to new 'all' path +- logrotate: upgrade 3.19.0 -> 3.20.1 +- lttng-modules: Fix build failure for 5.10.119+ and 5.15.44+ kernel +- lttng-modules: fix build against 5.18-rc7+ +- lttng-modules: fix shell syntax +- lttng-ust: upgrade 2.13.2 -> 2.13.3 +- lzo: Add further info to a patch and mark as Inactive-Upstream +- makedevs: Don't use COPYING.patch just to add license file into ${S} +- manuals: switch to the sstate mirror shared between all versions +- mesa.inc: package 00-radv-defaults.conf +- mesa: backport a patch to support compositors without zwp_linux_dmabuf_v1 again +- mesa: upgrade to 22.0.3 +- meson.bbclass: add cython binary to cross/native toolchain config +- mmc-utils: upgrade to latest revision +- mobile-broadband-provider-info: upgrade 20220315 -> 20220511 +- ncurses: update to patchlevel 20220423 +- oeqa/selftest/cve_check: add tests for Ignored and partial reports +- oeqa/selftest/cve_check: add tests for recipe and image reports +- oescripts: change compare logic in OEListPackageconfigTests +- openssl: Backport fix for ptest cert expiry +- overlayfs: add docs about skipping QA check & service dependencies +- ovmf: Fix native build with gcc-12 +- patch.py: make sure that patches/series file exists before quilt pop +- pciutils: avoid lspci conflict with busybox +- perl: Add dependency on make-native to avoid race issues +- perl: Fix build with gcc-12 +- poky.conf: bump version for 4.0.2 +- popt: fix override syntax in RDEPENDS +- pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE +- python3: Ensure stale empty python module directories don't break the build +- python3: Remove problematic paths from sysroot files +- python3: fix reproducibility issue with python3-core +- python3: use built-in distutils for ptest, rather than setuptools' 'fork' +- python: Avoid shebang overflow on python-config.py +- rootfs-postcommands.bbclass: correct comments +- rootfs.py: close kernel_abi_ver_file +- rootfs.py: find .ko.zst kernel modules +- rust-common: Drop LLVM_TARGET and simplify +- rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets +- rust-common: Fix for target definitions returning 'NoneType' for arm +- rust-common: Fix native signature dependency issues +- rust-common: Fix sstate signatures between arm hf and non-hf +- sanity: Don't warn about make 4.2.1 for mint +- sanity: Switch to make 4.0 as a minimum version +- sed: Specify shell for "nobody" user in run-ptest +- selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES +- selftest/multiconfig: Test that multiconfigs in separate layers works +- sqlite3: upgrade to 3.38.5 +- staging.bbclass: process direct dependencies in deterministic order +- staging: Fix rare sysroot corruption issue +- strace: Don't run ptest as "nobody" +- systemd: Correct 0001-pass-correct-parameters-to-getdents64.patch +- systemd: Correct path returned in sd_path_lookup() +- systemd: Document future actions needed for set of musl patches +- systemd: Drop 0001-test-parse-argument-Include-signal.h.patch +- systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch +- systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch +- systemd: Drop redundant musl patches +- systemd: Fix build regression with latest update +- systemd: Remove __compare_fn_t type in musl-specific patch +- systemd: Update patch status +- systemd: systemd-systemctl: Support instance conf files during enable +- systemd: update ``0008-add-missing-FTW_-macros-for-musl.patch`` +- systemd: upgrade 250.4 -> 250.5 +- uboot-sign: Fix potential index error issues +- valgrind: submit arm patches upstream +- vim: Upgrade to 8.2.5083 +- webkitgtk: upgrade to 2.36.3 +- wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions +- xwayland: upgrade 22.1.0 -> 22.1.1 +- xxhash: fix build with gcc 12 +- zip/unzip: mark all submittable patches as Inactive-Upstream + +Known Issues in Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- There were build failures at the autobuilder due to a known scp issue on Fedora-36 hosts. + +Contributors to Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alex Kiernan +- Alexander Kanavin +- Aryaman Gupta +- Bruce Ashfield +- Claudius Heine +- Davide Gardenal +- Dmitry Baryshkov +- Ernst Sjöstrand +- Felix Moessbauer +- Gunjan Gupta +- He Zhe +- Hitendra Prajapati +- Jack Mitchell +- Jeremy Puhlman +- Jiaqing Zhao +- Joerg Vehlow +- Jose Quaresma +- Kai Kang +- Khem Raj +- Konrad Weihmann +- Marcel Ziswiler +- Markus Volk +- Marta Rybczynska +- Martin Jansa +- Michael Opdenacker +- Mingli Yu +- Naveen Saini +- Nick Potenski +- Paulo Neves +- Pavel Zhukov +- Peter Kjellerstedt +- Rasmus Villemoes +- Richard Purdie +- Robert Joslyn +- Ross Burton +- Samuli Piippo +- Sean Anderson +- Stefan Wiehler +- Steve Sakoman +- Sundeep Kokkonda +- Tomasz Dziendzielski +- Xiaobing Luo +- Yi Zhao +- leimaohui +- wangmy + +Repositories / Downloads for Yocto-4.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.2 ` +- Git Revision: :yocto_git:`a5ea426b1da472fc8549459fff3c1b8c6e02f4b5 ` +- Release Artefact: poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5 +- sha: 474ddfacfed6661be054c161597a1a5273188dfe021b31d6156955d93c6b7359 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/poky-a5ea426b1da472fc8549459fff3c1b8c6e02f4b5.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`kirkstone ` +- Tag: :oe_git:`yocto-4.0.2 ` +- Git Revision: :oe_git:`eea52e0c3d24c79464f4afdbc3c397e1cb982231 ` +- Release Artefact: oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231 +- sha: 252d5c2c2db7e14e7365fcc69d32075720b37d629894bae36305eba047a39907 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/oecore-eea52e0c3d24c79464f4afdbc3c397e1cb982231.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.2 ` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 ` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.2 ` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a ` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.0 ` +- Tag: :oe_git:`yocto-4.0.2 ` +- Git Revision: :oe_git:`b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 ` +- Release Artefact: bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 +- sha: 373818b1dee2c502264edf654d6d8f857b558865437f080e02d5ba6bb9e72cc3 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.2/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.2/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.2 ` +- Git Revision: :yocto_git:`662294dccd028828d5c7e9fd8f5c8e14df53df4b ` diff --git a/poky/documentation/migration-guides/release-notes-4.0.3.rst b/poky/documentation/migration-guides/release-notes-4.0.3.rst new file mode 100644 index 0000000000..e2a212cb62 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.3.rst @@ -0,0 +1,314 @@ +Release notes for Yocto-4.0.3 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils: fix :cve:`2019-1010204` +- busybox: fix :cve:`2022-30065` +- cups: ignore :cve:`2022-26691` +- curl: Fix :cve:`2022-32205`, :cve:`2022-32206`, :cve:`2022-32207` and :cve:`2022-32208` +- dpkg: fix :cve:`2022-1664` +- ghostscript: fix :cve:`2022-2085` +- harfbuzz: fix :cve:`2022-33068` +- libtirpc: fix :cve:`2021-46828` +- lua: fix :cve:`2022-33099` +- nasm: ignore :cve:`2020-18974` +- qemu: fix :cve:`2022-35414` +- qemu: ignore :cve:`2021-20255` and :cve:`2019-12067` +- tiff: fix :cve:`2022-1354`, :cve:`2022-1355`, :cve:`2022-2056`, :cve:`2022-2057` and :cve:`2022-2058` +- u-boot: fix :cve:`2022-34835` +- unzip: fix :cve:`2022-0529` and :cve:`2022-0530` + + +Fixes in Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~ + +- alsa-state: correct license +- at: take tarballs from debian +- base.bbclass: Correct the test for obsolete license exceptions +- base/reproducible: Change Source Date Epoch generation methods +- bin_package: install into base_prefix +- bind: Remove legacy python3 PACKAGECONFIG code +- bind: upgrade to 9.18.4 +- binutils: stable 2.38 branch updates +- build-appliance-image: Update to kirkstone head revision +- cargo_common.bbclass: enable bitbake vendoring for externalsrc +- coreutils: Tweak packaging variable names for coreutils-dev +- curl: backport openssl fix CN check error code +- cve-check: hook cleanup to the BuildCompleted event, not CookerExit +- cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm) +- devtool: finish: handle patching when S points to subdir of a git repo +- devtool: ignore pn- overrides when determining SRC_URI overrides +- docs: BB_HASHSERVE_UPSTREAM: update to new host +- dropbear: break dependency on base package for -dev package +- efivar: fix import functionality +- encodings: update to 1.0.6 +- epiphany: upgrade to 42.3 +- externalsrc.bbclass: support crate fetcher on externalsrc +- font-util: update 1.3.2 -> 1.3.3 +- gcc-runtime: Fix build when using gold +- gcc-runtime: Fix missing MLPREFIX in debug mappings +- gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so +- gcc: Backport a fix for gcc bug 105039 +- git: upgrade to v2.35.4 +- glib-2.0: upgrade to 2.72.3 +- glib-networking: upgrade to 2.72.1 +- glibc : stable 2.35 branch updates +- glibc-tests: Avoid reproducibility issues +- glibc-tests: not clear BBCLASSEXTEND +- glibc: revert one upstream change to work around broken DEBUG_BUILD build +- glibc: stable 2.35 branch updates +- gnupg: upgrade to 2.3.7 +- go: upgrade to v1.17.12 +- gobject-introspection-data: Disable cache for g-ir-scanner +- gperf: Add a patch to work around reproducibility issues +- gperf: Switch to upstream patch +- gst-devtools: upgrade to 1.20.3 +- gstreamer1.0-libav: upgrade to 1.20.3 +- gstreamer1.0-omx: upgrade to 1.20.3 +- gstreamer1.0-plugins-bad: upgrade to 1.20.3 +- gstreamer1.0-plugins-base: upgrade to 1.20.3 +- gstreamer1.0-plugins-good: upgrade to 1.20.3 +- gstreamer1.0-plugins-ugly: upgrade to 1.20.3 +- gstreamer1.0-python: upgrade to 1.20.3 +- gstreamer1.0-rtsp-server: upgrade to 1.20.3 +- gstreamer1.0-vaapi: upgrade to 1.20.3 +- gstreamer1.0: upgrade to 1.20.3 +- gtk-doc: Remove hardcoded buildpath +- harfbuzz: Fix compilation with clang +- initramfs-framework: move storage mounts to actual rootfs +- initscripts: run umountnfs as a KILL script +- insane.bbclass: host-user-contaminated: Correct per package home path +- insane: Fix buildpaths test to work with special devices +- kernel-arch: Fix buildpaths leaking into external module compiles +- kernel-devsrc: fix reproducibility and buildpaths QA warning +- kernel-devsrc: ppc32: fix reproducibility +- kernel-uboot.bbclass: Use vmlinux.initramfs when INITRAMFS_IMAGE_BUNDLE set +- kernel.bbclass: pass LD also in savedefconfig +- libffi: fix native build being not portable +- libgcc: Fix standalone target builds with usrmerge distro feature +- libmodule-build-perl: Use env utility to find perl interpreter +- libsoup: upgrade to 3.0.7 +- libuv: upgrade to 1.44.2 +- linux-firmware: upgrade to 20220708 +- linux-firwmare: restore WHENCE_CHKSUM variable +- linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge) +- linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths warning +- linux-yocto/5.10: fix buildpaths issue with gen-mach-types +- linux-yocto/5.10: fix buildpaths issue with pnmtologo +- linux-yocto/5.10: update to v5.10.135 +- linux-yocto/5.15: drop obselete GPIO sysfs ABI +- linux-yocto/5.15: fix build_OID_registry buildpaths warning +- linux-yocto/5.15: fix buildpaths issue with gen-mach-types +- linux-yocto/5.15: fix buildpaths issue with pnmtologo +- linux-yocto/5.15: fix qemuppc buildpaths warning +- linux-yocto/5.15: fix reproducibility issues +- linux-yocto/5.15: update to v5.15.59 +- log4cplus: upgrade to 2.0.8 +- lttng-modules: Fix build failure for kernel v5.15.58 +- lttng-modules: upgrade to 2.13.4 +- lua: Fix multilib buildpath reproducibility issues +- mkfontscale: upgrade to 1.2.2 +- oe-selftest-image: Ensure the image has sftp as well as dropbear +- oe-selftest: devtool: test modify git recipe building from a subdir +- oeqa/runtime/scp: Disable scp test for dropbear +- oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled +- oeqa/sdk: drop the nativesdk-python 2.x test +- openssh: Add openssh-sftp-server to openssh RDEPENDS +- openssh: break dependency on base package for -dev package +- openssl: update to 3.0.5 +- package.bbclass: Avoid stripping signed kernel modules in splitdebuginfo +- package.bbclass: Fix base directory for debugsource files when using externalsrc +- package.bbclass: Fix kernel source handling when not using externalsrc +- package_manager/ipk: do not pipe stderr to stdout +- packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation +- patch: handle if S points to a subdirectory of a git repo +- perf: fix reproducibility in 5.19+ +- perf: fix reproduciblity in older releases of Linux +- perf: sort-pmuevents: really keep array terminators +- perl: don't install Makefile.old into perl-ptest +- poky.conf: bump version for 4.0.3 +- pulseaudio: add m4-native to DEPENDS +- python3: Backport patch to fix an issue in subinterpreters +- qemu: Add PACKAGECONFIG for brlapi +- qemu: Avoid accidental librdmacm linkage +- qemu: Avoid accidental libvdeplug linkage +- qemu: Fix slirp determinism issue +- qemu: add PACKAGECONFIG for capstone +- recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG +- ref-manual: variables: remove sphinx directive from literal block +- rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} +- ruby: add PACKAGECONFIG for capstone +- rust: fix issue building cross-canadian tools for aarch64 on x86_64 +- sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity +- selftest/runtime_test/virgl: Disable for all almalinux +- sstatesig: Include all dependencies in SPDX task signatures +- strace: set COMPATIBLE_HOST for riscv32 +- systemd: Added base_bindir into pkg_postinst:udev-hwdb. +- udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist +- udev-extraconf/mount.sh: add LABELs to mountpoints +- udev-extraconf/mount.sh: ignore lvm in automount +- udev-extraconf/mount.sh: only mount devices on hotplug +- udev-extraconf/mount.sh: save mount name in our tmp filecache +- udev-extraconf: fix some systemd automount issues +- udev-extraconf: force systemd-udevd to use shared MountFlags +- udev-extraconf: let automount base directory configurable +- udev-extraconf:mount.sh: fix a umount issue +- udev-extraconf:mount.sh: fix path mismatching issues +- vala: Fix on target wrapper buildpaths issue +- vala: upgrade to 0.56.2 +- vim: upgrade to 9.0.0063 +- waffle: correctly request wayland-scanner executable +- webkitgtk: upgrade to 2.36.4 +- weston: upgrade to 10.0.1 +- wic/plugins/rootfs: Fix NameError for 'orig_path' +- wic: fix WicError message +- wireless-regdb: upgrade to 2022.06.06 +- xdpyinfo: upgrade to 1.3.3 +- xev: upgrade to 1.2.5 +- xf86-input-synaptics: upgrade to 1.9.2 +- xmodmap: upgrade to 1.0.11 +- xorg-app: Tweak handling of compression changes in SRC_URI +- xserver-xorg: upgrade to 21.1.4 +- xwayland: upgrade to 22.1.3 +- yocto-bsps/5.10: fix buildpaths issue with gen-mach-types +- yocto-bsps/5.10: fix buildpaths issue with pnmtologo +- yocto-bsps/5.15: fix buildpaths issue with gen-mach-types +- yocto-bsps/5.15: fix buildpaths issue with pnmtologo +- yocto-bsps: buildpaths fixes +- yocto-bsps: update to v5.10.130 +- yocto-bsps: buildpaths fixes +- yocto-bsps: update to v5.15.54 + + +Known Issues in Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Ahmed Hossam +- Alejandro Hernandez Samaniego +- Alex Kiernan +- Alexander Kanavin +- Bruce Ashfield +- Chanho Park +- Christoph Lauer +- David Bagonyi +- Dmitry Baryshkov +- He Zhe +- Hitendra Prajapati +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Khem Raj +- Lee Chee Yang +- Lucas Stach +- Markus Volk +- Martin Jansa +- Maxime Roussin-Bélanger +- Michael Opdenacker +- Mihai Lindner +- Ming Liu +- Mingli Yu +- Muhammad Hamza +- Naveen +- Pascal Bach +- Paul Eggleton +- Pavel Zhukov +- Peter Bergin +- Peter Kjellerstedt +- Peter Marko +- Pgowda +- Raju Kumar Pothuraju +- Richard Purdie +- Robert Joslyn +- Ross Burton +- Sakib Sajal +- Shruthi Ravichandran +- Steve Sakoman +- Sundeep Kokkonda +- Thomas Roos +- Tom Hochstein +- Wentao Zhang +- Yi Zhao +- Yue Tao +- gr embeter +- leimaohui +- wangmy + + +Repositories / Downloads for Yocto-4.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.3 ` +- Git Revision: :yocto_git:`387ab5f18b17c3af3e9e30dc58584641a70f359f ` +- Release Artefact: poky-387ab5f18b17c3af3e9e30dc58584641a70f359f +- sha: fe674186bdb0684313746caa9472134fc19e6f1443c274fe02c06cb1e675b404 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/poky-387ab5f18b17c3af3e9e30dc58584641a70f359f.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/poky-387ab5f18b17c3af3e9e30dc58584641a70f359f.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`kirkstone ` +- Tag: :oe_git:`yocto-4.0.3 ` +- Git Revision: :oe_git:`2cafa6ed5f0aa9df5a120b6353755d56c7c7800d ` +- Release Artefact: oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d +- sha: 5181d3e8118c6112936637f01a07308b715e0e3d12c7eba338556747dfcabe92 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/oecore-2cafa6ed5f0aa9df5a120b6353755d56c7c7800d.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.3 ` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 ` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.3 ` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a ` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.0 ` +- Tag: :oe_git:`yocto-4.0.3 ` +- Git Revision: :oe_git:`b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 ` +- Release Artefact: bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03 +- sha: 373818b1dee2c502264edf654d6d8f857b558865437f080e02d5ba6bb9e72cc3 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.3/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.3/bitbake-b8fd6f5d9959d27176ea016c249cf6d35ac8ba03.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.3 ` +- Git Revision: :yocto_git:`d9b3dcf65ef25c06f552482aba460dd16862bf96 ` + diff --git a/poky/documentation/migration-guides/release-notes-4.0.4.rst b/poky/documentation/migration-guides/release-notes-4.0.4.rst new file mode 100644 index 0000000000..2623a1dca7 --- /dev/null +++ b/poky/documentation/migration-guides/release-notes-4.0.4.rst @@ -0,0 +1,299 @@ +Release notes for Yocto-4.0.4 (Kirkstone) +----------------------------------------- + +Security Fixes in Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- binutils : fix :cve:`2022-38533` +- curl: fix :cve:`2022-35252` +- sqlite: fix :cve:`2022-35737` +- grub2: fix :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734` and :cve:`2022-28735` +- u-boot: fix :cve:`2022-30552` and :cve:`2022-33967` +- libxml2: Ignore :cve:`2016-3709` +- libtiff: fix :cve:`2022-34526` +- zlib: fix :cve:`2022-37434` +- gnutls: fix :cve:`2022-2509` +- u-boot: fix :cve:`2022-33103` +- qemu: fix :cve:`2021-3507`, :cve:`2021-3929`, :cve:`2021-4158`, :cve:`2022-0216` and :cve:`2022-0358` + + +Fixes in Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~ + +- apr: Cache configure tests which use AC_TRY_RUN +- apr: Use correct strerror_r implementation based on libc type +- apt: fix nativesdk-apt build failure during the second time build +- archiver.bbclass: remove unsed do_deploy_archives[dirs] +- archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source +- autoconf: Fix strict prototype errors in generated tests +- autoconf: Update K & R stype functions +- bind: upgrade to 9.18.5 +- bitbake.conf: set BB_DEFAULT_UMASK using ??= +- bitbake: ConfHandler/BBHandler: Improve comment error messages and add tests +- bitbake: ConfHandler: Remove lingering close +- bitbake: bb/utils: movefile: use the logger for printing +- bitbake: bb/utils: remove: check the path again the expand python glob +- bitbake: bitbake-user-manual: Correct description of the ??= operator +- bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format +- bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain +- bitbake: bitbake: runqueue: add cpu/io pressure regulation +- bitbake: bitbake: runqueue: add memory pressure regulation +- bitbake: cooker: Drop sre_constants usage +- bitbake: doc: bitbake-user-manual: add explicit target for crates fetcher +- bitbake: doc: bitbake-user-manual: document npm and npmsw fetchers +- bitbake: event.py: ignore exceptions from stdout and sterr operations in atexit +- bitbake: fetch2: Ensure directory exists before creating symlink +- bitbake: fetch2: gitsm: fix incorrect handling of git submodule relative urls +- bitbake: runqueue: Change pressure file warning to a note +- bitbake: runqueue: Fix unihash cache mismatch issues +- bitbake: toaster: fix kirkstone version +- bitbake: utils: Pass lock argument in fileslocked +- bluez5: upgrade to 5.65 +- boost: fix install of fiber shared libraries +- cairo: Adapt the license information based on what is being built +- classes: cve-check: Get shared database lock +- cmake: remove CMAKE_ASM_FLAGS variable in toolchain file +- connman: Backports for security fixes +- core-image.bbclass: Exclude openssh complementary packages +- cracklib: Drop using register keyword +- cracklib: upgrade to 2.9.8 +- create-spdx: Fix supplier field +- create-spdx: handle links to inaccessible locations +- create-spdx: ignore packing control files from ipk and deb +- cve-check: Don't use f-strings +- cve-check: close cursors as soon as possible +- devtool/upgrade: catch bb.fetch2.decodeurl errors +- devtool/upgrade: correctly clean up when recipe filename isn't yet known +- devtool: error out when workspace is using old override syntax +- ell: upgrade to 0.50 +- epiphany: upgrade to 42.4 +- externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used. +- gcc-multilib-config: Fix i686 toolchain relocation issues +- gcr: Define _GNU_SOURCE +- gdk-pixbuf: upgrade to 2.42.9 +- glib-networking: upgrade to 2.72.2 +- go: upgrade to v1.17.13 +- insane.bbclass: Skip patches not in oe-core by full path +- iso-codes: upgrade to 4.11.0 +- kernel-fitimage.bbclass: add padding algorithm property in config nodes +- kernel-fitimage.bbclass: only package unique DTBs +- kernel: Always set CC and LD for the kernel build +- kernel: Use consistent make flags for menuconfig +- lib:npm_registry: initial checkin +- libatomic-ops: upgrade to 7.6.14 +- libcap: upgrade to 2.65 +- libjpeg-turbo: upgrade to 2.1.4 +- libpam: use /run instead of /var/run in systemd tmpfiles +- libtasn1: upgrade to 4.19.0 +- liburcu: upgrade to 0.13.2 +- libwebp: upgrade to 1.2.4 +- libwpe: upgrade to 1.12.3 +- libxml2: Port gentest.py to Python-3 +- lighttpd: upgrade to 1.4.66 +- linux-yocto/5.10: update genericx86* machines to v5.10.135 +- linux-yocto/5.10: update to v5.10.137 +- linux-yocto/5.15: update genericx86* machines to v5.15.59 +- linux-yocto/5.15: update to v5.15.62 +- linux-yocto: Fix COMPATIBLE_MACHINE regex match +- linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS +- lttng-modules: fix 5.19+ build +- lttng-modules: fix build against mips and v5.19 kernel +- lttng-modules: fix build for kernel 5.10.137 +- lttng-modules: replace mips compaction fix with upstream change +- lz4: upgrade to 1.9.4 +- maintainers: update opkg maintainer +- meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE +- migration guides: add missing release notes +- mobile-broadband-provider-info: upgrade to 20220725 +- nativesdk: Clear TUNE_FEATURES +- npm: replace 'npm pack' call by 'tar czf' +- npm: return content of 'package.json' in 'npm_pack' +- npm: take 'version' directly from 'package.json' +- npm: use npm_registry to cache package +- oeqa/gotoolchain: put writable files in the Go module cache +- oeqa/gotoolchain: set CGO_ENABLED=1 +- oeqa/parselogs: add qemuarmv5 arm-charlcd masking +- oeqa/qemurunner: add run_serial() comment +- oeqa/selftest: rename git.py to intercept.py +- oeqa: qemurunner: Report UNIX Epoch timestamp on login +- package_rpm: Do not replace square brackets in %files +- packagegroup-self-hosted: update for strace +- parselogs: Ignore xf86OpenConsole error +- perf: Fix reproducibility issues with 5.19 onwards +- pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses +- poky.conf: add ubuntu-22.04 to tested distros +- poky.conf: bump version for 4.0.4 +- pseudo: Update to include recent upstream minor fixes +- python3-pip: Fix RDEPENDS after the update +- ref-manual: add numa to machine features +- relocate_sdk.py: ensure interpreter size error causes relocation to fail +- rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is writable +- rootfs.py: dont try to list installed packages for baremetal images +- rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils +- ruby: drop capstone support +- runqemu: Add missing space on default display option +- runqemu: display host uptime when starting +- sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct +- scripts/oe-setup-builddir: make it known where configurations come from +- scripts/runqemu.README: fix typos and trailing whitespaces +- selftest/wic: Tweak test case to not depend on kernel size +- shadow: Avoid nss warning/error with musl +- shadow: Enable subid support +- system-requirements.rst: Add Ubuntu 22.04 to list of supported distros +- systemd: Add 'no-dns-fallback' PACKAGECONFIG option +- systemd: Fix unwritable /var/lock when no sysvinit handling +- sysvinit-inittab/start_getty: Fix respawn too fast +- tcp-wrappers: Fix implicit-function-declaration warnings +- tzdata: upgrade to 2022b +- util-linux: Remove --enable-raw from EXTRA_OECONF +- vala: upgrade to 0.56.3 +- vim: Upgrade to 9.0.0453 +- watchdog: Include needed system header for function decls +- webkitgtk: upgrade to 2.36.5 +- weston: upgrade to 10.0.2 +- wic/bootimg-efi: use cross objcopy when building unified kernel image +- wic: add target tools to PATH when executing native commands +- wic: depend on cross-binutils +- wireless-regdb: upgrade to 2022.08.12 +- wpebackend-fdo: upgrade to 1.12.1 +- xinetd: Pass missing -D_GNU_SOURCE +- xz: update to 5.2.6 + + +Known Issues in Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- N/A + + +Contributors to Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- Alejandro Hernandez Samaniego +- Alex Stewart +- Alexander Kanavin +- Alexandre Belloni +- Andrei Gherzan +- Anuj Mittal +- Aryaman Gupta +- Awais Belal +- Beniamin Sandu +- Bertrand Marquis +- Bruce Ashfield +- Changqing Li +- Chee Yang Lee +- Daiane Angolini +- Enrico Scholz +- Ernst Sjöstrand +- Gennaro Iorio +- Hitendra Prajapati +- Jacob Kroon +- Jon Mason +- Jose Quaresma +- Joshua Watt +- Kai Kang +- Khem Raj +- Kristian Amlie +- LUIS ENRIQUEZ +- Mark Hatle +- Martin Beeger +- Martin Jansa +- Mateusz Marciniec +- Michael Opdenacker +- Mihai Lindner +- Mikko Rapeli +- Ming Liu +- Niko Mauno +- Ola x Nilsson +- Otavio Salvador +- Paul Eggleton +- Pavel Zhukov +- Peter Bergin +- Peter Kjellerstedt +- Peter Marko +- Rajesh Dangi +- Randy MacLeod +- Rasmus Villemoes +- Richard Purdie +- Robert Joslyn +- Roland Hieber +- Ross Burton +- Sakib Sajal +- Shubham Kulkarni +- Steve Sakoman +- Ulrich Ölmann +- Yang Xu +- Yongxin Liu +- ghassaneben +- pgowda +- wangmy + +Repositories / Downloads for Yocto-4.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +poky + +- Repository Location: https://git.yoctoproject.org/git/poky +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.4 ` +- Git Revision: :yocto_git:`d64bef1c7d713b92a51228e5ade945835e5a94a4 ` +- Release Artefact: poky-d64bef1c7d713b92a51228e5ade945835e5a94a4 +- sha: b5e92506b31f88445755bad2f45978b747ad1a5bea66ca897370542df5f1e7db +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/poky-d64bef1c7d713b92a51228e5ade945835e5a94a4.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/poky-d64bef1c7d713b92a51228e5ade945835e5a94a4.tar.bz2 + +openembedded-core + +- Repository Location: https://git.openembedded.org/openembedded-core +- Branch: :oe_git:`kirkstone ` +- Tag: :oe_git:`yocto-4.0.4 ` +- Git Revision: :oe_git:`f7766da462905ec67bf549d46b8017be36cd5b2a ` +- Release Artefact: oecore-f7766da462905ec67bf549d46b8017be36cd5b2a +- sha: ce0ac011474db5e5f0bb1be3fb97f890a02e46252a719dbcac5813268e48ff16 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/oecore-f7766da462905ec67bf549d46b8017be36cd5b2a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/oecore-f7766da462905ec67bf549d46b8017be36cd5b2a.tar.bz2 + +meta-mingw + +- Repository Location: https://git.yoctoproject.org/git/meta-mingw +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.4 ` +- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 ` +- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1 +- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2 + +meta-gplv2 + +- Repository Location: https://git.yoctoproject.org/git/meta-gplv2 +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.4 ` +- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a ` +- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a +- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2 + +bitbake + +- Repository Location: https://git.openembedded.org/bitbake +- Branch: :oe_git:`2.0 ` +- Tag: :oe_git:`yocto-4.0.4 ` +- Git Revision: :oe_git:`ac576d6fad6bba0cfea931883f25264ea83747ca ` +- Release Artefact: bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca +- sha: 526c2768874eeda61ade8c9ddb3113c90d36ef44a026d6690f02de6f3dd0ea12 +- Download Locations: + http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.4/bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca.tar.bz2 + http://mirrors.kernel.org/yocto/yocto/yocto-4.0.4/bitbake-ac576d6fad6bba0cfea931883f25264ea83747ca.tar.bz2 + +yocto-docs + +- Repository Location: https://git.yoctoproject.org/git/yocto-docs +- Branch: :yocto_git:`kirkstone ` +- Tag: :yocto_git:`yocto-4.0.4 ` +- Git Revision: :yocto_git:`f632dad24c39778f948014029e74db3c871d9d21 ` diff --git a/poky/documentation/poky.yaml.in b/poky/documentation/poky.yaml.in index 1e1d6c83ed..6b942f0959 100644 --- a/poky/documentation/poky.yaml.in +++ b/poky/documentation/poky.yaml.in @@ -44,4 +44,5 @@ PIP3_HOST_PACKAGES_DOC : "$ sudo pip3 install sphinx sphinx_rtd_theme pyyaml" MIN_PYTHON_VERSION : "3.6.0" MIN_TAR_VERSION : "1.28" MIN_GIT_VERSION : "1.8.3.1" -MIN_GCC_VERSION : "5.0" +MIN_GCC_VERSION : "7.5" +MIN_MAKE_VERSION : "4.0" diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst index f7abb417ba..89aeb989c1 100644 --- a/poky/documentation/ref-manual/features.rst +++ b/poky/documentation/ref-manual/features.rst @@ -62,6 +62,8 @@ Project metadata: - *keyboard:* Hardware has a keyboard +- *numa:* Hardware has non-uniform memory access + - *pcbios:* Support for booting through BIOS - *pci:* Hardware has a PCI bus diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst index 04f9efaa23..caafccb631 100644 --- a/poky/documentation/ref-manual/system-requirements.rst +++ b/poky/documentation/ref-manual/system-requirements.rst @@ -41,6 +41,8 @@ distributions: - Ubuntu 20.04 (LTS) +- Ubuntu 22.04 (LTS) + - Fedora 34 - Fedora 35 diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf index 50ce6ec36d..5b9e5d76cc 100644 --- a/poky/meta-poky/conf/distro/poky.conf +++ b/poky/meta-poky/conf/distro/poky.conf @@ -1,7 +1,7 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" #DISTRO_VERSION = "3.4+snapshot-${METADATA_REVISION}" -DISTRO_VERSION = "4.0.3" +DISTRO_VERSION = "4.0.4" DISTRO_CODENAME = "kirkstone" SDK_VENDOR = "-pokysdk" SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}" @@ -38,6 +38,7 @@ SANITY_TESTED_DISTROS ?= " \ ubuntu-18.04 \n \ ubuntu-20.04 \n \ ubuntu-21.10 \n \ + ubuntu-22.04 \n \ fedora-34 \n \ fedora-35 \n \ centos-7 \n \ diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend index bec8319c34..1f49fd106c 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend @@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc" KMACHINE:genericx86-64 ?= "common-pc-64" KMACHINE:beaglebone-yocto ?= "beaglebone" -SRCREV_machine:genericx86 ?= "2883e69e202dc7948c99a7828e192b2b42c2d90a" -SRCREV_machine:genericx86-64 ?= "2883e69e202dc7948c99a7828e192b2b42c2d90a" +SRCREV_machine:genericx86 ?= "d09b184cbc0321794bda715ab560dec077a048d0" +SRCREV_machine:genericx86-64 ?= "d09b184cbc0321794bda715ab560dec077a048d0" SRCREV_machine:edgerouter ?= "7c9332d91089ee63581be6cd3e7197c9d3e9a883" SRCREV_machine:beaglebone-yocto ?= "3c44f12b9de336579d00ac0105852f4cbf7e8b7d" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE:edgerouter = "edgerouter" COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION:genericx86 = "5.10.130" -LINUX_VERSION:genericx86-64 = "5.10.130" +LINUX_VERSION:genericx86 = "5.10.135" +LINUX_VERSION:genericx86-64 = "5.10.135" LINUX_VERSION:edgerouter = "5.10.130" LINUX_VERSION:beaglebone-yocto = "5.10.130" diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend index a5c0ecdbd9..e6826203e3 100644 --- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend +++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend @@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc" KMACHINE:genericx86-64 ?= "common-pc-64" KMACHINE:beaglebone-yocto ?= "beaglebone" -SRCREV_machine:genericx86 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec" -SRCREV_machine:genericx86-64 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec" +SRCREV_machine:genericx86 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" +SRCREV_machine:genericx86-64 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" SRCREV_machine:edgerouter ?= "90f1ee6589264545f548d731c2480b08a007230f" SRCREV_machine:beaglebone-yocto ?= "9aabbaa89fcb21af7028e814c1f5b61171314d5a" @@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64" COMPATIBLE_MACHINE:edgerouter = "edgerouter" COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto" -LINUX_VERSION:genericx86 = "5.15.54" -LINUX_VERSION:genericx86-64 = "5.15.54" +LINUX_VERSION:genericx86 = "5.15.59" +LINUX_VERSION:genericx86-64 = "5.15.59" LINUX_VERSION:edgerouter = "5.15.54" LINUX_VERSION:beaglebone-yocto = "5.15.54" diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass index 33070cd17f..dca4271a69 100644 --- a/poky/meta/classes/archiver.bbclass +++ b/poky/meta/classes/archiver.bbclass @@ -69,7 +69,6 @@ SSTATE_ALLOW_OVERLAP_FILES += "${DEPLOY_DIR_SRC}/mirror" do_dumpdata[dirs] = "${ARCHIVER_OUTDIR}" do_ar_recipe[dirs] = "${ARCHIVER_OUTDIR}" do_ar_original[dirs] = "${ARCHIVER_OUTDIR} ${ARCHIVER_WORKDIR}" -do_deploy_archives[dirs] = "${WORKDIR}" # This is a convenience for the shell script to use it @@ -460,7 +459,9 @@ def create_diff_gz(d, src_orig, src, ar_outdir): def is_work_shared(d): pn = d.getVar('PN') - return bb.data.inherits_class('kernel', d) or pn.startswith('gcc-source') + return pn.startswith('gcc-source') or \ + bb.data.inherits_class('kernel', d) or \ + (bb.data.inherits_class('kernelsrc', d) and d.getVar('S') == d.getVar('STAGING_KERNEL_DIR')) # Run do_unpack and do_patch python do_unpack_and_patch() { diff --git a/poky/meta/classes/core-image.bbclass b/poky/meta/classes/core-image.bbclass index 84fd3eeb38..740a6c1d3d 100644 --- a/poky/meta/classes/core-image.bbclass +++ b/poky/meta/classes/core-image.bbclass @@ -59,6 +59,10 @@ FEATURE_PACKAGES_hwcodecs = "${MACHINE_HWCODECS}" # IMAGE_FEATURES_REPLACES_foo = 'bar1 bar2' # Including image feature foo would replace the image features bar1 and bar2 IMAGE_FEATURES_REPLACES_ssh-server-openssh = "ssh-server-dropbear" +# Do not install openssh complementary packages if either packagegroup-core-ssh-dropbear or dropbear +# is installed # to avoid openssh-dropbear conflict +# see [Yocto #14858] for more information +PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}" # IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2' # An error exception would be raised if both image features foo and bar1(or bar2) are included diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass index 37b6b569a1..d735f20c20 100644 --- a/poky/meta/classes/create-spdx.bbclass +++ b/poky/meta/classes/create-spdx.bbclass @@ -210,7 +210,7 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv filepath = Path(subdir) / file filename = str(filepath.relative_to(topdir)) - if filepath.is_file() and not filepath.is_symlink(): + if not filepath.is_symlink() and filepath.is_file(): spdx_file = oe.spdx.SPDXFile() spdx_file.SPDXID = get_spdxid(file_counter) for t in get_types(filepath): @@ -445,7 +445,7 @@ python do_create_spdx() { recipe.name = d.getVar("PN") recipe.versionInfo = d.getVar("PV") recipe.SPDXID = oe.sbom.get_recipe_spdxid(d) - recipe.packageSupplier = d.getVar("SPDX_SUPPLIER") + recipe.supplier = d.getVar("SPDX_SUPPLIER") if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d): recipe.annotations.append(create_annotation(d, "isNative")) @@ -555,7 +555,7 @@ python do_create_spdx() { spdx_package.name = pkg_name spdx_package.versionInfo = d.getVar("PV") spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses) - spdx_package.packageSupplier = d.getVar("SPDX_SUPPLIER") + spdx_package.supplier = d.getVar("SPDX_SUPPLIER") package_doc.packages.append(spdx_package) @@ -571,6 +571,7 @@ python do_create_spdx() { pkgdest / package, lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter), lambda filepath: ["BINARY"], + ignore_top_level_dirs=['CONTROL', 'DEBIAN'], archive=archive, ) @@ -895,7 +896,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages): image.name = d.getVar("PN") image.versionInfo = d.getVar("PV") image.SPDXID = rootfs_spdxid - image.packageSupplier = d.getVar("SPDX_SUPPLIER") + image.supplier = d.getVar("SPDX_SUPPLIER") doc.packages.append(image) diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass index da7f93371c..16466586a7 100644 --- a/poky/meta/classes/cve-check.bbclass +++ b/poky/meta/classes/cve-check.bbclass @@ -139,17 +139,18 @@ python do_cve_check () { """ from oe.cve_check import get_patched_cves - if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): - try: - patched_cves = get_patched_cves(d) - except FileNotFoundError: - bb.fatal("Failure in searching patches") - ignored, patched, unpatched, status = check_cves(d, patched_cves) - if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): - cve_data = get_cve_info(d, patched + unpatched + ignored) - cve_write_data(d, patched, unpatched, ignored, cve_data, status) - else: - bb.note("No CVE database found, skipping CVE check") + with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True): + if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")): + try: + patched_cves = get_patched_cves(d) + except FileNotFoundError: + bb.fatal("Failure in searching patches") + ignored, patched, unpatched, status = check_cves(d, patched_cves) + if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status): + cve_data = get_cve_info(d, patched + unpatched + ignored) + cve_write_data(d, patched, unpatched, ignored, cve_data, status) + else: + bb.note("No CVE database found, skipping CVE check") } @@ -290,7 +291,8 @@ def check_cves(d, patched_cves): vendor = "%" # Find all relevant CVE IDs. - for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)): + cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)) + for cverow in cve_cursor: cve = cverow[0] if cve in cve_ignore: @@ -309,7 +311,8 @@ def check_cves(d, patched_cves): vulnerable = False ignored = False - for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)): + product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)) + for row in product_cursor: (_, _, _, version_start, operator_start, version_end, operator_end) = row #bb.debug(2, "Evaluating row " + str(row)) if cve in cve_ignore: @@ -353,10 +356,12 @@ def check_cves(d, patched_cves): bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve)) cves_unpatched.append(cve) break + product_cursor.close() if not vulnerable: bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve)) patched_cves.add(cve) + cve_cursor.close() if not cves_in_product: bb.note("No CVE records found for product %s, pn %s" % (product, pn)) @@ -381,14 +386,15 @@ def get_cve_info(d, cves): conn = sqlite3.connect(db_file, uri=True) for cve in cves: - for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)): + cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)) + for row in cursor: cve_data[row[0]] = {} cve_data[row[0]]["summary"] = row[1] cve_data[row[0]]["scorev2"] = row[2] cve_data[row[0]]["scorev3"] = row[3] cve_data[row[0]]["modified"] = row[4] cve_data[row[0]]["vector"] = row[5] - + cursor.close() conn.close() return cve_data diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass index 90792a737b..8136d25cb1 100644 --- a/poky/meta/classes/externalsrc.bbclass +++ b/poky/meta/classes/externalsrc.bbclass @@ -90,16 +90,18 @@ python () { # Since configure will likely touch ${S}, ensure only we lock so one task has access at a time d.appendVarFlag(task, "lockfiles", " ${S}/singletask.lock") - for funcname in [task, "base_" + task, "kernel_" + task]: + for v in d.keys(): + cleandirs = d.getVarFlag(v, "cleandirs", False) + if cleandirs: # We do not want our source to be wiped out, ever (kernel.bbclass does this for do_clean) - cleandirs = oe.recipeutils.split_var_value(d.getVarFlag(funcname, 'cleandirs', False) or '') + cleandirs = oe.recipeutils.split_var_value(cleandirs) setvalue = False for cleandir in cleandirs[:]: if oe.path.is_path_parent(externalsrc, d.expand(cleandir)): cleandirs.remove(cleandir) setvalue = True if setvalue: - d.setVarFlag(funcname, 'cleandirs', ' '.join(cleandirs)) + d.setVarFlag(v, 'cleandirs', ' '.join(cleandirs)) fetch_tasks = ['do_fetch', 'do_unpack'] # If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one diff --git a/poky/meta/classes/image_types_wic.bbclass b/poky/meta/classes/image_types_wic.bbclass index e3863c88a9..5374d6125e 100644 --- a/poky/meta/classes/image_types_wic.bbclass +++ b/poky/meta/classes/image_types_wic.bbclass @@ -84,6 +84,8 @@ do_image_wic[deptask] += "do_image_complete" WKS_FILE_DEPENDS_DEFAULT = '${@bb.utils.contains_any("BUILD_ARCH", [ 'x86_64', 'i686' ], "syslinux-native", "",d)}' WKS_FILE_DEPENDS_DEFAULT += "bmap-tools-native cdrtools-native btrfs-tools-native squashfs-tools-native e2fsprogs-native" +# Unified kernel images need objcopy +WKS_FILE_DEPENDS_DEFAULT += "virtual/${TARGET_PREFIX}binutils" WKS_FILE_DEPENDS_BOOTLOADERS = "" WKS_FILE_DEPENDS_BOOTLOADERS:x86 = "syslinux grub-efi systemd-boot os-release" WKS_FILE_DEPENDS_BOOTLOADERS:x86-64 = "syslinux grub-efi systemd-boot os-release" diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass index f3f80334f6..0d93d50e58 100644 --- a/poky/meta/classes/insane.bbclass +++ b/poky/meta/classes/insane.bbclass @@ -1196,11 +1196,12 @@ python do_qa_patch() { import re from oe import patch + coremeta_path = os.path.join(d.getVar('COREBASE'), 'meta', '') for url in patch.src_patches(d): (_, _, fullpath, _, _, _) = bb.fetch.decodeurl(url) # skip patches not in oe-core - if '/meta/' not in fullpath: + if not os.path.abspath(fullpath).startswith(coremeta_path): continue kinda_status_re = re.compile(r"^.*upstream.*status.*$", re.IGNORECASE | re.MULTILINE) diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass index 7e09b075ff..983392c23a 100644 --- a/poky/meta/classes/kernel-fitimage.bbclass +++ b/poky/meta/classes/kernel-fitimage.bbclass @@ -148,7 +148,7 @@ fitimage_emit_section_kernel() { kernel-$2 { description = "Linux kernel"; data = /incbin/("$3"); - type = "kernel"; + type = "${UBOOT_MKIMAGE_KERNEL_TYPE}"; arch = "${UBOOT_ARCH}"; os = "linux"; compression = "$4"; @@ -346,6 +346,7 @@ fitimage_emit_section_config() { conf_csum="${FIT_HASH_ALG}" conf_sign_algo="${FIT_SIGN_ALG}" + conf_padding_algo="${FIT_PAD_ALG}" if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then conf_sign_keyname="${UBOOT_SIGN_KEYNAME}" fi @@ -465,6 +466,7 @@ EOF signature-1 { algo = "$conf_csum,$conf_sign_algo"; key-name-hint = "$conf_sign_keyname"; + padding = "$conf_padding_algo"; $sign_line }; EOF @@ -527,6 +529,10 @@ fitimage_assemble() { fi DTB=$(echo "$DTB" | tr '/' '_') + + # Skip DTB if we've picked it up previously + echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue + DTBS="$DTBS $DTB" fitimage_emit_section_dtb $1 $DTB $DTB_PATH done @@ -536,6 +542,10 @@ fitimage_assemble() { dtbcount=1 for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do DTB=$(echo "$DTB" | tr '/' '_') + + # Skip DTB if we've picked it up previously + echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue + DTBS="$DTBS $DTB" fitimage_emit_section_dtb $1 $DTB "${EXTERNAL_KERNEL_DEVICETREE}/$DTB" done diff --git a/poky/meta/classes/kernel-uboot.bbclass b/poky/meta/classes/kernel-uboot.bbclass index 2facade818..1bc98e042d 100644 --- a/poky/meta/classes/kernel-uboot.bbclass +++ b/poky/meta/classes/kernel-uboot.bbclass @@ -2,6 +2,9 @@ FIT_KERNEL_COMP_ALG ?= "gzip" FIT_KERNEL_COMP_ALG_EXTENSION ?= ".gz" +# Kernel image type passed to mkimage (i.e. kernel kernel_noload...) +UBOOT_MKIMAGE_KERNEL_TYPE ?= "kernel" + uboot_prep_kimage() { if [ -e arch/${ARCH}/boot/compressed/vmlinux ]; then vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux" diff --git a/poky/meta/classes/kernel-uimage.bbclass b/poky/meta/classes/kernel-uimage.bbclass index cedb4fa070..2e661ea916 100644 --- a/poky/meta/classes/kernel-uimage.bbclass +++ b/poky/meta/classes/kernel-uimage.bbclass @@ -30,6 +30,6 @@ do_uboot_mkimage() { awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'` fi - uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage + uboot-mkimage -A ${UBOOT_ARCH} -O linux -T ${UBOOT_MKIMAGE_KERNEL_TYPE} -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage rm -f linux.bin } diff --git a/poky/meta/classes/kernel-yocto.bbclass b/poky/meta/classes/kernel-yocto.bbclass index afccffcf17..e8046bb8f6 100644 --- a/poky/meta/classes/kernel-yocto.bbclass +++ b/poky/meta/classes/kernel-yocto.bbclass @@ -322,7 +322,11 @@ do_patch() { meta_dir=$(kgit --meta) (cd ${meta_dir}; ln -sf patch.queue series) if [ -f "${meta_dir}/series" ]; then - kgit-s2q --gen -v --patches .kernel-meta/ + kgit_extra_args="" + if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then + kgit_extra_args="--commit-sha author" + fi + kgit-s2q --gen -v $kgit_extra_args --patches .kernel-meta/ if [ $? -ne 0 ]; then bberror "Could not apply patches for ${KMACHINE}." bbfatal_log "Patch failures can be resolved in the linux source directory ${S})" diff --git a/poky/meta/classes/kernel.bbclass b/poky/meta/classes/kernel.bbclass index c29bd3d5f3..8dff68612d 100644 --- a/poky/meta/classes/kernel.bbclass +++ b/poky/meta/classes/kernel.bbclass @@ -231,8 +231,9 @@ UBOOT_LOADADDRESS ?= "${UBOOT_ENTRYPOINT}" # Some Linux kernel configurations need additional parameters on the command line KERNEL_EXTRA_ARGS ?= "" -EXTRA_OEMAKE = " HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"" -EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}" PAHOLE=false" +EXTRA_OEMAKE += ' CC="${KERNEL_CC}" LD="${KERNEL_LD}"' +EXTRA_OEMAKE += ' HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"' +EXTRA_OEMAKE += ' HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}" PAHOLE=false' KERNEL_ALT_IMAGETYPE ??= "" @@ -375,7 +376,7 @@ kernel_do_compile() { use_alternate_initrd=CONFIG_INITRAMFS_SOURCE=${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio fi for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do - oe_runmake ${typeformake} CC="${KERNEL_CC}" LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} $use_alternate_initrd + oe_runmake ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd done } @@ -407,7 +408,7 @@ do_compile_kernelmodules() { bbnote "KBUILD_BUILD_TIMESTAMP: $ts" fi if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then - oe_runmake -C ${B} ${PARALLEL_MAKE} modules CC="${KERNEL_CC}" LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} + oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS} # Module.symvers gets updated during the # building of the kernel modules. We need to @@ -591,7 +592,7 @@ sysroot_stage_all () { : } -KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} CC="${KERNEL_CC}" LD="${KERNEL_LD}" O=${B} olddefconfig || oe_runmake -C ${S} O=${B} CC="${KERNEL_CC}" LD="${KERNEL_LD}" oldnoconfig" +KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig" python check_oldest_kernel() { oldest_kernel = d.getVar('OLDEST_KERNEL') @@ -629,14 +630,15 @@ kernel_do_configure() { do_savedefconfig() { bbplain "Saving defconfig to:\n${B}/defconfig" - oe_runmake -C ${B} LD='${KERNEL_LD}' savedefconfig + oe_runmake -C ${B} savedefconfig } do_savedefconfig[nostamp] = "1" addtask savedefconfig after do_configure inherit cml1 -KCONFIG_CONFIG_COMMAND:append = " PAHOLE=false LD='${KERNEL_LD}' HOSTLDFLAGS='${BUILD_LDFLAGS}'" +# Need LD, HOSTLDFLAGS and more for config operations +KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}" EXPORT_FUNCTIONS do_compile do_transform_kernel do_transform_bundled_initramfs do_install do_configure diff --git a/poky/meta/classes/nativesdk.bbclass b/poky/meta/classes/nativesdk.bbclass index f8e9607513..e46739e325 100644 --- a/poky/meta/classes/nativesdk.bbclass +++ b/poky/meta/classes/nativesdk.bbclass @@ -55,6 +55,7 @@ TARGET_CXXFLAGS = "${BUILDSDK_CXXFLAGS}" TARGET_LDFLAGS = "${BUILDSDK_LDFLAGS}" TARGET_FPU = "" EXTRA_OECONF_GCC_FLOAT = "" +TUNE_FEATURES = "" CPPFLAGS = "${BUILDSDK_CPPFLAGS}" CFLAGS = "${BUILDSDK_CFLAGS}" diff --git a/poky/meta/classes/npm.bbclass b/poky/meta/classes/npm.bbclass index ba50fcac20..8379c7b988 100644 --- a/poky/meta/classes/npm.bbclass +++ b/poky/meta/classes/npm.bbclass @@ -19,7 +19,7 @@ inherit python3native -DEPENDS:prepend = "nodejs-native " +DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native " RDEPENDS:${PN}:append:class-target = " nodejs" EXTRA_OENPM = "" @@ -46,6 +46,7 @@ NPM_ARCH ?= "${@npm_target_arch_map(d.getVar("TARGET_ARCH"))}" NPM_PACKAGE = "${WORKDIR}/npm-package" NPM_CACHE = "${WORKDIR}/npm-cache" NPM_BUILD = "${WORKDIR}/npm-build" +NPM_REGISTRY = "${WORKDIR}/npm-registry" def npm_global_configs(d): """Get the npm global configuration""" @@ -57,13 +58,36 @@ def npm_global_configs(d): configs.append(("cache", d.getVar("NPM_CACHE"))) return configs +## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for +## 'ignore-scripts' which prevents this behavior has been removed +## from nodejs 16. Use simple 'tar' instead of. def npm_pack(env, srcdir, workdir): - """Run 'npm pack' on a specified directory""" - import shlex - cmd = "npm pack %s" % shlex.quote(srcdir) - args = [("ignore-scripts", "true")] - tarball = env.run(cmd, args=args, workdir=workdir).strip("\n") - return os.path.join(workdir, tarball) + """Emulate 'npm pack' on a specified directory""" + import subprocess + import os + import json + + src = os.path.join(srcdir, 'package.json') + with open(src) as f: + j = json.load(f) + + # base does not really matter and is for documentation purposes + # only. But the 'version' part must exist because other parts of + # the bbclass rely on it. + base = j['name'].split('/')[-1] + tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version'])); + + # TODO: real 'npm pack' does not include directories while 'tar' + # does. But this does not seem to matter... + subprocess.run(['tar', 'czf', tarball, + '--exclude', './node-modules', + '--exclude-vcs', + '--transform', 's,^\./,package/,', + '--mtime', '1985-10-26T08:15:00.000Z', + '.'], + check = True, cwd = srcdir) + + return (tarball, j) python npm_do_configure() { """ @@ -86,27 +110,24 @@ python npm_do_configure() { from bb.fetch2.npm import npm_unpack from bb.fetch2.npmsw import foreach_dependencies from bb.progress import OutOfProgressHandler + from oe.npm_registry import NpmRegistry bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True) bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True) env = NpmEnvironment(d, configs=npm_global_configs(d)) + registry = NpmRegistry(d.getVar('NPM_REGISTRY'), d.getVar('NPM_CACHE')) - def _npm_cache_add(tarball): - """Run 'npm cache add' for a specified tarball""" - cmd = "npm cache add %s" % shlex.quote(tarball) - env.run(cmd) + def _npm_cache_add(tarball, pkg): + """Add tarball to local registry and register it in the + cache""" + registry.add_pkg(tarball, pkg) def _npm_integrity(tarball): """Return the npm integrity of a specified tarball""" sha512 = bb.utils.sha512_file(tarball) return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode() - def _npm_version(tarball): - """Return the version of a specified tarball""" - regex = r"-(\d+\.\d+\.\d+(-.*)?(\+.*)?)\.tgz" - return re.search(regex, tarball).group(1) - def _npmsw_dependency_dict(orig, deptree): """ Return the sub dictionary in the 'orig' dictionary corresponding to the @@ -163,11 +184,11 @@ python npm_do_configure() { with tempfile.TemporaryDirectory() as tmpdir: # Add the dependency to the npm cache destdir = os.path.join(d.getVar("S"), destsuffix) - tarball = npm_pack(env, destdir, tmpdir) - _npm_cache_add(tarball) + (tarball, pkg) = npm_pack(env, destdir, tmpdir) + _npm_cache_add(tarball, pkg) # Add its signature to the cached shrinkwrap dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree) - dep["version"] = _npm_version(tarball) + dep["version"] = pkg['version'] dep["integrity"] = _npm_integrity(tarball) if params.get("dev", False): dep["dev"] = True @@ -184,7 +205,7 @@ python npm_do_configure() { # Configure the main package with tempfile.TemporaryDirectory() as tmpdir: - tarball = npm_pack(env, d.getVar("S"), tmpdir) + (tarball, _) = npm_pack(env, d.getVar("S"), tmpdir) npm_unpack(tarball, d.getVar("NPM_PACKAGE"), d) # Configure the cached manifest file and cached shrinkwrap file @@ -257,7 +278,7 @@ python npm_do_compile() { args.append(("build-from-source", "true")) # Pack and install the main package - tarball = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) + (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir) cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM")) env.run(cmd, args=args) } diff --git a/poky/meta/classes/package_rpm.bbclass b/poky/meta/classes/package_rpm.bbclass index e9ff1f7e65..bbbef3793f 100644 --- a/poky/meta/classes/package_rpm.bbclass +++ b/poky/meta/classes/package_rpm.bbclass @@ -193,8 +193,6 @@ python write_specfile () { if path.endswith("DEBIAN") or path.endswith("CONTROL"): continue path = path.replace("%", "%%%%%%%%") - path = path.replace("[", "?") - path = path.replace("]", "?") # Treat all symlinks to directories as normal files. # os.walk() lists them as directories. @@ -214,8 +212,6 @@ python write_specfile () { if dir == "CONTROL" or dir == "DEBIAN": continue dir = dir.replace("%", "%%%%%%%%") - dir = dir.replace("[", "?") - dir = dir.replace("]", "?") # All packages own the directories their files are in... target.append('%dir "' + path + '/' + dir + '"') else: @@ -230,8 +226,6 @@ python write_specfile () { if file == "CONTROL" or file == "DEBIAN": continue file = file.replace("%", "%%%%%%%%") - file = file.replace("[", "?") - file = file.replace("]", "?") if conffiles.count(path + '/' + file): target.append('%config "' + path + '/' + file + '"') else: diff --git a/poky/meta/classes/rootfs-postcommands.bbclass b/poky/meta/classes/rootfs-postcommands.bbclass index a59d9b5878..5c0b3ec37c 100644 --- a/poky/meta/classes/rootfs-postcommands.bbclass +++ b/poky/meta/classes/rootfs-postcommands.bbclass @@ -14,7 +14,7 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'deb # Create /etc/timestamp during image construction to give a reasonably sane default time setting ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp; " -# Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled +# Tweak files in /etc if read-only-rootfs is enabled ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}' # We also need to do the same for the kernel boot parameters, @@ -103,20 +103,24 @@ read_only_rootfs_hook () { # If we're using openssh and the /etc/ssh directory has no pre-generated keys, # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly # and the keys under /var/run/ssh. - if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then - if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then - echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh - echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh - else - echo "SYSCONFDIR=\${SYSCONFDIR:-/var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh - echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh + # If overlayfs-etc is used this is not done as /etc is treated as writable + # If stateless-rootfs is enabled this is always done as we don't want to save keys then + if ${@ 'true' if not bb.utils.contains('IMAGE_FEATURES', 'overlayfs-etc', True, False, d) or bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, False, d) else 'false'}; then + if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then + if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then + echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh + echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh + else + echo "SYSCONFDIR=\${SYSCONFDIR:-/var/run/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh + echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh + fi fi - fi - # Also tweak the key location for dropbear in the same way. - if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then - if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then - echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear + # Also tweak the key location for dropbear in the same way. + if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then + if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then + echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear + fi fi fi diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass index b1fac107d5..a79e36b594 100644 --- a/poky/meta/classes/sanity.bbclass +++ b/poky/meta/classes/sanity.bbclass @@ -351,6 +351,7 @@ def check_connectivity(d): if len(msg) == 0: msg = "%s.\n" % err msg += " Please ensure your host's network is configured correctly.\n" + msg += " Please ensure CONNECTIVITY_CHECK_URIS is correct and specified URIs are available.\n" msg += " If your ISP or network is blocking the above URL,\n" msg += " try with another domain name, for example by setting:\n" msg += " CONNECTIVITY_CHECK_URIS = \"https://www.example.com/\"" diff --git a/poky/meta/classes/uboot-sign.bbclass b/poky/meta/classes/uboot-sign.bbclass index 31ffe1f472..eecdec9160 100644 --- a/poky/meta/classes/uboot-sign.bbclass +++ b/poky/meta/classes/uboot-sign.bbclass @@ -73,6 +73,9 @@ UBOOT_FIT_HASH_ALG ?= "sha256" FIT_SIGN_ALG ?= "rsa2048" UBOOT_FIT_SIGN_ALG ?= "rsa2048" +# Kernel / U-Boot fitImage Padding Algo +FIT_PAD_ALG ?= "pkcs-1.5" + # Generate keys for signing Kernel / U-Boot fitImage FIT_GENERATE_KEYS ?= "0" UBOOT_FIT_GENERATE_KEYS ?= "0" diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 2a3cf6f8aa..516a30c963 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -924,7 +924,7 @@ SHELL[unexport] = "1" TRANSLATED_TARGET_ARCH ??= "${@d.getVar('TARGET_ARCH').replace("_", "-")}" # Set a default umask to use for tasks for determinism -BB_DEFAULT_UMASK = "022" +BB_DEFAULT_UMASK ??= "022" # Complete output from bitbake BB_CONSOLELOG ?= "${LOG_DIR}/cooker/${MACHINE}/${DATETIME}.log" diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 0a1897fc92..4778b1e5e6 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -544,10 +544,10 @@ RECIPE_MAINTAINER:pn-ofono = "Ross Burton " RECIPE_MAINTAINER:pn-opensbi = "Alistair Francis " RECIPE_MAINTAINER:pn-openssh = "Unassigned " RECIPE_MAINTAINER:pn-openssl = "Alexander Kanavin " -RECIPE_MAINTAINER:pn-opkg = "Alejandro del Castillo " -RECIPE_MAINTAINER:pn-opkg-arch-config = "Alejandro del Castillo " -RECIPE_MAINTAINER:pn-opkg-keyrings = "Alejandro del Castillo " -RECIPE_MAINTAINER:pn-opkg-utils = "Alejandro del Castillo " +RECIPE_MAINTAINER:pn-opkg = "Alex Stewart " +RECIPE_MAINTAINER:pn-opkg-arch-config = "Alex Stewart " +RECIPE_MAINTAINER:pn-opkg-keyrings = "Alex Stewart " +RECIPE_MAINTAINER:pn-opkg-utils = "Alex Stewart " RECIPE_MAINTAINER:pn-orc = "Anuj Mittal " RECIPE_MAINTAINER:pn-os-release = "Ross Burton " RECIPE_MAINTAINER:pn-ovmf = "Ricardo Neri " diff --git a/poky/meta/conf/machine/include/arm/arch-armv9a.inc b/poky/meta/conf/machine/include/arm/arch-armv9a.inc new file mode 100644 index 0000000000..c38d6cfdf6 --- /dev/null +++ b/poky/meta/conf/machine/include/arm/arch-armv9a.inc @@ -0,0 +1,28 @@ +DEFAULTTUNE ?= "armv9a-crc" + +TUNEVALID[armv9a] = "Enable instructions for ARMv9-a" +TUNE_CCARGS_MARCH .= "${@bb.utils.contains('TUNE_FEATURES', 'armv9a', ' -march=armv9-a', '', d)}" +MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'armv9a', 'armv9a:', '', d)}" + +require conf/machine/include/arm/arch-arm64.inc +require conf/machine/include/arm/feature-arm-crc.inc +require conf/machine/include/arm/feature-arm-crypto.inc + +# Little Endian base configs +AVAILTUNES += "armv9a armv9a-crc armv9a-crc-crypto armv9a-crypto" +ARMPKGARCH:tune-armv9a ?= "armv9a" +ARMPKGARCH:tune-armv9a-crc ?= "armv9a" +ARMPKGARCH:tune-armv9a-crypto ?= "armv9a" +ARMPKGARCH:tune-armv9a-crc-crypto ?= "armv9a" +TUNE_FEATURES:tune-armv9a = "aarch64 armv9a" +TUNE_FEATURES:tune-armv9a-crc = "${TUNE_FEATURES:tune-armv9a} crc" +TUNE_FEATURES:tune-armv9a-crypto = "${TUNE_FEATURES:tune-armv9a} crypto" +TUNE_FEATURES:tune-armv9a-crc-crypto = "${TUNE_FEATURES:tune-armv9a-crc} crypto" +PACKAGE_EXTRA_ARCHS:tune-armv9a = "aarch64 armv9a" +PACKAGE_EXTRA_ARCHS:tune-armv9a-crc = "${PACKAGE_EXTRA_ARCHS:tune-armv9a} armv9a-crc" +PACKAGE_EXTRA_ARCHS:tune-armv9a-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv9a} armv9a-crypto" +PACKAGE_EXTRA_ARCHS:tune-armv9a-crc-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv9a-crc} armv9a-crypto armv9a-crc-crypto" +BASE_LIB:tune-armv9a = "lib64" +BASE_LIB:tune-armv9a-crc = "lib64" +BASE_LIB:tune-armv9a-crypto = "lib64" +BASE_LIB:tune-armv9a-crc-crypto = "lib64" diff --git a/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc b/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc index 36355f7bed..d26ab25e48 100644 --- a/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc +++ b/poky/meta/conf/machine/include/arm/armv9a/tune-neoversen2.inc @@ -6,17 +6,15 @@ DEFAULTTUNE ?= "neoversen2" TUNEVALID[neoversen2] = "Enable Neoverse-N2 specific processor optimizations" TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'neoversen2', ' -mcpu=neoverse-n2', '', d)}" -# Even though the Neoverse N2 core implemnts the Arm v9.0-A architecture, -# but the support of it in GCC is based on the Arm v8.5-A architecture. -require conf/machine/include/arm/arch-armv8-5a.inc +require conf/machine/include/arm/arch-armv9a.inc # Little Endian base configs AVAILTUNES += "neoversen2 neoversen2-crypto" ARMPKGARCH:tune-neoversen2 = "neoversen2" ARMPKGARCH:tune-neoversen2-crypto = "neoversen2-crypto" -TUNE_FEATURES:tune-neoversen2 = "${TUNE_FEATURES:tune-armv8-5a} neoversen2" +TUNE_FEATURES:tune-neoversen2 = "${TUNE_FEATURES:tune-armv9a} neoversen2" TUNE_FEATURES:tune-neoversen2-crypto = "${TUNE_FEATURES:tune-neoversen2} crypto" -PACKAGE_EXTRA_ARCHS:tune-neoversen2 = "${PACKAGE_EXTRA_ARCHS:tune-armv8-5a} neoversen2" -PACKAGE_EXTRA_ARCHS:tune-neoversen2-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv8-5a-crypto} neoversen2 neoversen2-crypto" +PACKAGE_EXTRA_ARCHS:tune-neoversen2 = "${PACKAGE_EXTRA_ARCHS:tune-armv9a} neoversen2" +PACKAGE_EXTRA_ARCHS:tune-neoversen2-crypto = "${PACKAGE_EXTRA_ARCHS:tune-armv9a-crypto} neoversen2 neoversen2-crypto" BASE_LIB:tune-neoversen2 = "lib64" BASE_LIB:tune-neoversen2-crypto = "lib64" diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py index aa06497727..f40f16d7ab 100644 --- a/poky/meta/lib/oe/cve_check.py +++ b/poky/meta/lib/oe/cve_check.py @@ -143,7 +143,7 @@ def get_cpe_ids(cve_product, version): else: vendor = "*" - cpe_id = f'cpe:2.3:a:{vendor}:{product}:{version}:*:*:*:*:*:*:*' + cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version) cpe_ids.append(cpe_id) return cpe_ids diff --git a/poky/meta/lib/oe/npm_registry.py b/poky/meta/lib/oe/npm_registry.py new file mode 100644 index 0000000000..96c0affb45 --- /dev/null +++ b/poky/meta/lib/oe/npm_registry.py @@ -0,0 +1,169 @@ +import bb +import json +import subprocess + +_ALWAYS_SAFE = frozenset('ABCDEFGHIJKLMNOPQRSTUVWXYZ' + 'abcdefghijklmnopqrstuvwxyz' + '0123456789' + '_.-~') + +MISSING_OK = object() + +REGISTRY = "https://registry.npmjs.org" + +# we can not use urllib.parse here because npm expects lowercase +# hex-chars but urllib generates uppercase ones +def uri_quote(s, safe = '/'): + res = "" + safe_set = set(safe) + for c in s: + if c in _ALWAYS_SAFE or c in safe_set: + res += c + else: + res += '%%%02x' % ord(c) + return res + +class PackageJson: + def __init__(self, spec): + self.__spec = spec + + @property + def name(self): + return self.__spec['name'] + + @property + def version(self): + return self.__spec['version'] + + @property + def empty_manifest(self): + return { + 'name': self.name, + 'description': self.__spec.get('description', ''), + 'versions': {}, + } + + def base_filename(self): + return uri_quote(self.name, safe = '@') + + def as_manifest_entry(self, tarball_uri): + res = {} + + ## NOTE: 'npm install' requires more than basic meta information; + ## e.g. it takes 'bin' from this manifest entry but not the actual + ## 'package.json' + for (idx,dflt) in [('name', None), + ('description', ""), + ('version', None), + ('bin', MISSING_OK), + ('man', MISSING_OK), + ('scripts', MISSING_OK), + ('directories', MISSING_OK), + ('dependencies', MISSING_OK), + ('devDependencies', MISSING_OK), + ('optionalDependencies', MISSING_OK), + ('license', "unknown")]: + if idx in self.__spec: + res[idx] = self.__spec[idx] + elif dflt == MISSING_OK: + pass + elif dflt != None: + res[idx] = dflt + else: + raise Exception("%s-%s: missing key %s" % (self.name, + self.version, + idx)) + + res['dist'] = { + 'tarball': tarball_uri, + } + + return res + +class ManifestImpl: + def __init__(self, base_fname, spec): + self.__base = base_fname + self.__spec = spec + + def load(self): + try: + with open(self.filename, "r") as f: + res = json.load(f) + except IOError: + res = self.__spec.empty_manifest + + return res + + def save(self, meta): + with open(self.filename, "w") as f: + json.dump(meta, f, indent = 2) + + @property + def filename(self): + return self.__base + ".meta" + +class Manifest: + def __init__(self, base_fname, spec): + self.__base = base_fname + self.__spec = spec + self.__lockf = None + self.__impl = None + + def __enter__(self): + self.__lockf = bb.utils.lockfile(self.__base + ".lock") + self.__impl = ManifestImpl(self.__base, self.__spec) + return self.__impl + + def __exit__(self, exc_type, exc_val, exc_tb): + bb.utils.unlockfile(self.__lockf) + +class NpmCache: + def __init__(self, cache): + self.__cache = cache + + @property + def path(self): + return self.__cache + + def run(self, type, key, fname): + subprocess.run(['oe-npm-cache', self.__cache, type, key, fname], + check = True) + +class NpmRegistry: + def __init__(self, path, cache): + self.__path = path + self.__cache = NpmCache(cache + '/_cacache') + bb.utils.mkdirhier(self.__path) + bb.utils.mkdirhier(self.__cache.path) + + @staticmethod + ## This function is critical and must match nodejs expectations + def _meta_uri(spec): + return REGISTRY + '/' + uri_quote(spec.name, safe = '@') + + @staticmethod + ## Exact return value does not matter; just make it look like a + ## usual registry url + def _tarball_uri(spec): + return '%s/%s/-/%s-%s.tgz' % (REGISTRY, + uri_quote(spec.name, safe = '@'), + uri_quote(spec.name, safe = '@/'), + spec.version) + + def add_pkg(self, tarball, pkg_json): + pkg_json = PackageJson(pkg_json) + base = os.path.join(self.__path, pkg_json.base_filename()) + + with Manifest(base, pkg_json) as manifest: + meta = manifest.load() + tarball_uri = self._tarball_uri(pkg_json) + + meta['versions'][pkg_json.version] = pkg_json.as_manifest_entry(tarball_uri) + + manifest.save(meta) + + ## Cache entries are a little bit dependent on the nodejs + ## version; version specific cache implementation must + ## mitigate differences + self.__cache.run('meta', self._meta_uri(pkg_json), manifest.filename); + self.__cache.run('tgz', tarball_uri, tarball); diff --git a/poky/meta/lib/oe/rootfs.py b/poky/meta/lib/oe/rootfs.py index 9e6b411fb6..91312f8353 100644 --- a/poky/meta/lib/oe/rootfs.py +++ b/poky/meta/lib/oe/rootfs.py @@ -384,6 +384,10 @@ def create_rootfs(d, manifest_dir=None, progress_reporter=None, logcatcher=None) def image_list_installed_packages(d, rootfs_dir=None): + # Theres no rootfs for baremetal images + if bb.data.inherits_class('baremetal-image', d): + return "" + if not rootfs_dir: rootfs_dir = d.getVar('IMAGE_ROOTFS') diff --git a/poky/meta/lib/oe/spdx.py b/poky/meta/lib/oe/spdx.py index 14ca706895..6d56ed90df 100644 --- a/poky/meta/lib/oe/spdx.py +++ b/poky/meta/lib/oe/spdx.py @@ -218,7 +218,7 @@ class SPDXPackage(SPDXObject): SPDXID = _String() versionInfo = _String() downloadLocation = _String(default="NOASSERTION") - packageSupplier = _String(default="NOASSERTION") + supplier = _String(default="NOASSERTION") homepage = _String() licenseConcluded = _String(default="NOASSERTION") licenseDeclared = _String(default="NOASSERTION") diff --git a/poky/meta/lib/oeqa/runtime/cases/dnf.py b/poky/meta/lib/oeqa/runtime/cases/dnf.py index f40c63026e..2cfb36425c 100644 --- a/poky/meta/lib/oeqa/runtime/cases/dnf.py +++ b/poky/meta/lib/oeqa/runtime/cases/dnf.py @@ -144,7 +144,7 @@ class DnfRepoTest(DnfTest): self.assertEqual(0, status, output) @OETestDepends(['dnf.DnfRepoTest.test_dnf_makecache']) - @skipIfNotInDataVar('DISTRO_FEATURES', 'usrmerge', 'Test run when enable usrmege') + @skipIfNotInDataVar('DISTRO_FEATURES', 'usrmerge', 'Test run when enable usrmerge') @OEHasPackage('busybox') def test_dnf_installroot_usrmerge(self): rootpath = '/home/root/chroot/test' diff --git a/poky/meta/lib/oeqa/runtime/cases/parselogs.py b/poky/meta/lib/oeqa/runtime/cases/parselogs.py index 1f9365f3a8..2d59bcf5f7 100644 --- a/poky/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/poky/meta/lib/oeqa/runtime/cases/parselogs.py @@ -64,6 +64,7 @@ common_errors = [ "[pulseaudio] authkey.c: Failed to load authentication key", "was skipped because of a failed condition check", "was skipped because all trigger condition checks failed", + "xf86OpenConsole: Switching VT failed", ] video_related = [ @@ -140,6 +141,7 @@ ignore_errors = { 'Failed to initialize \'/amba/timer@101e3000\': -22', 'jitterentropy: Initialization failed with host not compliant with requirements: 2', 'clcd-pl11x: probe of 10120000.display failed with error -2', + 'arm-charlcd 10008000.lcd: error -ENXIO: IRQ index 0 not found' ] + common_errors, 'qemuarm64' : [ 'Fatal server error:', diff --git a/poky/meta/lib/oeqa/selftest/cases/fitimage.py b/poky/meta/lib/oeqa/selftest/cases/fitimage.py index e6bfd1257e..d732a9020d 100644 --- a/poky/meta/lib/oeqa/selftest/cases/fitimage.py +++ b/poky/meta/lib/oeqa/selftest/cases/fitimage.py @@ -738,6 +738,7 @@ UBOOT_LOADADDRESS = "0x80000000" UBOOT_DTB_LOADADDRESS = "0x82000000" UBOOT_ARCH = "arm" UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000" +UBOOT_MKIMAGE_KERNEL_TYPE = "kernel" UBOOT_EXTLINUX = "0" FIT_GENERATE_KEYS = "1" KERNEL_IMAGETYPE_REPLACEMENT = "zImage" @@ -763,6 +764,7 @@ FIT_HASH_ALG = "sha256" kernel_load = str(get_bb_var('UBOOT_LOADADDRESS')) kernel_entry = str(get_bb_var('UBOOT_ENTRYPOINT')) + kernel_type = str(get_bb_var('UBOOT_MKIMAGE_KERNEL_TYPE')) kernel_compression = str(get_bb_var('FIT_KERNEL_COMP_ALG')) uboot_arch = str(get_bb_var('UBOOT_ARCH')) fit_hash_alg = str(get_bb_var('FIT_HASH_ALG')) @@ -775,7 +777,7 @@ FIT_HASH_ALG = "sha256" 'kernel-1 {', 'description = "Linux kernel";', 'data = /incbin/("linux.bin");', - 'type = "kernel";', + 'type = "' + kernel_type + '";', 'arch = "' + uboot_arch + '";', 'os = "linux";', 'compression = "' + kernel_compression + '";', diff --git a/poky/meta/lib/oeqa/selftest/cases/git.py b/poky/meta/lib/oeqa/selftest/cases/git.py deleted file mode 100644 index f12874dc7d..0000000000 --- a/poky/meta/lib/oeqa/selftest/cases/git.py +++ /dev/null @@ -1,15 +0,0 @@ -from oeqa.selftest.case import OESelftestTestCase -from oeqa.utils.commands import bitbake - -class GitCheck(OESelftestTestCase): - def test_git_intercept(self): - """ - Git binaries with CVE-2022-24765 fixed will refuse to operate on a - repository which is owned by a different user. This breaks our - do_install task as that runs inside pseudo, so the git repository is - owned by the build user but git is running as (fake)root. - - We have an intercept which disables pseudo, so verify that it works. - """ - bitbake("git-submodule-test -c test_git_as_user") - bitbake("git-submodule-test -c test_git_as_root") diff --git a/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py b/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py index c809d7c9b1..978898b86f 100644 --- a/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py +++ b/poky/meta/lib/oeqa/selftest/cases/gotoolchain.py @@ -43,12 +43,6 @@ class oeGoToolchainSelfTest(OESelftestTestCase): @classmethod def tearDownClass(cls): - # Go creates file which are readonly - for dirpath, dirnames, filenames in os.walk(cls.tmpdir_SDKQA): - for filename in filenames + dirnames: - f = os.path.join(dirpath, filename) - if not os.path.islink(f): - os.chmod(f, 0o775) shutil.rmtree(cls.tmpdir_SDKQA, ignore_errors=True) super(oeGoToolchainSelfTest, cls).tearDownClass() @@ -56,6 +50,8 @@ class oeGoToolchainSelfTest(OESelftestTestCase): cmd = "cd %s/src/%s/%s; " % (self.go_path, proj, name) cmd = cmd + ". %s; " % self.env_SDK cmd = cmd + "export GOPATH=%s; " % self.go_path + cmd = cmd + "export GOFLAGS=-modcacherw; " + cmd = cmd + "export CGO_ENABLED=1; " cmd = cmd + "${CROSS_COMPILE}go %s" % gocmd return runCmd(cmd).status diff --git a/poky/meta/lib/oeqa/selftest/cases/intercept.py b/poky/meta/lib/oeqa/selftest/cases/intercept.py new file mode 100644 index 0000000000..f12874dc7d --- /dev/null +++ b/poky/meta/lib/oeqa/selftest/cases/intercept.py @@ -0,0 +1,15 @@ +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import bitbake + +class GitCheck(OESelftestTestCase): + def test_git_intercept(self): + """ + Git binaries with CVE-2022-24765 fixed will refuse to operate on a + repository which is owned by a different user. This breaks our + do_install task as that runs inside pseudo, so the git repository is + owned by the build user but git is running as (fake)root. + + We have an intercept which disables pseudo, so verify that it works. + """ + bitbake("git-submodule-test -c test_git_as_user") + bitbake("git-submodule-test -c test_git_as_root") diff --git a/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py b/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py index 802a91a488..33bd6df2f3 100644 --- a/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py +++ b/poky/meta/lib/oeqa/selftest/cases/oelib/buildhistory.py @@ -3,6 +3,7 @@ # import os +import sys from oeqa.selftest.case import OESelftestTestCase import tempfile import operator @@ -11,15 +12,14 @@ from oeqa.utils.commands import get_bb_var class TestBlobParsing(OESelftestTestCase): def setUp(self): - import time self.repo_path = tempfile.mkdtemp(prefix='selftest-buildhistory', dir=get_bb_var('TOPDIR')) try: from git import Repo self.repo = Repo.init(self.repo_path) - except ImportError: - self.skipTest('Python module GitPython is not present') + except ImportError as e: + self.skipTest('Python module GitPython is not present (%s) (%s)' % (e, sys.path)) self.test_file = "test" self.var_map = {} diff --git a/poky/meta/lib/oeqa/selftest/cases/wic.py b/poky/meta/lib/oeqa/selftest/cases/wic.py index de74c07a03..49fb6fe52c 100644 --- a/poky/meta/lib/oeqa/selftest/cases/wic.py +++ b/poky/meta/lib/oeqa/selftest/cases/wic.py @@ -1420,7 +1420,7 @@ class ModifyTests(WicTestCase): # list directory content of the first partition result = runCmd("wic ls %s:1 -n %s" % (images[0], sysroot)) - self.assertIn('\n%s ' % kerneltype.upper(), result.output) + self.assertIn('\n%s ' % kerneltype.upper(), result.output) self.assertIn('\nEFI ', result.output) # remove file. EFI partitions are case-insensitive so exercise that too diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py index 76296d50cd..c19164e6e7 100644 --- a/poky/meta/lib/oeqa/utils/qemurunner.py +++ b/poky/meta/lib/oeqa/utils/qemurunner.py @@ -471,9 +471,9 @@ class QemuRunner: self.server_socket = qemusock stopread = True reachedlogin = True - self.logger.debug("Reached login banner in %s seconds (%s)" % + self.logger.debug("Reached login banner in %s seconds (%s, %s)" % (time.time() - (endtime - self.boottime), - time.strftime("%D %H:%M:%S"))) + time.strftime("%D %H:%M:%S"), time.time())) else: # no need to check if reachedlogin unless we support multiple connections self.logger.debug("QEMU socket disconnected before login banner reached. (%s)" % @@ -618,6 +618,8 @@ class QemuRunner: return self.qmp.cmd(command) def run_serial(self, command, raw=False, timeout=60): + # Returns (status, output) where status is 1 on success and 0 on error + # We assume target system have echo to get command status if not raw: command = "%s; echo $?\n" % command diff --git a/poky/meta/lib/rootfspostcommands.py b/poky/meta/lib/rootfspostcommands.py index fdb9f5b850..12f66d2ce2 100644 --- a/poky/meta/lib/rootfspostcommands.py +++ b/poky/meta/lib/rootfspostcommands.py @@ -58,3 +58,10 @@ def sort_passwd(sysconfdir): remove_backup(filename) if os.path.exists(filename): sort_file(filename, mapping) + # Drop other known backup shadow-utils. + for filename in ( + 'subgid', + 'subuid', + ): + filepath = os.path.join(sysconfdir, filename) + remove_backup(filepath) diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch new file mode 100644 index 0000000000..7f7bb1acfe --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch @@ -0,0 +1,179 @@ +From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 18:51:35 +1000 +Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap + out-of-bounds write + +A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + +The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, +but there are only 3 bytes allocated for storage. This means that image +data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes +out of every 4 following the end of the image. + +This has existed since greyscale support was added in 2013 in commit +3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + +Saving starfield.png as a 16-bit greyscale image without alpha in the gimp +and attempting to load it causes grub-emu to crash - I don't think this code +has ever worked. + +Delete all PNG greyscale support. + +Fixes: CVE-2021-3695 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE: CVE-2021-3695 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08 + +Signed-off-by: Yongxin Liu +--- + grub-core/video/readers/png.c | 87 +++-------------------------------- + 1 file changed, 7 insertions(+), 80 deletions(-) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 35ae553c8..a3161e25b 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -100,7 +100,7 @@ struct grub_png_data + + unsigned image_width, image_height; + int bpp, is_16bit; +- int raw_bytes, is_gray, is_alpha, is_palette; ++ int raw_bytes, is_alpha, is_palette; + int row_bytes, color_bits; + grub_uint8_t *image_data; + +@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp = 3; + else + { +- data->is_gray = 1; +- data->bpp = 1; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: color type not supported"); + } + + if ((color_bits != 8) && (color_bits != 16) + && (color_bits != 4 +- || !(data->is_gray || data->is_palette))) ++ || !data->is_palette)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "png: bit depth must be 8 or 16"); + +@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN +- if (data->is_16bit || data->is_gray || data->is_palette) ++ if (data->is_16bit || data->is_palette) + #endif + { + data->image_data = grub_calloc (data->image_height, data->row_bytes); +@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) + int shift; + int mask = (1 << data->color_bits) - 1; + unsigned j; +- if (data->is_gray) +- { +- /* Generic formula is +- (0xff * i) / ((1U << data->color_bits) - 1) +- but for allowed bit depth of 1, 2 and for it's +- equivalent to +- (0xff / ((1U << data->color_bits) - 1)) * i +- Precompute the multipliers to avoid division. +- */ +- +- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; +- for (i = 0; i < (1U << data->color_bits); i++) +- { +- grub_uint8_t col = multipliers[data->color_bits] * i; +- palette[i][0] = col; +- palette[i][1] = col; +- palette[i][2] = col; +- } +- } +- else +- grub_memcpy (palette, data->palette, 3 << data->color_bits); ++ ++ grub_memcpy (palette, data->palette, 3 << data->color_bits); + d1c = d1; + d2c = d2; + for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, +@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data) + return; + } + +- if (data->is_gray) +- { +- switch (data->bpp) +- { +- case 4: +- /* 16-bit gray with alpha. */ +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 4) +- { +- d1[R4] = d2[3]; +- d1[G4] = d2[3]; +- d1[B4] = d2[3]; +- d1[A4] = d2[1]; +- } +- break; +- case 2: +- if (data->is_16bit) +- /* 16-bit gray without alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R3] = d2[1]; +- d1[G3] = d2[1]; +- d1[B3] = d2[1]; +- } +- } +- else +- /* 8-bit gray with alpha. */ +- { +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 4, d2 += 2) +- { +- d1[R4] = d2[1]; +- d1[G4] = d2[1]; +- d1[B4] = d2[1]; +- d1[A4] = d2[0]; +- } +- } +- break; +- /* 8-bit gray without alpha. */ +- case 1: +- for (i = 0; i < (data->image_width * data->image_height); +- i++, d1 += 3, d2++) +- { +- d1[R3] = d2[0]; +- d1[G3] = d2[0]; +- d1[B3] = d2[0]; +- } +- break; +- } +- return; +- } +- + { + /* Only copy the upper 8 bit. */ + #ifndef GRUB_CPU_WORDS_BIGENDIAN +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch new file mode 100644 index 0000000000..f06514e665 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch @@ -0,0 +1,50 @@ +From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 6 Jul 2021 23:25:07 +1000 +Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table + items + +In fuzzing we observed crashes where a code would attempt to be inserted +into a huffman table before the start, leading to a set of heap OOB reads +and writes as table entries with negative indices were shifted around and +the new code written in. + +Catch the case where we would underflow the array and bail. + +Fixes: CVE-2021-3696 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE: CVE-2021-3696 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042 + +Signed-off-by: Yongxin Liu +--- + grub-core/video/readers/png.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index a3161e25b..d7ed5aa6c 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) + for (i = len; i < ht->max_length; i++) + n += ht->maxval[i]; + ++ if (n > ht->num_values) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "png: out of range inserting huffman table item"); ++ return; ++ } ++ + for (i = 0; i < n; i++) + ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch new file mode 100644 index 0000000000..e9fc52df86 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch @@ -0,0 +1,84 @@ +From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Wed, 7 Jul 2021 15:38:19 +1000 +Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write + +Certain 1 px wide images caused a wild pointer write in +grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), +we have the following loop: + +for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + +We did not check if vb * width >= hb * nc1. + +On a 64-bit platform, if that turns out to be negative, it will underflow, +be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so +we see data->bitmap_ptr jump, e.g.: + +0x6180_0000_0480 to +0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + +On a 32-bit platform, it will decrement the pointer, creating a pointer +that won't crash but will overwrite random data. + +Catch the underflow and error out. + +Fixes: CVE-2021-3697 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE: CVE-2021-3697 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 + +Signed-off-by: Yongxin Liu +--- + grub-core/video/readers/jpeg.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 579bbe8a4..09596fbf5 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -699,6 +700,7 @@ static grub_err_t + grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; ++ unsigned stride_a, stride_b, stride; + int rst = data->dri; + grub_err_t err = GRUB_ERR_NONE; + +@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: attempted to decode data before start of stream"); + ++ if (grub_mul(vb, data->image_width, &stride_a) || ++ grub_mul(hb, nc1, &stride_b) || ++ grub_sub(stride_a, stride_b, &stride)) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: cannot decode image with these dimensions"); ++ + for (; data->r1 < nr1 && (!data->dri || rst); +- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) ++ data->r1++, data->bitmap_ptr += stride * 3) + for (c1 = 0; c1 < nc1 && (!data->dri || rst); + c1++, rst--, data->bitmap_ptr += hb * 3) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch new file mode 100644 index 0000000000..8bf9090f94 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch @@ -0,0 +1,63 @@ +From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 20 Dec 2021 19:41:21 +1100 +Subject: [PATCH] net/ip: Do IP fragment maths safely + +We can receive packets with invalid IP fragmentation information. This +can lead to rsm->total_len underflowing and becoming very large. + +Then, in grub_netbuff_alloc(), we add to this very large number, which can +cause it to overflow and wrap back around to a small positive number. +The allocation then succeeds, but the resulting buffer is too small and +subsequent operations can write past the end of the buffer. + +Catch the underflow here. + +Fixes: CVE-2022-28733 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE: CVE-2022-28733 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287 + +Signed-off-by: Yongxin Liu + +--- + grub-core/net/ip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c +index e3d62e97f..3c3d0be0e 100644 +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + + struct iphdr { +@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, + { + rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) + + (nb->tail - nb->data)); +- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); ++ ++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), ++ &rsm->total_len)) ++ { ++ grub_dprintf ("net", "IP reassembly size underflow\n"); ++ return GRUB_ERR_NONE; ++ } ++ + rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); + if (!rsm->asm_netbuff) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch new file mode 100644 index 0000000000..f31167d315 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch @@ -0,0 +1,58 @@ +From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 19:04:40 +1100 +Subject: [PATCH] net/http: Error out on headers with LF without CR + +In a similar vein to the previous patch, parse_line() would write +a NUL byte past the end of the buffer if there was an HTTP header +with a LF rather than a CRLF. + +RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + +We don't support quoted sections or continuation lines, etc. + +If we see an LF that's not part of a CRLF, bail out. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE: CVE-2022-28734 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 + +Signed-off-by: Yongxin Liu +--- + grub-core/net/http.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index 33a0a28c4..9291a13e2 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) + char *end = ptr + len; + while (end > ptr && *(end - 1) == '\r') + end--; ++ ++ /* LF without CR. */ ++ if (end == ptr + len) ++ { ++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); ++ return GRUB_ERR_NONE; ++ } + *end = 0; ++ + /* Trailing CRLF. */ + if (data->in_chunk_len == 1) + { +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch new file mode 100644 index 0000000000..e0ca1eec44 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch @@ -0,0 +1,56 @@ +From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 8 Mar 2022 18:17:03 +1100 +Subject: [PATCH] net/http: Fix OOB write for split http headers + +GRUB has special code for handling an http header that is split +across two packets. + +The code tracks the end of line by looking for a "\n" byte. The +code for split headers has always advanced the pointer just past the +end of the line, whereas the code that handles unsplit headers does +not advance the pointer. This extra advance causes the length to be +one greater, which breaks an assumption in parse_line(), leading to +it writing a NUL byte one byte past the end of the buffer where we +reconstruct the line from the two packets. + +It's conceivable that an attacker controlled set of packets could +cause this to zero out the first byte of the "next" pointer of the +grub_mm_region structure following the current_line buffer. + +Do not advance the pointer in the split header case. + +Fixes: CVE-2022-28734 + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE: CVE-2022-28734 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b + +Signed-off-by: Yongxin Liu +--- + grub-core/net/http.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index f8d7bf0cd..33a0a28c4 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), + int have_line = 1; + char *t; + ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); +- if (ptr) +- ptr++; +- else ++ if (ptr == NULL) + { + have_line = 0; + ptr = (char *) nb->tail; +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch new file mode 100644 index 0000000000..7a59f10bfb --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch @@ -0,0 +1,111 @@ +From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Thu, 2 Dec 2021 15:03:53 +0100 +Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock + verifier + +We must not allow other verifiers to pass things like the GRUB modules. +Instead of maintaining a blocklist, maintain an allowlist of things +that we do not care about. + +This allowlist really should be made reusable, and shared by the +lockdown verifier, but this is the minimal patch addressing +security concerns where the TPM verifier was able to mark modules +as verified (or the OpenPGP verifier for that matter), when it +should not do so on shim-powered secure boot systems. + +Fixes: CVE-2022-28735 + +Signed-off-by: Julian Andres Klode +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport +CVE:CVE-2022-28735 + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53 + +Signed-off-by: Yongxin Liu +--- + grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- + include/grub/verify.h | 1 + + 2 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +index c52ec6226..89c4bb3fd 100644 +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + void **context __attribute__ ((unused)), + enum grub_verify_flags *flags) + { +- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ *flags = GRUB_VERIFY_FLAGS_NONE; + + switch (type & GRUB_FILE_TYPE_MASK) + { ++ /* Files we check. */ + case GRUB_FILE_TYPE_LINUX_KERNEL: + case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: + case GRUB_FILE_TYPE_BSD_KERNEL: +@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), + case GRUB_FILE_TYPE_PLAN9_KERNEL: + case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: + *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; ++ return GRUB_ERR_NONE; + +- /* Fall through. */ ++ /* Files that do not affect secureboot state. */ ++ case GRUB_FILE_TYPE_NONE: ++ case GRUB_FILE_TYPE_LOOPBACK: ++ case GRUB_FILE_TYPE_LINUX_INITRD: ++ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: ++ case GRUB_FILE_TYPE_XNU_RAMDISK: ++ case GRUB_FILE_TYPE_SIGNATURE: ++ case GRUB_FILE_TYPE_PUBLIC_KEY: ++ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: ++ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: ++ case GRUB_FILE_TYPE_TESTLOAD: ++ case GRUB_FILE_TYPE_GET_SIZE: ++ case GRUB_FILE_TYPE_FONT: ++ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: ++ case GRUB_FILE_TYPE_CAT: ++ case GRUB_FILE_TYPE_HEXCAT: ++ case GRUB_FILE_TYPE_CMP: ++ case GRUB_FILE_TYPE_HASHLIST: ++ case GRUB_FILE_TYPE_TO_HASH: ++ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: ++ case GRUB_FILE_TYPE_PIXMAP: ++ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: ++ case GRUB_FILE_TYPE_CONFIG: ++ case GRUB_FILE_TYPE_THEME: ++ case GRUB_FILE_TYPE_GETTEXT_CATALOG: ++ case GRUB_FILE_TYPE_FS_SEARCH: ++ case GRUB_FILE_TYPE_LOADENV: ++ case GRUB_FILE_TYPE_SAVEENV: ++ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: ++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; ++ return GRUB_ERR_NONE; + ++ /* Other files. */ + default: +- return GRUB_ERR_NONE; ++ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); + } + } + +diff --git a/include/grub/verify.h b/include/grub/verify.h +index cd129c398..672ae1692 100644 +--- a/include/grub/verify.h ++++ b/include/grub/verify.h +@@ -24,6 +24,7 @@ + + enum grub_verify_flags + { ++ GRUB_VERIFY_FLAGS_NONE = 0, + GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, + GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, + /* Defer verification to another authority. */ +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch new file mode 100644 index 0000000000..2db9bcbbc5 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch @@ -0,0 +1,693 @@ +From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001 +From: Elyes Haouas +Date: Fri, 4 Mar 2022 07:42:13 +0100 +Subject: [PATCH] video: Remove trailing whitespaces + +Signed-off-by: Elyes Haouas +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a + +Signed-off-by: Yongxin Liu +--- + grub-core/video/bochs.c | 2 +- + grub-core/video/capture.c | 2 +- + grub-core/video/cirrus.c | 4 ++-- + grub-core/video/coreboot/cbfb.c | 2 +- + grub-core/video/efi_gop.c | 22 +++++++++---------- + grub-core/video/fb/fbblit.c | 8 +++---- + grub-core/video/fb/video_fb.c | 10 ++++----- + grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++--------------- + grub-core/video/i386/pc/vga.c | 6 ++--- + grub-core/video/ieee1275.c | 4 ++-- + grub-core/video/radeon_fuloong2e.c | 6 ++--- + grub-core/video/radeon_yeeloong3a.c | 6 ++--- + grub-core/video/readers/png.c | 2 +- + grub-core/video/readers/tga.c | 2 +- + grub-core/video/sis315_init.c | 2 +- + grub-core/video/sis315pro.c | 8 +++---- + grub-core/video/sm712.c | 10 ++++----- + grub-core/video/video.c | 8 +++---- + 18 files changed, 69 insertions(+), 69 deletions(-) + +diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c +index 30ea1bd82..edc651697 100644 +--- a/grub-core/video/bochs.c ++++ b/grub-core/video/bochs.c +@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + + if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234) + return 0; +- ++ + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); + framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK; + if (!framebuffer.base) +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4d3195e01..c653d89f9 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; +- ++ + err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target, + &framebuffer.mode_info, + framebuffer.ptr); +diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c +index e2149e8ce..f5542ccdc 100644 +--- a/grub-core/video/cirrus.c ++++ b/grub-core/video/cirrus.c +@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height, + grub_uint8_t sr_ext = 0, hidden_dac = 0; + + grub_vga_set_geometry (&config, grub_vga_cr_write); +- ++ + grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1, + GRUB_VGA_GR_MODE); + grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6); +- ++ + grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE); + + grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT) +diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c +index 9af81fa5b..986003c51 100644 +--- a/grub-core/video/coreboot/cbfb.c ++++ b/grub-core/video/coreboot/cbfb.c +@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height, + + grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); +- ++ + return err; + } + +diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c +index b7590dc6c..7a5054631 100644 +--- a/grub-core/video/efi_gop.c ++++ b/grub-core/video/efi_gop.c +@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + grub_efi_status_t status; + struct grub_efi_gop_mode_info *info = NULL; + struct grub_video_mode_info mode_info; +- ++ + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); + + if (status) +@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + found = 1; + } + } +- ++ + if (!found) + { + unsigned mode; +@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + { + grub_efi_uintn_t size; + grub_efi_status_t status; +- ++ + status = efi_call_4 (gop->query_mode, gop, mode, &size, &info); + if (status) + { +@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base; + framebuffer.offscreen + = grub_malloc (framebuffer.mode_info.height +- * framebuffer.mode_info.width ++ * framebuffer.mode_info.width + * sizeof (struct grub_efi_gop_blt_pixel)); + + buffer = framebuffer.offscreen; +- ++ + if (!buffer) + { + grub_dprintf ("video", "GOP: couldn't allocate shadow\n"); +@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + &framebuffer.mode_info); + buffer = framebuffer.ptr; + } +- ++ + grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n", + framebuffer.ptr, framebuffer.mode_info.width, + framebuffer.mode_info.height, framebuffer.mode_info.bpp); +- ++ + err = grub_video_fb_create_render_target_from_pointer + (&framebuffer.render_target, &framebuffer.mode_info, buffer); + +@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + grub_dprintf ("video", "GOP: Couldn't create FB target\n"); + return err; + } +- ++ + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + { + grub_dprintf ("video", "GOP: Couldn't set FB target\n"); + return err; + } +- ++ + err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); + +@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height, + grub_dprintf ("video", "GOP: Couldn't set palette\n"); + else + grub_dprintf ("video", "GOP: Success\n"); +- ++ + return err; + } + +diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c +index d55924837..1010ef393 100644 +--- a/grub-core/video/fb/fbblit.c ++++ b/grub-core/video/fb/fbblit.c +@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, + for (i = 0; i < width; i++) + { + register grub_uint32_t col; +- if (*srcptr == 0xf0) ++ if (*srcptr == 0xf0) + col = palette[16]; + else + col = palette[*srcptr & 0xf]; +@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst, + *dstptr++ = col >> 0; + *dstptr++ = col >> 8; + *dstptr++ = col >> 16; +-#endif ++#endif + srcptr++; + } + +@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, + for (i = 0; i < width; i++) + { + register grub_uint32_t col; +- if (*srcptr != 0xf0) ++ if (*srcptr != 0xf0) + { + col = palette[*srcptr & 0xf]; + #ifdef GRUB_CPU_WORDS_BIGENDIAN +@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst, + *dstptr++ = col >> 0; + *dstptr++ = col >> 8; + *dstptr++ = col >> 16; +-#endif ++#endif + } + else + dstptr += 3; +diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c +index ae6b89f9a..fa4ebde26 100644 +--- a/grub-core/video/fb/video_fb.c ++++ b/grub-core/video/fb/video_fb.c +@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source, + *alpha = 0; + return; + } +- ++ + /* If we have an out-of-bounds color, return transparent black. */ + if (color > 255) + { +@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + /* If everything is aligned on 32-bit use 32-bit copy. */ + if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) + % sizeof (grub_uint32_t) == 0 +- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) ++ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y) + % sizeof (grub_uint32_t) == 0 + && linelen % sizeof (grub_uint32_t) == 0 + && linedelta % sizeof (grub_uint32_t) == 0) +@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y) + % sizeof (grub_uint16_t) == 0 + && (grub_addr_t) grub_video_fb_get_video_ptr (&target, +- dst_x, dst_y) ++ dst_x, dst_y) + % sizeof (grub_uint16_t) == 0 + && linelen % sizeof (grub_uint16_t) == 0 + && linedelta % sizeof (grub_uint16_t) == 0) +@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy) + { + grub_uint8_t *src, *dst; + DO_SCROLL +- } ++ } + } + + /* 4. Fill empty space with specified color. In this implementation +@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask, + framebuffer.render_target = framebuffer.back_target; + return GRUB_ERR_NONE; + } +- ++ + mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED + | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP); + +diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c +index b7f911926..0e65b5206 100644 +--- a/grub-core/video/i386/pc/vbe.c ++++ b/grub-core/video/i386/pc/vbe.c +@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr) + } + + /* Call VESA BIOS 0x4f09 to set palette data, return status. */ +-static grub_vbe_status_t ++static grub_vbe_status_t + grub_vbe_bios_set_palette_data (grub_uint32_t color_count, + grub_uint32_t start_index, + struct grub_vbe_palette_data *palette_data) +@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count, + } + + /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) + { + struct grub_bios_int_registers regs; +@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci) + } + + /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_mode_info (grub_uint32_t mode, + struct grub_vbe_mode_info_block *mode_info) + { +@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode, + } + + /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_mode (grub_uint32_t *mode) + { + struct grub_bios_int_registers regs; +@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode) + return regs.eax & 0xffff; + } + +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size) + { + struct grub_bios_int_registers regs; +@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window, + } + + /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_set_scanline_length (grub_uint32_t length) + { + struct grub_bios_int_registers regs; +@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length) + regs.ecx = length; + regs.eax = 0x4f06; + /* BL = 2, Set Scan Line in Bytes. */ +- regs.ebx = 0x0002; ++ regs.ebx = 0x0002; + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + grub_bios_interrupt (0x10, ®s); + return regs.eax & 0xffff; + } + + /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_scanline_length (grub_uint32_t *length) + { + struct grub_bios_int_registers regs; +@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length) + } + + /* Call VESA BIOS 0x4f07 to set display start, return status. */ +-static grub_vbe_status_t ++static grub_vbe_status_t + grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + { + struct grub_bios_int_registers regs; +@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + regs.edx = y; + regs.eax = 0x4f07; + /* BL = 80h, Set Display Start during Vertical Retrace. */ +- regs.ebx = 0x0080; ++ regs.ebx = 0x0080; + regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT; + grub_bios_interrupt (0x10, ®s); + +@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y) + } + + /* Call VESA BIOS 0x4f07 to get display start, return status. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_display_start (grub_uint32_t *x, + grub_uint32_t *y) + { +@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x, + } + + /* Call VESA BIOS 0x4f0a. */ +-grub_vbe_status_t ++grub_vbe_status_t + grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset, + grub_uint16_t *length) + { +@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode, + case GRUB_VBE_MEMORY_MODEL_YUV: + mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV; + break; +- ++ + case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR: + mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB; + break; +@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode, + break; + case 8: + mode_info->bytes_per_pixel = 1; +- break; ++ break; + case 4: + mode_info->bytes_per_pixel = 0; +- break; ++ break; + } + + if (controller_info.version >= 0x300) +@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo + + static grub_err_t + grub_video_vbe_setup (unsigned int width, unsigned int height, +- grub_video_mode_type_t mode_type, ++ grub_video_mode_type_t mode_type, + grub_video_mode_type_t mode_mask) + { + grub_uint16_t *p; +@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void) + controller_info.version & 0xFF, + controller_info.oem_software_rev >> 8, + controller_info.oem_software_rev & 0xFF); +- ++ + /* The total_memory field is in 64 KiB units. */ + grub_printf_ (N_(" total memory: %d KiB\n"), + (controller_info.total_memory << 6)); +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index b2f776c99..50d0b5e02 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -48,7 +48,7 @@ static struct + int back_page; + } framebuffer; + +-static unsigned char ++static unsigned char + grub_vga_set_mode (unsigned char mode) + { + struct grub_bios_int_registers regs; +@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + is_target = 1; + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; +- ++ + err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS, + grub_video_fbstd_colors); + +diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c +index f437fb0df..ca3d3c3b2 100644 +--- a/grub-core/video/ieee1275.c ++++ b/grub-core/video/ieee1275.c +@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, + /* TODO. */ + return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height); + } +- ++ + err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info); + if (err) + { +@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height, + + grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors, + grub_video_fbstd_colors); +- ++ + return err; + } + +diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c +index b4da34b5e..40917acb7 100644 +--- a/grub-core/video/radeon_fuloong2e.c ++++ b/grub-core/video/radeon_fuloong2e.c +@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != 0x515a1002) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, + framebuffer.mapped = 1; + + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0x55, ++ grub_memset (framebuffer.ptr, 0x55, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + + #ifndef TEST +@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height, + return err; + + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; + +diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c +index 52614feb6..48631c181 100644 +--- a/grub-core/video/radeon_yeeloong3a.c ++++ b/grub-core/video/radeon_yeeloong3a.c +@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != 0x96151002) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, + #endif + + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0, ++ grub_memset (framebuffer.ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + + #ifndef TEST +@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height, + return err; + + err = grub_video_fb_set_active_render_target (framebuffer.render_target); +- ++ + if (err) + return err; + +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 0157ff742..54dfedf43 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data) + } + return; + } +- ++ + if (data->is_gray) + { + switch (data->bpp) +diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c +index 7cb9d1d2a..a9ec3a1b6 100644 +--- a/grub-core/video/readers/tga.c ++++ b/grub-core/video/readers/tga.c +@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data) + + if (len > sizeof (data->palette)) + len = sizeof (data->palette); +- ++ + if (grub_file_read (data->file, &data->palette, len) + != (grub_ssize_t) len) + return grub_errno; +diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c +index ae5c1419c..09c3c7bbe 100644 +--- a/grub-core/video/sis315_init.c ++++ b/grub-core/video/sis315_init.c +@@ -1,4 +1,4 @@ +-static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = ++static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] = + { + { 0x28, 0x81 }, + { 0x2a, 0x00 }, +diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c +index 22a0c85a6..4d2f9999a 100644 +--- a/grub-core/video/sis315pro.c ++++ b/grub-core/video/sis315pro.c +@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != GRUB_SIS315PRO_PCIID) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + + #ifndef TEST + /* Prevent garbage from appearing on the screen. */ +- grub_memset (framebuffer.ptr, 0, ++ grub_memset (framebuffer.ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + grub_arch_sync_dma_caches (framebuffer.ptr, + framebuffer.mode_info.height +@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 + | GRUB_VGA_IO_MISC_28MHZ + | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS +- | GRUB_VGA_IO_MISC_COLOR, ++ | GRUB_VGA_IO_MISC_COLOR, + GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE); + + grub_vga_sr_write (0x86, 5); +@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height, + { + if (read_sis_cmd (0x5) != 0xa1) + write_sis_cmd (0x86, 0x5); +- ++ + write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20); + write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e); + +diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c +index 10c46eb65..65f59f84b 100644 +--- a/grub-core/video/sm712.c ++++ b/grub-core/video/sm712.c +@@ -167,7 +167,7 @@ enum + GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46, + GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47, + GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48, +- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, ++ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49, + GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a, + GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b, + GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c, +@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data) + if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA + || pciid != GRUB_SM712_PCIID) + return 0; +- ++ + *found = 1; + + addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0); +@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + + #if !defined (TEST) && !defined(GENINIT) + /* Prevent garbage from appearing on the screen. */ +- grub_memset ((void *) framebuffer.cached_ptr, 0, ++ grub_memset ((void *) framebuffer.cached_ptr, 0, + framebuffer.mode_info.height * framebuffer.mode_info.pitch); + #endif + +@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + grub_sm712_sr_write (0x2, 0x6b); + grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK); + grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET); +- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY ++ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY + | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY + | GRUB_VGA_IO_MISC_UPPER_64K + | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0 +@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height, + for (i = 0; i < ARRAY_SIZE (dda_lookups); i++) + grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda, + dda_lookups[i].vcentering); +- ++ + /* Undocumented */ + grub_sm712_cr_write (0, 0x9c); + grub_sm712_cr_write (0, 0x9d); +diff --git a/grub-core/video/video.c b/grub-core/video/video.c +index 983424107..8937da745 100644 +--- a/grub-core/video/video.c ++++ b/grub-core/video/video.c +@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) + current_mode); + + param++; +- ++ + *width = grub_strtoul (value, 0, 0); + if (grub_errno != GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("invalid video mode specification `%s'"), + current_mode); +- ++ + /* Find height value. */ + value = param; + param = grub_strchr(param, 'x'); +@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth) + { + /* We have optional color depth value. */ + param++; +- ++ + *height = grub_strtoul (value, 0, 0); + if (grub_errno != GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("invalid video mode specification `%s'"), + current_mode); +- ++ + /* Convert color depth value. */ + value = param; + *depth = grub_strtoul (value, 0, 0); +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch new file mode 100644 index 0000000000..0c7deae858 --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch @@ -0,0 +1,264 @@ +From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:16:14 +1000 +Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails + +Fuzzing revealed some inputs that were taking a long time, potentially +forever, because they did not bail quickly upon encountering an I/O error. + +Try to catch I/O errors sooner and bail out. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b + +Signed-off-by: Yongxin Liu +--- + grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++------- + 1 file changed, 70 insertions(+), 16 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index c47ffd651..806c56c78 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -109,9 +109,17 @@ static grub_uint8_t + grub_jpeg_get_byte (struct grub_jpeg_data *data) + { + grub_uint8_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, 1); ++ bytes_read = grub_file_read (data->file, &r, 1); ++ ++ if (bytes_read != 1) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return r; + } +@@ -120,9 +128,17 @@ static grub_uint16_t + grub_jpeg_get_word (struct grub_jpeg_data *data) + { + grub_uint16_t r; ++ grub_ssize_t bytes_read; + + r = 0; +- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); ++ ++ if (bytes_read != sizeof (grub_uint16_t)) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: unexpected end of data"); ++ return 0; ++ } + + return grub_be_to_cpu16 (r); + } +@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + if (data->bit_mask == 0) + { + data->bit_save = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: file read error"); ++ return 0; ++ } + if (data->bit_save == JPEG_ESC_CHAR) + { + if (grub_jpeg_get_byte (data) != 0) +@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) + "jpeg: invalid 0xFF in data stream"); + return 0; + } ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); ++ return 0; ++ } + } + data->bit_mask = 0x80; + } +@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) + return 0; + + msb = value = grub_jpeg_get_bit (data); +- for (i = 1; i < num; i++) ++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) + value = (value << 1) + (grub_jpeg_get_bit (data) != 0); + if (!msb) + value += 1 - (1 << num); +@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) + while (data->file->offset + sizeof (count) + 1 <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ac = (id >> 4) & 1; + id &= 0xF; + if (id > 1) +@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + + if (next_marker > data->file->size) + { +@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) + <= next_marker) + { + id = grub_jpeg_get_byte (data); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (id >= 0x10) /* Upper 4-bit is precision. */ + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + next_marker = data->file->offset; + next_marker += grub_jpeg_get_word (data); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (grub_jpeg_get_byte (data) != 8) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: only 8-bit precision is supported"); +@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); + + ss = grub_jpeg_get_byte (data); /* Sampling factor. */ ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (!id) + { + grub_uint8_t vs, hs; +@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) + } + } + +-static void ++static grub_err_t + grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + { + int h1, h2, qt; +@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + data->dc_value[id] += + grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; + pos = 1; + while (pos < ARRAY_SIZE (data->quan_table[qt])) +@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + num >>= 4; + pos += num; + ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; ++ + if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) + { +- grub_error (GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: invalid position in zigzag order!?"); +- return; ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: invalid position in zigzag order!?"); + } + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; +@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) + } + + grub_jpeg_idct_transform (du); ++ return GRUB_ERR_NONE; + } + + static void +@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + data_offset += grub_jpeg_get_word (data); + + cc = grub_jpeg_get_byte (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (cc != 3 && cc != 1) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, + "jpeg: component count must be 1 or 3"); +@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + id = grub_jpeg_get_byte (data) - 1; + if ((id < 0) || (id >= 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + ht = grub_jpeg_get_byte (data); + data->comp_index[id][1] = (ht >> 4); + data->comp_index[id][2] = (ht & 0xF) + 2; +@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || + (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + } + + grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ + grub_jpeg_get_word (data); +- ++ if (grub_errno != GRUB_ERR_NONE) ++ return grub_errno; + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + +@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + { + unsigned c1, vb, hb, nr1, nc1; + int rst = data->dri; ++ grub_err_t err = GRUB_ERR_NONE; + + vb = 8 << data->log_vs; + hb = 8 << data->log_hs; +@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + + for (r2 = 0; r2 < (1U << data->log_vs); r2++) + for (c2 = 0; c2 < (1U << data->log_hs); c2++) +- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ { ++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ } + + if (data->color_components >= 3) + { +- grub_jpeg_decode_du (data, 1, data->cbdu); +- grub_jpeg_decode_du (data, 2, data->crdu); ++ err = grub_jpeg_decode_du (data, 1, data->cbdu); ++ if (err != GRUB_ERR_NONE) ++ return err; ++ err = grub_jpeg_decode_du (data, 2, data->crdu); ++ if (err != GRUB_ERR_NONE) ++ return err; + } + +- if (grub_errno) +- return grub_errno; +- + nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; + nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; + +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch new file mode 100644 index 0000000000..91ecaad98a --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch @@ -0,0 +1,53 @@ +From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Mon, 28 Jun 2021 14:25:17 +1000 +Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of + streams + +An invalid file could contain multiple start of stream blocks, which +would cause us to reallocate and leak our bitmap. Refuse to handle +multiple start of streams. + +Additionally, fix a grub_error() call formatting. + +Signed-off-by: Daniel Axtens +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport + +Reference to upstream patch: +https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf + +Signed-off-by: Yongxin Liu +--- + grub-core/video/readers/jpeg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c +index 2284a6c06..579bbe8a4 100644 +--- a/grub-core/video/readers/jpeg.c ++++ b/grub-core/video/readers/jpeg.c +@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) + if (data->file->offset != data_offset) + return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); + ++ if (*data->bitmap) ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); ++ + if (grub_video_bitmap_create (data->bitmap, data->image_width, + data->image_height, + GRUB_VIDEO_BLIT_FORMAT_RGB_888)) +@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) + nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); + + if (data->bitmap_ptr == NULL) +- return grub_error(GRUB_ERR_BAD_FILE_TYPE, +- "jpeg: attempted to decode data before start of stream"); ++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, ++ "jpeg: attempted to decode data before start of stream"); + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) +-- +2.34.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 45852ab9b1..47ea561002 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -22,6 +22,16 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://0001-RISC-V-Restore-the-typcast-to-long.patch \ file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \ file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \ + file://video-Remove-trailing-whitespaces.patch \ + file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \ + file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \ + file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \ + file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \ + file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \ + file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \ + file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \ + file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \ + file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch new file mode 100644 index 0000000000..70fdbb1031 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-Use-kcalloc-when-relevant.patch @@ -0,0 +1,64 @@ +From 50d4b8b9effcf9dc9e5a90034de2f0003fb063f0 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal +Date: Mon, 27 Jun 2022 12:20:03 +0200 +Subject: [PATCH] fs/squashfs: Use kcalloc when relevant + +A crafted squashfs image could embed a huge number of empty metadata +blocks in order to make the amount of malloc()'d memory overflow and be +much smaller than expected. Because of this flaw, any random code +positioned at the right location in the squashfs image could be memcpy'd +from the squashfs structures into U-Boot code location while trying to +access the rearmost blocks, before being executed. + +In order to prevent this vulnerability from being exploited in eg. a +secure boot environment, let's add a check over the amount of data +that is going to be allocated. Such a check could look like: + +if (!elem_size || n > SIZE_MAX / elem_size) + return NULL; + +The right way to do it would be to enhance the calloc() implementation +but this is quite an impacting change for such a small fix. Another +solution would be to add the check before the malloc call in the +squashfs implementation, but this does not look right. So for now, let's +use the kcalloc() compatibility function from Linux, which has this +check. + +Fixes: c5100613037 ("fs/squashfs: new filesystem") +Reported-by: Tatsuhiko Yasumatsu +Signed-off-by: Miquel Raynal +Tested-by: Tatsuhiko Yasumatsu + +Upstream-Status: Backport [7f7fb9937c6cb49dd35153bd6708872b390b0a44] +CVE: CVE-2022-33967 + +Signed-off-by: Sakib Sajal +--- + fs/squashfs/sqfs.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c +index e2d91c654c..10e63afbce 100644 +--- a/fs/squashfs/sqfs.c ++++ b/fs/squashfs/sqfs.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -725,7 +726,8 @@ static int sqfs_read_inode_table(unsigned char **inode_table) + goto free_itb; + } + +- *inode_table = malloc(metablks_count * SQFS_METADATA_BLOCK_SIZE); ++ *inode_table = kcalloc(metablks_count, SQFS_METADATA_BLOCK_SIZE, ++ GFP_KERNEL); + if (!*inode_table) { + ret = -ENOMEM; + goto free_itb; +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch new file mode 100644 index 0000000000..b1650f6baa --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch @@ -0,0 +1,80 @@ +From 65f1066f5abe291c7b10b6075fd60776074a38a9 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal +Date: Thu, 9 Jun 2022 16:02:06 +0200 +Subject: [PATCH] fs/squashfs: sqfs_read: Prevent arbitrary code execution + +Following Jincheng's report, an out-of-band write leading to arbitrary +code execution is possible because on one side the squashfs logic +accepts directory names up to 65535 bytes (u16), while U-Boot fs logic +accepts directory names up to 255 bytes long. + +Prevent such an exploit from happening by capping directory name sizes +to 255. Use a define for this purpose so that developers can link the +limitation to its source and eventually kill it some day by dynamically +allocating this array (if ever desired). + +Link: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com +Reported-by: Jincheng Wang +Signed-off-by: Miquel Raynal +Tested-by: Jincheng Wang + +CVE: CVE-2022-33103 +Upstream-Status: Backport [2ac0baab4aff1a0b45067d0b62f00c15f4e86856] + +Signed-off-by: Sakib Sajal +--- + fs/squashfs/sqfs.c | 8 +++++--- + include/fs.h | 4 +++- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c +index e2d91c654c..a145d754cc 100644 +--- a/fs/squashfs/sqfs.c ++++ b/fs/squashfs/sqfs.c +@@ -973,6 +973,7 @@ int sqfs_readdir(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp) + int i_number, offset = 0, ret; + struct fs_dirent *dent; + unsigned char *ipos; ++ u16 name_size; + + dirs = (struct squashfs_dir_stream *)fs_dirs; + if (!dirs->size) { +@@ -1055,9 +1056,10 @@ int sqfs_readdir(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp) + return -SQFS_STOP_READDIR; + } + +- /* Set entry name */ +- strncpy(dent->name, dirs->entry->name, dirs->entry->name_size + 1); +- dent->name[dirs->entry->name_size + 1] = '\0'; ++ /* Set entry name (capped at FS_DIRENT_NAME_LEN which is a U-Boot limitation) */ ++ name_size = min_t(u16, dirs->entry->name_size + 1, FS_DIRENT_NAME_LEN - 1); ++ strncpy(dent->name, dirs->entry->name, name_size); ++ dent->name[name_size] = '\0'; + + offset = dirs->entry->name_size + 1 + SQFS_ENTRY_BASE_LENGTH; + dirs->entry_count--; +diff --git a/include/fs.h b/include/fs.h +index 1c79e299fd..6cb7ec89f4 100644 +--- a/include/fs.h ++++ b/include/fs.h +@@ -161,6 +161,8 @@ int fs_write(const char *filename, ulong addr, loff_t offset, loff_t len, + #define FS_DT_REG 8 /* regular file */ + #define FS_DT_LNK 10 /* symbolic link */ + ++#define FS_DIRENT_NAME_LEN 256 ++ + /** + * struct fs_dirent - directory entry + * +@@ -181,7 +183,7 @@ struct fs_dirent { + /** change_time: time of last modification */ + struct rtc_time change_time; + /** name: file name */ +- char name[256]; ++ char name[FS_DIRENT_NAME_LEN]; + }; + + /* Note: fs_dir_stream should be treated as opaque to the user of fs layer */ +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch b/poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch new file mode 100644 index 0000000000..3f9cc7776b --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch @@ -0,0 +1,207 @@ +From c7cab39de5e4b22620248a190b3d2ee46cff38c2 Mon Sep 17 00:00:00 2001 +From: Fabio Estevam +Date: Thu, 26 May 2022 11:14:37 -0300 +Subject: [PATCH] net: Check for the minimum IP fragmented datagram size + +Nicolas Bidron and Nicolas Guigo reported the two bugs below: + +" +----------BUG 1---------- + +In compiled versions of U-Boot that define CONFIG_IP_DEFRAG, a value of +`ip->ip_len` (IP packet header's Total Length) higher than `IP_HDR_SIZE` +and strictly lower than `IP_HDR_SIZE+8` will lead to a value for `len` +comprised between `0` and `7`. This will ultimately result in a +truncated division by `8` resulting value of `0` forcing the hole +metadata and fragment to point to the same location. The subsequent +memcopy will overwrite the hole metadata with the fragment data. Through +a second fragment, this can be exploited to write to an arbitrary offset +controlled by that overwritten hole metadata value. + +This bug is only exploitable locally as it requires crafting two packets +the first of which would most likely be dropped through routing due to +its unexpectedly low Total Length. However, this bug can potentially be +exploited to root linux based embedded devices locally. + +```C +static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) +{ + static uchar pkt_buff[IP_PKTSIZE] __aligned(PKTALIGN); + static u16 first_hole, total_len; + struct hole *payload, *thisfrag, *h, *newh; + struct ip_udp_hdr *localip = (struct ip_udp_hdr *)pkt_buff; + uchar *indata = (uchar *)ip; + int offset8, start, len, done = 0; + u16 ip_off = ntohs(ip->ip_off); + + /* payload starts after IP header, this fragment is in there */ + payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); + offset8 = (ip_off & IP_OFFS); + thisfrag = payload + offset8; + start = offset8 * 8; + len = ntohs(ip->ip_len) - IP_HDR_SIZE; +``` + +The last line of the previous excerpt from `u-boot/net/net.c` shows how +the attacker can control the value of `len` to be strictly lower than +`8` by issuing a packet with `ip_len` between `21` and `27` +(`IP_HDR_SIZE` has a value of `20`). + +Also note that `offset8` here is `0` which leads to `thisfrag = payload`. + +```C + } else if (h >= thisfrag) { + /* overlaps with initial part of the hole: move this hole */ + newh = thisfrag + (len / 8); + *newh = *h; + h = newh; + if (h->next_hole) + payload[h->next_hole].prev_hole = (h - payload); + if (h->prev_hole) + payload[h->prev_hole].next_hole = (h - payload); + else + first_hole = (h - payload); + + } else { +``` + +Lower down the same function, execution reaches the above code path. +Here, `len / 8` evaluates to `0` leading to `newh = thisfrag`. Also note +that `first_hole` here is `0` since `h` and `payload` point to the same +location. + +```C + /* finally copy this fragment and possibly return whole packet */ + memcpy((uchar *)thisfrag, indata + IP_HDR_SIZE, len); +``` + +Finally, in the above excerpt the `memcpy` overwrites the hole metadata +since `thisfrag` and `h` both point to the same location. The hole +metadata is effectively overwritten with arbitrary data from the +fragmented IP packet data. If `len` was crafted to be `6`, `last_byte`, +`next_hole`, and `prev_hole` of the `first_hole` can be controlled by +the attacker. + +Finally the arbitrary offset write occurs through a second fragment that +only needs to be crafted to write data in the hole pointed to by the +previously controlled hole metadata (`next_hole`) from the first packet. + + ### Recommendation + +Handle cases where `len` is strictly lower than 8 by preventing the +overwrite of the hole metadata during the memcpy of the fragment. This +could be achieved by either: +* Moving the location where the hole metadata is stored when `len` is +lower than `8`. +* Or outright rejecting fragmented IP datagram with a Total Length +(`ip_len`) lower than 28 bytes which is the minimum valid fragmented IP +datagram size (as defined as the minimum fragment of 8 octets in the IP +Specification Document: +[RFC791](https://datatracker.ietf.org/doc/html/rfc791) page 25). + +----------BUG 2---------- + +In compiled versions of U-Boot that define CONFIG_IP_DEFRAG, a value of +`ip->ip_len` (IP packet header's Total Length) lower than `IP_HDR_SIZE` +will lead to a negative value for `len` which will ultimately result in +a buffer overflow during the subsequent `memcpy` that uses `len` as it's +`count` parameter. + +This bug is only exploitable on local ethernet as it requires crafting +an invalid packet to include an unexpected `ip_len` value in the IP UDP +header that's lower than the minimum accepted Total Length of a packet +(21 as defined in the IP Specification Document: +[RFC791](https://datatracker.ietf.org/doc/html/rfc791)). Such packet +would in all likelihood be dropped while being routed to its final +destination through most routing equipment and as such requires the +attacker to be in a local position in order to be exploited. + +```C +static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) +{ + static uchar pkt_buff[IP_PKTSIZE] __aligned(PKTALIGN); + static u16 first_hole, total_len; + struct hole *payload, *thisfrag, *h, *newh; + struct ip_udp_hdr *localip = (struct ip_udp_hdr *)pkt_buff; + uchar *indata = (uchar *)ip; + int offset8, start, len, done = 0; + u16 ip_off = ntohs(ip->ip_off); + + /* payload starts after IP header, this fragment is in there */ + payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); + offset8 = (ip_off & IP_OFFS); + thisfrag = payload + offset8; + start = offset8 * 8; + len = ntohs(ip->ip_len) - IP_HDR_SIZE; +``` + +The last line of the previous excerpt from `u-boot/net/net.c` shows +where the underflow to a negative `len` value occurs if `ip_len` is set +to a value strictly lower than 20 (`IP_HDR_SIZE` being 20). Also note +that in the above excerpt the `pkt_buff` buffer has a size of +`CONFIG_NET_MAXDEFRAG` which defaults to 16 KB but can range from 1KB to +64 KB depending on configurations. + +```C + /* finally copy this fragment and possibly return whole packet */ + memcpy((uchar *)thisfrag, indata + IP_HDR_SIZE, len); +``` + +In the above excerpt the `memcpy` overflows the destination by +attempting to make a copy of nearly 4 gigabytes in a buffer that's +designed to hold `CONFIG_NET_MAXDEFRAG` bytes at most which leads to a DoS. + + ### Recommendation + +Stop processing of the packet if `ip_len` is lower than 21 (as defined +by the minimum length of a data carrying datagram in the IP +Specification Document: +[RFC791](https://datatracker.ietf.org/doc/html/rfc791) page 34)." + +Add a check for ip_len lesser than 28 and stop processing the packet +in this case. + +Such a check covers the two reported bugs. + +Reported-by: Nicolas Bidron +Signed-off-by: Fabio Estevam + +Upstream-Status: Backport [b85d130ea0cac152c21ec38ac9417b31d41b5552] +CVE: CVE-2022-30552 + +Signed-off-by: Sakib Sajal +--- + include/net.h | 2 ++ + net/net.c | 3 +++ + 2 files changed, 5 insertions(+) + +diff --git a/include/net.h b/include/net.h +index cec8c98618..09d7e9b9e8 100644 +--- a/include/net.h ++++ b/include/net.h +@@ -397,6 +397,8 @@ struct ip_hdr { + + #define IP_HDR_SIZE (sizeof(struct ip_hdr)) + ++#define IP_MIN_FRAG_DATAGRAM_SIZE (IP_HDR_SIZE + 8) ++ + /* + * Internet Protocol (IP) + UDP header. + */ +diff --git a/net/net.c b/net/net.c +index c2992a0908..f5400e6dbc 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -907,6 +907,9 @@ static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp) + int offset8, start, len, done = 0; + u16 ip_off = ntohs(ip->ip_off); + ++ if (ip->ip_len < IP_MIN_FRAG_DATAGRAM_SIZE) ++ return NULL; ++ + /* payload starts after IP header, this fragment is in there */ + payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); + offset8 = (ip_off & IP_OFFS); +-- +2.33.0 + diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb index f2443723e2..c4cfcbca19 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2022.01.bb @@ -1,9 +1,12 @@ require u-boot-common.inc require u-boot.inc -SRC_URI:append = " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ +SRC_URI += " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ file://0001-riscv-fix-build-with-binutils-2.38.patch \ file://0001-i2c-fix-stack-buffer-overflow-vulnerability-in-i2c-m.patch \ + file://0001-fs-squashfs-sqfs_read-Prevent-arbitrary-code-executi.patch \ + file://0001-net-Check-for-the-minimum-IP-fragmented-datagram-siz.patch \ + file://0001-fs-squashfs-Use-kcalloc-when-relevant.patch \ " DEPENDS += "bc-native dtc-native python3-setuptools-native" diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch deleted file mode 100644 index ec1bc7b567..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Mon, 15 Oct 2018 16:55:09 +0800 -Subject: [PATCH] avoid start failure with bind user - -Upstream-Status: Pending - -Signed-off-by: Chen Qi ---- - init.d | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/init.d b/init.d -index b2eec60..6e03936 100644 ---- a/init.d -+++ b/init.d -@@ -57,6 +57,7 @@ case "$1" in - modprobe capability >/dev/null 2>&1 || true - if [ ! -f /etc/bind/rndc.key ]; then - /usr/sbin/rndc-confgen -a -b 512 -+ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true - chmod 0640 /etc/bind/rndc.key - fi - if [ -f /var/run/named/named.pid ]; then --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 4c10f33f04..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Mon, 27 Aug 2018 21:24:20 +0800 -Subject: [PATCH] `named/lwresd -V' and start log hide build options - -The build options expose build path directories, so hide them. -[snip] -$ named -V -|built by make with *** (options are hidden) -[snip] - -Upstream-Status: Inappropriate [oe-core specific] - -Signed-off-by: Hongxu Jia - -Refreshed for 9.16.0 -Signed-off-by: Armin Kuster - ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index bf20690..c5d330f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par - AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) - AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) - --bind_CONFIGARGS="${ac_configure_args:-default}" -+bind_CONFIGARGS="(removed for reproducibility)" - AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) - - AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch deleted file mode 100644 index f1abd179e8..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 246087f89e9434b726c7884e4c0964f71084f091 Mon Sep 17 00:00:00 2001 -From: Paul Gortmaker -Date: Tue, 9 Jun 2015 11:22:00 -0400 -Subject: [PATCH] bind: ensure searching for json headers searches sysroot - -Bind can fail configure by detecting headers w/o libs[1], or -it can fail the host contamination check as per below: - -ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. -Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build' -ERROR: Function failed: do_qa_configure -ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242 -ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1' -NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed. -No currently running tasks (773 of 781) - -Summary: 1 task failed: - /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure - -One way to fix it would be to unconditionally disable json in bind -configure[2] but here we fix it by using the path to where we would -put the header if we had json in the sysroot, in case someone wants -to make use of the combination some day. - -[1] https://trac.macports.org/ticket/45305 -[2] https://trac.macports.org/changeset/126406 - -Upstream-Status: Inappropriate [OE Specific] -Signed-off-by: Paul Gortmaker - ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 10e8bf6..bf20690 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -814,7 +814,7 @@ AS_CASE([$with_lmdb], - [no],[], - [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], - [ac_lib_lmdb_found=yes], -- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do -+ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do - AX_LIB_LMDB([$ac_lib_lmdb_path], - [ac_lib_lmdb_found=yes - break]) diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind9 deleted file mode 100644 index 968679ff7f..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/bind9 +++ /dev/null @@ -1,2 +0,0 @@ -# startup options for the server -OPTIONS="-u bind" diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch deleted file mode 100644 index aa3642acec..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch +++ /dev/null @@ -1,330 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -the patch is imported from openembedded project - -11/30/2010 - Qing He - -diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 ---- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,12 @@ -+; -+; BIND reverse data file for broadcast zone -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 ---- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,13 @@ -+; -+; BIND reverse data file for local loopback interface -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -+1.0.0 IN PTR localhost. -diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty ---- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,14 @@ -+; BIND reverse data file for empty rfc1918 zone -+; -+; DO NOT EDIT THIS FILE - it is used for multiple zones. -+; Instead, copy it, edit named.conf, and use that copy. -+; -+$TTL 86400 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 86400 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff -urN bind-9.3.1.orig/conf/db.255 bind-9.3.1/conf/db.255 ---- bind-9.3.1.orig/conf/db.255 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.255 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,12 @@ -+; -+; BIND reserve data file for broadcast zone -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local ---- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,13 @@ -+; -+; BIND data file for local loopback interface -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -+@ IN A 127.0.0.1 -diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root ---- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 -@@ -0,0 +1,45 @@ -+ -+; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. -+;; global options: printcmd -+;; Got answer: -+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 -+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 -+ -+;; QUESTION SECTION: -+;. IN NS -+ -+;; ANSWER SECTION: -+. 518400 IN NS A.ROOT-SERVERS.NET. -+. 518400 IN NS B.ROOT-SERVERS.NET. -+. 518400 IN NS C.ROOT-SERVERS.NET. -+. 518400 IN NS D.ROOT-SERVERS.NET. -+. 518400 IN NS E.ROOT-SERVERS.NET. -+. 518400 IN NS F.ROOT-SERVERS.NET. -+. 518400 IN NS G.ROOT-SERVERS.NET. -+. 518400 IN NS H.ROOT-SERVERS.NET. -+. 518400 IN NS I.ROOT-SERVERS.NET. -+. 518400 IN NS J.ROOT-SERVERS.NET. -+. 518400 IN NS K.ROOT-SERVERS.NET. -+. 518400 IN NS L.ROOT-SERVERS.NET. -+. 518400 IN NS M.ROOT-SERVERS.NET. -+ -+;; ADDITIONAL SECTION: -+A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 -+B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 -+C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 -+D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 -+E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 -+F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 -+G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 -+H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 -+I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 -+J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 -+K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 -+L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 -+M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 -+ -+;; Query time: 81 msec -+;; SERVER: 198.41.0.4#53(a.root-servers.net.) -+;; WHEN: Sun Feb 1 11:27:14 2004 -+;; MSG SIZE rcvd: 436 -+ -diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf ---- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 -@@ -0,0 +1,49 @@ -+// This is the primary configuration file for the BIND DNS server named. -+// -+// If you are just adding zones, please do that in /etc/bind/named.conf.local -+ -+include "/etc/bind/named.conf.options"; -+ -+// prime the server with knowledge of the root servers -+zone "." { -+ type hint; -+ file "/etc/bind/db.root"; -+}; -+ -+// be authoritative for the localhost forward and reverse zones, and for -+// broadcast zones as per RFC 1912 -+ -+zone "localhost" { -+ type master; -+ file "/etc/bind/db.local"; -+}; -+ -+zone "127.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.127"; -+}; -+ -+zone "0.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.0"; -+}; -+ -+zone "255.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.255"; -+}; -+ -+// zone "com" { type delegation-only; }; -+// zone "net" { type delegation-only; }; -+ -+// From the release notes: -+// Because many of our users are uncomfortable receiving undelegated answers -+// from root or top level domains, other than a few for whom that behaviour -+// has been trusted and expected for quite some length of time, we have now -+// introduced the "root-delegations-only" feature which applies delegation-only -+// logic to all top level domains, and to the root domain. An exception list -+// should be specified, including "MUSEUM" and "DE", and any other top level -+// domains from whom undelegated responses are expected and trusted. -+// root-delegation-only exclude { "DE"; "MUSEUM"; }; -+ -+include "/etc/bind/named.conf.local"; -diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local ---- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 -@@ -0,0 +1,8 @@ -+// -+// Do any local configuration here -+// -+ -+// Consider adding the 1918 zones here, if they are not used in your -+// organization -+//include "/etc/bind/zones.rfc1918"; -+ -diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options ---- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 -@@ -0,0 +1,24 @@ -+options { -+ directory "/var/cache/bind"; -+ -+ // If there is a firewall between you and nameservers you want -+ // to talk to, you might need to uncomment the query-source -+ // directive below. Previous versions of BIND always asked -+ // questions using port 53, but BIND 8.1 and later use an unprivileged -+ // port by default. -+ -+ // query-source address * port 53; -+ -+ // If your ISP provided one or more IP addresses for stable -+ // nameservers, you probably want to use them as forwarders. -+ // Uncomment the following block, and insert the addresses replacing -+ // the all-0's placeholder. -+ -+ // forwarders { -+ // 0.0.0.0; -+ // }; -+ -+ auth-nxdomain no; # conform to RFC1035 -+ -+}; -+ -diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 ---- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 -@@ -0,0 +1,20 @@ -+zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+ -+zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+ -+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d ---- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 -@@ -0,0 +1,70 @@ -+#!/bin/sh -+ -+PATH=/sbin:/bin:/usr/sbin:/usr/bin -+ -+# for a chrooted server: "-u bind -t /var/lib/named" -+# Don't modify this line, change or create /etc/default/bind9. -+OPTIONS="" -+ -+test -f /etc/default/bind9 && . /etc/default/bind9 -+ -+test -x /usr/sbin/rndc || exit 0 -+ -+case "$1" in -+ start) -+ echo -n "Starting domain name service: named" -+ -+ modprobe capability >/dev/null 2>&1 || true -+ if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -+ chmod 0640 /etc/bind/rndc.key -+ fi -+ if [ -f /var/run/named/named.pid ]; then -+ ps `cat /var/run/named/named.pid` > /dev/null && exit 1 -+ fi -+ -+ # dirs under /var/run can go away on reboots. -+ mkdir -p /var/run/named -+ mkdir -p /var/cache/bind -+ chmod 775 /var/run/named -+ chown root:bind /var/run/named >/dev/null 2>&1 || true -+ -+ if [ ! -x /usr/sbin/named ]; then -+ echo "named binary missing - not starting" -+ exit 1 -+ fi -+ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ -+ --pidfile /var/run/named/named.pid -- $OPTIONS; then -+ if [ -x /sbin/resolvconf ] ; then -+ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo -+ fi -+ fi -+ echo "." -+ ;; -+ -+ stop) -+ echo -n "Stopping domain name service: named" -+ if [ -x /sbin/resolvconf ]; then -+ /sbin/resolvconf -d lo -+ fi -+ /usr/sbin/rndc stop >/dev/null 2>&1 -+ echo "." -+ ;; -+ -+ reload) -+ /usr/sbin/rndc reload -+ ;; -+ -+ restart|force-reload) -+ $0 stop -+ sleep 2 -+ $0 start -+ ;; -+ -+ *) -+ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 -+ exit 1 -+ ;; -+esac -+ -+exit 0 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh deleted file mode 100644 index 633e29c0e6..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -if [ ! -s /etc/bind/rndc.key ]; then - echo -n "Generating /etc/bind/rndc.key:" - /usr/sbin/rndc-confgen -a -b 512 - chown root:bind /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key -fi diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch deleted file mode 100644 index 11db95ede1..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch +++ /dev/null @@ -1,65 +0,0 @@ -Subject: init.d: add support for read-only rootfs - -Upstream-Status: Inappropriate [oe specific] - -Signed-off-by: Chen Qi ---- - init.d | 40 ++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 40 insertions(+) - -diff --git a/init.d b/init.d -index 0111ed4..24677c8 100644 ---- a/init.d -+++ b/init.d -@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin - # Don't modify this line, change or create /etc/default/bind9. - OPTIONS="" - -+test -f /etc/default/rcS && . /etc/default/rcS - test -f /etc/default/bind9 && . /etc/default/bind9 - -+# This function is here because it's possible that /var and / are on different partitions. -+is_on_read_only_partition () { -+ DIRECTORY=$1 -+ dir=`readlink -f $DIRECTORY` -+ while true; do -+ if [ ! -d "$dir" ]; then -+ echo "ERROR: $dir is not a directory" -+ exit 1 -+ else -+ for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \ -+ END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do -+ [ "$flag" = "FOUND" ] && partition="read-write" -+ [ "$flag" = "ro" ] && { partition="read-only"; break; } -+ done -+ if [ "$dir" = "/" -o -n "$partition" ]; then -+ break -+ else -+ dir=`dirname $dir` -+ fi -+ fi -+ done -+ [ "$partition" = "read-only" ] && echo "yes" || echo "no" -+} -+ -+bind_mount () { -+ olddir=$1 -+ newdir=$2 -+ mkdir -p $olddir -+ cp -a $newdir/* $olddir -+ mount --bind $olddir $newdir -+} -+ -+# Deal with read-only rootfs -+if [ "$ROOTFS_READ_ONLY" = "yes" ]; then -+ [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs" -+ [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind -+ [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named -+fi -+ - test -x /usr/sbin/rndc || exit 0 - - case "$1" in --- -1.7.9.5 - diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch deleted file mode 100644 index 146f3e35db..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch +++ /dev/null @@ -1,42 +0,0 @@ -bind: make "/etc/init.d/bind stop" work - -Upstream-Status: Inappropriate [configuration] - -Add some configurations, make rndc command be able to controls -the named daemon. - -Signed-off-by: Roy Li ---- - conf/named.conf | 5 +++++ - conf/rndc.conf | 5 +++++ - 2 files changed, 10 insertions(+), 0 deletions(-) - create mode 100644 conf/rndc.conf - -diff --git a/conf/named.conf b/conf/named.conf -index 95829cf..c8899e7 100644 ---- a/conf/named.conf -+++ b/conf/named.conf -@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { - // root-delegation-only exclude { "DE"; "MUSEUM"; }; - - include "/etc/bind/named.conf.local"; -+include "/etc/bind/rndc.key" ; -+controls { -+ inet 127.0.0.1 allow { localhost; } -+ keys { rndc-key; }; -+}; -diff --git a/conf/rndc.conf b/conf/rndc.conf -new file mode 100644 -index 0000000..a0b481d ---- /dev/null -+++ b/conf/rndc.conf -@@ -0,0 +1,5 @@ -+include "/etc/bind/rndc.key"; -+options { -+ default-server localhost; -+ default-key rndc-key; -+}; - --- -1.7.5.4 - diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.4/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.4/named.service deleted file mode 100644 index cda56ef015..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.4/named.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Berkeley Internet Name Domain (DNS) -Wants=nss-lookup.target -Before=nss-lookup.target -After=network.target - -[Service] -Type=forking -EnvironmentFile=-/etc/default/bind9 -PIDFile=/run/named/named.pid - -ExecStartPre=@SBINDIR@/generate-rndc-key.sh -ExecStart=@SBINDIR@/named $OPTIONS - -ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID' - -ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID' - -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch new file mode 100644 index 0000000000..ec1bc7b567 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch @@ -0,0 +1,27 @@ +From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 15 Oct 2018 16:55:09 +0800 +Subject: [PATCH] avoid start failure with bind user + +Upstream-Status: Pending + +Signed-off-by: Chen Qi +--- + init.d | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/init.d b/init.d +index b2eec60..6e03936 100644 +--- a/init.d ++++ b/init.d +@@ -57,6 +57,7 @@ case "$1" in + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then + /usr/sbin/rndc-confgen -a -b 512 ++ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 0000000000..4c10f33f04 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,35 @@ +From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia + +Refreshed for 9.16.0 +Signed-off-by: Armin Kuster + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index bf20690..c5d330f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par + AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) + AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) + +-bind_CONFIGARGS="${ac_configure_args:-default}" ++bind_CONFIGARGS="(removed for reproducibility)" + AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) + + AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch new file mode 100644 index 0000000000..f1abd179e8 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -0,0 +1,47 @@ +From 246087f89e9434b726c7884e4c0964f71084f091 Mon Sep 17 00:00:00 2001 +From: Paul Gortmaker +Date: Tue, 9 Jun 2015 11:22:00 -0400 +Subject: [PATCH] bind: ensure searching for json headers searches sysroot + +Bind can fail configure by detecting headers w/o libs[1], or +it can fail the host contamination check as per below: + +ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. +Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build' +ERROR: Function failed: do_qa_configure +ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242 +ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1' +NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed. +No currently running tasks (773 of 781) + +Summary: 1 task failed: + /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure + +One way to fix it would be to unconditionally disable json in bind +configure[2] but here we fix it by using the path to where we would +put the header if we had json in the sysroot, in case someone wants +to make use of the combination some day. + +[1] https://trac.macports.org/ticket/45305 +[2] https://trac.macports.org/changeset/126406 + +Upstream-Status: Inappropriate [OE Specific] +Signed-off-by: Paul Gortmaker + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 10e8bf6..bf20690 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -814,7 +814,7 @@ AS_CASE([$with_lmdb], + [no],[], + [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], + [ac_lib_lmdb_found=yes], +- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do ++ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do + AX_LIB_LMDB([$ac_lib_lmdb_path], + [ac_lib_lmdb_found=yes + break]) diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 new file mode 100644 index 0000000000..968679ff7f --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 @@ -0,0 +1,2 @@ +# startup options for the server +OPTIONS="-u bind" diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch new file mode 100644 index 0000000000..aa3642acec --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch @@ -0,0 +1,330 @@ +Upstream-Status: Inappropriate [configuration] + +the patch is imported from openembedded project + +11/30/2010 - Qing He + +diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 +--- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,12 @@ ++; ++; BIND reverse data file for broadcast zone ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 +--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND reverse data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++1.0.0 IN PTR localhost. +diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty +--- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,14 @@ ++; BIND reverse data file for empty rfc1918 zone ++; ++; DO NOT EDIT THIS FILE - it is used for multiple zones. ++; Instead, copy it, edit named.conf, and use that copy. ++; ++$TTL 86400 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 86400 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.255 bind-9.3.1/conf/db.255 +--- bind-9.3.1.orig/conf/db.255 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.255 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,12 @@ ++; ++; BIND reserve data file for broadcast zone ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local +--- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++@ IN A 127.0.0.1 +diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root +--- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,45 @@ ++ ++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. ++;; global options: printcmd ++;; Got answer: ++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 ++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ++ ++;; QUESTION SECTION: ++;. IN NS ++ ++;; ANSWER SECTION: ++. 518400 IN NS A.ROOT-SERVERS.NET. ++. 518400 IN NS B.ROOT-SERVERS.NET. ++. 518400 IN NS C.ROOT-SERVERS.NET. ++. 518400 IN NS D.ROOT-SERVERS.NET. ++. 518400 IN NS E.ROOT-SERVERS.NET. ++. 518400 IN NS F.ROOT-SERVERS.NET. ++. 518400 IN NS G.ROOT-SERVERS.NET. ++. 518400 IN NS H.ROOT-SERVERS.NET. ++. 518400 IN NS I.ROOT-SERVERS.NET. ++. 518400 IN NS J.ROOT-SERVERS.NET. ++. 518400 IN NS K.ROOT-SERVERS.NET. ++. 518400 IN NS L.ROOT-SERVERS.NET. ++. 518400 IN NS M.ROOT-SERVERS.NET. ++ ++;; ADDITIONAL SECTION: ++A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 ++B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 ++C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 ++D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 ++E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 ++F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 ++G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 ++H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 ++I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 ++J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 ++K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 ++L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 ++M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 ++ ++;; Query time: 81 msec ++;; SERVER: 198.41.0.4#53(a.root-servers.net.) ++;; WHEN: Sun Feb 1 11:27:14 2004 ++;; MSG SIZE rcvd: 436 ++ +diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf +--- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 +@@ -0,0 +1,49 @@ ++// This is the primary configuration file for the BIND DNS server named. ++// ++// If you are just adding zones, please do that in /etc/bind/named.conf.local ++ ++include "/etc/bind/named.conf.options"; ++ ++// prime the server with knowledge of the root servers ++zone "." { ++ type hint; ++ file "/etc/bind/db.root"; ++}; ++ ++// be authoritative for the localhost forward and reverse zones, and for ++// broadcast zones as per RFC 1912 ++ ++zone "localhost" { ++ type master; ++ file "/etc/bind/db.local"; ++}; ++ ++zone "127.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.127"; ++}; ++ ++zone "0.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.0"; ++}; ++ ++zone "255.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.255"; ++}; ++ ++// zone "com" { type delegation-only; }; ++// zone "net" { type delegation-only; }; ++ ++// From the release notes: ++// Because many of our users are uncomfortable receiving undelegated answers ++// from root or top level domains, other than a few for whom that behaviour ++// has been trusted and expected for quite some length of time, we have now ++// introduced the "root-delegations-only" feature which applies delegation-only ++// logic to all top level domains, and to the root domain. An exception list ++// should be specified, including "MUSEUM" and "DE", and any other top level ++// domains from whom undelegated responses are expected and trusted. ++// root-delegation-only exclude { "DE"; "MUSEUM"; }; ++ ++include "/etc/bind/named.conf.local"; +diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local +--- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,8 @@ ++// ++// Do any local configuration here ++// ++ ++// Consider adding the 1918 zones here, if they are not used in your ++// organization ++//include "/etc/bind/zones.rfc1918"; ++ +diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options +--- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,24 @@ ++options { ++ directory "/var/cache/bind"; ++ ++ // If there is a firewall between you and nameservers you want ++ // to talk to, you might need to uncomment the query-source ++ // directive below. Previous versions of BIND always asked ++ // questions using port 53, but BIND 8.1 and later use an unprivileged ++ // port by default. ++ ++ // query-source address * port 53; ++ ++ // If your ISP provided one or more IP addresses for stable ++ // nameservers, you probably want to use them as forwarders. ++ // Uncomment the following block, and insert the addresses replacing ++ // the all-0's placeholder. ++ ++ // forwarders { ++ // 0.0.0.0; ++ // }; ++ ++ auth-nxdomain no; # conform to RFC1035 ++ ++}; ++ +diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 +--- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 +@@ -0,0 +1,20 @@ ++zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d +--- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 +@@ -0,0 +1,70 @@ ++#!/bin/sh ++ ++PATH=/sbin:/bin:/usr/sbin:/usr/bin ++ ++# for a chrooted server: "-u bind -t /var/lib/named" ++# Don't modify this line, change or create /etc/default/bind9. ++OPTIONS="" ++ ++test -f /etc/default/bind9 && . /etc/default/bind9 ++ ++test -x /usr/sbin/rndc || exit 0 ++ ++case "$1" in ++ start) ++ echo -n "Starting domain name service: named" ++ ++ modprobe capability >/dev/null 2>&1 || true ++ if [ ! -f /etc/bind/rndc.key ]; then ++ /usr/sbin/rndc-confgen -a -b 512 ++ chmod 0640 /etc/bind/rndc.key ++ fi ++ if [ -f /var/run/named/named.pid ]; then ++ ps `cat /var/run/named/named.pid` > /dev/null && exit 1 ++ fi ++ ++ # dirs under /var/run can go away on reboots. ++ mkdir -p /var/run/named ++ mkdir -p /var/cache/bind ++ chmod 775 /var/run/named ++ chown root:bind /var/run/named >/dev/null 2>&1 || true ++ ++ if [ ! -x /usr/sbin/named ]; then ++ echo "named binary missing - not starting" ++ exit 1 ++ fi ++ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ ++ --pidfile /var/run/named/named.pid -- $OPTIONS; then ++ if [ -x /sbin/resolvconf ] ; then ++ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo ++ fi ++ fi ++ echo "." ++ ;; ++ ++ stop) ++ echo -n "Stopping domain name service: named" ++ if [ -x /sbin/resolvconf ]; then ++ /sbin/resolvconf -d lo ++ fi ++ /usr/sbin/rndc stop >/dev/null 2>&1 ++ echo "." ++ ;; ++ ++ reload) ++ /usr/sbin/rndc reload ++ ;; ++ ++ restart|force-reload) ++ $0 stop ++ sleep 2 ++ $0 start ++ ;; ++ ++ *) ++ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh new file mode 100644 index 0000000000..633e29c0e6 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ ! -s /etc/bind/rndc.key ]; then + echo -n "Generating /etc/bind/rndc.key:" + /usr/sbin/rndc-confgen -a -b 512 + chown root:bind /etc/bind/rndc.key + chmod 0640 /etc/bind/rndc.key +fi diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch new file mode 100644 index 0000000000..11db95ede1 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch @@ -0,0 +1,65 @@ +Subject: init.d: add support for read-only rootfs + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Chen Qi +--- + init.d | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/init.d b/init.d +index 0111ed4..24677c8 100644 +--- a/init.d ++++ b/init.d +@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin + # Don't modify this line, change or create /etc/default/bind9. + OPTIONS="" + ++test -f /etc/default/rcS && . /etc/default/rcS + test -f /etc/default/bind9 && . /etc/default/bind9 + ++# This function is here because it's possible that /var and / are on different partitions. ++is_on_read_only_partition () { ++ DIRECTORY=$1 ++ dir=`readlink -f $DIRECTORY` ++ while true; do ++ if [ ! -d "$dir" ]; then ++ echo "ERROR: $dir is not a directory" ++ exit 1 ++ else ++ for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \ ++ END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do ++ [ "$flag" = "FOUND" ] && partition="read-write" ++ [ "$flag" = "ro" ] && { partition="read-only"; break; } ++ done ++ if [ "$dir" = "/" -o -n "$partition" ]; then ++ break ++ else ++ dir=`dirname $dir` ++ fi ++ fi ++ done ++ [ "$partition" = "read-only" ] && echo "yes" || echo "no" ++} ++ ++bind_mount () { ++ olddir=$1 ++ newdir=$2 ++ mkdir -p $olddir ++ cp -a $newdir/* $olddir ++ mount --bind $olddir $newdir ++} ++ ++# Deal with read-only rootfs ++if [ "$ROOTFS_READ_ONLY" = "yes" ]; then ++ [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs" ++ [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind ++ [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named ++fi ++ + test -x /usr/sbin/rndc || exit 0 + + case "$1" in +-- +1.7.9.5 + diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch new file mode 100644 index 0000000000..146f3e35db --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch @@ -0,0 +1,42 @@ +bind: make "/etc/init.d/bind stop" work + +Upstream-Status: Inappropriate [configuration] + +Add some configurations, make rndc command be able to controls +the named daemon. + +Signed-off-by: Roy Li +--- + conf/named.conf | 5 +++++ + conf/rndc.conf | 5 +++++ + 2 files changed, 10 insertions(+), 0 deletions(-) + create mode 100644 conf/rndc.conf + +diff --git a/conf/named.conf b/conf/named.conf +index 95829cf..c8899e7 100644 +--- a/conf/named.conf ++++ b/conf/named.conf +@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { + // root-delegation-only exclude { "DE"; "MUSEUM"; }; + + include "/etc/bind/named.conf.local"; ++include "/etc/bind/rndc.key" ; ++controls { ++ inet 127.0.0.1 allow { localhost; } ++ keys { rndc-key; }; ++}; +diff --git a/conf/rndc.conf b/conf/rndc.conf +new file mode 100644 +index 0000000..a0b481d +--- /dev/null ++++ b/conf/rndc.conf +@@ -0,0 +1,5 @@ ++include "/etc/bind/rndc.key"; ++options { ++ default-server localhost; ++ default-key rndc-key; ++}; + +-- +1.7.5.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service new file mode 100644 index 0000000000..cda56ef015 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service @@ -0,0 +1,22 @@ +[Unit] +Description=Berkeley Internet Name Domain (DNS) +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/default/bind9 +PIDFile=/run/named/named.pid + +ExecStartPre=@SBINDIR@/generate-rndc-key.sh +ExecStart=@SBINDIR@/named $OPTIONS + +ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID' + +ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID' + +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.4.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.4.bb deleted file mode 100644 index c3efaffeda..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.4.bb +++ /dev/null @@ -1,114 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "https://www.isc.org/bind/" -DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" -SECTION = "console/network" - -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62" - -DEPENDS = "openssl libcap zlib libuv" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - " - -SRC_URI[sha256sum] = "f277ae50159a00c300eb926a9c5d51953038a936bd8242d6913dfb6eac42761d" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# follow the ESV versions divisible by 2 -UPSTREAM_CHECK_REGEX = "(?P9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" - -# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore -# so the issue doesn't affect us. -CVE_CHECK_IGNORE += "CVE-2019-6470" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=readline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" -PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" - -EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \ - --with-gssapi=no --with-lmdb=no --with-zlib \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " -LDFLAGS:append = " -lz" - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE:${PN} = "named.service" - -do_install:append() { - - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_system_unitdir}/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi -} - -CONFFILES:${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -ALTERNATIVE:${PN}-utils = "nslookup" -ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" -ALTERNATIVE_PRIORITY = "100" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES:${PN}-dev += "${bindir}/isc-config.h" -FILES:${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -# special arrangement below due to -# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 -FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" -FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" -FILES:${PN}-staticdev += "${libdir}/*.la" - -RDEPENDS:${PN}-dev = "" diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb new file mode 100644 index 0000000000..11c8a4e9d3 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb @@ -0,0 +1,114 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "https://www.isc.org/bind/" +DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" +SECTION = "console/network" + +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62" + +DEPENDS = "openssl libcap zlib libuv" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + " + +SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +# follow the ESV versions divisible by 2 +UPSTREAM_CHECK_REGEX = "(?P9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" + +# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore +# so the issue doesn't affect us. +CVE_CHECK_IGNORE += "CVE-2019-6470" + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=readline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" +PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" + +EXTRA_OECONF = " --disable-devpoll --disable-auto-validation --enable-epoll \ + --with-gssapi=no --with-lmdb=no --with-zlib \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " +LDFLAGS:append = " -lz" + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE:${PN} = "named.service" + +do_install:append() { + + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_system_unitdir}/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi +} + +CONFFILES:${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE:${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES:${PN}-dev += "${bindir}/isc-config.h" +FILES:${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +# special arrangement below due to +# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 +FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" +FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" +FILES:${PN}-staticdev += "${libdir}/*.la" + +RDEPENDS:${PN}-dev = "" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 22dd07b348..79d4645ca8 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -53,7 +53,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ - file://fix_service.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch deleted file mode 100644 index 96fdf6b299..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch +++ /dev/null @@ -1,30 +0,0 @@ -The systemd bluetooth service failed to start because the /var/lib/bluetooth -path of ReadWritePaths= is created by the bluetooth daemon itself. - -The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth -and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service. -The existing ProtectSystem=full option mounts the /usr, the boot loader -directories and /etc read-only. This means the two option are useless and could be removed. - -Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329] - -Index: bluez-5.64/src/bluetooth.service.in -=================================================================== ---- bluez-5.64.orig/src/bluetooth.service.in -+++ bluez-5.64/src/bluetooth.service.in -@@ -15,12 +15,12 @@ LimitNPROC=1 - - # Filesystem lockdown - ProtectHome=true --ProtectSystem=full -+ProtectSystem=strict - PrivateTmp=true - ProtectKernelTunables=true - ProtectControlGroups=true --ReadWritePaths=@statedir@ --ReadOnlyPaths=@confdir@ -+ConfigurationDirectory=bluetooth -+StateDirectory=bluetooth - - # Execute Mappings - MemoryDenyWriteExecute=true diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.64.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.64.bb deleted file mode 100644 index 4319f9aae8..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.64.bb +++ /dev/null @@ -1,70 +0,0 @@ -require bluez5.inc - -SRC_URI[sha256sum] = "ae437e65b6b3070c198bc5b0109fe9cdeb9eaa387380e2072f9de65fe8a1de34" - -# These issues have kernel fixes rather than bluez fixes so exclude here -CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490" - -# noinst programs in Makefile.tools that are conditional on READLINE -# support -NOINST_TOOLS_READLINE ?= " \ - ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ - tools/obex-client-tool \ - tools/obex-server-tool \ - tools/bluetooth-player \ - tools/obexctl \ - tools/btmgmt \ -" - -# noinst programs in Makefile.tools that are conditional on TESTING -# support -NOINST_TOOLS_TESTING ?= " \ - emulator/btvirt \ - emulator/b1ee \ - emulator/hfp \ - peripheral/btsensor \ - tools/3dsp \ - tools/mgmt-tester \ - tools/gap-tester \ - tools/l2cap-tester \ - tools/sco-tester \ - tools/smp-tester \ - tools/hci-tester \ - tools/rfcomm-tester \ - tools/bnep-tester \ - tools/userchan-tester \ -" - -# noinst programs in Makefile.tools that are conditional on TOOLS -# support -NOINST_TOOLS_BT ?= " \ - tools/bdaddr \ - tools/avinfo \ - tools/avtest \ - tools/scotest \ - tools/amptest \ - tools/hwdb \ - tools/hcieventmask \ - tools/hcisecfilter \ - tools/btinfo \ - tools/btsnoop \ - tools/btproxy \ - tools/btiotest \ - tools/bneptest \ - tools/mcaptest \ - tools/cltest \ - tools/oobtest \ - tools/advtest \ - tools/seq2bseq \ - tools/nokfw \ - tools/create-image \ - tools/eddystone \ - tools/ibeacon \ - tools/btgatt-client \ - tools/btgatt-server \ - tools/test-runner \ - tools/check-selftest \ - tools/gatt-service \ - profiles/iap/iapd \ - ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \ -" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.65.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.65.bb new file mode 100644 index 0000000000..4c15aeb46d --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.65.bb @@ -0,0 +1,70 @@ +require bluez5.inc + +SRC_URI[sha256sum] = "2565a4d48354b576e6ad92e25b54ed66808296581c8abb80587051f9993d96d4" + +# These issues have kernel fixes rather than bluez fixes so exclude here +CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490" + +# noinst programs in Makefile.tools that are conditional on READLINE +# support +NOINST_TOOLS_READLINE ?= " \ + ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ + tools/obex-client-tool \ + tools/obex-server-tool \ + tools/bluetooth-player \ + tools/obexctl \ + tools/btmgmt \ +" + +# noinst programs in Makefile.tools that are conditional on TESTING +# support +NOINST_TOOLS_TESTING ?= " \ + emulator/btvirt \ + emulator/b1ee \ + emulator/hfp \ + peripheral/btsensor \ + tools/3dsp \ + tools/mgmt-tester \ + tools/gap-tester \ + tools/l2cap-tester \ + tools/sco-tester \ + tools/smp-tester \ + tools/hci-tester \ + tools/rfcomm-tester \ + tools/bnep-tester \ + tools/userchan-tester \ +" + +# noinst programs in Makefile.tools that are conditional on TOOLS +# support +NOINST_TOOLS_BT ?= " \ + tools/bdaddr \ + tools/avinfo \ + tools/avtest \ + tools/scotest \ + tools/amptest \ + tools/hwdb \ + tools/hcieventmask \ + tools/hcisecfilter \ + tools/btinfo \ + tools/btsnoop \ + tools/btproxy \ + tools/btiotest \ + tools/bneptest \ + tools/mcaptest \ + tools/cltest \ + tools/oobtest \ + tools/advtest \ + tools/seq2bseq \ + tools/nokfw \ + tools/create-image \ + tools/eddystone \ + tools/ibeacon \ + tools/btgatt-client \ + tools/btgatt-server \ + tools/test-runner \ + tools/check-selftest \ + tools/gatt-service \ + profiles/iap/iapd \ + ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \ +" diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch new file mode 100644 index 0000000000..182c5ca29c --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch @@ -0,0 +1,37 @@ +From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001 +From: Nathan Crandall +Date: Tue, 12 Jul 2022 08:56:34 +0200 +Subject: gweb: Fix OOB write in received_data() + +There is a mismatch of handling binary vs. C-string data with memchr +and strlen, resulting in pos, count, and bytes_read to become out of +sync and result in a heap overflow. Instead, do not treat the buffer +as an ASCII C-string. We calculate the count based on the return value +of memchr, instead of strlen. + +Fixes: CVE-2022-32292 + +CVE: CVE-2022-32292 + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd] +Signed-off-by: Khem Raj +--- + gweb/gweb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gweb/gweb.c b/gweb/gweb.c +index 12fcb1d8..13c6c5f2 100644 +--- a/gweb/gweb.c ++++ b/gweb/gweb.c +@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond, + } + + *pos = '\0'; +- count = strlen((char *) ptr); ++ count = pos - ptr; + if (count > 0 && ptr[count - 1] == '\r') { + ptr[--count] = '\0'; + bytes_read--; +-- +cgit + diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch new file mode 100644 index 0000000000..b280203594 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch @@ -0,0 +1,141 @@ +From 72343929836de80727a27d6744c869dff045757c Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Tue, 5 Jul 2022 08:32:12 +0200 +Subject: wispr: Add reference counter to portal context + +Track the connman_wispr_portal_context live time via a +refcounter. This only adds the infrastructure to do proper reference +counting. + +Fixes: CVE-2022-32293 +CVE: CVE-2022-32293 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a] +Signed-off-by: Khem Raj +--- + src/wispr.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 42 insertions(+), 10 deletions(-) + +diff --git a/src/wispr.c b/src/wispr.c +index a07896ca..bde7e63b 100644 +--- a/src/wispr.c ++++ b/src/wispr.c +@@ -56,6 +56,7 @@ struct wispr_route { + }; + + struct connman_wispr_portal_context { ++ int refcount; + struct connman_service *service; + enum connman_ipconfig_type type; + struct connman_wispr_portal *wispr_portal; +@@ -97,6 +98,11 @@ static char *online_check_ipv4_url = NULL; + static char *online_check_ipv6_url = NULL; + static bool enable_online_to_ready_transition = false; + ++#define wispr_portal_context_ref(wp_context) \ ++ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__) ++#define wispr_portal_context_unref(wp_context) \ ++ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__) ++ + static void connman_wispr_message_init(struct connman_wispr_message *msg) + { + DBG(""); +@@ -162,9 +168,6 @@ static void free_connman_wispr_portal_context( + { + DBG("context %p", wp_context); + +- if (!wp_context) +- return; +- + if (wp_context->wispr_portal) { + if (wp_context->wispr_portal->ipv4_context == wp_context) + wp_context->wispr_portal->ipv4_context = NULL; +@@ -201,9 +204,38 @@ static void free_connman_wispr_portal_context( + g_free(wp_context); + } + ++static struct connman_wispr_portal_context * ++wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context, ++ const char *file, int line, const char *caller) ++{ ++ DBG("%p ref %d by %s:%d:%s()", wp_context, ++ wp_context->refcount + 1, file, line, caller); ++ ++ __sync_fetch_and_add(&wp_context->refcount, 1); ++ ++ return wp_context; ++} ++ ++static void wispr_portal_context_unref_debug( ++ struct connman_wispr_portal_context *wp_context, ++ const char *file, int line, const char *caller) ++{ ++ if (!wp_context) ++ return; ++ ++ DBG("%p ref %d by %s:%d:%s()", wp_context, ++ wp_context->refcount - 1, file, line, caller); ++ ++ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1) ++ return; ++ ++ free_connman_wispr_portal_context(wp_context); ++} ++ + static struct connman_wispr_portal_context *create_wispr_portal_context(void) + { +- return g_try_new0(struct connman_wispr_portal_context, 1); ++ return wispr_portal_context_ref( ++ g_new0(struct connman_wispr_portal_context, 1)); + } + + static void free_connman_wispr_portal(gpointer data) +@@ -215,8 +247,8 @@ static void free_connman_wispr_portal(gpointer data) + if (!wispr_portal) + return; + +- free_connman_wispr_portal_context(wispr_portal->ipv4_context); +- free_connman_wispr_portal_context(wispr_portal->ipv6_context); ++ wispr_portal_context_unref(wispr_portal->ipv4_context); ++ wispr_portal_context_unref(wispr_portal->ipv6_context); + + g_free(wispr_portal); + } +@@ -452,7 +484,7 @@ static void portal_manage_status(GWebResult *result, + connman_info("Client-Timezone: %s", str); + + if (!enable_online_to_ready_transition) +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + + __connman_service_ipconfig_indicate_state(service, + CONNMAN_SERVICE_STATE_ONLINE, type); +@@ -616,7 +648,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service, + return; + } + +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + return; + } + +@@ -952,7 +984,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context) + + if (wp_context->token == 0) { + err = -EINVAL; +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + } + } else if (wp_context->timeout == 0) { + wp_context->timeout = g_idle_add(no_proxy_callback, wp_context); +@@ -1001,7 +1033,7 @@ int __connman_wispr_start(struct connman_service *service, + + /* If there is already an existing context, we wipe it */ + if (wp_context) +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + + wp_context = create_wispr_portal_context(); + if (!wp_context) +-- +cgit + diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch new file mode 100644 index 0000000000..56f8fc82de --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch @@ -0,0 +1,174 @@ +From 416bfaff988882c553c672e5bfc2d4f648d29e8a Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Tue, 5 Jul 2022 09:11:09 +0200 +Subject: wispr: Update portal context references + +Maintain proper portal context references to avoid UAF. + +Fixes: CVE-2022-32293 +CVE: CVE-2022-32293 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c] +Signed-off-by: Khem Raj +--- + src/wispr.c | 34 ++++++++++++++++++++++------------ + 1 file changed, 22 insertions(+), 12 deletions(-) + +diff --git a/src/wispr.c b/src/wispr.c +index bde7e63b..84bed33f 100644 +--- a/src/wispr.c ++++ b/src/wispr.c +@@ -105,8 +105,6 @@ static bool enable_online_to_ready_transition = false; + + static void connman_wispr_message_init(struct connman_wispr_message *msg) + { +- DBG(""); +- + msg->has_error = false; + msg->current_element = NULL; + +@@ -166,8 +164,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context) + static void free_connman_wispr_portal_context( + struct connman_wispr_portal_context *wp_context) + { +- DBG("context %p", wp_context); +- + if (wp_context->wispr_portal) { + if (wp_context->wispr_portal->ipv4_context == wp_context) + wp_context->wispr_portal->ipv4_context = NULL; +@@ -483,9 +479,6 @@ static void portal_manage_status(GWebResult *result, + &str)) + connman_info("Client-Timezone: %s", str); + +- if (!enable_online_to_ready_transition) +- wispr_portal_context_unref(wp_context); +- + __connman_service_ipconfig_indicate_state(service, + CONNMAN_SERVICE_STATE_ONLINE, type); + +@@ -546,14 +539,17 @@ static void wispr_portal_request_portal( + { + DBG(""); + ++ wispr_portal_context_ref(wp_context); + wp_context->request_id = g_web_request_get(wp_context->web, + wp_context->status_url, + wispr_portal_web_result, + wispr_route_request, + wp_context); + +- if (wp_context->request_id == 0) ++ if (wp_context->request_id == 0) { + wispr_portal_error(wp_context); ++ wispr_portal_context_unref(wp_context); ++ } + } + + static bool wispr_input(const guint8 **data, gsize *length, +@@ -618,13 +614,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service, + return; + + if (!authentication_done) { +- wispr_portal_error(wp_context); + free_wispr_routes(wp_context); ++ wispr_portal_error(wp_context); ++ wispr_portal_context_unref(wp_context); + return; + } + + /* Restarting the test */ + __connman_service_wispr_start(service, wp_context->type); ++ wispr_portal_context_unref(wp_context); + } + + static void wispr_portal_request_wispr_login(struct connman_service *service, +@@ -700,11 +698,13 @@ static bool wispr_manage_message(GWebResult *result, + + wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN; + ++ wispr_portal_context_ref(wp_context); + if (__connman_agent_request_login_input(wp_context->service, + wispr_portal_request_wispr_login, +- wp_context) != -EINPROGRESS) ++ wp_context) != -EINPROGRESS) { + wispr_portal_error(wp_context); +- else ++ wispr_portal_context_unref(wp_context); ++ } else + return true; + + break; +@@ -753,6 +753,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + if (length > 0) { + g_web_parser_feed_data(wp_context->wispr_parser, + chunk, length); ++ wispr_portal_context_unref(wp_context); + return true; + } + +@@ -770,6 +771,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + switch (status) { + case 000: ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -781,11 +783,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + if (g_web_result_get_header(result, "X-ConnMan-Status", + &str)) { + portal_manage_status(result, wp_context); ++ wispr_portal_context_unref(wp_context); + return false; +- } else ++ } else { ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->redirect_url, wp_context); ++ } + + break; + case 300: +@@ -798,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + !g_web_result_get_header(result, "Location", + &redirect)) { + ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -808,6 +814,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + wp_context->redirect_url = g_strdup(redirect); + ++ wispr_portal_context_ref(wp_context); + wp_context->request_id = g_web_request_get(wp_context->web, + redirect, wispr_portal_web_result, + wispr_route_request, wp_context); +@@ -820,6 +827,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + break; + case 505: ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -832,6 +840,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + wp_context->request_id = 0; + done: + wp_context->wispr_msg.message_type = -1; ++ wispr_portal_context_unref(wp_context); + return false; + } + +@@ -890,6 +899,7 @@ static void proxy_callback(const char *proxy, void *user_data) + xml_wispr_parser_callback, wp_context); + + wispr_portal_request_portal(wp_context); ++ wispr_portal_context_unref(wp_context); + } + + static gboolean no_proxy_callback(gpointer user_data) +-- +cgit + diff --git a/poky/meta/recipes-connectivity/connman/connman_1.41.bb b/poky/meta/recipes-connectivity/connman/connman_1.41.bb index 736b78eaeb..79542b2175 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.41.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.41.bb @@ -5,6 +5,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ file://connman \ file://no-version-scripts.patch \ + file://CVE-2022-32293_p1.patch \ + file://CVE-2022-32293_p2.patch \ + file://CVE-2022-32292.patch \ " SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch new file mode 100644 index 0000000000..54040ad74c --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch @@ -0,0 +1,54 @@ +From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001 +From: Erik Auerswald +Date: Sat, 3 Sep 2022 16:58:16 +0200 +Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt + +Fix telnetd crash if the first two bytes of a new connection +are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). + +The problem was reported in: +. + +* NEWS: Mention fix. +* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and +zero slctab[SLC_EL].sptr. + +CVE: CVE-2022-39028 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f] +Signed-off-by: Teoh Jay Shen +--- + telnetd/state.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/telnetd/state.c b/telnetd/state.c +index ffc6cba..c2d760f 100644 +--- a/telnetd/state.c ++++ b/telnetd/state.c +@@ -312,15 +312,21 @@ telrcv (void) + case EC: + case EL: + { +- cc_t ch; ++ cc_t ch = (cc_t) (_POSIX_VDISABLE); + + DEBUG (debug_options, 1, printoption ("td: recv IAC", c)); + ptyflush (); /* half-hearted */ + init_termbuf (); + if (c == EC) +- ch = *slctab[SLC_EC].sptr; ++ { ++ if (slctab[SLC_EC].sptr) ++ ch = *slctab[SLC_EC].sptr; ++ } + else +- ch = *slctab[SLC_EL].sptr; ++ { ++ if (slctab[SLC_EL].sptr) ++ ch = *slctab[SLC_EL].sptr; ++ } + if (ch != (cc_t) (_POSIX_VDISABLE)) + pty_output_byte ((unsigned char) ch); + break; +-- +2.37.3 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index 6c9a299b71..d8062e2b21 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.2.bb @@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ + file://CVE-2022-39028.patch \ " inherit autotools gettext update-alternatives texinfo diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index e6f216e5cb..2cc92b7b47 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -5,8 +5,8 @@ SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "3d5c8d0f7e0264768a2c000d0fd4b4d4a991e041" -PV = "20220511" +SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5" +PV = "20220725" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" diff --git a/poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch b/poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch new file mode 100644 index 0000000000..985e2bf1d9 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch @@ -0,0 +1,128 @@ +From d432049f288c9acdc4a7caa729c68ceba3c5dca1 Mon Sep 17 00:00:00 2001 +From: Aaro Koskinen +Date: Thu, 25 Aug 2022 18:47:02 +0300 +Subject: [PATCH] devmem: add 128-bit width + +Add 128-bit width if the compiler provides the needed type. + +function old new delta +devmem_main 405 464 +59 +.rodata 109025 109043 +18 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/0 up/down: 77/0) Total: 77 bytes + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=d432049f288c9acdc4a7caa729c68ceba3c5dca1] + +Signed-off-by: Aaro Koskinen +Signed-off-by: Aaro Koskinen +Signed-off-by: Denys Vlasenko +Signed-off-by: Mingli Yu +--- + miscutils/devmem.c | 68 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 44 insertions(+), 24 deletions(-) + +diff --git a/miscutils/devmem.c b/miscutils/devmem.c +index f9f0276bc..f21621bd6 100644 +--- a/miscutils/devmem.c ++++ b/miscutils/devmem.c +@@ -29,7 +29,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + { + void *map_base, *virt_addr; + uint64_t read_result; +- uint64_t writeval = writeval; /* for compiler */ + off_t target; + unsigned page_size, mapped_size, offset_in_page; + int fd; +@@ -64,9 +63,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + width = strchrnul(bhwl, (argv[2][0] | 0x20)) - bhwl; + width = sizes[width]; + } +- /* VALUE */ +- if (argv[3]) +- writeval = bb_strtoull(argv[3], NULL, 0); + } else { /* argv[2] == NULL */ + /* make argv[3] to be a valid thing to fetch */ + argv--; +@@ -96,28 +92,46 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + virt_addr = (char*)map_base + offset_in_page; + + if (!argv[3]) { +- switch (width) { +- case 8: +- read_result = *(volatile uint8_t*)virt_addr; +- break; +- case 16: +- read_result = *(volatile uint16_t*)virt_addr; +- break; +- case 32: +- read_result = *(volatile uint32_t*)virt_addr; +- break; +- case 64: +- read_result = *(volatile uint64_t*)virt_addr; +- break; +- default: +- bb_simple_error_msg_and_die("bad width"); ++#ifdef __SIZEOF_INT128__ ++ if (width == 128) { ++ unsigned __int128 rd = ++ *(volatile unsigned __int128 *)virt_addr; ++ printf("0x%016llX%016llX\n", ++ (unsigned long long)(uint64_t)(rd >> 64), ++ (unsigned long long)(uint64_t)rd ++ ); ++ } else ++#endif ++ { ++ switch (width) { ++ case 8: ++ read_result = *(volatile uint8_t*)virt_addr; ++ break; ++ case 16: ++ read_result = *(volatile uint16_t*)virt_addr; ++ break; ++ case 32: ++ read_result = *(volatile uint32_t*)virt_addr; ++ break; ++ case 64: ++ read_result = *(volatile uint64_t*)virt_addr; ++ break; ++ default: ++ bb_simple_error_msg_and_die("bad width"); ++ } ++// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", ++// target, virt_addr, ++// (unsigned long long)read_result); ++ /* Zero-padded output shows the width of access just done */ ++ printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); + } +-// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", +-// target, virt_addr, +-// (unsigned long long)read_result); +- /* Zero-padded output shows the width of access just done */ +- printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); + } else { ++ /* parse VALUE */ ++#ifdef __SIZEOF_INT128__ ++ unsigned __int128 writeval = strtoumax(argv[3], NULL, 0); ++#else ++ uint64_t writeval = bb_strtoull(argv[3], NULL, 0); ++#endif + switch (width) { + case 8: + *(volatile uint8_t*)virt_addr = writeval; +@@ -135,6 +149,12 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + *(volatile uint64_t*)virt_addr = writeval; + // read_result = *(volatile uint64_t*)virt_addr; + break; ++#ifdef __SIZEOF_INT128__ ++ case 128: ++ *(volatile unsigned __int128 *)virt_addr = writeval; ++// read_result = *(volatile uint64_t*)virt_addr; ++ break; ++#endif + default: + bb_simple_error_msg_and_die("bad width"); + } +-- +2.25.1 + diff --git a/poky/meta/recipes-core/busybox/busybox_1.35.0.bb b/poky/meta/recipes-core/busybox/busybox_1.35.0.bb index edf896485e..e9ca6fdb1a 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.35.0.bb @@ -50,6 +50,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ file://CVE-2022-30065.patch \ + file://0001-devmem-add-128-bit-width.patch \ " SRC_URI:append:libc-musl = " file://musl.cfg " diff --git a/poky/meta/recipes-core/coreutils/coreutils_9.0.bb b/poky/meta/recipes-core/coreutils/coreutils_9.0.bb index 865cffd4cd..8a2fbeca32 100644 --- a/poky/meta/recipes-core/coreutils/coreutils_9.0.bb +++ b/poky/meta/recipes-core/coreutils/coreutils_9.0.bb @@ -49,6 +49,7 @@ PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl," PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," PACKAGECONFIG[single-binary] = "--enable-single-binary,--disable-single-binary,," PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" +PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl" # [ df mktemp nice printenv base64 gets a special treatment and is not included in this bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \ diff --git a/poky/meta/recipes-core/ell/ell_0.49.bb b/poky/meta/recipes-core/ell/ell_0.49.bb deleted file mode 100644 index 9edd6fc92a..0000000000 --- a/poky/meta/recipes-core/ell/ell_0.49.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "Embedded Linux Library" -HOMEPAGE = "https://01.org/ell" -DESCRIPTION = "The Embedded Linux Library (ELL) provides core, \ -low-level functionality for system daemons. It typically has no \ -dependencies other than the Linux kernel, C standard library, and \ -libdl (for dynamic linking). While ELL is designed to be efficient \ -and compact enough for use on embedded Linux platforms, it is not \ -limited to resource-constrained systems." -SECTION = "libs" -LICENSE = "LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=fb504b67c50331fc78734fed90fb0e09" - -DEPENDS = "dbus" - -inherit autotools pkgconfig - -SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz \ - " -SRC_URI[sha256sum] = "a7ff8ecbc76b187d942dd22b61cb489711400897c790319ffb7e944791687c3f" - -do_configure:prepend () { - mkdir -p ${S}/build-aux -} diff --git a/poky/meta/recipes-core/ell/ell_0.50.bb b/poky/meta/recipes-core/ell/ell_0.50.bb new file mode 100644 index 0000000000..243ac01530 --- /dev/null +++ b/poky/meta/recipes-core/ell/ell_0.50.bb @@ -0,0 +1,23 @@ +SUMMARY = "Embedded Linux Library" +HOMEPAGE = "https://01.org/ell" +DESCRIPTION = "The Embedded Linux Library (ELL) provides core, \ +low-level functionality for system daemons. It typically has no \ +dependencies other than the Linux kernel, C standard library, and \ +libdl (for dynamic linking). While ELL is designed to be efficient \ +and compact enough for use on embedded Linux platforms, it is not \ +limited to resource-constrained systems." +SECTION = "libs" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=fb504b67c50331fc78734fed90fb0e09" + +DEPENDS = "dbus" + +inherit autotools pkgconfig + +SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz \ + " +SRC_URI[sha256sum] = "0fe51d51c6eddc2a2784092f1dfdd1143a5ef27f15c274ecfbadd680d3a72fd9" + +do_configure:prepend () { + mkdir -p ${S}/build-aux +} diff --git a/poky/meta/recipes-core/expat/expat_2.4.7.bb b/poky/meta/recipes-core/expat/expat_2.4.7.bb deleted file mode 100644 index bf1ca8d56e..0000000000 --- a/poky/meta/recipes-core/expat/expat_2.4.7.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "A stream-oriented XML parser library" -DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" -HOMEPAGE = "https://github.com/libexpat/libexpat" -SECTION = "libs" -LICENSE = "MIT" - -LIC_FILES_CHKSUM = "file://COPYING;md5=9e2ce3b3c4c0f2670883a23bbd7c37a9" - -VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" - -SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ - file://run-ptest \ - " - -UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" - -SRC_URI[sha256sum] = "e149bdd8b90254c62b3d195da53a09bd531a4d63a963b0d8a5268d48dd2f6a65" - -EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" - -RDEPENDS:${PN}-ptest += "bash" - -inherit cmake lib_package ptest - -do_install_ptest:class-target() { - install -m 755 ${B}/tests/* ${D}${PTEST_PATH} -} - -BBCLASSEXTEND += "native nativesdk" - -CVE_PRODUCT = "expat libexpat" diff --git a/poky/meta/recipes-core/expat/expat_2.4.9.bb b/poky/meta/recipes-core/expat/expat_2.4.9.bb new file mode 100644 index 0000000000..cb007708c7 --- /dev/null +++ b/poky/meta/recipes-core/expat/expat_2.4.9.bb @@ -0,0 +1,31 @@ +SUMMARY = "A stream-oriented XML parser library" +DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" +HOMEPAGE = "https://github.com/libexpat/libexpat" +SECTION = "libs" +LICENSE = "MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb" + +VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" + +SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ + file://run-ptest \ + " + +UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" + +SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a" + +EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" + +RDEPENDS:${PN}-ptest += "bash" + +inherit cmake lib_package ptest + +do_install_ptest:class-target() { + install -m 755 ${B}/tests/* ${D}${PTEST_PATH} +} + +BBCLASSEXTEND += "native nativesdk" + +CVE_PRODUCT = "expat libexpat" diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.72.1.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.72.1.bb deleted file mode 100644 index 41f18d1c48..0000000000 --- a/poky/meta/recipes-core/glib-networking/glib-networking_2.72.1.bb +++ /dev/null @@ -1,38 +0,0 @@ -SUMMARY = "GLib networking extensions" -DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies." -HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/" -BUGTRACKER = "http://bugzilla.gnome.org" - -LICENSE = "LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" - -SECTION = "libs" -DEPENDS = "glib-2.0" - -SRC_URI[archive.sha256sum] = "6fc1bedc8062484dc8a0204965995ef2367c3db5c934058ff1607e5a24d95a74" - -PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" - -PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" -PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl" -PACKAGECONFIG[libproxy] = "-Dlibproxy=enabled,-Dlibproxy=disabled,libproxy" -PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" - -EXTRA_OEMESON = "-Dgnome_proxy=disabled" - -GNOMEBASEBUILDCLASS = "meson" -inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome - -SRC_URI += "file://run-ptest" - -FILES:${PN} += "\ - ${libdir}/gio/modules/libgio*.so \ - ${datadir}/dbus-1/services/ \ - ${systemd_user_unitdir} \ - " -FILES:${PN}-dev += "${libdir}/gio/modules/libgio*.la" -FILES:${PN}-staticdev += "${libdir}/gio/modules/libgio*.a" - -RDEPENDS:${PN}-ptest += "bash" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-core/glib-networking/glib-networking_2.72.2.bb b/poky/meta/recipes-core/glib-networking/glib-networking_2.72.2.bb new file mode 100644 index 0000000000..746d1bc39c --- /dev/null +++ b/poky/meta/recipes-core/glib-networking/glib-networking_2.72.2.bb @@ -0,0 +1,38 @@ +SUMMARY = "GLib networking extensions" +DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies." +HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/" +BUGTRACKER = "http://bugzilla.gnome.org" + +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SECTION = "libs" +DEPENDS = "glib-2.0" + +SRC_URI[archive.sha256sum] = "cd2a084c7bb91d78e849fb55d40e472f6d8f6862cddc9f12c39149359ba18268" + +PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" + +PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" +PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl" +PACKAGECONFIG[libproxy] = "-Dlibproxy=enabled,-Dlibproxy=disabled,libproxy" +PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" + +EXTRA_OEMESON = "-Dgnome_proxy=disabled" + +GNOMEBASEBUILDCLASS = "meson" +inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome + +SRC_URI += "file://run-ptest" + +FILES:${PN} += "\ + ${libdir}/gio/modules/libgio*.so \ + ${datadir}/dbus-1/services/ \ + ${systemd_user_unitdir} \ + " +FILES:${PN}-dev += "${libdir}/gio/modules/libgio*.la" +FILES:${PN}-staticdev += "${libdir}/gio/modules/libgio*.a" + +RDEPENDS:${PN}-ptest += "bash" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-core/glibc/glibc-locale.inc b/poky/meta/recipes-core/glibc/glibc-locale.inc index b8de7d3192..7c14abfe99 100644 --- a/poky/meta/recipes-core/glibc/glibc-locale.inc +++ b/poky/meta/recipes-core/glibc/glibc-locale.inc @@ -87,10 +87,9 @@ do_install() { if [ ${PACKAGE_NO_GCONV} -eq 0 ]; then copy_locale_files ${libdir}/gconv 0755 copy_locale_files ${datadir}/i18n 0644 - else - # Remove the libdir if it is empty when gconv is not copied - find ${D}${libdir} -type d -empty -delete fi + # Remove empty dirs in libdir when gconv or locales are not copied + find ${D}${libdir} -type d -empty -delete copy_locale_files ${datadir}/locale 0644 install -m 0644 ${LOCALETREESRC}/SUPPORTED ${WORKDIR}/SUPPORTED } diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb b/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb index 96d0569ff6..97d5dc29a3 100644 --- a/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb +++ b/poky/meta/recipes-core/glibc/glibc-tests_2.35.bb @@ -4,7 +4,7 @@ require glibc-tests.inc inherit ptest features_check REQUIRED_DISTRO_FEATURES = "ptest" -SRC_URI:append = " \ +SRC_URI += " \ file://reproducible-paths.patch \ file://run-ptest \ " @@ -30,7 +30,7 @@ python __anonymous() { RPROVIDES:${PN} = "${PN}" RRECOMMENDS:${PN} = "" RDEPENDS:${PN} = " glibc sed" -DEPENDS:append = " sed" +DEPENDS += "sed" export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/" diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc index ccb41e5af6..d3cea19f9c 100644 --- a/poky/meta/recipes-core/glibc/glibc-version.inc +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "0e5b239f45992e4b54c6f946ecb0c410afc8bb08" +SRCREV_glibc ?= "f8ad66a4cab14ed294bf50e7a9eddb73da6cf307" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 7acdd8c2ef..61a9cd4aa3 100644 --- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx" inherit core-image setuptools3 -SRCREV ?= "60171200800c62820c9275b50c703e53ed6e7b28" +SRCREV ?= "d64bef1c7d713b92a51228e5ade945835e5a94a4" SRC_URI = "git://git.yoctoproject.org/poky;branch=kirkstone \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch b/poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch new file mode 100644 index 0000000000..c6567ac878 --- /dev/null +++ b/poky/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch @@ -0,0 +1,814 @@ +From 2c20198b1ddb1bfb47269b8caf929ffb83748f78 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Thu, 21 Apr 2022 00:45:58 +0200 +Subject: [PATCH] Port gentest.py to Python 3 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb] + +* fixes: + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 11 + print "libxml2 python bindings not available, skipping testapi.c generation" + ^ +SyntaxError: Missing parentheses in call to 'print'. Did you mean print("libxml2 python bindings not available, skipping testapi.c generation")? +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 271 + return 1 + ^ +TabError: inconsistent use of tabs and spaces in indentation +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +aarch64-oe-linux-gcc: error: testapi.c: No such file or directory +aarch64-oe-linux-gcc: fatal error: no input files +compilation terminated. +make[1]: *** [Makefile:1275: testapi.o] Error 1 + +But there is still a bit mystery why it worked before, because check-am +calls gentest.py with $(PYTHON), so it ignores the shebang in the script +and libxml2 is using python3native (through python3targetconfig.bbclass) +so something like: + +libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 gentest.py + +But that still fails (now without SyntaxError) with: +libxml2 python bindings not available, skipping testapi.c generation + +because we don't have dependency on libxml2-native (to provide libxml2 +python bindings form python3native) and exported PYTHON_SITE_PACKAGES +might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10 +which uses python 3.10 and there is no site-packages with libxml2) + +Signed-off-by: Martin Jansa + +--- + gentest.py | 421 ++++++++++++++++++++++++++--------------------------- + 1 file changed, 209 insertions(+), 212 deletions(-) + +diff --git a/gentest.py b/gentest.py +index b6cd866..af15a4f 100755 +--- a/gentest.py ++++ b/gentest.py +@@ -8,7 +8,7 @@ import string + try: + import libxml2 + except: +- print "libxml2 python bindings not available, skipping testapi.c generation" ++ print("libxml2 python bindings not available, skipping testapi.c generation") + sys.exit(0) + + if len(sys.argv) > 1: +@@ -227,7 +227,7 @@ extra_post_call = { + if (old != NULL) { + xmlUnlinkNode(old); + xmlFreeNode(old) ; old = NULL ; } +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlTextMerge": + """if ((first != NULL) && (first->type != XML_TEXT_NODE)) { + xmlUnlinkNode(second); +@@ -236,7 +236,7 @@ extra_post_call = { + """if ((ret_val != NULL) && (ret_val != ncname) && + (ret_val != prefix) && (ret_val != memory)) + xmlFree(ret_val); +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlNewDocElementContent": + """xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""", + "xmlDictReference": "xmlDictFree(dict);", +@@ -268,29 +268,29 @@ modules = [] + def is_skipped_module(name): + for mod in skipped_modules: + if mod == name: +- return 1 ++ return 1 + return 0 + + def is_skipped_function(name): + for fun in skipped_functions: + if fun == name: +- return 1 ++ return 1 + # Do not test destructors +- if string.find(name, 'Free') != -1: ++ if name.find('Free') != -1: + return 1 + return 0 + + def is_skipped_memcheck(name): + for fun in skipped_memcheck: + if fun == name: +- return 1 ++ return 1 + return 0 + + missing_types = {} + def add_missing_type(name, func): + try: + list = missing_types[name] +- list.append(func) ++ list.append(func) + except: + missing_types[name] = [func] + +@@ -310,7 +310,7 @@ def add_missing_functions(name, module): + missing_functions_nr = missing_functions_nr + 1 + try: + list = missing_functions[module] +- list.append(name) ++ list.append(name) + except: + missing_functions[module] = [name] + +@@ -319,45 +319,45 @@ def add_missing_functions(name, module): + # + + def type_convert(str, name, info, module, function, pos): +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +- res = string.replace(str, " *", "_ptr") +-# res = string.replace(str, "*", "_ptr") +- res = string.replace(res, " ", "_") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++ res = str.replace(" *", "_ptr") ++# res = str.replace("*", "_ptr") ++ res = res.replace(" ", "_") + if res == 'const_char_ptr': +- if string.find(name, "file") != -1 or \ +- string.find(name, "uri") != -1 or \ +- string.find(name, "URI") != -1 or \ +- string.find(info, "filename") != -1 or \ +- string.find(info, "URI") != -1 or \ +- string.find(info, "URL") != -1: +- if string.find(function, "Save") != -1 or \ +- string.find(function, "Create") != -1 or \ +- string.find(function, "Write") != -1 or \ +- string.find(function, "Fetch") != -1: +- return('fileoutput') +- return('filepath') ++ if name.find("file") != -1 or \ ++ name.find("uri") != -1 or \ ++ name.find("URI") != -1 or \ ++ info.find("filename") != -1 or \ ++ info.find("URI") != -1 or \ ++ info.find("URL") != -1: ++ if function.find("Save") != -1 or \ ++ function.find("Create") != -1 or \ ++ function.find("Write") != -1 or \ ++ function.find("Fetch") != -1: ++ return('fileoutput') ++ return('filepath') + if res == 'void_ptr': + if module == 'nanoftp' and name == 'ctx': +- return('xmlNanoFTPCtxtPtr') ++ return('xmlNanoFTPCtxtPtr') + if function == 'xmlNanoFTPNewCtxt' or \ +- function == 'xmlNanoFTPConnectTo' or \ +- function == 'xmlNanoFTPOpen': +- return('xmlNanoFTPCtxtPtr') ++ function == 'xmlNanoFTPConnectTo' or \ ++ function == 'xmlNanoFTPOpen': ++ return('xmlNanoFTPCtxtPtr') + if module == 'nanohttp' and name == 'ctx': +- return('xmlNanoHTTPCtxtPtr') +- if function == 'xmlNanoHTTPMethod' or \ +- function == 'xmlNanoHTTPMethodRedir' or \ +- function == 'xmlNanoHTTPOpen' or \ +- function == 'xmlNanoHTTPOpenRedir': +- return('xmlNanoHTTPCtxtPtr'); ++ return('xmlNanoHTTPCtxtPtr') ++ if function == 'xmlNanoHTTPMethod' or \ ++ function == 'xmlNanoHTTPMethodRedir' or \ ++ function == 'xmlNanoHTTPOpen' or \ ++ function == 'xmlNanoHTTPOpenRedir': ++ return('xmlNanoHTTPCtxtPtr'); + if function == 'xmlIOHTTPOpen': +- return('xmlNanoHTTPCtxtPtr') +- if string.find(name, "data") != -1: +- return('userdata') +- if string.find(name, "user") != -1: +- return('userdata') ++ return('xmlNanoHTTPCtxtPtr') ++ if name.find("data") != -1: ++ return('userdata') ++ if name.find("user") != -1: ++ return('userdata') + if res == 'xmlDoc_ptr': + res = 'xmlDocPtr' + if res == 'xmlNode_ptr': +@@ -366,18 +366,18 @@ def type_convert(str, name, info, module, function, pos): + res = 'xmlDictPtr' + if res == 'xmlNodePtr' and pos != 0: + if (function == 'xmlAddChild' and pos == 2) or \ +- (function == 'xmlAddChildList' and pos == 2) or \ ++ (function == 'xmlAddChildList' and pos == 2) or \ + (function == 'xmlAddNextSibling' and pos == 2) or \ + (function == 'xmlAddSibling' and pos == 2) or \ + (function == 'xmlDocSetRootElement' and pos == 2) or \ + (function == 'xmlReplaceNode' and pos == 2) or \ + (function == 'xmlTextMerge') or \ +- (function == 'xmlAddPrevSibling' and pos == 2): +- return('xmlNodePtr_in'); ++ (function == 'xmlAddPrevSibling' and pos == 2): ++ return('xmlNodePtr_in'); + if res == 'const xmlBufferPtr': + res = 'xmlBufferPtr' + if res == 'xmlChar_ptr' and name == 'name' and \ +- string.find(function, "EatName") != -1: ++ function.find("EatName") != -1: + return('eaten_name') + if res == 'void_ptr*': + res = 'void_ptr_ptr' +@@ -393,7 +393,7 @@ def type_convert(str, name, info, module, function, pos): + res = 'debug_FILE_ptr'; + if res == 'int' and name == 'options': + if module == 'parser' or module == 'xmlreader': +- res = 'parseroptions' ++ res = 'parseroptions' + + return res + +@@ -402,28 +402,28 @@ known_param_types = [] + def is_known_param_type(name): + for type in known_param_types: + if type == name: +- return 1 ++ return 1 + return name[-3:] == 'Ptr' or name[-4:] == '_ptr' + + def generate_param_type(name, rtype): + global test + for type in known_param_types: + if type == name: +- return ++ return + for type in generated_param_types: + if type == name: +- return ++ return + + if name[-3:] == 'Ptr' or name[-4:] == '_ptr': + if rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype ++ crtype = rtype[6:] ++ else: ++ crtype = rtype + + define = 0 +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write(""" + #define gen_nb_%s 1 + static %s gen_%s(int no ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { +@@ -433,7 +433,7 @@ static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTR + } + """ % (name, crtype, name, name, rtype)) + if define == 1: +- test.write("#endif\n\n") ++ test.write("#endif\n\n") + add_generated_param_type(name) + + # +@@ -445,7 +445,7 @@ known_return_types = [] + def is_known_return_type(name): + for type in known_return_types: + if type == name: +- return 1 ++ return 1 + return 0 + + # +@@ -471,7 +471,7 @@ def compare_and_save(): + try: + os.system("rm testapi.c; mv testapi.c.new testapi.c") + except: +- os.system("mv testapi.c.new testapi.c") ++ os.system("mv testapi.c.new testapi.c") + print("Updated testapi.c") + else: + print("Generated testapi.c is identical") +@@ -481,17 +481,17 @@ while line != "": + if line == "/* CUT HERE: everything below that line is generated */\n": + break; + if line[0:15] == "#define gen_nb_": +- type = string.split(line[15:])[0] +- known_param_types.append(type) ++ type = line[15:].split()[0] ++ known_param_types.append(type) + if line[0:19] == "static void desret_": +- type = string.split(line[19:], '(')[0] +- known_return_types.append(type) ++ type = line[19:].split('(')[0] ++ known_return_types.append(type) + test.write(line) + line = input.readline() + input.close() + + if line == "": +- print "Could not find the CUT marker in testapi.c skipping generation" ++ print("Could not find the CUT marker in testapi.c skipping generation") + test.close() + sys.exit(0) + +@@ -505,7 +505,7 @@ test.write("/* CUT HERE: everything below that line is generated */\n") + # + doc = libxml2.readFile(srcPref + 'doc/libxml2-api.xml', None, 0) + if doc == None: +- print "Failed to load doc/libxml2-api.xml" ++ print("Failed to load doc/libxml2-api.xml") + sys.exit(1) + ctxt = doc.xpathNewContext() + +@@ -519,9 +519,9 @@ for arg in args: + mod = arg.xpathEval('string(../@file)') + func = arg.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): +- type = arg.xpathEval('string(@type)') +- if not argtypes.has_key(type): +- argtypes[type] = func ++ type = arg.xpathEval('string(@type)') ++ if type not in argtypes: ++ argtypes[type] = func + + # similarly for return types + rettypes = {} +@@ -531,8 +531,8 @@ for ret in rets: + func = ret.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): + type = ret.xpathEval('string(@type)') +- if not rettypes.has_key(type): +- rettypes[type] = func ++ if type not in rettypes: ++ rettypes[type] = func + + # + # Generate constructors and return type handling for all enums +@@ -549,49 +549,49 @@ for enum in enums: + continue; + define = 0 + +- if argtypes.has_key(name) and is_known_param_type(name) == 0: +- values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) +- i = 0 +- vals = [] +- for value in values: +- vname = value.xpathEval('string(@name)') +- if vname == None: +- continue; +- i = i + 1 +- if i >= 5: +- break; +- vals.append(vname) +- if vals == []: +- print "Didn't find any value for enum %s" % (name) +- continue +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 +- test.write("#define gen_nb_%s %d\n" % (name, len(vals))) +- test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % +- (name, name)) +- i = 1 +- for value in vals: +- test.write(" if (no == %d) return(%s);\n" % (i, value)) +- i = i + 1 +- test.write(""" return(0); ++ if (name in argtypes) and is_known_param_type(name) == 0: ++ values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) ++ i = 0 ++ vals = [] ++ for value in values: ++ vname = value.xpathEval('string(@name)') ++ if vname == None: ++ continue; ++ i = i + 1 ++ if i >= 5: ++ break; ++ vals.append(vname) ++ if vals == []: ++ print("Didn't find any value for enum %s" % (name)) ++ continue ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 ++ test.write("#define gen_nb_%s %d\n" % (name, len(vals))) ++ test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % ++ (name, name)) ++ i = 1 ++ for value in vals: ++ test.write(" if (no == %d) return(%s);\n" % (i, value)) ++ i = i + 1 ++ test.write(""" return(0); + } + + static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { + } + + """ % (name, name)); +- known_param_types.append(name) ++ known_param_types.append(name) + + if (is_known_return_type(name) == 0) and (name in rettypes): +- if define == 0 and modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if define == 0 and (module in modules_defines): ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write("""static void desret_%s(%s val ATTRIBUTE_UNUSED) { + } + + """ % (name, name)) +- known_return_types.append(name) ++ known_return_types.append(name) + if define == 1: + test.write("#endif\n\n") + +@@ -615,9 +615,9 @@ for file in headers: + # do not test deprecated APIs + # + desc = file.xpathEval('string(description)') +- if string.find(desc, 'DEPRECATED') != -1: +- print "Skipping deprecated interface %s" % name +- continue; ++ if desc.find('DEPRECATED') != -1: ++ print("Skipping deprecated interface %s" % name) ++ continue; + + test.write("#include \n" % name) + modules.append(name) +@@ -679,7 +679,7 @@ def generate_test(module, node): + # and store the information for the generation + # + try: +- args = node.xpathEval("arg") ++ args = node.xpathEval("arg") + except: + args = [] + t_args = [] +@@ -687,37 +687,37 @@ def generate_test(module, node): + for arg in args: + n = n + 1 + rtype = arg.xpathEval("string(@type)") +- if rtype == 'void': +- break; +- info = arg.xpathEval("string(@info)") +- nam = arg.xpathEval("string(@name)") ++ if rtype == 'void': ++ break; ++ info = arg.xpathEval("string(@info)") ++ nam = arg.xpathEval("string(@name)") + type = type_convert(rtype, nam, info, module, name, n) +- if is_known_param_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 ++ if is_known_param_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 + if (type[-3:] == 'Ptr' or type[-4:] == '_ptr') and \ +- rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype +- t_args.append((nam, type, rtype, crtype, info)) ++ rtype[0:6] == 'const ': ++ crtype = rtype[6:] ++ else: ++ crtype = rtype ++ t_args.append((nam, type, rtype, crtype, info)) + + try: +- rets = node.xpathEval("return") ++ rets = node.xpathEval("return") + except: + rets = [] + t_ret = None + for ret in rets: + rtype = ret.xpathEval("string(@type)") +- info = ret.xpathEval("string(@info)") ++ info = ret.xpathEval("string(@info)") + type = type_convert(rtype, 'return', info, module, name, 0) +- if rtype == 'void': +- break +- if is_known_return_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 +- t_ret = (type, rtype, info) +- break ++ if rtype == 'void': ++ break ++ if is_known_return_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 ++ t_ret = (type, rtype, info) ++ break + + if no_gen == 0: + for t_arg in t_args: +@@ -733,7 +733,7 @@ test_%s(void) { + + if no_gen == 1: + add_missing_functions(name, module) +- test.write(""" ++ test.write(""" + /* missing type support */ + return(test_ret); + } +@@ -742,22 +742,22 @@ test_%s(void) { + return + + try: +- conds = node.xpathEval("cond") +- for cond in conds: +- test.write("#if %s\n" % (cond.get_content())) +- nb_cond = nb_cond + 1 ++ conds = node.xpathEval("cond") ++ for cond in conds: ++ test.write("#if %s\n" % (cond.get_content())) ++ nb_cond = nb_cond + 1 + except: + pass + + define = 0 +- if function_defines.has_key(name): ++ if name in function_defines: + test.write("#ifdef %s\n" % (function_defines[name])) +- define = 1 ++ define = 1 + + # Declare the memory usage counter + no_mem = is_skipped_memcheck(name) + if no_mem == 0: +- test.write(" int mem_base;\n"); ++ test.write(" int mem_base;\n"); + + # Declare the return value + if t_ret != None: +@@ -766,29 +766,29 @@ test_%s(void) { + # Declare the arguments + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # add declaration +- test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) +- test.write(" int n_%s;\n" % (nam)) ++ # add declaration ++ test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) ++ test.write(" int n_%s;\n" % (nam)) + test.write("\n") + + # Cascade loop on of each argument list of values + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( +- nam, nam, type, nam)) ++ # ++ test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( ++ nam, nam, type, nam)) + + # log the memory usage + if no_mem == 0: +- test.write(" mem_base = xmlMemBlocks();\n"); ++ test.write(" mem_base = xmlMemBlocks();\n"); + + # prepare the call + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) +- i = i + 1; ++ # ++ test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) ++ i = i + 1; + + # add checks to avoid out-of-bounds array access + i = 0; +@@ -797,7 +797,7 @@ test_%s(void) { + # assume that "size", "len", and "start" parameters apply to either + # the nearest preceding or following char pointer + if type == "int" and (nam == "size" or nam == "len" or nam == "start"): +- for j in range(i - 1, -1, -1) + range(i + 1, len(t_args)): ++ for j in (*range(i - 1, -1, -1), *range(i + 1, len(t_args))): + (bnam, btype) = t_args[j][:2] + if btype == "const_char_ptr" or btype == "const_xmlChar_ptr": + test.write( +@@ -806,42 +806,42 @@ test_%s(void) { + " continue;\n" + % (bnam, nam, bnam)) + break +- i = i + 1; ++ i = i + 1; + + # do the call, and clanup the result +- if extra_pre_call.has_key(name): +- test.write(" %s\n"% (extra_pre_call[name])) ++ if name in extra_pre_call: ++ test.write(" %s\n"% (extra_pre_call[name])) + if t_ret != None: +- test.write("\n ret_val = %s(" % (name)) +- need = 0 +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam); +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) +- test.write(" desret_%s(ret_val);\n" % t_ret[0]) ++ test.write("\n ret_val = %s(" % (name)) ++ need = 0 ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam); ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) ++ test.write(" desret_%s(ret_val);\n" % t_ret[0]) + else: +- test.write("\n %s(" % (name)); +- need = 0; +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam) +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) ++ test.write("\n %s(" % (name)); ++ need = 0; ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam) ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) + + test.write(" call_tests++;\n"); + +@@ -849,32 +849,32 @@ test_%s(void) { + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # This is a hack to prevent generating a destructor for the +- # 'input' argument in xmlTextReaderSetup. There should be +- # a better, more generic way to do this! +- if string.find(info, 'destroy') == -1: +- test.write(" des_%s(n_%s, " % (type, nam)) +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s, %d);\n" % (nam, i)) +- i = i + 1; ++ # This is a hack to prevent generating a destructor for the ++ # 'input' argument in xmlTextReaderSetup. There should be ++ # a better, more generic way to do this! ++ if info.find('destroy') == -1: ++ test.write(" des_%s(n_%s, " % (type, nam)) ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s, %d);\n" % (nam, i)) ++ i = i + 1; + + test.write(" xmlResetLastError();\n"); + # Check the memory usage + if no_mem == 0: +- test.write(""" if (mem_base != xmlMemBlocks()) { ++ test.write(""" if (mem_base != xmlMemBlocks()) { + printf("Leak of %%d blocks found in %s", +- xmlMemBlocks() - mem_base); +- test_ret++; ++\t xmlMemBlocks() - mem_base); ++\t test_ret++; + """ % (name)); +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- test.write(""" printf(" %%d", n_%s);\n""" % (nam)) +- test.write(""" printf("\\n");\n""") +- test.write(" }\n") ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ test.write(""" printf(" %%d", n_%s);\n""" % (nam)) ++ test.write(""" printf("\\n");\n""") ++ test.write(" }\n") + + for arg in t_args: +- test.write(" }\n") ++ test.write(" }\n") + + test.write(" function_tests++;\n") + # +@@ -882,7 +882,7 @@ test_%s(void) { + # + while nb_cond > 0: + test.write("#endif\n") +- nb_cond = nb_cond -1 ++ nb_cond = nb_cond -1 + if define == 1: + test.write("#endif\n") + +@@ -900,10 +900,10 @@ test_%s(void) { + for module in modules: + # gather all the functions exported by that module + try: +- functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) ++ functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) + except: +- print "Failed to gather functions from module %s" % (module) +- continue; ++ print("Failed to gather functions from module %s" % (module)) ++ continue; + + # iterate over all functions in the module generating the test + i = 0 +@@ -923,14 +923,14 @@ test_%s(void) { + # iterate over all functions in the module generating the call + for function in functions: + name = function.xpathEval('string(@name)') +- if is_skipped_function(name): +- continue +- test.write(" test_ret += test_%s();\n" % (name)) ++ if is_skipped_function(name): ++ continue ++ test.write(" test_ret += test_%s();\n" % (name)) + + # footer + test.write(""" + if (test_ret != 0) +- printf("Module %s: %%d errors\\n", test_ret); ++\tprintf("Module %s: %%d errors\\n", test_ret); + return(test_ret); + } + """ % (module)) +@@ -948,7 +948,7 @@ test.write(""" return(0); + } + """); + +-print "Generated test for %d modules and %d functions" %(len(modules), nb_tests) ++print("Generated test for %d modules and %d functions" %(len(modules), nb_tests)) + + compare_and_save() + +@@ -960,11 +960,8 @@ for missing in missing_types.keys(): + n = len(missing_types[missing]) + missing_list.append((n, missing)) + +-def compare_missing(a, b): +- return b[0] - a[0] +- +-missing_list.sort(compare_missing) +-print "Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list)) ++missing_list.sort(key=lambda a: a[0]) ++print("Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list))) + lst = open("missing.lst", "w") + lst.write("Missing support for %d types" % (len(missing_list))) + lst.write("\n") +@@ -974,9 +971,9 @@ for miss in missing_list: + for n in missing_types[miss[1]]: + i = i + 1 + if i > 5: +- lst.write(" ...") +- break +- lst.write(" %s" % (n)) ++ lst.write(" ...") ++ break ++ lst.write(" %s" % (n)) + lst.write("\n") + lst.write("\n") + lst.write("\n") diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb index 3081ebf92f..519985bbae 100644 --- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -22,6 +22,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te file://fix-execution-of-ptests.patch \ file://remove-fuzz-from-ptests.patch \ file://libxml-m4-use-pkgconfig.patch \ + file://0001-Port-gentest.py-to-Python-3.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" @@ -29,6 +30,10 @@ SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c BINCONFIG = "${bindir}/xml2-config" +# Fixed since 2.9.11 via +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f +CVE_CHECK_IGNORE += "CVE-2016-3709" + PACKAGECONFIG ??= "python \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " @@ -78,6 +83,16 @@ do_configure:prepend () { } do_compile_ptest() { + # Make sure that testapi.c is newer than gentests.py, because + # with reproducible builds, they will both get e.g. Jan 1 1970 + # modification time from SOURCE_DATE_EPOCH and then check-am + # might try to rebuild_testapi, which will fail even with + # 0001-Port-gentest.py-to-Python-3.patch, because it needs + # libxml2 module (libxml2-native dependency and correctly + # set PYTHON_SITE_PACKAGES), it's easier to + # just rely on pre-generated testapi.c from the release + touch ${S}/testapi.c + oe_runmake check-am } diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 18af89b53e..944243fce9 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -66,9 +66,7 @@ python do_fetch() { # Connect to database conn = sqlite3.connect(db_file) - c = conn.cursor() - - initialize_db(c) + initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: total_years = date.today().year + 1 - YEAR_START @@ -98,19 +96,21 @@ python do_fetch() { return # Compare with current db last modified date - c.execute("select DATE from META where YEAR = ?", (year,)) - meta = c.fetchone() + cursor = conn.execute("select DATE from META where YEAR = ?", (year,)) + meta = cursor.fetchone() + cursor.close() + if not meta or meta[0] != last_modified: bb.debug(2, "Updating entries") # Clear products table entries corresponding to current year - c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)) + conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close() # Update db with current year json file try: response = urllib.request.urlopen(json_url) if response: - update_db(c, gzip.decompress(response.read()).decode('utf-8')) - c.execute("insert or replace into META values (?, ?)", [year, last_modified]) + update_db(conn, gzip.decompress(response.read()).decode('utf-8')) + conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') bb.warn("Cannot parse CVE data (%s), update failed" % e.reason) @@ -129,21 +129,26 @@ do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}" do_fetch[file-checksums] = "" do_fetch[vardeps] = "" -def initialize_db(c): - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") +def initialize_db(conn): + with conn: + c = conn.cursor() + + c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") + + c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ + SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)") + c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ + VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ + VERSION_END TEXT, OPERATOR_END TEXT)") + c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ - VERSION_END TEXT, OPERATOR_END TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") + c.close() -def parse_node_and_insert(c, node, cveId): +def parse_node_and_insert(conn, node, cveId): # Parse children node if needed for child in node.get('children', ()): - parse_node_and_insert(c, child, cveId) + parse_node_and_insert(conn, child, cveId) def cpe_generator(): for cpe in node.get('cpe_match', ()): @@ -200,9 +205,9 @@ def parse_node_and_insert(c, node, cveId): # Save processing by representing as -. yield [cveId, vendor, product, '-', '', '', ''] - c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()) + conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close() -def update_db(c, jsondata): +def update_db(conn, jsondata): import json root = json.loads(jsondata) @@ -226,12 +231,12 @@ def update_db(c, jsondata): accessVector = accessVector or "UNKNOWN" cvssv3 = 0.0 - c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]) + conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)", + [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() configurations = elt['configurations']['nodes'] for config in configurations: - parse_node_and_insert(c, config, cveId) + parse_node_and_insert(conn, config, cveId) do_fetch[nostamp] = "1" diff --git a/poky/meta/recipes-core/meta/wic-tools.bb b/poky/meta/recipes-core/meta/wic-tools.bb index ba0916cb56..daaf3ea576 100644 --- a/poky/meta/recipes-core/meta/wic-tools.bb +++ b/poky/meta/recipes-core/meta/wic-tools.bb @@ -6,7 +6,8 @@ DEPENDS = "\ parted-native gptfdisk-native dosfstools-native \ mtools-native bmap-tools-native grub-native cdrtools-native \ btrfs-tools-native squashfs-tools-native pseudo-native \ - e2fsprogs-native util-linux-native tar-native\ + e2fsprogs-native util-linux-native tar-native \ + virtual/${TARGET_PREFIX}binutils \ " DEPENDS:append:x86 = " syslinux-native syslinux grub-efi systemd-boot" DEPENDS:append:x86-64 = " syslinux-native syslinux grub-efi systemd-boot" diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb b/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb index 9523aadd15..e62567894b 100644 --- a/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb +++ b/poky/meta/recipes-core/packagegroups/packagegroup-self-hosted.bb @@ -98,11 +98,14 @@ RDEPENDS:packagegroup-self-hosted-sdk:append:libc-glibc = "\ glibc-utils \ rpcsvc-proto \ " + +STRACE = "strace" +STRACE:riscv32 = "" RDEPENDS:packagegroup-self-hosted-debug = " \ gdb \ gdbserver \ rsync \ - strace \ + ${STRACE} \ tcf-agent" diff --git a/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf b/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf index 87cbe1e7d3..c4277221a2 100644 --- a/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf +++ b/poky/meta/recipes-core/systemd/systemd/00-create-volatile.conf @@ -3,5 +3,6 @@ # inside /var/log. +d /run/lock 1777 - - - d /var/volatile/log - - - - d /var/volatile/tmp 1777 - - diff --git a/poky/meta/recipes-core/systemd/systemd_250.5.bb b/poky/meta/recipes-core/systemd/systemd_250.5.bb index 9923312830..5d568f639e 100644 --- a/poky/meta/recipes-core/systemd/systemd_250.5.bb +++ b/poky/meta/recipes-core/systemd/systemd_250.5.bb @@ -165,6 +165,7 @@ PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native xmlto-native do PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd" PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname" PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false" +PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers=" PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false" PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false" PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false" diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty index 699a1ead1a..3c31a95f7f 100644 --- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty +++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty @@ -14,4 +14,7 @@ esac if [ -e /sys/class/tty/$2 -a -c /dev/$2 ]; then ${setsid:-} ${getty} -L $1 $2 $3 +else + # Prevent respawning to fast error if /dev entry does not exist + sleep 1000 fi diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb b/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb index b39020884f..f6d3ea2bc1 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.37.4.bb @@ -69,7 +69,7 @@ EXTRA_OECONF = "\ --enable-libuuid --enable-libblkid \ \ --enable-fsck --enable-kill --enable-last --enable-mesg \ - --enable-mount --enable-partx --enable-raw --enable-rfkill \ + --enable-mount --enable-partx --enable-rfkill \ --enable-unshare --enable-write \ \ --disable-bfs --disable-login \ diff --git a/poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch b/poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch new file mode 100644 index 0000000000..d29e6e0f1f --- /dev/null +++ b/poky/meta/recipes-core/zlib/zlib/CVE-2022-37434.patch @@ -0,0 +1,44 @@ +From 8617d83d6939754ae3a04fc2d22daa18eeea2a43 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Wed, 17 Aug 2022 10:15:57 +0530 +Subject: [PATCH] CVE-2022-37434 + +Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 & https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] +CVE: CVE-2022-37434 +Signed-off-by: Hitendra Prajapati + +Fix a bug when getting a gzip header extra field with inflate(). + +If the extra field was larger than the space the user provided with +inflateGetHeader(), and if multiple calls of inflate() delivered +the extra header data, then there could be a buffer overflow of the +provided space. This commit assures that provided space is not +exceeded. + + Fix extra field processing bug that dereferences NULL state->head. + +The recent commit to fix a gzip header extra field processing bug +introduced the new bug fixed here. +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/inflate.c b/inflate.c +index ac333e8..cd01857 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -759,8 +759,9 @@ int flush; + if (copy > have) copy = have; + if (copy) { + if (state->head != Z_NULL && +- state->head->extra != Z_NULL) { +- len = state->head->extra_len - state->length; ++ state->head->extra != Z_NULL && ++ (len = state->head->extra_len - state->length) < ++ state->head->extra_max) { + zmemcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy); +-- +2.25.1 + diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.11.bb b/poky/meta/recipes-core/zlib/zlib_1.2.11.bb index f8bcc0abcf..f768b41988 100644 --- a/poky/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/poky/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -11,6 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ file://CVE-2018-25032.patch \ file://run-ptest \ + file://CVE-2022-37434.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb index 95c25e3036..b5ada2ef55 100644 --- a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb +++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb @@ -132,5 +132,5 @@ do_install:append:class-target() { do_install:append() { # Avoid non-reproducible -src package - sed -i -e "s,${B},,g" ${B}/apt-pkg/tagfile-keys.cc + sed -i -e "s,${B}/include/,,g" ${B}/apt-pkg/tagfile-keys.cc } diff --git a/poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch b/poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch new file mode 100644 index 0000000000..4f15bf96c3 --- /dev/null +++ b/poky/meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch @@ -0,0 +1,138 @@ +From 7a3bbca81b803ba116b83c82de378e840cc35f81 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Thu, 1 Sep 2022 16:19:50 -0500 +Subject: [PATCH] Port to compilers that moan about K&R func decls +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* lib/autoconf/c.m4 (AC_LANG_CALL, AC_LANG_FUNC_LINK_TRY): +Use '(void)' rather than '()' in function prototypes, as the latter +provokes fatal errors in some compilers nowadays. +* lib/autoconf/functions.m4 (AC_FUNC_STRTOD): +* tests/fortran.at (AC_F77_DUMMY_MAIN usage): +* tests/semantics.at (AC_CHECK_DECLS): +Don’t use () in a function decl. + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/autoconf.git/commit/?id=8b5e2016c7ed2d67f31b03a3d2e361858ff5299b] +Signed-off-by: Khem Raj +--- + doc/autoconf.texi | 7 +++---- + lib/autoconf/c.m4 | 6 +++--- + lib/autoconf/functions.m4 | 3 --- + tests/fortran.at | 8 ++++---- + tests/semantics.at | 2 +- + 5 files changed, 11 insertions(+), 15 deletions(-) + +--- a/doc/autoconf.texi ++++ b/doc/autoconf.texi +@@ -5465,9 +5465,7 @@ the @samp{#undef malloc}): + #include + #undef malloc + +-#include +- +-void *malloc (); ++#include + + /* Allocate an N-byte block of memory from the heap. + If N is zero, allocate a 1-byte block. */ +@@ -8295,7 +8293,7 @@ needed: + # ifdef __cplusplus + extern "C" + # endif +- int F77_DUMMY_MAIN () @{ return 1; @} ++ int F77_DUMMY_MAIN (void) @{ return 1; @} + #endif + @end example + +--- a/lib/autoconf/c.m4 ++++ b/lib/autoconf/c.m4 +@@ -127,7 +127,7 @@ m4_if([$2], [main], , + [/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-char $2 ();])], [return $2 ();])]) ++char $2 (void);])], [return $2 ();])]) + + + # AC_LANG_FUNC_LINK_TRY(C)(FUNCTION) +@@ -151,7 +151,7 @@ m4_define([AC_LANG_FUNC_LINK_TRY(C)], + #define $1 innocuous_$1 + + /* System header to define __stub macros and hopefully few prototypes, +- which can conflict with char $1 (); below. */ ++ which can conflict with char $1 (void); below. */ + + #include + #undef $1 +@@ -162,7 +162,7 @@ m4_define([AC_LANG_FUNC_LINK_TRY(C)], + #ifdef __cplusplus + extern "C" + #endif +-char $1 (); ++char $1 (void); + /* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +--- a/lib/autoconf/functions.m4 ++++ b/lib/autoconf/functions.m4 +@@ -1601,9 +1601,6 @@ AC_DEFUN([AC_FUNC_STRTOD], + AC_CACHE_CHECK(for working strtod, ac_cv_func_strtod, + [AC_RUN_IFELSE([AC_LANG_SOURCE([[ + ]AC_INCLUDES_DEFAULT[ +-#ifndef strtod +-double strtod (); +-#endif + int + main (void) + { +--- a/tests/fortran.at ++++ b/tests/fortran.at +@@ -233,7 +233,7 @@ void FOOBAR_F77 (double *x, double *y); + # ifdef __cplusplus + extern "C" + # endif +- int F77_DUMMY_MAIN () { return 1; } ++ int F77_DUMMY_MAIN (void) { return 1; } + #endif + + int main(int argc, char *argv[]) +@@ -315,7 +315,7 @@ void FOOBAR_FC(double *x, double *y); + # ifdef __cplusplus + extern "C" + # endif +- int FC_DUMMY_MAIN () { return 1; } ++ int FC_DUMMY_MAIN (void) { return 1; } + #endif + + int main (int argc, char *argv[]) +@@ -561,7 +561,7 @@ void @foobar@ (int *x); + # ifdef __cplusplus + extern "C" + # endif +- int F77_DUMMY_MAIN () { return 1; } ++ int F77_DUMMY_MAIN (void) { return 1; } + #endif + + int main(int argc, char *argv[]) +@@ -637,7 +637,7 @@ void @foobar@ (int *x); + # ifdef __cplusplus + extern "C" + # endif +- int FC_DUMMY_MAIN () { return 1; } ++ int FC_DUMMY_MAIN (void) { return 1; } + #endif + + int main(int argc, char *argv[]) +--- a/tests/semantics.at ++++ b/tests/semantics.at +@@ -207,7 +207,7 @@ AT_CHECK_MACRO([AC_CHECK_DECLS], + [[extern int yes; + enum { myenum }; + extern struct mystruct_s { int x[20]; } mystruct; +- extern int myfunc(); ++ extern int myfunc (int); + #define mymacro1(arg) arg + #define mymacro2]]) + # Ensure we can detect missing declarations of functions whose diff --git a/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb b/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb index 799191e2ca..97c241a3f5 100644 --- a/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb +++ b/poky/meta/recipes-devtools/autoconf/autoconf_2.71.bb @@ -18,6 +18,7 @@ SRC_URI = "${GNU_MIRROR}/autoconf/${BP}.tar.gz \ file://preferbash.patch \ file://autotest-automake-result-format.patch \ file://man-host-perl.patch \ + file://0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch \ " SRC_URI:append:class-native = " file://no-man.patch" diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc index eed252976a..fc88d4a79e 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -33,5 +33,11 @@ SRC_URI = "\ file://0012-Check-for-clang-before-checking-gcc-version.patch \ file://0013-Avoid-as-info-race-condition.patch \ file://0014-CVE-2019-1010204.patch \ + file://0015-CVE-2022-38533.patch \ + file://0016-CVE-2022-38126.patch \ + file://0017-CVE-2022-38127-1.patch \ + file://0017-CVE-2022-38127-2.patch \ + file://0017-CVE-2022-38127-3.patch \ + file://0017-CVE-2022-38127-4.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch new file mode 100644 index 0000000000..5d9ac2cb1f --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch @@ -0,0 +1,36 @@ +From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Sat, 13 Aug 2022 15:32:47 +0930 +Subject: [PATCH] PR29482 - strip: heap-buffer-overflow + + PR 29482 + * coffcode.h (coff_set_section_contents): Sanity check _LIB. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] + +Signed-off-by: Pgowda + +--- + bfd/coffcode.h | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/bfd/coffcode.h b/bfd/coffcode.h +index 67aaf158ca1..52027981c3f 100644 +--- a/bfd/coffcode.h ++++ b/bfd/coffcode.h +@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd, + + rec = (bfd_byte *) location; + recend = rec + count; +- while (rec < recend) ++ while (recend - rec >= 4) + { ++ size_t len = bfd_get_32 (abfd, rec); ++ if (len == 0 || len > (size_t) (recend - rec) / 4) ++ break; ++ rec += len * 4; + ++section->lma; +- rec += bfd_get_32 (abfd, rec) * 4; + } + + BFD_ASSERT (rec == recend); diff --git a/poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch b/poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch new file mode 100644 index 0000000000..8200e28a81 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch @@ -0,0 +1,34 @@ +From e3e5ae049371a27fd1737aba946fe26d06e029b5 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Mon, 27 Jun 2022 13:43:02 +0100 +Subject: [PATCH] Replace a run-time assertion failure with a warning message + when parsing corrupt DWARF data. + + PR 29289 + * dwarf.c (display_debug_names): Replace assert with a warning + message. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5] + +Signed-off-by: Pgowda +--- + binutils/dwarf.c | 7 ++++++- + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 37b477b886d..b99c56987da 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -9802,7 +9802,12 @@ display_debug_names (struct dwarf_sectio + printf (_("Out of %lu items there are %zu bucket clashes" + " (longest of %zu entries).\n"), + (unsigned long) name_count, hash_clash_count, longest_clash); +- assert (name_count == buckets_filled + hash_clash_count); ++ ++ if (name_count != buckets_filled + hash_clash_count) ++ warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"), ++ (unsigned long) name_count, ++ (unsigned long) buckets_filled, ++ (unsigned long) hash_clash_count); + + struct abbrev_lookup_entry + { diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch new file mode 100644 index 0000000000..9bbf1d6453 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-1.patch @@ -0,0 +1,1224 @@ +From 19c26da69d68d5d863f37c06ad73ab6292d02ffa Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Wed, 6 Apr 2022 14:43:37 +0100 +Subject: [PATCH] Add code to display the contents of .debug_loclists sections + which contain offset entry tables. + + PR 28981 + * dwarf.c (fetch_indexed_value): Rename to fecth_indexed_addr and + return the address, rather than a string. + (fetch_indexed_value): New function - returns a value indexed by a + DW_FORM_loclistx or DW_FORM_rnglistx form. + (read_and_display_attr_value): Add support for DW_FORM_loclistx + and DW_FORM_rnglistx. + (process_debug_info): Load the loclists and rnglists sections. + (display_loclists_list): Add support for DW_LLE_base_addressx, + DW_LLE_startx_endx, DW_LLE_startx_length and + DW_LLE_default_location. + (display_offset_entry_loclists): New function. Displays a + .debug_loclists section that contains offset entry tables. + (display_debug_loc): Call the new function. + (display_debug_rnglists_list): Add support for + DW_RLE_base_addressx, DW_RLE_startx_endx and DW_RLE_startx_length. + (display_debug_ranges): Display the contents of the section's + header. + * dwarf.h (struct debug_info): Add loclists_base field. + * testsuite/binutils-all/dw5.W: Update expected output. + * testsuite/binutils-all/x86-64/pr26808.dump: Likewise. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa] + +Signed-off-by: Pgowda +--- + binutils/ChangeLog | 24 + + binutils/dwarf.c | 513 +++++++++++++++--- + binutils/dwarf.h | 4 + + binutils/testsuite/binutils-all/dw5.W | 2 +- + .../binutils-all/x86-64/pr26808.dump | 82 +-- + gas/ChangeLog | 5 + + gas/testsuite/gas/elf/dwarf-5-irp.d | 2 +- + 7 files changed, 517 insertions(+), 115 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 15b3c81a138..bc862f77c04 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -240,7 +240,7 @@ static const char * + dwarf_vmatoa_1 (const char *fmtch, dwarf_vma value, unsigned num_bytes) + { + /* As dwarf_vmatoa is used more then once in a printf call +- for output, we are cycling through an fixed array of pointers ++ for output, we are cycling through a fixed array of pointers + for return address. */ + static int buf_pos = 0; + static struct dwarf_vmatoa_buf +@@ -796,24 +796,70 @@ fetch_indexed_string (dwarf_vma idx, str + return ret; + } + +-static const char * +-fetch_indexed_value (dwarf_vma offset, dwarf_vma bytes) ++static dwarf_vma ++fetch_indexed_addr (dwarf_vma offset, uint32_t num_bytes) + { + struct dwarf_section *section = &debug_displays [debug_addr].section; + + if (section->start == NULL) +- return (_("")); ++ { ++ warn (_("")); ++ return 0; ++ } + +- if (offset + bytes > section->size) ++ if (offset + num_bytes > section->size) + { + warn (_("Offset into section %s too big: 0x%s\n"), + section->name, dwarf_vmatoa ("x", offset)); +- return ""; ++ return 0; + } + +- return dwarf_vmatoa ("x", byte_get (section->start + offset, bytes)); ++ return byte_get (section->start + offset, num_bytes); + } + ++/* Fetch a value from a debug section that has been indexed by ++ something in another section (eg DW_FORM_loclistx). ++ Returns 0 if the value could not be found. */ ++ ++static dwarf_vma ++fetch_indexed_value (dwarf_vma index, ++ enum dwarf_section_display_enum sec_enum) ++{ ++ struct dwarf_section *section = &debug_displays [sec_enum].section; ++ ++ if (section->start == NULL) ++ { ++ warn (_("Unable to locate %s section\n"), section->uncompressed_name); ++ return 0; ++ } ++ ++ uint32_t pointer_size, bias; ++ ++ if (byte_get (section->start, 4) == 0xffffffff) ++ { ++ pointer_size = 8; ++ bias = 20; ++ } ++ else ++ { ++ pointer_size = 4; ++ bias = 12; ++ } ++ ++ dwarf_vma offset = index * pointer_size; ++ ++ /* Offsets are biased by the size of the section header. */ ++ offset += bias; ++ ++ if (offset + pointer_size > section->size) ++ { ++ warn (_("Offset into section %s too big: 0x%s\n"), ++ section->name, dwarf_vmatoa ("x", offset)); ++ return 0; ++ } ++ ++ return byte_get (section->start + offset, pointer_size); ++} + + /* FIXME: There are better and more efficient ways to handle + these structures. For now though, I just want something that +@@ -1999,6 +2045,8 @@ skip_attr_bytes (unsigned long form, + case DW_FORM_strx: + case DW_FORM_GNU_addr_index: + case DW_FORM_addrx: ++ case DW_FORM_loclistx: ++ case DW_FORM_rnglistx: + READ_ULEB (uvalue, data, end); + break; + +@@ -2410,9 +2458,6 @@ read_and_display_attr_value (unsigned lo + + switch (form) + { +- default: +- break; +- + case DW_FORM_ref_addr: + if (dwarf_version == 2) + SAFE_BYTE_GET_AND_INC (uvalue, data, pointer_size, end); +@@ -2496,6 +2541,8 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_udata: + case DW_FORM_GNU_addr_index: + case DW_FORM_addrx: ++ case DW_FORM_loclistx: ++ case DW_FORM_rnglistx: + READ_ULEB (uvalue, data, end); + break; + +@@ -2515,6 +2562,9 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_implicit_const: + uvalue = implicit_const; + break; ++ ++ default: ++ break; + } + + switch (form) +@@ -2710,6 +2760,8 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_addrx2: + case DW_FORM_addrx3: + case DW_FORM_addrx4: ++ case DW_FORM_loclistx: ++ case DW_FORM_rnglistx: + if (!do_loc) + { + dwarf_vma base; +@@ -2728,11 +2780,11 @@ read_and_display_attr_value (unsigned lo + /* We have already displayed the form name. */ + printf (_("%c(index: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_value (offset, pointer_size)); ++ dwarf_vmatoa ("x", fetch_indexed_addr (offset, pointer_size))); + else + printf (_("%c(addr_index: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_value (offset, pointer_size)); ++ dwarf_vmatoa ("x", fetch_indexed_addr (offset, pointer_size))); + } + break; + +@@ -2754,6 +2806,13 @@ read_and_display_attr_value (unsigned lo + { + switch (attribute) + { ++ case DW_AT_loclists_base: ++ if (debug_info_p->loclists_base) ++ warn (_("CU @ 0x%s has multiple loclists_base values"), ++ dwarf_vmatoa ("x", debug_info_p->cu_offset)); ++ debug_info_p->loclists_base = uvalue; ++ break; ++ + case DW_AT_frame_base: + have_frame_base = 1; + /* Fall through. */ +@@ -2776,7 +2835,8 @@ read_and_display_attr_value (unsigned lo + case DW_AT_GNU_call_site_target_clobbered: + if ((dwarf_version < 4 + && (form == DW_FORM_data4 || form == DW_FORM_data8)) +- || form == DW_FORM_sec_offset) ++ || form == DW_FORM_sec_offset ++ || form == DW_FORM_loclistx) + { + /* Process location list. */ + unsigned int lmax = debug_info_p->max_loc_offsets; +@@ -2796,11 +2856,17 @@ read_and_display_attr_value (unsigned lo + lmax, sizeof (*debug_info_p->have_frame_base)); + debug_info_p->max_loc_offsets = lmax; + } +- if (this_set != NULL) ++ ++ if (form == DW_FORM_loclistx) ++ uvalue = fetch_indexed_value (uvalue, loclists); ++ else if (this_set != NULL) + uvalue += this_set->section_offsets [DW_SECT_LOC]; ++ + debug_info_p->have_frame_base [num] = have_frame_base; + if (attribute != DW_AT_GNU_locviews) + { ++ uvalue += debug_info_p->loclists_base; ++ + /* Corrupt DWARF info can produce more offsets than views. + See PR 23062 for an example. */ + if (debug_info_p->num_loc_offsets +@@ -2844,7 +2910,8 @@ read_and_display_attr_value (unsigned lo + case DW_AT_ranges: + if ((dwarf_version < 4 + && (form == DW_FORM_data4 || form == DW_FORM_data8)) +- || form == DW_FORM_sec_offset) ++ || form == DW_FORM_sec_offset ++ || form == DW_FORM_rnglistx) + { + /* Process range list. */ + unsigned int lmax = debug_info_p->max_range_lists; +@@ -2858,6 +2925,10 @@ read_and_display_attr_value (unsigned lo + lmax, sizeof (*debug_info_p->range_lists)); + debug_info_p->max_range_lists = lmax; + } ++ ++ if (form == DW_FORM_rnglistx) ++ uvalue = fetch_indexed_value (uvalue, rnglists); ++ + debug_info_p->range_lists [num] = uvalue; + debug_info_p->num_range_lists++; + } +@@ -3231,6 +3302,7 @@ read_and_display_attr_value (unsigned lo + have_frame_base = 1; + /* Fall through. */ + case DW_AT_location: ++ case DW_AT_loclists_base: + case DW_AT_string_length: + case DW_AT_return_addr: + case DW_AT_data_member_location: +@@ -3248,7 +3320,8 @@ read_and_display_attr_value (unsigned lo + case DW_AT_GNU_call_site_target_clobbered: + if ((dwarf_version < 4 + && (form == DW_FORM_data4 || form == DW_FORM_data8)) +- || form == DW_FORM_sec_offset) ++ || form == DW_FORM_sec_offset ++ || form == DW_FORM_loclistx) + printf (_(" (location list)")); + /* Fall through. */ + case DW_AT_allocated: +@@ -3517,6 +3590,9 @@ process_debug_info (struct dwarf_section + } + + load_debug_section_with_follow (abbrev_sec, file); ++ load_debug_section_with_follow (loclists, file); ++ load_debug_section_with_follow (rnglists, file); ++ + if (debug_displays [abbrev_sec].section.start == NULL) + { + warn (_("Unable to locate %s section!\n"), +@@ -3729,6 +3805,7 @@ process_debug_info (struct dwarf_section + debug_information [unit].have_frame_base = NULL; + debug_information [unit].max_loc_offsets = 0; + debug_information [unit].num_loc_offsets = 0; ++ debug_information [unit].loclists_base = 0; + debug_information [unit].range_lists = NULL; + debug_information [unit].max_range_lists= 0; + debug_information [unit].num_range_lists = 0; +@@ -6465,20 +6542,21 @@ display_loc_list (struct dwarf_section * + /* Display a location list from a normal (ie, non-dwo) .debug_loclists section. */ + + static void +-display_loclists_list (struct dwarf_section *section, +- unsigned char **start_ptr, +- unsigned int debug_info_entry, +- dwarf_vma offset, +- dwarf_vma base_address, +- unsigned char **vstart_ptr, +- int has_frame_base) +-{ +- unsigned char *start = *start_ptr, *vstart = *vstart_ptr; +- unsigned char *section_end = section->start + section->size; +- dwarf_vma cu_offset; +- unsigned int pointer_size; +- unsigned int offset_size; +- int dwarf_version; ++display_loclists_list (struct dwarf_section * section, ++ unsigned char ** start_ptr, ++ unsigned int debug_info_entry, ++ dwarf_vma offset, ++ dwarf_vma base_address, ++ unsigned char ** vstart_ptr, ++ int has_frame_base) ++{ ++ unsigned char * start = *start_ptr; ++ unsigned char * vstart = *vstart_ptr; ++ unsigned char * section_end = section->start + section->size; ++ dwarf_vma cu_offset; ++ unsigned int pointer_size; ++ unsigned int offset_size; ++ unsigned int dwarf_version; + + /* Initialize it due to a false compiler warning. */ + dwarf_vma begin = -1, vbegin = -1; +@@ -6544,27 +6622,59 @@ display_loclists_list (struct dwarf_sect + case DW_LLE_end_of_list: + printf (_("\n")); + break; ++ ++ case DW_LLE_base_addressx: ++ READ_ULEB (base_address, start, section_end); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(index into .debug_addr) ")); ++ base_address = fetch_indexed_addr (base_address, pointer_size); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address)\n")); ++ break; ++ ++ case DW_LLE_startx_endx: ++ READ_ULEB (begin, start, section_end); ++ begin = fetch_indexed_addr (begin, pointer_size); ++ READ_ULEB (end, start, section_end); ++ end = fetch_indexed_addr (end, pointer_size); ++ break; ++ ++ case DW_LLE_startx_length: ++ READ_ULEB (begin, start, section_end); ++ begin = fetch_indexed_addr (begin, pointer_size); ++ READ_ULEB (end, start, section_end); ++ end += begin; ++ break; ++ ++ case DW_LLE_default_location: ++ begin = end = 0; ++ break; ++ + case DW_LLE_offset_pair: + READ_ULEB (begin, start, section_end); + begin += base_address; + READ_ULEB (end, start, section_end); + end += base_address; + break; ++ ++ case DW_LLE_base_address: ++ SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, ++ section_end); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address)\n")); ++ break; ++ + case DW_LLE_start_end: + SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, section_end); + SAFE_BYTE_GET_AND_INC (end, start, pointer_size, section_end); + break; ++ + case DW_LLE_start_length: + SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, section_end); + READ_ULEB (end, start, section_end); + end += begin; + break; +- case DW_LLE_base_address: +- SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, +- section_end); +- print_dwarf_vma (base_address, pointer_size); +- printf (_("(base address)\n")); +- break; ++ + #ifdef DW_LLE_view_pair + case DW_LLE_view_pair: + if (vstart) +@@ -6578,15 +6688,17 @@ display_loclists_list (struct dwarf_sect + printf (_("views for:\n")); + continue; + #endif ++ + default: + error (_("Invalid location list entry type %d\n"), llet); + return; + } ++ + if (llet == DW_LLE_end_of_list) + break; +- if (llet != DW_LLE_offset_pair +- && llet != DW_LLE_start_end +- && llet != DW_LLE_start_length) ++ ++ if (llet == DW_LLE_base_address ++ || llet == DW_LLE_base_addressx) + continue; + + if (start == section_end) +@@ -6828,6 +6940,218 @@ loc_offsets_compar (const void *ap, cons + } + + static int ++display_offset_entry_loclists (struct dwarf_section *section) ++{ ++ unsigned char * start = section->start; ++ unsigned char * const end = start + section->size; ++ ++ introduce (section, false); ++ ++ do ++ { ++ dwarf_vma length; ++ unsigned short version; ++ unsigned char address_size; ++ unsigned char segment_selector_size; ++ uint32_t offset_entry_count; ++ uint32_t i; ++ bool is_64bit; ++ ++ printf (_("Table at Offset 0x%lx\n"), (long)(start - section->start)); ++ ++ SAFE_BYTE_GET_AND_INC (length, start, 4, end); ++ if (length == 0xffffffff) ++ { ++ is_64bit = true; ++ SAFE_BYTE_GET_AND_INC (length, start, 8, end); ++ } ++ else ++ is_64bit = false; ++ ++ SAFE_BYTE_GET_AND_INC (version, start, 2, end); ++ SAFE_BYTE_GET_AND_INC (address_size, start, 1, end); ++ SAFE_BYTE_GET_AND_INC (segment_selector_size, start, 1, end); ++ SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, end); ++ ++ printf (_(" Length: 0x%s\n"), dwarf_vmatoa ("x", length)); ++ printf (_(" DWARF version: %u\n"), version); ++ printf (_(" Address size: %u\n"), address_size); ++ printf (_(" Segment size: %u\n"), segment_selector_size); ++ printf (_(" Offset entries: %u\n"), offset_entry_count); ++ ++ if (version < 5) ++ { ++ warn (_("The %s section contains a corrupt or " ++ "unsupported version number: %d.\n"), ++ section->name, version); ++ return 0; ++ } ++ ++ if (segment_selector_size != 0) ++ { ++ warn (_("The %s section contains an " ++ "unsupported segment selector size: %d.\n"), ++ section->name, segment_selector_size); ++ return 0; ++ } ++ ++ if (offset_entry_count == 0) ++ { ++ warn (_("The %s section contains a table without offset\n"), ++ section->name); ++ return 0; ++ } ++ ++ printf (_("\n Offset Entries starting at 0x%lx:\n"), ++ (long)(start - section->start)); ++ ++ if (is_64bit) ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ dwarf_vma entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 8, end); ++ printf (_(" [%6u] 0x%s\n"), i, dwarf_vmatoa ("x", entry)); ++ } ++ } ++ else ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ uint32_t entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 4, end); ++ printf (_(" [%6u] 0x%x\n"), i, entry); ++ } ++ } ++ ++ putchar ('\n'); ++ ++ uint32_t j; ++ ++ for (j = 1, i = 0; i < offset_entry_count;) ++ { ++ unsigned char lle; ++ dwarf_vma base_address = 0; ++ dwarf_vma begin; ++ dwarf_vma finish; ++ dwarf_vma off = start - section->start; ++ ++ if (j != i) ++ { ++ printf (_(" Offset Entry %u\n"), i); ++ j = i; ++ } ++ ++ printf (" "); ++ print_dwarf_vma (off, 4); ++ ++ SAFE_BYTE_GET_AND_INC (lle, start, 1, end); ++ ++ switch (lle) ++ { ++ case DW_LLE_end_of_list: ++ printf (_("\n\n")); ++ i ++; ++ continue; ++ ++ case DW_LLE_base_addressx: ++ READ_ULEB (base_address, start, end); ++ print_dwarf_vma (base_address, address_size); ++ printf (_("(index into .debug_addr) ")); ++ base_address = fetch_indexed_addr (base_address, address_size); ++ print_dwarf_vma (base_address, address_size); ++ printf (_("(base address)\n")); ++ continue; ++ ++ case DW_LLE_startx_endx: ++ READ_ULEB (begin, start, end); ++ begin = fetch_indexed_addr (begin, address_size); ++ READ_ULEB (finish, start, end); ++ finish = fetch_indexed_addr (finish, address_size); ++ break; ++ ++ case DW_LLE_startx_length: ++ READ_ULEB (begin, start, end); ++ begin = fetch_indexed_addr (begin, address_size); ++ READ_ULEB (finish, start, end); ++ finish += begin; ++ break; ++ ++ case DW_LLE_offset_pair: ++ READ_ULEB (begin, start, end); ++ begin += base_address; ++ READ_ULEB (finish, start, end); ++ finish += base_address; ++ break; ++ ++ case DW_LLE_default_location: ++ begin = finish = 0; ++ break; ++ ++ case DW_LLE_base_address: ++ SAFE_BYTE_GET_AND_INC (base_address, start, address_size, end); ++ print_dwarf_vma (base_address, address_size); ++ printf (_("(base address)\n")); ++ continue; ++ ++ case DW_LLE_start_end: ++ SAFE_BYTE_GET_AND_INC (begin, start, address_size, end); ++ SAFE_BYTE_GET_AND_INC (finish, start, address_size, end); ++ break; ++ ++ case DW_LLE_start_length: ++ SAFE_BYTE_GET_AND_INC (begin, start, address_size, end); ++ READ_ULEB (finish, start, end); ++ finish += begin; ++ break; ++ ++ default: ++ error (_("Invalid location list entry type %d\n"), lle); ++ return 0; ++ } ++ ++ if (start == end) ++ { ++ warn (_("Location list starting at offset 0x%lx is not terminated.\n"), ++ (unsigned long) off); ++ break; ++ } ++ ++ print_dwarf_vma (begin, address_size); ++ print_dwarf_vma (finish, address_size); ++ ++ if (begin == finish) ++ fputs (_(" (start == end)"), stdout); ++ else if (begin > finish) ++ fputs (_(" (start > end)"), stdout); ++ ++ /* Read the counted location descriptions. */ ++ READ_ULEB (length, start, end); ++ ++ if (length > (size_t) (end - start)) ++ { ++ warn (_("Location list starting at offset 0x%lx is not terminated.\n"), ++ (unsigned long) off); ++ break; ++ } ++ ++ putchar (' '); ++ (void) decode_location_expression (start, address_size, address_size, ++ version, length, 0, section); ++ start += length; ++ putchar ('\n'); ++ } ++ ++ putchar ('\n'); ++ } ++ while (start < end); ++ ++ return 1; ++} ++ ++static int + display_debug_loc (struct dwarf_section *section, void *file) + { + unsigned char *start = section->start, *vstart = NULL; +@@ -6893,13 +7217,9 @@ display_debug_loc (struct dwarf_section + } + + SAFE_BYTE_GET_AND_INC (offset_entry_count, hdrptr, 4, end); ++ + if (offset_entry_count != 0) +- { +- warn (_("The %s section contains " +- "unsupported offset entry count: %d.\n"), +- section->name, offset_entry_count); +- return 0; +- } ++ return display_offset_entry_loclists (section); + + expected_start = hdrptr - section_begin; + } +@@ -6959,9 +7279,10 @@ display_debug_loc (struct dwarf_section + if (debug_information [first].num_loc_offsets > 0 + && debug_information [first].loc_offsets [0] != expected_start + && debug_information [first].loc_views [0] != expected_start) +- warn (_("Location lists in %s section start at 0x%s\n"), ++ warn (_("Location lists in %s section start at 0x%s rather than 0x%s\n"), + section->name, +- dwarf_vmatoa ("x", debug_information [first].loc_offsets [0])); ++ dwarf_vmatoa ("x", debug_information [first].loc_offsets [0]), ++ dwarf_vmatoa ("x", expected_start)); + + if (!locs_sorted) + array = (unsigned int *) xcmalloc (num_loc_list, sizeof (unsigned int)); +@@ -7639,24 +7960,44 @@ display_debug_rnglists_list (unsigned ch + case DW_RLE_end_of_list: + printf (_("\n")); + break; +- case DW_RLE_base_address: +- SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, finish); ++ case DW_RLE_base_addressx: ++ READ_ULEB (base_address, start, finish); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address index) ")); ++ base_address = fetch_indexed_addr (base_address, pointer_size); + print_dwarf_vma (base_address, pointer_size); + printf (_("(base address)\n")); + break; +- case DW_RLE_start_length: +- SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish); ++ case DW_RLE_startx_endx: ++ READ_ULEB (begin, start, finish); ++ READ_ULEB (end, start, finish); ++ begin = fetch_indexed_addr (begin, pointer_size); ++ end = fetch_indexed_addr (begin, pointer_size); ++ break; ++ case DW_RLE_startx_length: ++ READ_ULEB (begin, start, finish); + READ_ULEB (length, start, finish); ++ begin = fetch_indexed_addr (begin, pointer_size); + end = begin + length; + break; + case DW_RLE_offset_pair: + READ_ULEB (begin, start, finish); + READ_ULEB (end, start, finish); + break; ++ case DW_RLE_base_address: ++ SAFE_BYTE_GET_AND_INC (base_address, start, pointer_size, finish); ++ print_dwarf_vma (base_address, pointer_size); ++ printf (_("(base address)\n")); ++ break; + case DW_RLE_start_end: + SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish); + SAFE_BYTE_GET_AND_INC (end, start, pointer_size, finish); + break; ++ case DW_RLE_start_length: ++ SAFE_BYTE_GET_AND_INC (begin, start, pointer_size, finish); ++ READ_ULEB (length, start, finish); ++ end = begin + length; ++ break; + default: + error (_("Invalid range list entry type %d\n"), rlet); + rlet = DW_RLE_end_of_list; +@@ -7664,7 +8005,7 @@ display_debug_rnglists_list (unsigned ch + } + if (rlet == DW_RLE_end_of_list) + break; +- if (rlet == DW_RLE_base_address) ++ if (rlet == DW_RLE_base_address || rlet == DW_RLE_base_addressx) + continue; + + /* Only a DW_RLE_offset_pair needs the base address added. */ +@@ -7709,6 +8050,8 @@ display_debug_ranges (struct dwarf_secti + return 0; + } + ++ introduce (section, false); ++ + if (is_rnglists) + { + dwarf_vma initial_length; +@@ -7745,19 +8088,19 @@ display_debug_ranges (struct dwarf_secti + } + } + +- /* Get and check the version number. */ ++ /* Get the other fields in the header. */ + SAFE_BYTE_GET_AND_INC (version, start, 2, finish); +- +- if (version != 5) +- { +- warn (_("Only DWARF version 5 debug_rnglists info " +- "is currently supported.\n")); +- return 0; +- } +- + SAFE_BYTE_GET_AND_INC (address_size, start, 1, finish); +- + SAFE_BYTE_GET_AND_INC (segment_selector_size, start, 1, finish); ++ SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, finish); ++ ++ printf (_(" Length: 0x%s\n"), dwarf_vmatoa ("x", initial_length)); ++ printf (_(" DWARF version: %u\n"), version); ++ printf (_(" Address size: %u\n"), address_size); ++ printf (_(" Segment size: %u\n"), segment_selector_size); ++ printf (_(" Offset entries: %u\n"), offset_entry_count); ++ ++ /* Check the fields. */ + if (segment_selector_size != 0) + { + warn (_("The %s section contains " +@@ -7766,16 +8109,39 @@ display_debug_ranges (struct dwarf_secti + return 0; + } + +- SAFE_BYTE_GET_AND_INC (offset_entry_count, start, 4, finish); +- if (offset_entry_count != 0) ++ if (version < 5) + { +- warn (_("The %s section contains " +- "unsupported offset entry count: %u.\n"), +- section->name, offset_entry_count); ++ warn (_("Only DWARF version 5+ debug_rnglists info " ++ "is currently supported.\n")); + return 0; + } +- } + ++ if (offset_entry_count != 0) ++ { ++ printf (_("\n Offsets starting at 0x%lx:\n"), (long)(start - section->start)); ++ if (offset_size == 8) ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ dwarf_vma entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 8, finish); ++ printf (_(" [%6u] 0x%s\n"), i, dwarf_vmatoa ("x", entry)); ++ } ++ } ++ else ++ { ++ for (i = 0; i < offset_entry_count; i++) ++ { ++ uint32_t entry; ++ ++ SAFE_BYTE_GET_AND_INC (entry, start, 4, finish); ++ printf (_(" [%6u] 0x%x\n"), i, entry); ++ } ++ } ++ } ++ } ++ + if (load_debug_info (file) == 0) + { + warn (_("Unable to load/parse the .debug_info section, so cannot interpret the %s section.\n"), +@@ -7834,8 +8200,7 @@ display_debug_ranges (struct dwarf_secti + warn (_("Range lists in %s section start at 0x%lx\n"), + section->name, (unsigned long) range_entries[0].ranges_offset); + +- introduce (section, false); +- ++ putchar ('\n'); + printf (_(" Offset Begin End\n")); + + for (i = 0; i < num_range_list; i++) +@@ -7895,8 +8260,12 @@ display_debug_ranges (struct dwarf_secti + start = next; + last_start = next; + +- (is_rnglists ? display_debug_rnglists_list : display_debug_ranges_list) +- (start, finish, pointer_size, offset, base_address); ++ if (is_rnglists) ++ display_debug_rnglists_list ++ (start, finish, pointer_size, offset, base_address); ++ else ++ display_debug_ranges_list ++ (start, finish, pointer_size, offset, base_address); + } + putchar ('\n'); + +diff --git a/binutils/dwarf.h b/binutils/dwarf.h +index 4fc62abfa4c..ccce2461c81 100644 +--- a/binutils/dwarf.h ++++ b/binutils/dwarf.h +@@ -181,9 +181,13 @@ typedef struct + /* This is an array of offsets to the location view table. */ + dwarf_vma * loc_views; + int * have_frame_base; ++ ++ /* Information for associating location lists with CUs. */ + unsigned int num_loc_offsets; + unsigned int max_loc_offsets; + unsigned int num_loc_views; ++ dwarf_vma loclists_base; ++ + /* List of .debug_ranges offsets seen in this .debug_info. */ + dwarf_vma * range_lists; + unsigned int num_range_lists; +diff --git a/binutils/testsuite/binutils-all/dw5.W b/binutils/testsuite/binutils-all/dw5.W +index ebab8b7d3b0..bfcdac175ba 100644 +--- a/binutils/testsuite/binutils-all/dw5.W ++++ b/binutils/testsuite/binutils-all/dw5.W +@@ -281,7 +281,7 @@ Contents of the .debug_loclists section: + 00000039 + + Contents of the .debug_rnglists section: +- ++#... + Offset Begin End + 0000000c 0000000000001234 0000000000001236 + 00000016 0000000000001234 0000000000001239 +diff --git a/binutils/testsuite/binutils-all/x86-64/pr26808.dump b/binutils/testsuite/binutils-all/x86-64/pr26808.dump +index f64f9d008f9..7ef73b24dc9 100644 +--- a/binutils/testsuite/binutils-all/x86-64/pr26808.dump ++++ b/binutils/testsuite/binutils-all/x86-64/pr26808.dump +@@ -30,13 +30,13 @@ Contents of the .debug_info.dwo section: + DW_AT_decl_file : 1 + DW_AT_decl_line : 30 + DW_AT_type : <0x90> +- DW_AT_low_pc : (addr_index: 0x0): ++ DW_AT_low_pc : (addr_index: 0x0): 0 + DW_AT_high_pc : 0x304 + DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + DW_AT_GNU_all_tail_call_sites: 1 + DW_AT_sibling : <0x11b> + <2>: Abbrev Number: 14 (DW_TAG_lexical_block) +- DW_AT_low_pc : (addr_index: 0x1): ++ DW_AT_low_pc : (addr_index: 0x1): 0 + DW_AT_high_pc : 0x2fa + <3>: Abbrev Number: 15 (DW_TAG_variable) + DW_AT_name : c1 +@@ -56,7 +56,7 @@ Contents of the .debug_info.dwo section: + DW_AT_artificial : 1 + DW_AT_location : 2 byte block: fb 2 (DW_OP_GNU_addr_index <0x2>) + <3><102>: Abbrev Number: 14 (DW_TAG_lexical_block) +- <103> DW_AT_low_pc : (addr_index: 0x3): ++ <103> DW_AT_low_pc : (addr_index: 0x3): 0 + <104> DW_AT_high_pc : 0x2f + <4><10c>: Abbrev Number: 17 (DW_TAG_variable) + <10d> DW_AT_name : i +@@ -274,7 +274,7 @@ Contents of the .debug_info.dwo section: + <2dd> DW_AT_decl_file : 1 + <2de> DW_AT_decl_line : 70 + <2df> DW_AT_linkage_name: _Z4f13iv +- <2e8> DW_AT_low_pc : (addr_index: 0x0): ++ <2e8> DW_AT_low_pc : (addr_index: 0x0): 0 + <2e9> DW_AT_high_pc : 0x6 + <2f1> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <2f3> DW_AT_GNU_all_call_sites: 1 +@@ -282,7 +282,7 @@ Contents of the .debug_info.dwo section: + <2f4> DW_AT_specification: <0x219> + <2f8> DW_AT_decl_file : 2 + <2f9> DW_AT_decl_line : 30 +- <2fa> DW_AT_low_pc : (addr_index: 0x1): ++ <2fa> DW_AT_low_pc : (addr_index: 0x1): 0 + <2fb> DW_AT_high_pc : 0x20 + <303> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <305> DW_AT_object_pointer: <0x30d> +@@ -300,7 +300,7 @@ Contents of the .debug_info.dwo section: + <31d> DW_AT_specification: <0x223> + <321> DW_AT_decl_file : 2 + <322> DW_AT_decl_line : 38 +- <323> DW_AT_low_pc : (addr_index: 0x2): ++ <323> DW_AT_low_pc : (addr_index: 0x2): 0 + <324> DW_AT_high_pc : 0x18 + <32c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <32e> DW_AT_object_pointer: <0x336> +@@ -316,7 +316,7 @@ Contents of the .debug_info.dwo section: + <341> DW_AT_specification: <0x22d> + <345> DW_AT_decl_file : 2 + <346> DW_AT_decl_line : 46 +- <347> DW_AT_low_pc : (addr_index: 0x3): ++ <347> DW_AT_low_pc : (addr_index: 0x3): 0 + <348> DW_AT_high_pc : 0x18 + <350> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <352> DW_AT_object_pointer: <0x35a> +@@ -332,7 +332,7 @@ Contents of the .debug_info.dwo section: + <365> DW_AT_specification: <0x237> + <369> DW_AT_decl_file : 2 + <36a> DW_AT_decl_line : 54 +- <36b> DW_AT_low_pc : (addr_index: 0x4): ++ <36b> DW_AT_low_pc : (addr_index: 0x4): 0 + <36c> DW_AT_high_pc : 0x16 + <374> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <376> DW_AT_object_pointer: <0x37e> +@@ -348,7 +348,7 @@ Contents of the .debug_info.dwo section: + <389> DW_AT_specification: <0x26b> + <38d> DW_AT_decl_file : 2 + <38e> DW_AT_decl_line : 62 +- <38f> DW_AT_low_pc : (addr_index: 0x5): ++ <38f> DW_AT_low_pc : (addr_index: 0x5): 0 + <390> DW_AT_high_pc : 0x16 + <398> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <39a> DW_AT_object_pointer: <0x3a2> +@@ -366,7 +366,7 @@ Contents of the .debug_info.dwo section: + <3b2> DW_AT_specification: <0x275> + <3b6> DW_AT_decl_file : 2 + <3b7> DW_AT_decl_line : 72 +- <3b8> DW_AT_low_pc : (addr_index: 0x6): ++ <3b8> DW_AT_low_pc : (addr_index: 0x6): 0 + <3b9> DW_AT_high_pc : 0x1b + <3c1> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <3c3> DW_AT_object_pointer: <0x3cb> +@@ -382,7 +382,7 @@ Contents of the .debug_info.dwo section: + <3d6> DW_AT_specification: <0x27f> + <3da> DW_AT_decl_file : 2 + <3db> DW_AT_decl_line : 82 +- <3dc> DW_AT_low_pc : (addr_index: 0x7): ++ <3dc> DW_AT_low_pc : (addr_index: 0x7): 0 + <3dd> DW_AT_high_pc : 0x1b + <3e5> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <3e7> DW_AT_object_pointer: <0x3ef> +@@ -398,7 +398,7 @@ Contents of the .debug_info.dwo section: + <3fa> DW_AT_specification: <0x289> + <3fe> DW_AT_decl_file : 2 + <3ff> DW_AT_decl_line : 92 +- <400> DW_AT_low_pc : (addr_index: 0x8): ++ <400> DW_AT_low_pc : (addr_index: 0x8): 0 + <401> DW_AT_high_pc : 0x19 + <409> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <40b> DW_AT_object_pointer: <0x413> +@@ -414,7 +414,7 @@ Contents of the .debug_info.dwo section: + <41e> DW_AT_specification: <0x2ae> + <422> DW_AT_decl_file : 2 + <423> DW_AT_decl_line : 102 +- <424> DW_AT_low_pc : (addr_index: 0x9): ++ <424> DW_AT_low_pc : (addr_index: 0x9): 0 + <425> DW_AT_high_pc : 0x19 + <42d> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <42f> DW_AT_object_pointer: <0x437> +@@ -432,7 +432,7 @@ Contents of the .debug_info.dwo section: + <447> DW_AT_specification: <0x2b8> + <44b> DW_AT_decl_file : 2 + <44c> DW_AT_decl_line : 112 +- <44d> DW_AT_low_pc : (addr_index: 0xa): ++ <44d> DW_AT_low_pc : (addr_index: 0xa): 0 + <44e> DW_AT_high_pc : 0x1f + <456> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <458> DW_AT_object_pointer: <0x460> +@@ -451,7 +451,7 @@ Contents of the .debug_info.dwo section: + <471> DW_AT_decl_line : 120 + <472> DW_AT_linkage_name: _Z4f11av + <47b> DW_AT_type : <0x242> +- <47f> DW_AT_low_pc : (addr_index: 0xb): ++ <47f> DW_AT_low_pc : (addr_index: 0xb): 0 + <480> DW_AT_high_pc : 0xb + <488> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <48a> DW_AT_GNU_all_call_sites: 1 +@@ -459,7 +459,7 @@ Contents of the .debug_info.dwo section: + <48b> DW_AT_specification: <0x2c2> + <48f> DW_AT_decl_file : 2 + <490> DW_AT_decl_line : 126 +- <491> DW_AT_low_pc : (addr_index: 0xc): ++ <491> DW_AT_low_pc : (addr_index: 0xc): 0 + <492> DW_AT_high_pc : 0x20 + <49a> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <49c> DW_AT_object_pointer: <0x4a4> +@@ -478,7 +478,7 @@ Contents of the .debug_info.dwo section: + <4b4> DW_AT_decl_line : 134 + <4b5> DW_AT_linkage_name: _Z3t12v + <4bd> DW_AT_type : <0x249> +- <4c1> DW_AT_low_pc : (addr_index: 0xd): ++ <4c1> DW_AT_low_pc : (addr_index: 0xd): 0 + <4c2> DW_AT_high_pc : 0x19 + <4ca> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <4cc> DW_AT_GNU_all_tail_call_sites: 1 +@@ -489,7 +489,7 @@ Contents of the .debug_info.dwo section: + <4d2> DW_AT_decl_line : 142 + <4d3> DW_AT_linkage_name: _Z3t13v + <4db> DW_AT_type : <0x249> +- <4df> DW_AT_low_pc : (addr_index: 0xe): ++ <4df> DW_AT_low_pc : (addr_index: 0xe): 0 + <4e0> DW_AT_high_pc : 0x14 + <4e8> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <4ea> DW_AT_GNU_all_tail_call_sites: 1 +@@ -500,13 +500,13 @@ Contents of the .debug_info.dwo section: + <4f0> DW_AT_decl_line : 150 + <4f1> DW_AT_linkage_name: _Z3t14v + <4f9> DW_AT_type : <0x249> +- <4fd> DW_AT_low_pc : (addr_index: 0xf): ++ <4fd> DW_AT_low_pc : (addr_index: 0xf): 0 + <4fe> DW_AT_high_pc : 0x61 + <506> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <508> DW_AT_GNU_all_tail_call_sites: 1 + <508> DW_AT_sibling : <0x532> + <2><50c>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <50d> DW_AT_low_pc : (addr_index: 0x10): ++ <50d> DW_AT_low_pc : (addr_index: 0x10): 0 + <50e> DW_AT_high_pc : 0x57 + <3><516>: Abbrev Number: 25 (DW_TAG_variable) + <517> DW_AT_name : s1 +@@ -538,13 +538,13 @@ Contents of the .debug_info.dwo section: + <54b> DW_AT_decl_line : 163 + <54c> DW_AT_linkage_name: _Z3t15v + <554> DW_AT_type : <0x249> +- <558> DW_AT_low_pc : (addr_index: 0x11): ++ <558> DW_AT_low_pc : (addr_index: 0x11): 0 + <559> DW_AT_high_pc : 0x5d + <561> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <563> DW_AT_GNU_all_tail_call_sites: 1 + <563> DW_AT_sibling : <0x58d> + <2><567>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <568> DW_AT_low_pc : (addr_index: 0x12): ++ <568> DW_AT_low_pc : (addr_index: 0x12): 0 + <569> DW_AT_high_pc : 0x53 + <3><571>: Abbrev Number: 25 (DW_TAG_variable) + <572> DW_AT_name : s1 +@@ -576,7 +576,7 @@ Contents of the .debug_info.dwo section: + <5a9> DW_AT_decl_line : 176 + <5aa> DW_AT_linkage_name: _Z3t16v + <5b2> DW_AT_type : <0x249> +- <5b6> DW_AT_low_pc : (addr_index: 0x13): ++ <5b6> DW_AT_low_pc : (addr_index: 0x13): 0 + <5b7> DW_AT_high_pc : 0x13 + <5bf> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <5c1> DW_AT_GNU_all_tail_call_sites: 1 +@@ -587,13 +587,13 @@ Contents of the .debug_info.dwo section: + <5c7> DW_AT_decl_line : 184 + <5c8> DW_AT_linkage_name: _Z3t17v + <5d0> DW_AT_type : <0x249> +- <5d4> DW_AT_low_pc : (addr_index: 0x14): ++ <5d4> DW_AT_low_pc : (addr_index: 0x14): 0 + <5d5> DW_AT_high_pc : 0x5f + <5dd> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <5df> DW_AT_GNU_all_call_sites: 1 + <5df> DW_AT_sibling : <0x612> + <2><5e3>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <5e4> DW_AT_low_pc : (addr_index: 0x15): ++ <5e4> DW_AT_low_pc : (addr_index: 0x15): 0 + <5e5> DW_AT_high_pc : 0x59 + <3><5ed>: Abbrev Number: 25 (DW_TAG_variable) + <5ee> DW_AT_name : c +@@ -602,7 +602,7 @@ Contents of the .debug_info.dwo section: + <5f2> DW_AT_type : <0x53d> + <5f6> DW_AT_location : 2 byte block: 91 6f (DW_OP_fbreg: -17) + <3><5f9>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <5fa> DW_AT_low_pc : (addr_index: 0x16): ++ <5fa> DW_AT_low_pc : (addr_index: 0x16): 0 + <5fb> DW_AT_high_pc : 0x50 + <4><603>: Abbrev Number: 25 (DW_TAG_variable) + <604> DW_AT_name : i +@@ -620,13 +620,13 @@ Contents of the .debug_info.dwo section: + <618> DW_AT_decl_line : 199 + <619> DW_AT_linkage_name: _Z3t18v + <621> DW_AT_type : <0x249> +- <625> DW_AT_low_pc : (addr_index: 0x17): ++ <625> DW_AT_ow_pc : (addr_index: 0x17): 0 + <626> DW_AT_high_pc : 0x5f + <62e> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <630> DW_AT_GNU_all_tail_call_sites: 1 + <630> DW_AT_sibling : <0x67a> + <2><634>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <635> DW_AT_low_pc : (addr_index: 0x18): ++ <635> DW_AT_low_pc : (addr_index: 0x18): 0 + <636> DW_AT_high_pc : 0x55 + <3><63e>: Abbrev Number: 25 (DW_TAG_variable) + <63f> DW_AT_name : c +@@ -635,7 +635,7 @@ Contents of the .debug_info.dwo section: + <643> DW_AT_type : <0x53d> + <647> DW_AT_location : 2 byte block: 91 6f (DW_OP_fbreg: -17) + <3><64a>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <64b> DW_AT_low_pc : (addr_index: 0x19): ++ <64b> DW_AT_low_pc : (addr_index: 0x19): 0 + <64c> DW_AT_high_pc : 0x4c + <4><654>: Abbrev Number: 25 (DW_TAG_variable) + <655> DW_AT_name : i +@@ -644,7 +644,7 @@ Contents of the .debug_info.dwo section: + <659> DW_AT_type : <0x242> + <65d> DW_AT_location : 2 byte block: 91 68 (DW_OP_fbreg: -24) + <4><660>: Abbrev Number: 24 (DW_TAG_lexical_block) +- <661> DW_AT_low_pc : (addr_index: 0x1a): ++ <661> DW_AT_low_pc : (addr_index: 0x1a): 0 + <662> DW_AT_high_pc : 0x34 + <5><66a>: Abbrev Number: 25 (DW_TAG_variable) + <66b> DW_AT_name : s +@@ -786,7 +786,7 @@ Contents of the .debug_info.dwo section: + <7d3> DW_AT_decl_line : 32 + <7d4> DW_AT_linkage_name: _Z4t16av + <7dd> DW_AT_type : <0x7c4> +- <7e1> DW_AT_low_pc : (addr_index: 0x0): ++ <7e1> DW_AT_low_pc : (addr_index: 0x0): 0 + <7e2> DW_AT_high_pc : 0x13 + <7ea> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <7ec> DW_AT_GNU_all_tail_call_sites: 1 +@@ -878,14 +878,14 @@ Contents of the .debug_info.dwo section: + <908> DW_AT_decl_file : 1 + <909> DW_AT_decl_line : 70 + <90a> DW_AT_linkage_name: _Z4f13iv +- <913> DW_AT_low_pc : (addr_index: 0x0): ++ <913> DW_AT_low_pc : (addr_index: 0x0): 0 + <914> DW_AT_high_pc : 0x6 + <91c> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <91e> DW_AT_GNU_all_call_sites: 1 + <1><91e>: Abbrev Number: 17 (DW_TAG_subprogram) + <91f> DW_AT_specification: <0x8a8> + <923> DW_AT_decl_file : 2 +- <924> DW_AT_low_pc : (addr_index: 0x1): ++ <924> DW_AT_low_pc : (addr_index: 0x1): 0 + <925> DW_AT_high_pc : 0xf + <92d> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <92f> DW_AT_object_pointer: <0x937> +@@ -903,7 +903,7 @@ Contents of the .debug_info.dwo section: + <94b> DW_AT_specification: <0x89b> + <94f> DW_AT_decl_file : 2 + <950> DW_AT_decl_line : 36 +- <951> DW_AT_low_pc : (addr_index: 0x2): ++ <951> DW_AT_low_pc : (addr_index: 0x2): 0 + <952> DW_AT_high_pc : 0x20 + <95a> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <95c> DW_AT_object_pointer: <0x964> +@@ -922,7 +922,7 @@ Contents of the .debug_info.dwo section: + <978> DW_AT_decl_line : 72 + <979> DW_AT_linkage_name: _Z3f10v + <981> DW_AT_type : <0x8b7> +- <985> DW_AT_low_pc : (addr_index: 0x3): ++ <985> DW_AT_low_pc : (addr_index: 0x3): 0 + <986> DW_AT_high_pc : 0xb + <98e> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <990> DW_AT_GNU_all_call_sites: 1 +@@ -933,7 +933,7 @@ Contents of the .debug_info.dwo section: + <997> DW_AT_decl_line : 80 + <998> DW_AT_linkage_name: _Z4f11bPFivE + <9a5> DW_AT_type : <0x8b7> +- <9a9> DW_AT_low_pc : (addr_index: 0x4): ++ <9a9> DW_AT_low_pc : (addr_index: 0x4): 0 + <9aa> DW_AT_high_pc : 0x14 + <9b2> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <9b4> DW_AT_GNU_all_tail_call_sites: 1 +@@ -954,7 +954,7 @@ Contents of the .debug_info.dwo section: + <9d3> DW_AT_specification: <0x8e0> + <9d7> DW_AT_decl_file : 2 + <9d8> DW_AT_decl_line : 88 +- <9d9> DW_AT_low_pc : (addr_index: 0x5): ++ <9d9> DW_AT_low_pc : (addr_index: 0x5): 0 + <9da> DW_AT_high_pc : 0xf + <9e2> DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + <9e4> DW_AT_object_pointer: <0x9ec> +@@ -976,7 +976,7 @@ Contents of the .debug_info.dwo section: + DW_AT_decl_line : 96 + DW_AT_linkage_name: _Z3f13v + DW_AT_type : <0xa1e> +- DW_AT_low_pc : (addr_index: 0x6): ++ DW_AT_low_pc : (addr_index: 0x6): 0 + DW_AT_high_pc : 0xb + DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + DW_AT_GNU_all_call_sites: 1 +@@ -990,7 +990,7 @@ Contents of the .debug_info.dwo section: + DW_AT_decl_line : 104 + DW_AT_linkage_name: _Z3f14v + DW_AT_type : <0xa42> +- DW_AT_low_pc : (addr_index: 0x7): ++ DW_AT_low_pc : (addr_index: 0x7): 0 + DW_AT_high_pc : 0xb + DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + DW_AT_GNU_all_call_sites: 1 +@@ -1010,7 +1010,7 @@ Contents of the .debug_info.dwo section: + DW_AT_decl_line : 112 + DW_AT_linkage_name: _Z3f15v + DW_AT_type : <0xa73> +- DW_AT_low_pc : (addr_index: 0x8): ++ DW_AT_low_pc : (addr_index: 0x8): 0 + DW_AT_high_pc : 0xb + DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + DW_AT_GNU_all_call_sites: 1 +@@ -1030,7 +1030,7 @@ Contents of the .debug_info.dwo section: + DW_AT_decl_line : 127 + DW_AT_linkage_name: _Z3f18i + DW_AT_type : <0xa42> +- DW_AT_low_pc : (addr_index: 0x9): ++ DW_AT_low_pc : (addr_index: 0x9): 0 + DW_AT_high_pc : 0x44 + DW_AT_frame_base : 1 byte block: 9c (DW_OP_call_frame_cfa) + DW_AT_GNU_all_call_sites: 1 diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch new file mode 100644 index 0000000000..0583bfcfab --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-2.patch @@ -0,0 +1,188 @@ +From ec41dd75c866599fc03c390c6afb5736c159c0ff Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Tue, 21 Jun 2022 16:37:27 +0100 +Subject: [PATCH] Binutils support for dwarf-5 (location and range lists + related) + + * dwarf.h (struct debug_info): Add rnglists_base field. + * dwarf.c (read_and_display_attr_value): Read attribute DW_AT_rnglists_base. + (display_debug_rnglists_list): While handling DW_RLE_base_addressx, + DW_RLE_startx_endx, DW_RLE_startx_length items, pass the proper parameter + value to fetch_indexed_addr(), i.e. fetch the proper entry in .debug_addr section. + (display_debug_ranges): Add rnglists_base to the .debug_rnglists base address. + (load_separate_debug_files): Load .debug_addr section, if exists. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff] + +Signed-off-by: Pgowda +--- + binutils/ChangeLog | 10 +++++++++ + binutils/dwarf.c | 53 ++++++++++++++++++++++++++++++++++------------ + binutils/dwarf.h | 1 + + 3 files changed, 51 insertions(+), 13 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index cb2523af1f3..30b64ac68a8 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -2812,7 +2812,12 @@ read_and_display_attr_value (unsigned lo + dwarf_vmatoa ("x", debug_info_p->cu_offset)); + debug_info_p->loclists_base = uvalue; + break; +- ++ case DW_AT_rnglists_base: ++ if (debug_info_p->rnglists_base) ++ warn (_("CU @ 0x%s has multiple rnglists_base values"), ++ dwarf_vmatoa ("x", debug_info_p->cu_offset)); ++ debug_info_p->rnglists_base = uvalue; ++ break; + case DW_AT_frame_base: + have_frame_base = 1; + /* Fall through. */ +@@ -3303,6 +3308,7 @@ read_and_display_attr_value (unsigned lo + /* Fall through. */ + case DW_AT_location: + case DW_AT_loclists_base: ++ case DW_AT_rnglists_base: + case DW_AT_string_length: + case DW_AT_return_addr: + case DW_AT_data_member_location: +@@ -3322,7 +3328,10 @@ read_and_display_attr_value (unsigned lo + && (form == DW_FORM_data4 || form == DW_FORM_data8)) + || form == DW_FORM_sec_offset + || form == DW_FORM_loclistx) +- printf (_(" (location list)")); ++ { ++ if (attribute != DW_AT_rnglists_base) ++ printf (_(" (location list)")); ++ } + /* Fall through. */ + case DW_AT_allocated: + case DW_AT_associated: +@@ -3809,6 +3818,7 @@ process_debug_info (struct dwarf_section + debug_information [unit].range_lists = NULL; + debug_information [unit].max_range_lists= 0; + debug_information [unit].num_range_lists = 0; ++ debug_information [unit].rnglists_base = 0; + } + + if (!do_loc && dwarf_start_die == 0) +@@ -7932,9 +7942,16 @@ display_debug_rnglists_list (unsigned ch + unsigned char * finish, + unsigned int pointer_size, + dwarf_vma offset, +- dwarf_vma base_address) ++ dwarf_vma base_address, ++ unsigned int offset_size) + { + unsigned char *next = start; ++ unsigned int debug_addr_section_hdr_len; ++ ++ if (offset_size == 4) ++ debug_addr_section_hdr_len = 8; ++ else ++ debug_addr_section_hdr_len = 16; + + while (1) + { +@@ -7964,20 +7981,24 @@ display_debug_rnglists_list (unsigned ch + READ_ULEB (base_address, start, finish); + print_dwarf_vma (base_address, pointer_size); + printf (_("(base address index) ")); +- base_address = fetch_indexed_addr (base_address, pointer_size); ++ base_address = fetch_indexed_addr ((base_address * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); + print_dwarf_vma (base_address, pointer_size); + printf (_("(base address)\n")); + break; + case DW_RLE_startx_endx: + READ_ULEB (begin, start, finish); + READ_ULEB (end, start, finish); +- begin = fetch_indexed_addr (begin, pointer_size); +- end = fetch_indexed_addr (begin, pointer_size); ++ begin = fetch_indexed_addr ((begin * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); ++ end = fetch_indexed_addr ((begin * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); + break; + case DW_RLE_startx_length: + READ_ULEB (begin, start, finish); + READ_ULEB (length, start, finish); +- begin = fetch_indexed_addr (begin, pointer_size); ++ begin = fetch_indexed_addr ((begin * pointer_size) ++ + debug_addr_section_hdr_len, pointer_size); + end = begin + length; + break; + case DW_RLE_offset_pair: +@@ -8003,6 +8024,7 @@ display_debug_rnglists_list (unsigned ch + rlet = DW_RLE_end_of_list; + break; + } ++ + if (rlet == DW_RLE_end_of_list) + break; + if (rlet == DW_RLE_base_address || rlet == DW_RLE_base_addressx) +@@ -8043,6 +8065,7 @@ display_debug_ranges (struct dwarf_secti + /* Initialize it due to a false compiler warning. */ + unsigned char address_size = 0; + dwarf_vma last_offset = 0; ++ unsigned int offset_size = 0; + + if (bytes == 0) + { +@@ -8054,10 +8077,10 @@ display_debug_ranges (struct dwarf_secti + + if (is_rnglists) + { +- dwarf_vma initial_length; +- unsigned char segment_selector_size; +- unsigned int offset_size, offset_entry_count; +- unsigned short version; ++ dwarf_vma initial_length; ++ unsigned char segment_selector_size; ++ unsigned int offset_entry_count; ++ unsigned short version; + + /* Get and check the length of the block. */ + SAFE_BYTE_GET_AND_INC (initial_length, start, 4, finish); +@@ -8230,7 +8253,8 @@ display_debug_ranges (struct dwarf_secti + (unsigned long) offset, i); + continue; + } +- next = section_begin + offset; ++ ++ next = section_begin + offset + debug_info_p->rnglists_base; + + /* If multiple DWARF entities reference the same range then we will + have multiple entries in the `range_entries' list for the same +@@ -8262,7 +8286,7 @@ display_debug_ranges (struct dwarf_secti + + if (is_rnglists) + display_debug_rnglists_list +- (start, finish, pointer_size, offset, base_address); ++ (start, finish, pointer_size, offset, base_address, offset_size); + else + display_debug_ranges_list + (start, finish, pointer_size, offset, base_address); +@@ -11911,6 +11935,9 @@ load_separate_debug_files (void * file, + && load_debug_section (abbrev, file) + && load_debug_section (info, file)) + { ++ /* Load the .debug_addr section, if it exists. */ ++ load_debug_section (debug_addr, file); ++ + free_dwo_info (); + + if (process_debug_info (& debug_displays[info].section, file, abbrev, +diff --git a/binutils/dwarf.h b/binutils/dwarf.h +index 040e674c6ce..8a89c08e7c2 100644 +--- a/binutils/dwarf.h ++++ b/binutils/dwarf.h +@@ -192,6 +192,7 @@ typedef struct + dwarf_vma * range_lists; + unsigned int num_range_lists; + unsigned int max_range_lists; ++ dwarf_vma rnglists_base; + } + debug_info; + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch new file mode 100644 index 0000000000..56331b1128 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-3.patch @@ -0,0 +1,211 @@ +From f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199 Mon Sep 17 00:00:00 2001 +From: "Kumar N, Bhuvanendra" +Date: Wed, 22 Jun 2022 17:07:25 +0100 +Subject: [PATCH] Binutils support for split-dwarf and dwarf-5 + + * dwarf.c (fetch_indexed_string): Added new parameter + str_offsets_base to calculate the string offset. + (read_and_display_attr_value): Read DW_AT_str_offsets_base + attribute. + (process_debug_info): While allocating memory and initializing + debug_information, do it for do_debug_info also, if its true. + (load_separate_debug_files): Load .debug_str_offsets if exists. + * dwarf.h (struct debug_info): Add str_offsets_base field. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199] + +Signed-off-by: Pgowda +--- + binutils/ChangeLog | 13 ++++++++++- + binutils/dwarf.c | 57 ++++++++++++++++++++++++++++++++++------------ + binutils/dwarf.h | 1 + + 3 files changed, 56 insertions(+), 15 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index f9c46cf54dd..d9a3144023c 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -687,8 +687,11 @@ fetch_indirect_line_string (dwarf_vma of + } + + static const char * +-fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set, +- dwarf_vma offset_size, bool dwo) ++fetch_indexed_string (dwarf_vma idx, ++ struct cu_tu_set * this_set, ++ dwarf_vma offset_size, ++ bool dwo, ++ dwarf_vma str_offsets_base) + { + enum dwarf_section_display_enum str_sec_idx = dwo ? str_dwo : str; + enum dwarf_section_display_enum idx_sec_idx = dwo ? str_index_dwo : str_index; +@@ -776,7 +779,15 @@ fetch_indexed_string (dwarf_vma idx, str + return _(""); + } + +- str_offset = byte_get (curr + index_offset, offset_size); ++ if (str_offsets_base > 0) ++ { ++ if (offset_size == 8) ++ str_offsets_base -= 16; ++ else ++ str_offsets_base -= 8; ++ } ++ ++ str_offset = byte_get (curr + index_offset + str_offsets_base, offset_size); + str_offset -= str_section->address; + if (str_offset >= str_section->size) + { +@@ -2721,11 +2732,13 @@ read_and_display_attr_value (unsigned lo + /* We have already displayed the form name. */ + printf (_("%c(offset: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo)); ++ fetch_indexed_string (uvalue, this_set, offset_size, dwo, ++ debug_info_p->str_offsets_base)); + else + printf (_("%c(indexed string: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo)); ++ fetch_indexed_string (uvalue, this_set, offset_size, dwo, ++ debug_info_p->str_offsets_base)); + } + break; + +@@ -2800,7 +2813,7 @@ read_and_display_attr_value (unsigned lo + break; + } + +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && debug_info_p != NULL) + { +@@ -2818,6 +2831,13 @@ read_and_display_attr_value (unsigned lo + dwarf_vmatoa ("x", debug_info_p->cu_offset)); + debug_info_p->rnglists_base = uvalue; + break; ++ case DW_AT_str_offsets_base: ++ if (debug_info_p->str_offsets_base) ++ warn (_("CU @ 0x%s has multiple str_offsets_base values"), ++ dwarf_vmatoa ("x", debug_info_p->cu_offset)); ++ debug_info_p->str_offsets_base = uvalue; ++ break; ++ + case DW_AT_frame_base: + have_frame_base = 1; + /* Fall through. */ +@@ -2956,7 +2976,9 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_strx2: + case DW_FORM_strx3: + case DW_FORM_strx4: +- add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false), cu_offset); ++ add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false, ++ debug_info_p->str_offsets_base), ++ cu_offset); + break; + case DW_FORM_string: + add_dwo_name ((const char *) orig_data, cu_offset); +@@ -2988,7 +3010,9 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_strx2: + case DW_FORM_strx3: + case DW_FORM_strx4: +- add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false), cu_offset); ++ add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false, ++ debug_info_p->str_offsets_base), ++ cu_offset); + break; + case DW_FORM_string: + add_dwo_dir ((const char *) orig_data, cu_offset); +@@ -3309,6 +3333,7 @@ read_and_display_attr_value (unsigned lo + case DW_AT_location: + case DW_AT_loclists_base: + case DW_AT_rnglists_base: ++ case DW_AT_str_offsets_base: + case DW_AT_string_length: + case DW_AT_return_addr: + case DW_AT_data_member_location: +@@ -3329,7 +3354,8 @@ read_and_display_attr_value (unsigned lo + || form == DW_FORM_sec_offset + || form == DW_FORM_loclistx) + { +- if (attribute != DW_AT_rnglists_base) ++ if (attribute != DW_AT_rnglists_base ++ && attribute != DW_AT_str_offsets_base) + printf (_(" (location list)")); + } + /* Fall through. */ +@@ -3562,7 +3588,7 @@ process_debug_info (struct dwarf_section + return false; + } + +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && ! do_types) + { +@@ -3797,7 +3823,7 @@ process_debug_info (struct dwarf_section + continue; + } + +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && alloc_num_debug_info_entries > unit + && ! do_types) +@@ -3819,6 +3845,7 @@ process_debug_info (struct dwarf_section + debug_information [unit].max_range_lists= 0; + debug_information [unit].num_range_lists = 0; + debug_information [unit].rnglists_base = 0; ++ debug_information [unit].str_offsets_base = 0; + } + + if (!do_loc && dwarf_start_die == 0) +@@ -4089,7 +4116,7 @@ process_debug_info (struct dwarf_section + + /* Set num_debug_info_entries here so that it can be used to check if + we need to process .debug_loc and .debug_ranges sections. */ +- if ((do_loc || do_debug_loc || do_debug_ranges) ++ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) + && num_debug_info_entries == 0 + && ! do_types) + { +@@ -6237,7 +6264,7 @@ display_debug_macro (struct dwarf_sectio + READ_ULEB (lineno, curr, end); + READ_ULEB (offset, curr, end); + string = (const unsigned char *) +- fetch_indexed_string (offset, NULL, offset_size, false); ++ fetch_indexed_string (offset, NULL, offset_size, false, 0); + if (op == DW_MACRO_define_strx) + printf (" DW_MACRO_define_strx "); + else +@@ -7851,7 +7878,7 @@ display_debug_str_offsets (struct dwarf_ + SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, entries_end); + if (dwo) + string = (const unsigned char *) +- fetch_indexed_string (idx, NULL, entry_length, dwo); ++ fetch_indexed_string (idx, NULL, entry_length, dwo, 0); + else + string = fetch_indirect_string (offset); + +@@ -11937,6 +11964,8 @@ load_separate_debug_files (void * file, + { + /* Load the .debug_addr section, if it exists. */ + load_debug_section (debug_addr, file); ++ /* Load the .debug_str_offsets section, if it exists. */ ++ load_debug_section (str_index, file); + + free_dwo_info (); + +diff --git a/binutils/dwarf.h b/binutils/dwarf.h +index 8a89c08e7c2..adbf20f9a28 100644 +--- a/binutils/dwarf.h ++++ b/binutils/dwarf.h +@@ -193,6 +193,7 @@ typedef struct + unsigned int num_range_lists; + unsigned int max_range_lists; + dwarf_vma rnglists_base; ++ dwarf_vma str_offsets_base; + } + debug_info; + diff --git a/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch new file mode 100644 index 0000000000..e59b19c184 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0017-CVE-2022-38127-4.patch @@ -0,0 +1,43 @@ +From e98e7d9a70dcc987bff0e925f20b78cd4a2979ed Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Mon, 27 Jun 2022 13:30:35 +0100 +Subject: [PATCH] Fix NULL pointer indirection when parsing corrupt DWARF data. + + PR 29290 + * dwarf.c (read_and_display_attr_value): Check that debug_info_p + is set before dereferencing it. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed] + +Signed-off-by: Pgowda +--- + binutils/dwarf.c | 11 +++++------ + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index bcabb61b871..37b477b886d 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -2727,18 +2727,17 @@ read_and_display_attr_value (unsigned lo + { + const char *suffix = strrchr (section->name, '.'); + bool dwo = suffix && strcmp (suffix, ".dwo") == 0; ++ const char *strng; + ++ strng = fetch_indexed_string (uvalue, this_set, offset_size, dwo, ++ debug_info_p ? debug_info_p->str_offsets_base : 0); + if (do_wide) + /* We have already displayed the form name. */ + printf (_("%c(offset: 0x%s): %s"), delimiter, +- dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo, +- debug_info_p->str_offsets_base)); ++ dwarf_vmatoa ("x", uvalue), strng); + else + printf (_("%c(indexed string: 0x%s): %s"), delimiter, +- dwarf_vmatoa ("x", uvalue), +- fetch_indexed_string (uvalue, this_set, offset_size, dwo, +- debug_info_p->str_offsets_base)); ++ dwarf_vmatoa ("x", uvalue), strng); + } + break; + diff --git a/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake index 86446c3ace..3ddef12c83 100644 --- a/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake +++ b/poky/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake @@ -1,7 +1,6 @@ set( CMAKE_SYSTEM_NAME Linux ) set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE ) set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS} CACHE STRING "" FORCE ) -set( CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE ) set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} ) set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} ) diff --git a/poky/meta/recipes-devtools/gcc/gcc-11.3.inc b/poky/meta/recipes-devtools/gcc/gcc-11.3.inc index 2cebeb2bc8..27074a06ae 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-11.3.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-11.3.inc @@ -65,7 +65,12 @@ SRC_URI = "\ file://0003-CVE-2021-42574.patch \ file://0004-CVE-2021-42574.patch \ file://0001-CVE-2021-46195.patch \ + file://0001-aarch64-Update-Neoverse-N2-core-defini.patch \ + file://0002-aarch64-add-armv9-a-to-march.patch \ + file://0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch \ + file://0004-arm-add-armv9-a-architecture-to-march.patch \ " + SRC_URI[sha256sum] = "b47cf2818691f5b1e21df2bb38c795fac2cfbd640ede2d0a5e1c89e338a3ac39" S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}" diff --git a/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc index a87b446c4f..c36e4cba81 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-cross-canadian.inc @@ -9,6 +9,7 @@ GCCMULTILIB = "--enable-multilib" require gcc-configure-common.inc +EXTRA_OECONF += "--with-plugin-ld=ld" EXTRA_OECONF_PATHS = "\ --with-gxx-include-dir=/not/exist${target_includedir}/c++/${BINV} \ --with-build-time-tools=${STAGING_DIR_NATIVE}${prefix_native}/${TARGET_SYS}/bin \ @@ -134,8 +135,6 @@ do_install () { ln -sf ${BINRELPATH}/${TARGET_PREFIX}$t$suffix $dest$t$suffix done - t=real-ld - ln -sf ${BINRELPATH}/${TARGET_PREFIX}ld$suffix $dest$t$suffix # libquadmath headers need to be available in the gcc libexec dir install -d ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/ diff --git a/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc b/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc index 26bfed9507..2dbbc23c94 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc +++ b/poky/meta/recipes-devtools/gcc/gcc-multilib-config.inc @@ -154,7 +154,7 @@ python gcc_multilib_setup() { gcc_header_config_files = { 'x86_64' : ['gcc/config/linux.h', 'gcc/config/i386/linux.h', 'gcc/config/i386/linux64.h'], 'i586' : ['gcc/config/linux.h', 'gcc/config/i386/linux.h', 'gcc/config/i386/linux64.h'], - 'i686' : ['gcc/config/linux.h', 'gcc/config/i386/linux64.h'], + 'i686' : ['gcc/config/linux.h', 'gcc/config/i386/linux.h', 'gcc/config/i386/linux64.h'], 'mips' : ['gcc/config/linux.h', 'gcc/config/mips/linux.h', 'gcc/config/mips/linux64.h'], 'mips64' : ['gcc/config/linux.h', 'gcc/config/mips/linux.h', 'gcc/config/mips/linux64.h'], 'powerpc' : ['gcc/config/linux.h', 'gcc/config/rs6000/linux64.h'], diff --git a/poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch b/poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch new file mode 100644 index 0000000000..8429242348 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch @@ -0,0 +1,42 @@ +From 9f37d31324f89d0b7b2abac988a976d121ae29c6 Mon Sep 17 00:00:00 2001 +From: Andre Vieira +Date: Thu, 8 Sep 2022 06:02:18 +0000 +Subject: [PATCH 1/4] aarch64: Update Neoverse N2 core definition + +commit 9f37d31324f89d0b7b2abac988a976d121ae29c6 from upstream. + +gcc/ChangeLog: + + * config/aarch64/aarch64-cores.def: Update Neoverse N2 core entry. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao +--- + gcc/config/aarch64/aarch64-cores.def | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-cores.def +index 4643e0e27..3478e567a 100644 +--- a/gcc/config/aarch64/aarch64-cores.def ++++ b/gcc/config/aarch64/aarch64-cores.def +@@ -145,9 +145,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A, AARCH64_FL_FOR + /* Qualcomm ('Q') cores. */ + AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira, 0x51, 0xC01, -1) + +-/* Armv8.5-A Architecture Processors. */ +-AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1) +- + /* ARMv8-A big.LITTLE implementations. */ + + AARCH64_CORE("cortex-a57.cortex-a53", cortexa57cortexa53, cortexa53, 8A, AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1) +@@ -163,4 +160,7 @@ AARCH64_CORE("cortex-a76.cortex-a55", cortexa76cortexa55, cortexa53, 8_2A, AAR + /* Armv8-R Architecture Processors. */ + AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1) + ++/* Armv9-A Architecture Processors. */ ++AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1) ++ + #undef AARCH64_CORE +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch b/poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch new file mode 100644 index 0000000000..2b1c17f53e --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0002-aarch64-add-armv9-a-to-march.patch @@ -0,0 +1,89 @@ +From d3cf45d15b2fabc767b2d10a0c6bb9fb845e4f99 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Wirkus +Date: Fri, 1 Oct 2021 10:06:45 +0100 +Subject: [PATCH 2/4] aarch64: add armv9-a to -march + +commit f0688d42c9b74a6999548ff2e79ae440b049b87f from upstream + +gcc/ChangeLog: + + * config/aarch64/aarch64-arches.def (AARCH64_ARCH): Added + armv9-a. + * config/aarch64/aarch64.h (AARCH64_FL_V9): New. + (AARCH64_FL_FOR_ARCH9): New flags for Armv9-A. + (AARCH64_ISA_V9): New ISA flag. + * doc/invoke.texi: Update docs. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao +--- + gcc/config/aarch64/aarch64-arches.def | 1 + + gcc/config/aarch64/aarch64.h | 5 +++++ + gcc/doc/invoke.texi | 3 +++ + 3 files changed, 9 insertions(+) + +diff --git a/gcc/config/aarch64/aarch64-arches.def b/gcc/config/aarch64/aarch64-arches.def +index b7497277b..c47ca622c 100644 +--- a/gcc/config/aarch64/aarch64-arches.def ++++ b/gcc/config/aarch64/aarch64-arches.def +@@ -38,5 +38,6 @@ AARCH64_ARCH("armv8.4-a", generic, 8_4A, 8, AARCH64_FL_FOR_ARCH8_4) + AARCH64_ARCH("armv8.5-a", generic, 8_5A, 8, AARCH64_FL_FOR_ARCH8_5) + AARCH64_ARCH("armv8.6-a", generic, 8_6A, 8, AARCH64_FL_FOR_ARCH8_6) + AARCH64_ARCH("armv8-r", generic, 8R , 8, AARCH64_FL_FOR_ARCH8_R) ++AARCH64_ARCH("armv9-a", generic, 9A , 9, AARCH64_FL_FOR_ARCH9) + + #undef AARCH64_ARCH +diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h +index bfffbcd6a..b914bfb5c 100644 +--- a/gcc/config/aarch64/aarch64.h ++++ b/gcc/config/aarch64/aarch64.h +@@ -230,6 +230,8 @@ extern unsigned aarch64_architecture_version; + + /* Pointer Authentication (PAUTH) extension. */ + #define AARCH64_FL_PAUTH (1ULL << 40) ++/* Armv9.0-A. */ ++#define AARCH64_FL_V9 (1ULL << 41) /* Armv9.0-A Architecture. */ + + /* Has FP and SIMD. */ + #define AARCH64_FL_FPSIMD (AARCH64_FL_FP | AARCH64_FL_SIMD) +@@ -257,6 +259,8 @@ extern unsigned aarch64_architecture_version; + | AARCH64_FL_I8MM | AARCH64_FL_BF16) + #define AARCH64_FL_FOR_ARCH8_R \ + (AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_V8_R) ++#define AARCH64_FL_FOR_ARCH9 \ ++ (AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_V9) + + /* Macros to test ISA flags. */ + +@@ -295,6 +299,7 @@ extern unsigned aarch64_architecture_version; + #define AARCH64_ISA_SB (aarch64_isa_flags & AARCH64_FL_SB) + #define AARCH64_ISA_V8_R (aarch64_isa_flags & AARCH64_FL_V8_R) + #define AARCH64_ISA_PAUTH (aarch64_isa_flags & AARCH64_FL_PAUTH) ++#define AARCH64_ISA_V9 (aarch64_isa_flags & AARCH64_FL_V9) + + /* Crypto is an optional extension to AdvSIMD. */ + #define TARGET_CRYPTO (TARGET_SIMD && AARCH64_ISA_CRYPTO) +diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi +index c47cfd472..7184a62d0 100644 +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -18270,6 +18270,8 @@ and the features that they enable by default: + @item @samp{armv8.4-a} @tab Armv8.4-A @tab @samp{armv8.3-a}, @samp{+flagm}, @samp{+fp16fml}, @samp{+dotprod} + @item @samp{armv8.5-a} @tab Armv8.5-A @tab @samp{armv8.4-a}, @samp{+sb}, @samp{+ssbs}, @samp{+predres} + @item @samp{armv8.6-a} @tab Armv8.6-A @tab @samp{armv8.5-a}, @samp{+bf16}, @samp{+i8mm} ++@item @samp{armv8.7-a} @tab Armv8.7-A @tab @samp{armv8.6-a}, @samp{+ls64} ++@item @samp{armv9-a} @tab Armv9-A @tab @samp{armv8.5-a}, @samp{+sve}, @samp{+sve2} + @item @samp{armv8-r} @tab Armv8-R @tab @samp{armv8-r} + @end multitable + +@@ -19692,6 +19694,7 @@ Permissible names are: + @samp{armv8.4-a}, + @samp{armv8.5-a}, + @samp{armv8.6-a}, ++@samp{armv9-a}, + @samp{armv7-r}, + @samp{armv8-r}, + @samp{armv6-m}, @samp{armv6s-m}, +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch b/poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch new file mode 100644 index 0000000000..2e85384b43 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch @@ -0,0 +1,38 @@ +From 49bfa1927813ae898dfa4e0d2bbde033c353e3dc Mon Sep 17 00:00:00 2001 +From: Andre Vieira +Date: Tue, 22 Mar 2022 11:44:06 +0000 +Subject: [PATCH 3/4] aarch64: Enable FP16 feature by default for Armv9 + +commit 0bae246acc758d4b11dd575b05207fd69169109b from upstream + +This patch adds the feature bit for FP16 to the feature set for Armv9 since +Armv9 requires SVE to be implemented and SVE requires FP16 to be implemented. + +2022-03-22 Andre Vieira + + * config/aarch64/aarch64.h (AARCH64_FL_FOR_ARCH9): Add FP16 feature + bit. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao +--- + gcc/config/aarch64/aarch64.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h +index b914bfb5c..55b60d540 100644 +--- a/gcc/config/aarch64/aarch64.h ++++ b/gcc/config/aarch64/aarch64.h +@@ -260,7 +260,8 @@ extern unsigned aarch64_architecture_version; + #define AARCH64_FL_FOR_ARCH8_R \ + (AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_V8_R) + #define AARCH64_FL_FOR_ARCH9 \ +- (AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_V9) ++ (AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_V9 \ ++ | AARCH64_FL_F16) + + /* Macros to test ISA flags. */ + +-- +2.32.0 + diff --git a/poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch new file mode 100644 index 0000000000..c38d1b9119 --- /dev/null +++ b/poky/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch @@ -0,0 +1,294 @@ +From e66a37acae62236611f951e706e9a2bfbd753f39 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Wirkus +Date: Tue, 9 Nov 2021 09:40:05 +0000 +Subject: [PATCH 4/4] arm: add armv9-a architecture to -march + +commit 32ba7860ccaddd5219e6dae94a3d0653e124c9dd from upstream + +In this patch: + + Add `armv9-a` to -march. + + Update multilib with armv9-a and armv9-a+simd. + +gcc/ChangeLog: + + * config/arm/arm-cpus.in (armv9): New define. + (ARMv9a): New group. + (armv9-a): New arch definition. + * config/arm/arm-tables.opt: Regenerate. + * config/arm/arm.h (BASE_ARCH_9A): New arch enum value. + * config/arm/t-aprofile: Added armv9-a and armv9+simd. + * config/arm/t-arm-elf: Added arm9-a, v9_fps and all_v9_archs + to MULTILIB_MATCHES. + * config/arm/t-multilib: Added v9_a_nosimd_variants and + v9_a_simd_variants to MULTILIB_MATCHES. + * doc/invoke.texi: Update docs. + +gcc/testsuite/ChangeLog: + + * gcc.target/arm/multilib.exp: Update test with armv9-a entries. + * lib/target-supports.exp (v9a): Add new armflag. + (__ARM_ARCH_9A__): Add new armdef. + +Upstream-Status: Backport +Signed-off-by: Ruiqiang Hao +--- + gcc/config/arm/arm-cpus.in | 19 +++++++++++++++++ + gcc/config/arm/arm-tables.opt | 7 +++++-- + gcc/config/arm/arm.h | 3 ++- + gcc/config/arm/t-aprofile | 25 +++++++++++++++++++---- + gcc/config/arm/t-arm-elf | 9 ++++++++ + gcc/config/arm/t-multilib | 12 +++++++++++ + gcc/doc/invoke.texi | 1 + + gcc/testsuite/gcc.target/arm/multilib.exp | 8 ++++++++ + gcc/testsuite/lib/target-supports.exp | 3 ++- + 9 files changed, 79 insertions(+), 8 deletions(-) + +diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in +index bcc9ebe9f..58d83829c 100644 +--- a/gcc/config/arm/arm-cpus.in ++++ b/gcc/config/arm/arm-cpus.in +@@ -132,6 +132,9 @@ define feature cmse + # Architecture rel 8.1-M. + define feature armv8_1m_main + ++# Architecture rel 9.0. ++define feature armv9 ++ + # Floating point and Neon extensions. + # VFPv1 is not supported in GCC. + +@@ -293,6 +296,7 @@ define fgroup ARMv8m_base ARMv6m armv8 cmse tdiv + define fgroup ARMv8m_main ARMv7m armv8 cmse + define fgroup ARMv8r ARMv8a + define fgroup ARMv8_1m_main ARMv8m_main armv8_1m_main ++define fgroup ARMv9a ARMv8_5a armv9 + + # Useful combinations. + define fgroup VFPv2 vfpv2 +@@ -751,6 +755,21 @@ begin arch armv8.1-m.main + option cdecp7 add cdecp7 + end arch armv8.1-m.main + ++begin arch armv9-a ++ tune for cortex-a53 ++ tune flags CO_PROC ++ base 9A ++ profile A ++ isa ARMv9a ++ option simd add FP_ARMv8 DOTPROD ++ option fp16 add fp16 fp16fml FP_ARMv8 DOTPROD ++ option crypto add FP_ARMv8 CRYPTO DOTPROD ++ option nocrypto remove ALL_CRYPTO ++ option nofp remove ALL_FP ++ option i8mm add i8mm FP_ARMv8 DOTPROD ++ option bf16 add bf16 FP_ARMv8 DOTPROD ++end arch armv9-a ++ + begin arch iwmmxt + tune for iwmmxt + tune flags LDSCHED STRONG XSCALE +diff --git a/gcc/config/arm/arm-tables.opt b/gcc/config/arm/arm-tables.opt +index 5692d4fb7..ae3dd9414 100644 +--- a/gcc/config/arm/arm-tables.opt ++++ b/gcc/config/arm/arm-tables.opt +@@ -380,10 +380,13 @@ EnumValue + Enum(arm_arch) String(armv8.1-m.main) Value(30) + + EnumValue +-Enum(arm_arch) String(iwmmxt) Value(31) ++Enum(arm_arch) String(armv9-a) Value(31) + + EnumValue +-Enum(arm_arch) String(iwmmxt2) Value(32) ++Enum(arm_arch) String(iwmmxt) Value(32) ++ ++EnumValue ++Enum(arm_arch) String(iwmmxt2) Value(33) + + Enum + Name(arm_fpu) Type(enum fpu_type) +diff --git a/gcc/config/arm/arm.h b/gcc/config/arm/arm.h +index 47c13a9e5..088c7725c 100644 +--- a/gcc/config/arm/arm.h ++++ b/gcc/config/arm/arm.h +@@ -456,7 +456,8 @@ enum base_architecture + BASE_ARCH_8A = 8, + BASE_ARCH_8M_BASE = 8, + BASE_ARCH_8M_MAIN = 8, +- BASE_ARCH_8R = 8 ++ BASE_ARCH_8R = 8, ++ BASE_ARCH_9A = 9 + }; + + /* The major revision number of the ARM Architecture implemented by the target. */ +diff --git a/gcc/config/arm/t-aprofile b/gcc/config/arm/t-aprofile +index 8574ac3e2..68e2251c7 100644 +--- a/gcc/config/arm/t-aprofile ++++ b/gcc/config/arm/t-aprofile +@@ -26,8 +26,8 @@ + + # Arch and FPU variants to build libraries with + +-MULTI_ARCH_OPTS_A = march=armv7-a/march=armv7-a+fp/march=armv7-a+simd/march=armv7ve+simd/march=armv8-a/march=armv8-a+simd +-MULTI_ARCH_DIRS_A = v7-a v7-a+fp v7-a+simd v7ve+simd v8-a v8-a+simd ++MULTI_ARCH_OPTS_A = march=armv7-a/march=armv7-a+fp/march=armv7-a+simd/march=armv7ve+simd/march=armv8-a/march=armv8-a+simd/march=armv9-a/march=armv9-a+simd ++MULTI_ARCH_DIRS_A = v7-a v7-a+fp v7-a+simd v7ve+simd v8-a v8-a+simd v9-a v9-a+simd + + # ARMv7-A - build nofp, fp-d16 and SIMD variants + +@@ -46,6 +46,11 @@ MULTILIB_REQUIRED += mthumb/march=armv8-a/mfloat-abi=soft + MULTILIB_REQUIRED += mthumb/march=armv8-a+simd/mfloat-abi=hard + MULTILIB_REQUIRED += mthumb/march=armv8-a+simd/mfloat-abi=softfp + ++# Armv9-A - build nofp and SIMD variants. ++MULTILIB_REQUIRED += mthumb/march=armv9-a/mfloat-abi=soft ++MULTILIB_REQUIRED += mthumb/march=armv9-a+simd/mfloat-abi=hard ++MULTILIB_REQUIRED += mthumb/march=armv9-a+simd/mfloat-abi=softfp ++ + # Matches + + # Arch Matches +@@ -129,17 +134,29 @@ MULTILIB_MATCHES += march?armv8-a=march?armv8.6-a + MULTILIB_MATCHES += $(foreach ARCH, $(v8_6_a_simd_variants), \ + march?armv8-a+simd=march?armv8.6-a$(ARCH)) + ++# Armv9 without SIMD: map down to base architecture ++MULTILIB_MATCHES += $(foreach ARCH, $(v9_a_nosimd_variants), \ ++ march?armv9-a=march?armv9-a$(ARCH)) ++ ++# Armv9 with SIMD: map down to base arch + simd ++MULTILIB_MATCHES += march?armv9-a+simd=march?armv9-a+crc+simd \ ++ $(foreach ARCH, $(filter-out +simd, $(v9_a_simd_variants)), \ ++ march?armv9-a+simd=march?armv9-a$(ARCH) \ ++ march?armv9-a+simd=march?armv9-a+crc$(ARCH)) ++ + # Use Thumb libraries for everything. + + MULTILIB_REUSE += mthumb/march.armv7-a/mfloat-abi.soft=marm/march.armv7-a/mfloat-abi.soft + + MULTILIB_REUSE += mthumb/march.armv8-a/mfloat-abi.soft=marm/march.armv8-a/mfloat-abi.soft + ++MULTILIB_REUSE += mthumb/march.armv9-a/mfloat-abi.soft=marm/march.armv9-a/mfloat-abi.soft ++ + MULTILIB_REUSE += $(foreach ABI, hard softfp, \ +- $(foreach ARCH, armv7-a+fp armv7-a+simd armv7ve+simd armv8-a+simd, \ ++ $(foreach ARCH, armv7-a+fp armv7-a+simd armv7ve+simd armv8-a+simd armv9-a+simd, \ + mthumb/march.$(ARCH)/mfloat-abi.$(ABI)=marm/march.$(ARCH)/mfloat-abi.$(ABI))) + + # Softfp but no FP, use the soft-float libraries. + MULTILIB_REUSE += $(foreach MODE, arm thumb, \ +- $(foreach ARCH, armv7-a armv8-a, \ ++ $(foreach ARCH, armv7-a armv8-a armv9-a, \ + mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp)) +diff --git a/gcc/config/arm/t-arm-elf b/gcc/config/arm/t-arm-elf +index d68def308..b3a900e8c 100644 +--- a/gcc/config/arm/t-arm-elf ++++ b/gcc/config/arm/t-arm-elf +@@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp16 vfpv3-fp16 vfpv4 neon \ + # it seems to work ok. + v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml + ++v9_fps := simd fp16 crypto fp16+crypto dotprod fp16fml ++ + # We don't do anything special with these. Pre-v4t probably doesn't work. + all_early_nofp := armv4 armv4t armv5t + +@@ -49,6 +51,8 @@ all_v7_a_r := armv7-a armv7ve armv7-r + all_v8_archs := armv8-a armv8-a+crc armv8.1-a armv8.2-a armv8.3-a armv8.4-a \ + armv8.5-a armv8.6-a + ++all_v9_archs := armv9-a ++ + # No floating point variants, require thumb1 softfp + all_nofp_t := armv6-m armv6s-m armv8-m.base + +@@ -110,6 +114,11 @@ MULTILIB_MATCHES += $(foreach ARCH, $(all_v8_archs), \ + $(foreach FPARCH, $(v8_fps), \ + march?armv7+fp=march?$(ARCH)+$(FPARCH))) + ++MULTILIB_MATCHES += $(foreach ARCH, $(all_v9_archs), \ ++ march?armv7+fp=march?$(ARCH) \ ++ $(foreach FPARCH, $(v9_fps), \ ++ march?armv7+fp=march?$(ARCH)+$(FPARCH))) ++ + MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \ + march?armv7+fp=march?$(ARCH)+fp.dp) + +diff --git a/gcc/config/arm/t-multilib b/gcc/config/arm/t-multilib +index ddc5033bf..d789b86ee 100644 +--- a/gcc/config/arm/t-multilib ++++ b/gcc/config/arm/t-multilib +@@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + v8_r_nosimd_variants := +crc ++v9_a_nosimd_variants := +crc ++v9_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16) + + ifneq (,$(HAS_APROFILE)) + include $(srcdir)/config/arm/t-aprofile +@@ -202,6 +204,16 @@ MULTILIB_MATCHES += march?armv7=march?armv8.6-a + MULTILIB_MATCHES += $(foreach ARCH, $(v8_6_a_simd_variants), \ + march?armv7+fp=march?armv8.6-a$(ARCH)) + ++# Armv9 ++MULTILIB_MATCHES += march?armv7=march?armv9-a ++MULTILIB_MATCHES += $(foreach ARCH, $(v9_a_nosimd_variants), \ ++ march?armv7=march?armv9-a$(ARCH)) ++ ++# Armv9 with SIMD ++MULTILIB_MATCHES += march?armv7+fp=march?armv9-a+crc+simd \ ++ $(foreach ARCH, $(v9_a_simd_variants), \ ++ march?armv7+fp=march?armv9-a$(ARCH) \ ++ march?armv7+fp=march?armv9-a+crc$(ARCH)) + endif # Not APROFILE. + + # Use Thumb libraries for everything. +diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi +index 7184a62d0..9a712c0d6 100644 +--- a/gcc/doc/invoke.texi ++++ b/gcc/doc/invoke.texi +@@ -19701,6 +19701,7 @@ Permissible names are: + @samp{armv7-m}, @samp{armv7e-m}, + @samp{armv8-m.base}, @samp{armv8-m.main}, + @samp{armv8.1-m.main}, ++@samp{armv9-a}, + @samp{iwmmxt} and @samp{iwmmxt2}. + + Additionally, the following architectures, which lack support for the +diff --git a/gcc/testsuite/gcc.target/arm/multilib.exp b/gcc/testsuite/gcc.target/arm/multilib.exp +index 4b30025db..e3f06c316 100644 +--- a/gcc/testsuite/gcc.target/arm/multilib.exp ++++ b/gcc/testsuite/gcc.target/arm/multilib.exp +@@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } { + {-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp" + {-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp" + {-march=armv8.6-a+simd+nofp+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp" ++ {-march=armv9-a+crypto -mfloat-abi=soft} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+crypto -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" ++ {-march=armv9-a+simd+crypto+nofp -mfloat-abi=softfp} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+nofp+crypto -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" ++ {-march=armv9-a+fp16 -mfloat-abi=soft} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+fp16 -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" ++ {-march=armv9-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v9-a/nofp" ++ {-march=armv9-a+simd+nofp+fp16 -mfloat-abi=softfp} "thumb/v9-a+simd/softfp" + {-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard" + {-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp" + {-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard" +diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp +index 857e57218..52e043917 100644 +--- a/gcc/testsuite/lib/target-supports.exp ++++ b/gcc/testsuite/lib/target-supports.exp +@@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } { + v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft" + __ARM_ARCH_8M_BASE__ + v8m_main "-march=armv8-m.main -mthumb" __ARM_ARCH_8M_MAIN__ +- v8_1m_main "-march=armv8.1-m.main -mthumb" __ARM_ARCH_8M_MAIN__ } { ++ v8_1m_main "-march=armv8.1-m.main -mthumb" __ARM_ARCH_8M_MAIN__ ++ v9a "-march=armv9-a" __ARM_ARCH_9A__ } { + eval [string map [list FUNC $armfunc FLAG $armflag DEFS $armdefs ] { + proc check_effective_target_arm_arch_FUNC_ok { } { + return [check_no_compiler_messages arm_arch_FUNC_ok assembly { +-- +2.34.1 + diff --git a/poky/meta/recipes-devtools/go/go-1.17.12.inc b/poky/meta/recipes-devtools/go/go-1.17.12.inc deleted file mode 100644 index 77a983f9d0..0000000000 --- a/poky/meta/recipes-devtools/go/go-1.17.12.inc +++ /dev/null @@ -1,25 +0,0 @@ -require go-common.inc - -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.18:" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" - -SRC_URI += "\ - file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \ - file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \ - file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \ - file://0004-ld-add-soname-to-shareable-objects.patch \ - file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \ - file://0006-cmd-dist-separate-host-and-target-builds.patch \ - file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ - file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ - file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ - file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \ - file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ -" -SRC_URI[main.sha256sum] = "0d51b5b3f280c0f01f534598c0219db5878f337da6137a9ee698777413607209" - -# Upstream don't believe it is a signifiant real world issue and will only -# fix in 1.17 onwards where we can drop this. -# https://github.com/golang/go/issues/30999#issuecomment-910470358 -CVE_CHECK_IGNORE += "CVE-2021-29923" diff --git a/poky/meta/recipes-devtools/go/go-1.17.13.inc b/poky/meta/recipes-devtools/go/go-1.17.13.inc new file mode 100644 index 0000000000..b18de66f42 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.17.13.inc @@ -0,0 +1,26 @@ +require go-common.inc + +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.18:" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" + +SRC_URI += "\ + file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \ + file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \ + file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \ + file://0004-ld-add-soname-to-shareable-objects.patch \ + file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \ + file://0006-cmd-dist-separate-host-and-target-builds.patch \ + file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ + file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ + file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ + file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \ + file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ + file://CVE-2022-27664.patch \ +" +SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" + +# Upstream don't believe it is a signifiant real world issue and will only +# fix in 1.17 onwards where we can drop this. +# https://github.com/golang/go/issues/30999#issuecomment-910470358 +CVE_CHECK_IGNORE += "CVE-2021-29923" diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch new file mode 100644 index 0000000000..fba4f054ee --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2022-27664.patch @@ -0,0 +1,102 @@ +From 5bc9106458fc07851ac324a4157132a91b1f3479 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Mon, 22 Aug 2022 16:21:02 -0700 +Subject: [PATCH] [release-branch.go1.18] net/http: update bundled + golang.org/x/net/http2 + +Disable cmd/internal/moddeps test, since this update includes PRIVATE +track fixes. + +Fixes CVE-2022-27664 +Fixes #53977 +For #54658. + +Change-Id: I84b0b8f61e49e15ef55ef8d738730107a3cf849b +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1554415 +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +Reviewed-on: https://go-review.googlesource.com/c/go/+/428635 +Reviewed-by: Tatiana Bradley +Run-TryBot: Michael Knyszek +TryBot-Result: Gopher Robot +Reviewed-by: Carlos Amedee + +Upstream-Status: Backport +CVE: CVE-2022-27664 + +Reference to upstream patch: https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 +Signed-off-by: Teoh Jay Shen +--- + src/cmd/internal/moddeps/moddeps_test.go | 2 ++ + src/net/http/h2_bundle.go | 21 +++++++++++++-------- + 2 files changed, 15 insertions(+), 8 deletions(-) + +diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go +index 56c3b2585c..3306e29431 100644 +--- a/src/cmd/internal/moddeps/moddeps_test.go ++++ b/src/cmd/internal/moddeps/moddeps_test.go +@@ -34,6 +34,8 @@ import ( + // See issues 36852, 41409, and 43687. + // (Also see golang.org/issue/27348.) + func TestAllDependencies(t *testing.T) { ++ t.Skip("TODO(#53977): 1.18.5 contains unreleased changes from vendored modules") ++ + goBin := testenv.GoToolPath(t) + + // Ensure that all packages imported within GOROOT +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index bb82f24585..1e78f6cdb9 100644 +--- a/src/net/http/h2_bundle.go ++++ b/src/net/http/h2_bundle.go +@@ -3384,10 +3384,11 @@ func (s http2SettingID) String() string { + // name (key). See httpguts.ValidHeaderName for the base rules. + // + // Further, http2 says: +-// "Just as in HTTP/1.x, header field names are strings of ASCII +-// characters that are compared in a case-insensitive +-// fashion. However, header field names MUST be converted to +-// lowercase prior to their encoding in HTTP/2. " ++// ++// "Just as in HTTP/1.x, header field names are strings of ASCII ++// characters that are compared in a case-insensitive ++// fashion. However, header field names MUST be converted to ++// lowercase prior to their encoding in HTTP/2. " + func http2validWireHeaderFieldName(v string) bool { + if len(v) == 0 { + return false +@@ -3578,8 +3579,8 @@ func (s *http2sorter) SortStrings(ss []string) { + // validPseudoPath reports whether v is a valid :path pseudo-header + // value. It must be either: + // +-// *) a non-empty string starting with '/' +-// *) the string '*', for OPTIONS requests. ++// *) a non-empty string starting with '/' ++// *) the string '*', for OPTIONS requests. + // + // For now this is only used a quick check for deciding when to clean + // up Opaque URLs before sending requests from the Transport. +@@ -5053,6 +5054,9 @@ func (sc *http2serverConn) startGracefulShutdownInternal() { + func (sc *http2serverConn) goAway(code http2ErrCode) { + sc.serveG.check() + if sc.inGoAway { ++ if sc.goAwayCode == http2ErrCodeNo { ++ sc.goAwayCode = code ++ } + return + } + sc.inGoAway = true +@@ -6265,8 +6269,9 @@ func (rws *http2responseWriterState) writeChunk(p []byte) (n int, err error) { + // prior to the headers being written. If the set of trailers is fixed + // or known before the header is written, the normal Go trailers mechanism + // is preferred: +-// https://golang.org/pkg/net/http/#ResponseWriter +-// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers ++// ++// https://golang.org/pkg/net/http/#ResponseWriter ++// https://golang.org/pkg/net/http/#example_ResponseWriter_trailers + const http2TrailerPrefix = "Trailer:" + + // promoteUndeclaredTrailers permits http.Handlers to set trailers +-- +2.36.1 + diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.17.12.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.17.12.bb deleted file mode 100644 index b034950721..0000000000 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.17.12.bb +++ /dev/null @@ -1,46 +0,0 @@ -# This recipe is for bootstrapping our go-cross from a prebuilt binary of Go from golang.org. - -SUMMARY = "Go programming language compiler (upstream binary for bootstrap)" -HOMEPAGE = " http://golang.org/" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" - -PROVIDES = "go-native" - -SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "6e5203fbdcade4aa4331e441fd2e1db8444681a6a6c72886a37ddd11caa415d4" -SRC_URI[go_linux_arm64.sha256sum] = "74a4832d0f150a2d768a6781553494ba84152e854ebef743c4092cd9d1f66a9f" - -UPSTREAM_CHECK_URI = "https://golang.org/dl/" -UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" - -S = "${WORKDIR}/go" - -inherit goarch native - -do_compile() { - : -} - -make_wrapper() { - rm -f ${D}${bindir}/$1 - cat <${D}${bindir}/$1 -#!/bin/bash -here=\`dirname \$0\` -export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" -\$here/../lib/go/bin/$1 "\$@" -END - chmod +x ${D}${bindir}/$1 -} - -do_install() { - find ${S} -depth -type d -name testdata -exec rm -rf {} + - - install -d ${D}${bindir} ${D}${libdir}/go - cp --preserve=mode,timestamps -R ${S}/ ${D}${libdir}/ - - for f in ${S}/bin/* - do - make_wrapper `basename $f` - done -} diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.17.13.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.17.13.bb new file mode 100644 index 0000000000..4ee0148417 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.17.13.bb @@ -0,0 +1,46 @@ +# This recipe is for bootstrapping our go-cross from a prebuilt binary of Go from golang.org. + +SUMMARY = "Go programming language compiler (upstream binary for bootstrap)" +HOMEPAGE = " http://golang.org/" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" + +PROVIDES = "go-native" + +SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" +SRC_URI[go_linux_amd64.sha256sum] = "4cdd2bc664724dc7db94ad51b503512c5ae7220951cac568120f64f8e94399fc" +SRC_URI[go_linux_arm64.sha256sum] = "914daad3f011cc2014dea799bb7490442677e4ad6de0b2ac3ded6cee7e3f493d" + +UPSTREAM_CHECK_URI = "https://golang.org/dl/" +UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" + +S = "${WORKDIR}/go" + +inherit goarch native + +do_compile() { + : +} + +make_wrapper() { + rm -f ${D}${bindir}/$1 + cat <${D}${bindir}/$1 +#!/bin/bash +here=\`dirname \$0\` +export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" +\$here/../lib/go/bin/$1 "\$@" +END + chmod +x ${D}${bindir}/$1 +} + +do_install() { + find ${S} -depth -type d -name testdata -exec rm -rf {} + + + install -d ${D}${bindir} ${D}${libdir}/go + cp --preserve=mode,timestamps -R ${S}/ ${D}${libdir}/ + + for f in ${S}/bin/* + do + make_wrapper `basename $f` + done +} diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb deleted file mode 100644 index 7ac9449e47..0000000000 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb +++ /dev/null @@ -1,2 +0,0 @@ -require go-cross-canadian.inc -require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.13.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.13.bb new file mode 100644 index 0000000000..7ac9449e47 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.17.13.bb @@ -0,0 +1,2 @@ +require go-cross-canadian.inc +require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-cross_1.17.12.bb b/poky/meta/recipes-devtools/go/go-cross_1.17.12.bb deleted file mode 100644 index 80b5a03f6c..0000000000 --- a/poky/meta/recipes-devtools/go/go-cross_1.17.12.bb +++ /dev/null @@ -1,2 +0,0 @@ -require go-cross.inc -require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-cross_1.17.13.bb b/poky/meta/recipes-devtools/go/go-cross_1.17.13.bb new file mode 100644 index 0000000000..80b5a03f6c --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-cross_1.17.13.bb @@ -0,0 +1,2 @@ +require go-cross.inc +require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb deleted file mode 100644 index 1857c8a577..0000000000 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb +++ /dev/null @@ -1,2 +0,0 @@ -require go-crosssdk.inc -require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.17.13.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.17.13.bb new file mode 100644 index 0000000000..1857c8a577 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.17.13.bb @@ -0,0 +1,2 @@ +require go-crosssdk.inc +require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-native_1.17.12.bb b/poky/meta/recipes-devtools/go/go-native_1.17.12.bb deleted file mode 100644 index 76c0ab73a6..0000000000 --- a/poky/meta/recipes-devtools/go/go-native_1.17.12.bb +++ /dev/null @@ -1,58 +0,0 @@ -# This recipe builds a native Go (written in Go) by first building an old Go 1.4 -# (written in C). However this old Go does not support all hosts platforms. - -require go-${PV}.inc - -inherit native - -SRC_URI:append = " https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" -SRC_URI[bootstrap.sha256sum] = "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" - -export GOOS = "${BUILD_GOOS}" -export GOARCH = "${BUILD_GOARCH}" -CC = "${@d.getVar('BUILD_CC').strip()}" - -GOMAKEARGS ?= "--no-banner" - -do_configure() { - cd ${WORKDIR}/go1.4/go/src - CGO_ENABLED=0 GOROOT=${WORKDIR}/go1.4/go ./make.bash -} - -do_compile() { - export GOROOT_FINAL="${libdir_native}/go" - export GOROOT_BOOTSTRAP="${WORKDIR}/go1.4/go" - - cd src - ./make.bash ${GOMAKEARGS} - cd ${B} -} -do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin" - -make_wrapper() { - rm -f ${D}${bindir}/$2$3 - cat <${D}${bindir}/$2$3 -#!/bin/bash -here=\`dirname \$0\` -export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" -\$here/../lib/go/bin/$1 "\$@" -END - chmod +x ${D}${bindir}/$2 -} - -do_install() { - install -d ${D}${libdir}/go - cp --preserve=mode,timestamps -R ${B}/pkg ${D}${libdir}/go/ - install -d ${D}${libdir}/go/src - (cd ${S}/src; for d in *; do \ - [ -d $d ] && cp -a ${S}/src/$d ${D}${libdir}/go/src/; \ - done) - find ${D}${libdir}/go/src -depth -type d -name testdata -exec rm -rf {} \; - install -d ${D}${bindir} ${D}${libdir}/go/bin - for f in ${B}/bin/* - do - base=`basename $f` - install -m755 $f ${D}${libdir}/go/bin - make_wrapper $base $base - done -} diff --git a/poky/meta/recipes-devtools/go/go-native_1.17.13.bb b/poky/meta/recipes-devtools/go/go-native_1.17.13.bb new file mode 100644 index 0000000000..ddf25b2c9b --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-native_1.17.13.bb @@ -0,0 +1,58 @@ +# This recipe builds a native Go (written in Go) by first building an old Go 1.4 +# (written in C). However this old Go does not support all hosts platforms. + +require go-${PV}.inc + +inherit native + +SRC_URI += "https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" +SRC_URI[bootstrap.sha256sum] = "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" + +export GOOS = "${BUILD_GOOS}" +export GOARCH = "${BUILD_GOARCH}" +CC = "${@d.getVar('BUILD_CC').strip()}" + +GOMAKEARGS ?= "--no-banner" + +do_configure() { + cd ${WORKDIR}/go1.4/go/src + CGO_ENABLED=0 GOROOT=${WORKDIR}/go1.4/go ./make.bash +} + +do_compile() { + export GOROOT_FINAL="${libdir_native}/go" + export GOROOT_BOOTSTRAP="${WORKDIR}/go1.4/go" + + cd src + ./make.bash ${GOMAKEARGS} + cd ${B} +} +do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin" + +make_wrapper() { + rm -f ${D}${bindir}/$2$3 + cat <${D}${bindir}/$2$3 +#!/bin/bash +here=\`dirname \$0\` +export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" +\$here/../lib/go/bin/$1 "\$@" +END + chmod +x ${D}${bindir}/$2 +} + +do_install() { + install -d ${D}${libdir}/go + cp --preserve=mode,timestamps -R ${B}/pkg ${D}${libdir}/go/ + install -d ${D}${libdir}/go/src + (cd ${S}/src; for d in *; do \ + [ -d $d ] && cp -a ${S}/src/$d ${D}${libdir}/go/src/; \ + done) + find ${D}${libdir}/go/src -depth -type d -name testdata -exec rm -rf {} \; + install -d ${D}${bindir} ${D}${libdir}/go/bin + for f in ${B}/bin/* + do + base=`basename $f` + install -m755 $f ${D}${libdir}/go/bin + make_wrapper $base $base + done +} diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.17.12.bb b/poky/meta/recipes-devtools/go/go-runtime_1.17.12.bb deleted file mode 100644 index 63464a1501..0000000000 --- a/poky/meta/recipes-devtools/go/go-runtime_1.17.12.bb +++ /dev/null @@ -1,3 +0,0 @@ -require go-${PV}.inc -require go-runtime.inc - diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.17.13.bb b/poky/meta/recipes-devtools/go/go-runtime_1.17.13.bb new file mode 100644 index 0000000000..63464a1501 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-runtime_1.17.13.bb @@ -0,0 +1,3 @@ +require go-${PV}.inc +require go-runtime.inc + diff --git a/poky/meta/recipes-devtools/go/go_1.17.12.bb b/poky/meta/recipes-devtools/go/go_1.17.12.bb deleted file mode 100644 index 34dc89bb0c..0000000000 --- a/poky/meta/recipes-devtools/go/go_1.17.12.bb +++ /dev/null @@ -1,17 +0,0 @@ -require go-${PV}.inc -require go-target.inc - -inherit linuxloader - -export GOBUILDMODE="" -export GO_LDSO = "${@get_linuxloader(d)}" -export CC_FOR_TARGET = "gcc" -export CXX_FOR_TARGET = "g++" - -# mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its -# variants. -python() { - if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True): - d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel") -} - diff --git a/poky/meta/recipes-devtools/go/go_1.17.13.bb b/poky/meta/recipes-devtools/go/go_1.17.13.bb new file mode 100644 index 0000000000..34dc89bb0c --- /dev/null +++ b/poky/meta/recipes-devtools/go/go_1.17.13.bb @@ -0,0 +1,17 @@ +require go-${PV}.inc +require go-target.inc + +inherit linuxloader + +export GOBUILDMODE="" +export GO_LDSO = "${@get_linuxloader(d)}" +export CC_FOR_TARGET = "gcc" +export CXX_FOR_TARGET = "g++" + +# mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its +# variants. +python() { + if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True): + d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel") +} + diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb index e7ef6a730c..c34580b4ff 100644 --- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "2b4b88eb513335b0ece55fe51854693d9b20de35" +SRCREV = "c9670c27ff67ab899007ce749254b16091577e55" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" diff --git a/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb b/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb index 09a305edf8..6e28b87ba3 100644 --- a/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb +++ b/poky/meta/recipes-devtools/python/python3-pip_22.0.3.bb @@ -55,6 +55,8 @@ RDEPENDS:${PN} = "\ python3-unixadmin \ python3-xmlrpc \ python3-pickle \ + python3-distutils \ + python3-image \ " BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb b/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb index 4abd181acf..e374979cb4 100644 --- a/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb +++ b/poky/meta/recipes-devtools/python/python3-rfc3986-validator_0.1.1.bb @@ -13,7 +13,7 @@ UPSTREAM_CHECK_REGEX = "/rfc3986-validator/(?P(\d+[\.\-_]*)+)/" inherit pypi setuptools3 -SRC_URI:append = " \ +SRC_URI += "\ file://0001-setup.py-move-pytest-runner-to-test_requirements.patch \ " diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 54a68e1730..a493ac8add 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -36,6 +36,13 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-4206.patch \ file://CVE-2021-4207.patch \ file://CVE-2022-35414.patch \ + file://CVE-2021-3507_1.patch \ + file://CVE-2021-3507_2.patch \ + file://CVE-2021-3929.patch \ + file://CVE-2021-4158.patch \ + file://CVE-2022-0358.patch \ + file://CVE-2022-0216_1.patch \ + file://CVE-2022-0216_2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch new file mode 100644 index 0000000000..4201610f4d --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_1.patch @@ -0,0 +1,92 @@ +From 963ac2cd5186b28fbfdecd15ac43afe1dbaf871a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Thu, 18 Nov 2021 12:57:32 +0100 +Subject: [PATCH 1/2] hw/block/fdc: Prevent end-of-track overrun + (CVE-2021-3507) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Per the 82078 datasheet, if the end-of-track (EOT byte in +the FIFO) is more than the number of sectors per side, the +command is terminated unsuccessfully: + +* 5.2.5 DATA TRANSFER TERMINATION + + The 82078 supports terminal count explicitly through + the TC pin and implicitly through the underrun/over- + run and end-of-track (EOT) functions. For full sector + transfers, the EOT parameter can define the last + sector to be transferred in a single or multisector + transfer. If the last sector to be transferred is a par- + tial sector, the host can stop transferring the data in + mid-sector, and the 82078 will continue to complete + the sector as if a hardware TC was received. The + only difference between these implicit functions and + TC is that they return "abnormal termination" result + status. Such status indications can be ignored if they + were expected. + +* 6.1.3 READ TRACK + + This command terminates when the EOT specified + number of sectors have been read. If the 82078 + does not find an I D Address Mark on the diskette + after the second· occurrence of a pulse on the + INDX# pin, then it sets the IC code in Status Regis- + ter 0 to "01" (Abnormal termination), sets the MA bit + in Status Register 1 to "1", and terminates the com- + mand. + +* 6.1.6 VERIFY + + Refer to Table 6-6 and Table 6-7 for information + concerning the values of MT and EC versus SC and + EOT value. + +* Table 6·6. Result Phase Table + +* Table 6-7. Verify Command Result Phase Table + +Fix by aborting the transfer when EOT > # Sectors Per Side. + +Cc: qemu-stable@nongnu.org +Cc: Hervé Poussineau +Fixes: baca51faff0 ("floppy driver: disk geometry auto detect") +Reported-by: Alexander Bulekov +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/339 +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20211118115733.4038610-2-philmd@redhat.com> +Reviewed-by: Hanna Reitz +Signed-off-by: Kevin Wolf + +Upstream-Status: Backport [defac5e2fbddf8423a354ff0454283a2115e1367] +CVE: CVE-2021-3507 + +Signed-off-by: Sakib Sajal +--- + hw/block/fdc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index 21d18ac2e..24b05406e 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -1529,6 +1529,14 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int direction) + int tmp; + fdctrl->data_len = 128 << (fdctrl->fifo[5] > 7 ? 7 : fdctrl->fifo[5]); + tmp = (fdctrl->fifo[6] - ks + 1); ++ if (tmp < 0) { ++ FLOPPY_DPRINTF("invalid EOT: %d\n", tmp); ++ fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00); ++ fdctrl->fifo[3] = kt; ++ fdctrl->fifo[4] = kh; ++ fdctrl->fifo[5] = ks; ++ return; ++ } + if (fdctrl->fifo[0] & 0x80) + tmp += fdctrl->fifo[6]; + fdctrl->data_len *= tmp; +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch new file mode 100644 index 0000000000..9f00d9c0d0 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3507_2.patch @@ -0,0 +1,115 @@ +From ec5725982f811d9728ad1f9940df0e9349397e67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Thu, 18 Nov 2021 12:57:33 +0100 +Subject: [PATCH 2/2] tests/qtest/fdc-test: Add a regression test for + CVE-2021-3507 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339 + +Without the previous commit, when running 'make check-qtest-i386' +with QEMU configured with '--enable-sanitizers' we get: + + ==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000062a00 at pc 0x5626d03c491a bp 0x7ffdb4199410 sp 0x7ffdb4198bc0 + READ of size 786432 at 0x619000062a00 thread T0 + #0 0x5626d03c4919 in __asan_memcpy (qemu-system-i386+0x1e65919) + #1 0x5626d1c023cc in flatview_write_continue softmmu/physmem.c:2787:13 + #2 0x5626d1bf0c0f in flatview_write softmmu/physmem.c:2822:14 + #3 0x5626d1bf0798 in address_space_write softmmu/physmem.c:2914:18 + #4 0x5626d1bf0f37 in address_space_rw softmmu/physmem.c:2924:16 + #5 0x5626d1bf14c8 in cpu_physical_memory_rw softmmu/physmem.c:2933:5 + #6 0x5626d0bd5649 in cpu_physical_memory_write include/exec/cpu-common.h:82:5 + #7 0x5626d0bd0a07 in i8257_dma_write_memory hw/dma/i8257.c:452:9 + #8 0x5626d09f825d in fdctrl_transfer_handler hw/block/fdc.c:1616:13 + #9 0x5626d0a048b4 in fdctrl_start_transfer hw/block/fdc.c:1539:13 + #10 0x5626d09f4c3e in fdctrl_write_data hw/block/fdc.c:2266:13 + #11 0x5626d09f22f7 in fdctrl_write hw/block/fdc.c:829:9 + #12 0x5626d1c20bc5 in portio_write softmmu/ioport.c:207:17 + + 0x619000062a00 is located 0 bytes to the right of 512-byte region [0x619000062800,0x619000062a00) + allocated by thread T0 here: + #0 0x5626d03c66ec in posix_memalign (qemu-system-i386+0x1e676ec) + #1 0x5626d2b988d4 in qemu_try_memalign util/oslib-posix.c:210:11 + #2 0x5626d2b98b0c in qemu_memalign util/oslib-posix.c:226:27 + #3 0x5626d09fbaf0 in fdctrl_realize_common hw/block/fdc.c:2341:20 + #4 0x5626d0a150ed in isabus_fdc_realize hw/block/fdc-isa.c:113:5 + #5 0x5626d2367935 in device_set_realized hw/core/qdev.c:531:13 + + SUMMARY: AddressSanitizer: heap-buffer-overflow (qemu-system-i386+0x1e65919) in __asan_memcpy + Shadow bytes around the buggy address: + 0x0c32800044f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0c3280004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0c3280004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x0c3280004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + =>0x0c3280004540:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa + 0x0c3280004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Heap left redzone: fa + Freed heap region: fd + ==4028352==ABORTING + +[ kwolf: Added snapshot=on to prevent write file lock failure ] + +Reported-by: Alexander Bulekov +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Alexander Bulekov +Signed-off-by: Kevin Wolf + +Upstream-Status: Backport [46609b90d9e3a6304def11038a76b58ff43f77bc] +CVE: CVE-2021-3507 + +Signed-off-by: Sakib Sajal +--- + tests/qtest/fdc-test.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c +index 8f6eee84a..6f5850354 100644 +--- a/tests/qtest/fdc-test.c ++++ b/tests/qtest/fdc-test.c +@@ -583,6 +583,26 @@ static void test_cve_2021_20196(void) + qtest_quit(s); + } + ++static void test_cve_2021_3507(void) ++{ ++ QTestState *s; ++ ++ s = qtest_initf("-nographic -m 32M -nodefaults " ++ "-drive file=%s,format=raw,if=floppy,snapshot=on", ++ test_image); ++ qtest_outl(s, 0x9, 0x0a0206); ++ qtest_outw(s, 0x3f4, 0x1600); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0200); ++ qtest_outw(s, 0x3f4, 0x0200); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_outw(s, 0x3f4, 0x0000); ++ qtest_quit(s); ++} ++ + int main(int argc, char **argv) + { + int fd; +@@ -614,6 +634,7 @@ int main(int argc, char **argv) + qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19); + qtest_add_func("/fdc/fuzz-registers", fuzz_registers); + qtest_add_func("/fdc/fuzz/cve_2021_20196", test_cve_2021_20196); ++ qtest_add_func("/fdc/fuzz/cve_2021_3507", test_cve_2021_3507); + + ret = g_test_run(); + +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch new file mode 100644 index 0000000000..7555e5bc40 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch @@ -0,0 +1,70 @@ +From 12daeafc9868c1ebe482d580494f9e6d3d5c260f Mon Sep 17 00:00:00 2001 +From: Klaus Jensen +Date: Fri, 17 Dec 2021 10:44:01 +0100 +Subject: [PATCH] hw/nvme: fix CVE-2021-3929 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes CVE-2021-3929 "locally" by denying DMA to the iomem of the +device itself. This still allows DMA to MMIO regions of other devices +(e.g. doing P2P DMA to the controller memory buffer of another NVMe +device). + +Fixes: CVE-2021-3929 +Reported-by: Qiuhao Li +Reviewed-by: Keith Busch +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Klaus Jensen + +Upstream-Status: Backport [736b01642d85be832385063f278fe7cd4ffb5221] +CVE: CVE-2021-3929 + +Signed-off-by: Sakib Sajal +--- + hw/nvme/ctrl.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 5f573c417..eda52c6ac 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -357,6 +357,24 @@ static inline void *nvme_addr_to_pmr(NvmeCtrl *n, hwaddr addr) + return memory_region_get_ram_ptr(&n->pmr.dev->mr) + (addr - n->pmr.cba); + } + ++static inline bool nvme_addr_is_iomem(NvmeCtrl *n, hwaddr addr) ++{ ++ hwaddr hi, lo; ++ ++ /* ++ * The purpose of this check is to guard against invalid "local" access to ++ * the iomem (i.e. controller registers). Thus, we check against the range ++ * covered by the 'bar0' MemoryRegion since that is currently composed of ++ * two subregions (the NVMe "MBAR" and the MSI-X table/pba). Note, however, ++ * that if the device model is ever changed to allow the CMB to be located ++ * in BAR0 as well, then this must be changed. ++ */ ++ lo = n->bar0.addr; ++ hi = lo + int128_get64(n->bar0.size); ++ ++ return addr >= lo && addr < hi; ++} ++ + static int nvme_addr_read(NvmeCtrl *n, hwaddr addr, void *buf, int size) + { + hwaddr hi = addr + size - 1; +@@ -614,6 +632,10 @@ static uint16_t nvme_map_addr(NvmeCtrl *n, NvmeSg *sg, hwaddr addr, size_t len) + + trace_pci_nvme_map_addr(addr, len); + ++ if (nvme_addr_is_iomem(n, addr)) { ++ return NVME_DATA_TRAS_ERROR; ++ } ++ + if (nvme_addr_is_cmb(n, addr)) { + cmb = true; + } else if (nvme_addr_is_pmr(n, addr)) { +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch new file mode 100644 index 0000000000..f6de53244f --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-4158.patch @@ -0,0 +1,46 @@ +From a0b64c6d078acb9bcfae600e22bf99a9a7deca7c Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Tue, 21 Dec 2021 09:45:44 -0500 +Subject: [PATCH] acpi: validate hotplug selector on access +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When bus is looked up on a pci write, we didn't +validate that the lookup succeeded. +Fuzzers thus can trigger QEMU crash by dereferencing the NULL +bus pointer. + +Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device") +Fixes: CVE-2021-4158 +Cc: "Igor Mammedov" +Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770 +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Ani Sinha + +Upstream-Status: Backport [9bd6565ccee68f72d5012e24646e12a1c662827e] +CVE: CVE-2021-4158 + +Signed-off-by: Sakib Sajal +--- + hw/acpi/pcihp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c +index 30405b511..a5e182dd3 100644 +--- a/hw/acpi/pcihp.c ++++ b/hw/acpi/pcihp.c +@@ -491,6 +491,9 @@ static void pci_write(void *opaque, hwaddr addr, uint64_t data, + } + + bus = acpi_pcihp_find_hotplug_bus(s, s->hotplug_select); ++ if (!bus) { ++ break; ++ } + QTAILQ_FOREACH_SAFE(kid, &bus->qbus.children, sibling, next) { + Object *o = OBJECT(kid->child); + PCIDevice *dev = PCI_DEVICE(o); +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch new file mode 100644 index 0000000000..de7458fc72 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_1.patch @@ -0,0 +1,42 @@ +From 1cedc914b2c4b4e0c9dfcd1b0e02917af35b5eb6 Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella +Date: Tue, 5 Jul 2022 22:05:43 +0200 +Subject: [PATCH 1/3] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout + (CVE-2022-0216) + +Set current_req->req to NULL to prevent reusing a free'd buffer in case of +repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch. + +Fixes: CVE-2022-0216 +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972 +Signed-off-by: Mauro Matteo Cascella +Reviewed-by: Thomas Huth +Message-Id: <20220705200543.2366809-1-mcascell@redhat.com> +Signed-off-by: Paolo Bonzini + +Upstream-Status: Backport [6c8fa961da5e60f574bb52fd3ad44b1e9e8ad4b8] +CVE: CVE-2022-0216 + +Signed-off-by: Sakib Sajal +--- + hw/scsi/lsi53c895a.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c +index 85e907a78..8033cf050 100644 +--- a/hw/scsi/lsi53c895a.c ++++ b/hw/scsi/lsi53c895a.c +@@ -1029,8 +1029,9 @@ static void lsi_do_msgout(LSIState *s) + case 0x0d: + /* The ABORT TAG message clears the current I/O process only. */ + trace_lsi_do_msgout_abort(current_tag); +- if (current_req) { ++ if (current_req && current_req->req) { + scsi_req_cancel(current_req->req); ++ current_req->req = NULL; + } + lsi_disconnect(s); + break; +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch new file mode 100644 index 0000000000..12f5a602da --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0216_2.patch @@ -0,0 +1,52 @@ +From 8f2c2cb908758192d5ebc00605cbf0989b8a507c Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella +Date: Mon, 11 Jul 2022 14:33:16 +0200 +Subject: [PATCH 3/3] scsi/lsi53c895a: really fix use-after-free in + lsi_do_msgout (CVE-2022-0216) + +Set current_req to NULL, not current_req->req, to prevent reusing a free'd +buffer in case of repeated SCSI cancel requests. Also apply the fix to +CLEAR QUEUE and BUS DEVICE RESET messages as well, since they also cancel +the request. + +Thanks to Alexander Bulekov for providing a reproducer. + +Fixes: CVE-2022-0216 +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972 +Signed-off-by: Mauro Matteo Cascella +Tested-by: Alexander Bulekov +Message-Id: <20220711123316.421279-1-mcascell@redhat.com> +Signed-off-by: Paolo Bonzini + +Upstream-Status: Backport [4367a20cc442c56b05611b4224de9a61908f9eac] +CVE: CVE-2022-0216 + +Signed-off-by: Sakib Sajal +--- + hw/scsi/lsi53c895a.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c +index 8033cf050..fbe3fa3dd 100644 +--- a/hw/scsi/lsi53c895a.c ++++ b/hw/scsi/lsi53c895a.c +@@ -1031,7 +1031,7 @@ static void lsi_do_msgout(LSIState *s) + trace_lsi_do_msgout_abort(current_tag); + if (current_req && current_req->req) { + scsi_req_cancel(current_req->req); +- current_req->req = NULL; ++ current_req = NULL; + } + lsi_disconnect(s); + break; +@@ -1057,6 +1057,7 @@ static void lsi_do_msgout(LSIState *s) + /* clear the current I/O process */ + if (s->current) { + scsi_req_cancel(s->current->req); ++ current_req = NULL; + } + + /* As the current implemented devices scsi_disk and scsi_generic +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch new file mode 100644 index 0000000000..8eb1475638 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-0358.patch @@ -0,0 +1,106 @@ +From 4d2558ec9336d3614a43f7437c9cf74793ae3a87 Mon Sep 17 00:00:00 2001 +From: Vivek Goyal +Date: Tue, 25 Jan 2022 13:51:14 -0500 +Subject: [PATCH] virtiofsd: Drop membership of all supplementary groups + (CVE-2022-0358) + +At the start, drop membership of all supplementary groups. This is +not required. + +If we have membership of "root" supplementary group and when we switch +uid/gid using setresuid/setsgid, we still retain membership of existing +supplemntary groups. And that can allow some operations which are not +normally allowed. + +For example, if root in guest creates a dir as follows. + +$ mkdir -m 03777 test_dir + +This sets SGID on dir as well as allows unprivileged users to write into +this dir. + +And now as unprivileged user open file as follows. + +$ su test +$ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755); + +This will create SGID set executable in test_dir/. + +And that's a problem because now an unpriviliged user can execute it, +get egid=0 and get access to resources owned by "root" group. This is +privilege escalation. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 +Fixes: CVE-2022-0358 +Reported-by: JIETAO XIAO +Suggested-by: Miklos Szeredi +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Dr. David Alan Gilbert +Signed-off-by: Vivek Goyal +Message-Id: +Signed-off-by: Dr. David Alan Gilbert + dgilbert: Fixed missing {}'s style nit + +Upstream-Status: Backport [449e8171f96a6a944d1f3b7d3627ae059eae21ca] +CVE: CVE-2022-0358 + +Signed-off-by: Sakib Sajal +--- + tools/virtiofsd/passthrough_ll.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index 64b5b4fbb..b3d0674f6 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -54,6 +54,7 @@ + #include + #include + #include ++#include + + #include "qemu/cutils.h" + #include "passthrough_helpers.h" +@@ -1161,6 +1162,30 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) + #define OURSYS_setresuid SYS_setresuid + #endif + ++static void drop_supplementary_groups(void) ++{ ++ int ret; ++ ++ ret = getgroups(0, NULL); ++ if (ret == -1) { ++ fuse_log(FUSE_LOG_ERR, "getgroups() failed with error=%d:%s\n", ++ errno, strerror(errno)); ++ exit(1); ++ } ++ ++ if (!ret) { ++ return; ++ } ++ ++ /* Drop all supplementary groups. We should not need it */ ++ ret = setgroups(0, NULL); ++ if (ret == -1) { ++ fuse_log(FUSE_LOG_ERR, "setgroups() failed with error=%d:%s\n", ++ errno, strerror(errno)); ++ exit(1); ++ } ++} ++ + /* + * Change to uid/gid of caller so that file is created with + * ownership of caller. +@@ -3926,6 +3951,8 @@ int main(int argc, char *argv[]) + + qemu_init_exec_dir(argv[0]); + ++ drop_supplementary_groups(); ++ + pthread_mutex_init(&lo.mutex, NULL); + lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal); + lo.root.fd = -1; +-- +2.33.0 + diff --git a/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch deleted file mode 100644 index 044b4dd2a0..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:56:20 +0300 -Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function - -No functional changes, just to reduce code duplication and needed by -the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] - -Signed-off-by: Changqing Li ---- - rpmio/rpmpgp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9a..e472b5320f 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) - return algo; - } - -+static pgpDigParams pgpDigParamsNew(uint8_t tag) -+{ -+ pgpDigParams digp = xcalloc(1, sizeof(*digp)); -+ digp->tag = tag; -+ return digp; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { -@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - if (pkttype && pkt.tag != pkttype) { - break; - } else { -- digp = xcalloc(1, sizeof(*digp)); -- digp->tag = pkt.tag; -+ digp = pgpDigParamsNew(pkt.tag); - } - } - -@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - digps = xrealloc(digps, alloced * sizeof(*digps)); - } - -- digps[count] = xcalloc(1, sizeof(**digps)); -- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; -+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); - /* Copy UID from main key to subkey */ - digps[count]->userid = xstrdup(mainkey->userid); - --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 6d236ac400..c6cf9d4c88 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 +From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index eb7d6941b..10a889b5d 100644 +index 372875fc4..1b7add9ee 100644 --- a/configure.ac +++ b/configure.ac -@@ -871,7 +871,7 @@ else +@@ -884,7 +884,7 @@ else usrprefix=$prefix fi @@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644 AC_SUBST(OBJDUMP) diff --git a/macros.in b/macros.in -index a1f795e5f..689e784ef 100644 +index d53ab5ed5..9d10441c8 100644 --- a/macros.in +++ b/macros.in -@@ -933,7 +933,7 @@ package or when debugging this package.\ +@@ -911,7 +911,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index 7b57f433b..9bbb9ee96 100644 +index ebe4e40d1..e6920e258 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 11:0:2 + rpm_version_info = 12:0:3 diff --git a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch index 4020a31092..2a0069cafe 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch @@ -28,11 +28,18 @@ Signed-off-by: Alexander Kanavin lib/rpmscript.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) -diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index cc98c4885..f8bd3df04 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -394,8 +394,7 @@ exit: +@@ -17,7 +17,7 @@ + #include "rpmio/rpmio_internal.h" + + #include "lib/rpmplugins.h" /* rpm plugins hooks */ +- ++#include "lib/rpmchroot.h" /* rpmChrootOut */ + #include "debug.h" + + struct scriptNextFileFunc_s { +@@ -391,8 +391,7 @@ exit: Fclose(out); /* XXX dup'd STDOUT_FILENO */ if (fn) { @@ -42,7 +49,7 @@ index cc98c4885..f8bd3df04 100644 free(fn); } free(mline); -@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd, +@@ -426,7 +425,13 @@ rpmRC rpmScriptRun(rpmScript script, int if (rc != RPMRC_FAIL) { if (script_type & RPMSCRIPTLET_EXEC) { @@ -57,6 +64,3 @@ index cc98c4885..f8bd3df04 100644 } else { rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); } --- -2.11.0 - diff --git a/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch new file mode 100644 index 0000000000..2174a79e75 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch @@ -0,0 +1,31 @@ +From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Thu, 4 Aug 2022 12:15:08 +0200 +Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling + +x32 is a 64 bit x86 ABI with 32 bit pointers. + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143] +Signed-off-by: Alexander Kanavin +--- + configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 372875fc49..7d6a3d274e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'` + host_os_gnu=-gnuabi64 + fi ++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then ++ host_os=`echo "${host_os}" | sed 's/-gnux32$//'` ++ host_os_gnu=-gnux32 ++fi + if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnu$//'` + fi +-- +2.30.2 + diff --git a/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch deleted file mode 100644 index 683b57d455..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:51:10 +0300 -Subject: [PATCH 2/3] Process MPI's from all kinds of signatures - -No immediate effect but needed by the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 25f67048fd..509e777e6d 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) - return NULL; - } - --static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, -+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, - const uint8_t *p, const uint8_t *h, size_t hlen, - pgpDigParams sigp) - { -@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, - int mpil = pgpMpiLen(p); - if (pend - p < mpil) - break; -- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { -- if (sigalg->setmpi(sigalg, i, p)) -- break; -- } -+ if (sigalg->setmpi(sigalg, i, p)) -+ break; - p += mpil; - } - -@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - } - - p = ((uint8_t *)v) + sizeof(*v); -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - case 4: - { pgpPktSigV4 v = (pgpPktSigV4)h; -@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - p += 2; - if (p > hend) - return 1; -- -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - default: - rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch deleted file mode 100644 index a5ec802501..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:59:30 +0300 -Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP - public keys - -All subkeys must be followed by a binding signature by the primary key -as per the OpenPGP RFC, enforce the presence and validity in the parser. - -The implementation is as kludgey as they come to work around our -simple-minded parser structure without touching API, to maximise -backportability. Store all the raw packets internally as we decode them -to be able to access previous elements at will, needed to validate ordering -and access the actual data. Add testcases for manipulated keys whose -import previously would succeed. - -Depends on the two previous commits: -7b399fcb8f52566e6f3b4327197a85facd08db91 and -236b802a4aa48711823a191d1b7f753c82a89ec5 - -Fixes CVE-2021-3521. - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] -CVE:CVE-2021-3521 - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 99 +++++++++++++++++-- - tests/Makefile.am | 3 + - tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ - .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ - tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ - tests/rpmsigdig.at | 28 ++++++ - 6 files changed, 209 insertions(+), 8 deletions(-) - create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 509e777e6d..371ad4d9b6 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) - return digp; - } - -+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) -+{ -+ int rc = -1; -+ if (pkt->tag == exptag) { -+ uint8_t head[] = { -+ 0x99, -+ (pkt->blen >> 8), -+ (pkt->blen ), -+ }; -+ -+ rpmDigestUpdate(hash, head, 3); -+ rpmDigestUpdate(hash, pkt->body, pkt->blen); -+ rc = 0; -+ } -+ return rc; -+} -+ -+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, -+ const struct pgpPkt *all, int i) -+{ -+ int rc = -1; -+ DIGEST_CTX hash = NULL; -+ -+ switch (selfsig->sigtype) { -+ case PGPSIGTYPE_SUBKEY_BINDING: -+ hash = rpmDigestInit(selfsig->hash_algo, 0); -+ if (hash) { -+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); -+ if (!rc) -+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); -+ } -+ break; -+ default: -+ /* ignore types we can't handle */ -+ rc = 0; -+ break; -+ } -+ -+ if (hash && rc == 0) -+ rc = pgpVerifySignature(key, selfsig, hash); -+ -+ rpmDigestFinal(hash, NULL, NULL, 0); -+ -+ return rc; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { - const uint8_t *p = pkts; - const uint8_t *pend = pkts + pktlen; - pgpDigParams digp = NULL; -- struct pgpPkt pkt; -+ pgpDigParams selfsig = NULL; -+ int i = 0; -+ int alloced = 16; /* plenty for normal cases */ -+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); - int rc = -1; /* assume failure */ -+ int expect = 0; -+ int prevtag = 0; - - while (p < pend) { -- if (decodePkt(p, (pend - p), &pkt)) -+ struct pgpPkt *pkt = &all[i]; -+ if (decodePkt(p, (pend - p), pkt)) - break; - - if (digp == NULL) { -- if (pkttype && pkt.tag != pkttype) { -+ if (pkttype && pkt->tag != pkttype) { - break; - } else { -- digp = pgpDigParamsNew(pkt.tag); -+ digp = pgpDigParamsNew(pkt->tag); - } - } - -- if (pgpPrtPkt(&pkt, digp)) -+ if (expect) { -+ if (pkt->tag != expect) -+ break; -+ selfsig = pgpDigParamsNew(pkt->tag); -+ } -+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) - break; - -- p += (pkt.body - pkt.head) + pkt.blen; -- if (pkttype == PGPTAG_SIGNATURE) -- break; -+ if (selfsig) { -+ /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } -+ -+ int xx = pgpVerifySelf(digp, selfsig, all, i); -+ -+ selfsig = pgpDigParamsFree(selfsig); -+ if (xx) -+ break; -+ expect = 0; -+ } -+ -+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) -+ expect = PGPTAG_SIGNATURE; -+ prevtag = pkt->tag; -+ -+ i++; -+ p += (pkt->body - pkt->head) + pkt->blen; -+ if (pkttype == PGPTAG_SIGNATURE) -+ break; -+ -+ if (alloced <= i) { -+ alloced *= 2; -+ all = xrealloc(all, alloced * sizeof(*all)); -+ } -+ - } - - rc = (digp && (p == pend)) ? 0 : -1; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index a41ce10de8..7bb23247f1 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec - EXTRA_DIST += data/SPECS/hello-cd.spec - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret -+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc - EXTRA_DIST += data/macros.testfile - EXTRA_DIST += data/macros.debug - EXTRA_DIST += data/SOURCES/foo.c -diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-badbind.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc -new file mode 100644 -index 0000000000..3a2e7417f8 ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc -@@ -0,0 +1,37 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 -+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En -+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ -+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF -+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ -+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB -+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j -+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos -+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ -+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX -+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ -+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ -+E4XX4jtDmdZPreZALsiB -+=rRop -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 8e7c759b8f..e2d30a7f1b 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -2,6 +2,34 @@ - - AT_BANNER([RPM signatures and digests]) - -+AT_SETUP([rpmkeys --import invalid keys]) -+AT_KEYWORDS([rpmkeys import]) -+RPMDB_INIT -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] -+) -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] -+) -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] -+) -+AT_CLEANUP -+ - # ------------------------------ - # Test pre-built package verification - AT_SETUP([rpmkeys -Kv 1]) --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb deleted file mode 100644 index c392ac0db4..0000000000 --- a/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb +++ /dev/null @@ -1,208 +0,0 @@ -SUMMARY = "The RPM package management system" -DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ -package management system capable of installing, uninstalling, \ -verifying, querying, and updating software packages. Each software \ -package consists of an archive of files along with information about \ -the package like its version, a description, etc." - -SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" -DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ -development files will simplify the process of writing programs that \ -manipulate RPM packages and databases. These files are intended to \ -simplify the process of creating graphical package managers or any \ -other tools that need an intimate knowledge of RPM packages in order \ -to function." - -SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" -DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ -written in the Python programming language to use the interface \ -supplied by the RPM Package Manager libraries." - -HOMEPAGE = "http://www.rpm.org" - -# libraries are also LGPL - how to express this? -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" - -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ - file://environment.d-rpm.sh \ - file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ - file://0001-Do-not-read-config-files-from-HOME.patch \ - file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ - file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ - file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ - file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ - file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ - file://0001-perl-disable-auto-reqs.patch \ - file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ - file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ - file://0001-tools-Add-error.h-for-non-glibc-case.patch \ - file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ - file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ - file://0001-CVE-2021-3521.patch \ - file://0002-CVE-2021-3521.patch \ - file://0003-CVE-2021-3521.patch \ - " - -PE = "1" -SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" - -S = "${WORKDIR}/git" - -DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" -DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" - -inherit autotools gettext pkgconfig python3native -export PYTHON_ABI - -AUTOTOOLS_AUXDIR = "${S}/build-aux" - -# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe -EXTRA_AUTORECONF:append = " --exclude=gnu-configize" - -# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages -EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" -EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" - -# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs -# --localstatedir prevents rpm from writing its database to native sysroot when building images -# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset -# plugins both behave badly inside builds. -EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" -EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" - -BBCLASSEXTEND = "native nativesdk" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" -# The inhibit plugin serves no purpose outside of the target -PACKAGECONFIG:remove:class-native = "inhibit" -PACKAGECONFIG:remove:class-nativesdk = "inhibit" - -PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" -PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" -PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" -PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" -PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" -PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" -PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" - -ASNEEDED = "" - -# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in -# libmagic also has sysroot path contamination, so override it - -WRAPPER_TOOLS = " \ - ${bindir}/rpm \ - ${bindir}/rpm2archive \ - ${bindir}/rpm2cpio \ - ${bindir}/rpmbuild \ - ${bindir}/rpmdb \ - ${bindir}/rpmgraph \ - ${bindir}/rpmkeys \ - ${bindir}/rpmsign \ - ${bindir}/rpmspec \ - ${libdir}/rpm/rpmdeps \ -" - -do_configure:prepend() { - mkdir -p ${S}/build-aux -} - -do_install:append:class-native() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ - RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ - MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done -} - -do_install:append:class-nativesdk() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ - RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ - MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done - - rm -rf ${D}/var - - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh -} - -# Rpm's make install creates var/tmp which clashes with base-files packaging -do_install:append:class-target() { - rm -rf ${D}/var -} -do_install:append:class-nativesdk() { - rm -rf ${D}${SDKPATHNATIVE}/var -} - -do_install:append () { - sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ - ${D}/${libdir}/rpm/macros - -} - -FILES:${PN} += "${libdir}/rpm-plugins/*.so \ - " -FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" - -FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ - " -PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" - -RRECOMMENDS:${PN} += "rpm-sign rpm-archive" - -FILES:${PN}-build = "\ - ${bindir}/rpmbuild \ - ${bindir}/gendiff \ - ${bindir}/rpmspec \ - ${libdir}/librpmbuild.so.* \ - ${libdir}/rpm/brp-* \ - ${libdir}/rpm/check-* \ - ${libdir}/rpm/debugedit \ - ${libdir}/rpm/sepdebugcrcfix \ - ${libdir}/rpm/find-debuginfo.sh \ - ${libdir}/rpm/find-lang.sh \ - ${libdir}/rpm/*provides* \ - ${libdir}/rpm/*requires* \ - ${libdir}/rpm/*deps* \ - ${libdir}/rpm/*.prov \ - ${libdir}/rpm/*.req \ - ${libdir}/rpm/config.* \ - ${libdir}/rpm/mkinstalldirs \ - ${libdir}/rpm/macros.p* \ - ${libdir}/rpm/fileattrs/* \ -" - -FILES:${PN}-sign = "\ - ${bindir}/rpmsign \ - ${libdir}/librpmsign.so.* \ -" - -FILES:${PN}-archive = "\ - ${bindir}/rpm2archive \ -" - -PACKAGES += "python3-rpm" -PROVIDES += "python3-rpm" -FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" - -RDEPENDS:${PN}-build = "bash perl python3-core" - -PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" - -# Do not specify a sysroot when compiling on a target. -rpm_package_preprocess () { - sed -i -e 's:--sysroot[^ ]*::g' \ - ${PKGD}/${libdir}/rpm/macros -} - -SSTATE_HASHEQUIV_FILEMAP = " \ - populate_sysroot:*/rpm/macros:${TMPDIR} \ - populate_sysroot:*/rpm/macros:${COREBASE} \ - " diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb new file mode 100644 index 0000000000..9b6446f265 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb @@ -0,0 +1,206 @@ +SUMMARY = "The RPM package management system" +DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ +package management system capable of installing, uninstalling, \ +verifying, querying, and updating software packages. Each software \ +package consists of an archive of files along with information about \ +the package like its version, a description, etc." + +SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" +DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ +development files will simplify the process of writing programs that \ +manipulate RPM packages and databases. These files are intended to \ +simplify the process of creating graphical package managers or any \ +other tools that need an intimate knowledge of RPM packages in order \ +to function." + +SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" +DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ +written in the Python programming language to use the interface \ +supplied by the RPM Package Manager libraries." + +HOMEPAGE = "http://www.rpm.org" + +# libraries are also LGPL - how to express this? +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" + +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ + file://environment.d-rpm.sh \ + file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ + file://0001-Do-not-read-config-files-from-HOME.patch \ + file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ + file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ + file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ + file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ + file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ + file://0001-perl-disable-auto-reqs.patch \ + file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ + file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ + file://0001-tools-Add-error.h-for-non-glibc-case.patch \ + file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ + file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ + file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ + " + +PE = "1" +SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11" + +S = "${WORKDIR}/git" + +DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" +DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" + +inherit autotools gettext pkgconfig python3native +export PYTHON_ABI + +AUTOTOOLS_AUXDIR = "${S}/build-aux" + +# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe +EXTRA_AUTORECONF:append = " --exclude=gnu-configize" + +# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages +EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" +EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" + +# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs +# --localstatedir prevents rpm from writing its database to native sysroot when building images +# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset +# plugins both behave badly inside builds. +EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" +EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" + +BBCLASSEXTEND = "native nativesdk" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" +# The inhibit plugin serves no purpose outside of the target +PACKAGECONFIG:remove:class-native = "inhibit" +PACKAGECONFIG:remove:class-nativesdk = "inhibit" + +PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" +PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" +PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" +PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" +PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" +PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" +PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" + +ASNEEDED = "" + +# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in +# libmagic also has sysroot path contamination, so override it + +WRAPPER_TOOLS = " \ + ${bindir}/rpm \ + ${bindir}/rpm2archive \ + ${bindir}/rpm2cpio \ + ${bindir}/rpmbuild \ + ${bindir}/rpmdb \ + ${bindir}/rpmgraph \ + ${bindir}/rpmkeys \ + ${bindir}/rpmsign \ + ${bindir}/rpmspec \ + ${libdir}/rpm/rpmdeps \ +" + +do_configure:prepend() { + mkdir -p ${S}/build-aux +} + +do_install:append:class-native() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ + RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ + MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done +} + +do_install:append:class-nativesdk() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ + RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ + MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done + + rm -rf ${D}/var + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh +} + +# Rpm's make install creates var/tmp which clashes with base-files packaging +do_install:append:class-target() { + rm -rf ${D}/var +} +do_install:append:class-nativesdk() { + rm -rf ${D}${SDKPATHNATIVE}/var +} + +do_install:append () { + sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ + ${D}/${libdir}/rpm/macros + +} + +FILES:${PN} += "${libdir}/rpm-plugins/*.so \ + " +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" + +FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ + " +PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" + +RRECOMMENDS:${PN} += "rpm-sign rpm-archive" + +FILES:${PN}-build = "\ + ${bindir}/rpmbuild \ + ${bindir}/gendiff \ + ${bindir}/rpmspec \ + ${libdir}/librpmbuild.so.* \ + ${libdir}/rpm/brp-* \ + ${libdir}/rpm/check-* \ + ${libdir}/rpm/debugedit \ + ${libdir}/rpm/sepdebugcrcfix \ + ${libdir}/rpm/find-debuginfo.sh \ + ${libdir}/rpm/find-lang.sh \ + ${libdir}/rpm/*provides* \ + ${libdir}/rpm/*requires* \ + ${libdir}/rpm/*deps* \ + ${libdir}/rpm/*.prov \ + ${libdir}/rpm/*.req \ + ${libdir}/rpm/config.* \ + ${libdir}/rpm/mkinstalldirs \ + ${libdir}/rpm/macros.p* \ + ${libdir}/rpm/fileattrs/* \ +" + +FILES:${PN}-sign = "\ + ${bindir}/rpmsign \ + ${libdir}/librpmsign.so.* \ +" + +FILES:${PN}-archive = "\ + ${bindir}/rpm2archive \ +" + +PACKAGES += "python3-rpm" +PROVIDES += "python3-rpm" +FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" + +RDEPENDS:${PN}-build = "bash perl python3-core" + +PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" + +# Do not specify a sysroot when compiling on a target. +rpm_package_preprocess () { + sed -i -e 's:--sysroot[^ ]*::g' \ + ${PKGD}/${libdir}/rpm/macros +} + +SSTATE_HASHEQUIV_FILEMAP = " \ + populate_sysroot:*/rpm/macros:${TMPDIR} \ + populate_sysroot:*/rpm/macros:${COREBASE} \ + " diff --git a/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch b/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch deleted file mode 100644 index 2d51ddf965..0000000000 --- a/poky/meta/recipes-devtools/rsync/files/0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch +++ /dev/null @@ -1,31 +0,0 @@ -From fbe85634d88e82fbb439ae2a5d1aca8b8c309bea Mon Sep 17 00:00:00 2001 -From: Matt McCutchen -Date: Wed, 26 Aug 2020 12:16:08 -0400 -Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using - openssl. - -CVE: CVE-2020-14387 - -Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c3f7414] - -Signed-off-by: Chen Qi ---- - rsync-ssl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rsync-ssl b/rsync-ssl -index 8101975..46701af 100755 ---- a/rsync-ssl -+++ b/rsync-ssl -@@ -129,7 +129,7 @@ function rsync_ssl_helper { - fi - - if [[ $RSYNC_SSL_TYPE == openssl ]]; then -- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port -+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port - elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then - exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port - else --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch index 4ba7665280..42a6372ba7 100644 --- a/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch +++ b/poky/meta/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -1,4 +1,4 @@ -From 1f29584e57f5fda09970c66f3b94f4720e09c1bb Mon Sep 17 00:00:00 2001 +From 81700d1a0e51391028c761cc8ef1cd660084d114 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 12 Apr 2016 15:51:54 +0100 Subject: [PATCH] rsync: remove upstream's rebuild logic @@ -14,12 +14,12 @@ Signed-off-by: Ross Burton 1 file changed, 54 deletions(-) diff --git a/Makefile.in b/Makefile.in -index 672fcc4..c12d8d4 100644 +index 3cde955..d963a70 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -168,60 +168,6 @@ gen: conf proto.h man - gensend: gen - rsync -aic $(GENFILES) $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ +@@ -190,60 +190,6 @@ gensend: gen + fi + rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true -aclocal.m4: $(srcdir)/m4/*.m4 - aclocal -I $(srcdir)/m4 @@ -41,7 +41,7 @@ index 672fcc4..c12d8d4 100644 - else \ - echo "config.h.in has CHANGED."; \ - fi -- @if test -f configure.sh.old -o -f config.h.in.old; then \ +- @if test -f configure.sh.old || test -f config.h.in.old; then \ - if test "$(MAKECMDGOALS)" = reconfigure; then \ - echo 'Continuing with "make reconfigure".'; \ - else \ diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb deleted file mode 100644 index 6168ee85fc..0000000000 --- a/poky/meta/recipes-devtools/rsync/rsync_3.2.3.bb +++ /dev/null @@ -1,61 +0,0 @@ -SUMMARY = "File synchronization tool" -HOMEPAGE = "http://rsync.samba.org/" -DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer." -BUGTRACKER = "http://rsync.samba.org/bugzilla.html" -SECTION = "console/network" -# GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0) -# Includes opennsh and xxhash dynamic link exception -LICENSE = "GPL-3.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=9e5a4f9b3a253d51520617aa54f8eb26" - -DEPENDS = "popt" - -SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ - file://rsyncd.conf \ - file://makefile-no-rebuild.patch \ - file://determism.patch \ - file://0001-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch \ - " - -SRC_URI[sha256sum] = "becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e" - -# -16548 required for v3.1.3pre1. Already in v3.1.3. -CVE_CHECK_IGNORE += " CVE-2017-16548 " - -inherit autotools-brokensep - -PACKAGECONFIG ??= "acl attr \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" - -PACKAGECONFIG[acl] = "--enable-acl-support,--disable-acl-support,acl," -PACKAGECONFIG[attr] = "--enable-xattr-support,--disable-xattr-support,attr," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[lz4] = "--enable-lz4,--disable-lz4,lz4" -PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" -PACKAGECONFIG[xxhash] = "--enable-xxhash,--disable-xxhash,xxhash" -PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd" - -# By default, if crosscompiling, rsync disables a number of -# capabilities, hardlinking symlinks and special files (i.e. devices) -CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes" - -EXTRA_OEMAKE = 'STRIP=""' -EXTRA_OECONF = "--disable-simd --disable-md2man --disable-asm --with-nobody-group=nogroup" - -# rsync 3.0 uses configure.sh instead of configure, and -# makefile checks the existence of configure.sh -do_configure:prepend () { - rm -f ${S}/configure ${S}/configure.sh -} - -do_configure:append () { - cp -f ${S}/configure ${S}/configure.sh -} - -do_install:append() { - install -d ${D}${sysconfdir} - install -m 0644 ${WORKDIR}/rsyncd.conf ${D}${sysconfdir} -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb b/poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb new file mode 100644 index 0000000000..e43f35ea2f --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/rsync_3.2.5.bb @@ -0,0 +1,70 @@ +SUMMARY = "File synchronization tool" +HOMEPAGE = "http://rsync.samba.org/" +DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer." +BUGTRACKER = "http://rsync.samba.org/bugzilla.html" +SECTION = "console/network" +# GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0) +# Includes opennsh and xxhash dynamic link exception +LICENSE = "GPL-3.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=24423708fe159c9d12be1ea29fcb18c7" + +DEPENDS = "popt" + +SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ + file://rsyncd.conf \ + file://makefile-no-rebuild.patch \ + file://determism.patch \ + " + +SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba" + +# -16548 required for v3.1.3pre1. Already in v3.1.3. +CVE_CHECK_IGNORE += " CVE-2017-16548 " + +inherit autotools-brokensep + +PACKAGECONFIG ??= "acl attr \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" + +PACKAGECONFIG[acl] = "--enable-acl-support,--disable-acl-support,acl," +PACKAGECONFIG[attr] = "--enable-xattr-support,--disable-xattr-support,attr," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[lz4] = "--enable-lz4,--disable-lz4,lz4" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" +PACKAGECONFIG[xxhash] = "--enable-xxhash,--disable-xxhash,xxhash" +PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd" + +# By default, if crosscompiling, rsync disables a number of +# capabilities, hardlinking symlinks and special files (i.e. devices) +CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes" + +EXTRA_OEMAKE = 'STRIP=""' +EXTRA_OECONF = "--disable-md2man --with-nobody-group=nogroup" + +#| ./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)': +#| ./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target +#| 89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; } +#| | ^~~~~~~~~~~~~~~~~~~~~ +#| ./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default +#| 480 | } +#| | ^ +#| If you can't fix the issue, re-run ./configure with --disable-roll-simd. +EXTRA_OECONF:append:libc-musl = " --disable-roll-simd" + +# rsync 3.0 uses configure.sh instead of configure, and +# makefile checks the existence of configure.sh +do_configure:prepend () { + rm -f ${S}/configure ${S}/configure.sh +} + +do_configure:append () { + cp -f ${S}/configure ${S}/configure.sh +} + +do_install:append() { + install -d ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/rsyncd.conf ${D}${sysconfdir} +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch new file mode 100644 index 0000000000..5d0f8fcc09 --- /dev/null +++ b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch @@ -0,0 +1,36 @@ +From 222203297966f312109e8eaa2520f2cf2f59c09d Mon Sep 17 00:00:00 2001 +From: Alan Wu +Date: Thu, 31 Mar 2022 17:26:28 -0400 +Subject: [PATCH] Remove dependency on libcapstone + +We have received reports of build failures due to this configuration +check modifying compile flags. Since only YJIT devs use this library +we can remove it to make Ruby easier to build for users. + +See: https://github.com/rbenv/ruby-build/discussions/1933 + +Upstream-Status: Backport +--- + configure.ac | 9 --------- + 1 file changed, 9 deletions(-) + +Index: ruby-3.1.2/configure.ac +=================================================================== +--- ruby-3.1.2.orig/configure.ac ++++ ruby-3.1.2/configure.ac +@@ -1244,15 +1244,6 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linki + AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX + AC_CHECK_LIB(socket, shutdown) # SunOS/Solaris + +-if pkg-config --exists capstone; then +- CAPSTONE_CFLAGS=`pkg-config --cflags capstone` +- CAPSTONE_LIB_L=`pkg-config --libs-only-L capstone` +- LDFLAGS="$LDFLAGS $CAPSTONE_LIB_L" +- CFLAGS="$CFLAGS $CAPSTONE_CFLAGS" +-fi +- +-AC_CHECK_LIB(capstone, cs_open) # Capstone disassembler for debugging YJIT +- + dnl Checks for header files. + AC_HEADER_DIRENT + dnl AC_HEADER_STDC has been checked in AC_USE_SYSTEM_EXTENSIONS diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb index 6fc1f53b18..387bfa9b44 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb @@ -12,6 +12,7 @@ SRC_URI += " \ file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \ file://0006-Make-gemspecs-reproducible.patch \ file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ + file://0001-Remove-dependency-on-libcapstone.patch \ " SRC_URI[sha256sum] = "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e" @@ -25,7 +26,6 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6," # rdoc is off by default due to non-reproducibility reported in # https://bugs.ruby-lang.org/issues/18456 PACKAGECONFIG[rdoc] = "--enable-install-rdoc,--disable-install-rdoc," -PACKAGECONFIG[capstone] = "--with-capstone=yes, --with-capstone=no" EXTRA_OECONF = "\ --disable-versioned-paths \ diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.2.bb b/poky/meta/recipes-devtools/vala/vala_0.56.2.bb deleted file mode 100644 index 08c8ccca1d..0000000000 --- a/poky/meta/recipes-devtools/vala/vala_0.56.2.bb +++ /dev/null @@ -1,3 +0,0 @@ -require ${BPN}.inc - -SRC_URI[sha256sum] = "66c9619bb17859fd1ac3aba0a57970613e38fd2a1ee30541174260c9fb90124c" diff --git a/poky/meta/recipes-devtools/vala/vala_0.56.3.bb b/poky/meta/recipes-devtools/vala/vala_0.56.3.bb new file mode 100644 index 0000000000..83f61e5b2f --- /dev/null +++ b/poky/meta/recipes-devtools/vala/vala_0.56.3.bb @@ -0,0 +1,3 @@ +require ${BPN}.inc + +SRC_URI[sha256sum] = "e1066221bf7b89cb1fa7327a3888645cb33b604de3bf45aa81132fd040b699bf" diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb deleted file mode 100644 index 629069e844..0000000000 --- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.7.bb +++ /dev/null @@ -1,33 +0,0 @@ -SUMMARY = "Password strength checker library" -HOMEPAGE = "https://github.com/cracklib/cracklib" -DESCRIPTION = "${SUMMARY}" - -LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" - -DEPENDS = "cracklib-native zlib" - -EXTRA_OECONF = "--without-python --libdir=${base_libdir}" - -SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ - file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ - file://0002-craklib-fix-testnum-and-teststr-failed.patch" - -SRCREV = "f83934cf3cced0c9600c7d81332f4169f122a2cf" -S = "${WORKDIR}/git/src" - -inherit autotools gettext - -# This is custom stuff from upstream's autogen.sh -do_configure:prepend() { - mkdir -p ${S}/m4 - echo EXTRA_DIST = *.m4 > ${S}/m4/Makefile.am - touch ${S}/ABOUT-NLS -} - -do_install:append:class-target() { - create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small -} - -BBCLASSEXTEND = "native nativesdk" - diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb new file mode 100644 index 0000000000..786940a7e0 --- /dev/null +++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb @@ -0,0 +1,34 @@ +SUMMARY = "Password strength checker library" +HOMEPAGE = "https://github.com/cracklib/cracklib" +DESCRIPTION = "${SUMMARY}" + +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" + +DEPENDS = "cracklib-native zlib" + +EXTRA_OECONF = "--without-python --libdir=${base_libdir}" + +SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \ + file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ + file://0002-craklib-fix-testnum-and-teststr-failed.patch \ + " + +SRCREV = "d9e8f9f47718539aeba80f90f4e072549926dc9c" +S = "${WORKDIR}/git/src" + +inherit autotools gettext + +# This is custom stuff from upstream's autogen.sh +do_configure:prepend() { + mkdir -p ${S}/m4 + echo EXTRA_DIST = *.m4 > ${S}/m4/Makefile.am + touch ${S}/ABOUT-NLS +} + +do_install:append:class-target() { + create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small +} + +BBCLASSEXTEND = "native nativesdk" + diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb deleted file mode 100644 index 8d2e77e011..0000000000 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.64.bb +++ /dev/null @@ -1,79 +0,0 @@ -SUMMARY = "Lightweight high-performance web server" -HOMEPAGE = "http://www.lighttpd.net/" -DESCRIPTION = "Lightweight high-performance web server is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more)" -BUGTRACKER = "http://redmine.lighttpd.net/projects/lighttpd/issues" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=e4dac5c6ab169aa212feb5028853a579" - -SECTION = "net" -RDEPENDS:${PN} = "lighttpd-module-dirlisting \ - lighttpd-module-indexfile \ - lighttpd-module-staticfile" -RRECOMMENDS:${PN} = "lighttpd-module-access \ - lighttpd-module-accesslog" - -SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ - file://index.html.lighttpd \ - file://lighttpd.conf \ - file://lighttpd \ - " - -SRC_URI[sha256sum] = "e1489d9fa7496fbf2e071c338b593b2300d38c23f1e5967e52c9ef482e1b0e26" - -DEPENDS = "virtual/crypt" - -PACKAGECONFIG ??= "openssl pcre zlib \ - ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} \ -" - -PACKAGECONFIG[libev] = "-Dwith_libev=true,-Dwith_libev=false,libev" -PACKAGECONFIG[mysql] = "-Dwith_mysql=true,-Dwith_mysql=false,mariadb" -PACKAGECONFIG[ldap] = "-Dwith_ldap=true,-Dwith_ldap=false,openldap" -PACKAGECONFIG[attr] = "-Dwith_xattr=true,-Dwith_xattr=false,attr" -PACKAGECONFIG[openssl] = "-Dwith_openssl=true,-Dwith_openssl=false,openssl" -PACKAGECONFIG[krb5] = "-Dwith_krb5=true,-Dwith_krb5=false,krb5" -PACKAGECONFIG[pcre] = "-Dwith_pcre=true,-Dwith_pcre=false,libpcre" -PACKAGECONFIG[zlib] = "-Dwith_zlib=true,-Dwith_zlib=false,zlib" -PACKAGECONFIG[bzip2] = "-Dwith_bzip=true,-Dwith_bzip=false,bzip2" -PACKAGECONFIG[webdav-props] = "-Dwith_webdav_props=true,-Dwith_webdav_props=false,libxml2 sqlite3" -PACKAGECONFIG[webdav-locks] = "-Dwith_webdav_locks=true,-Dwith_webdav_locks=false,util-linux" -PACKAGECONFIG[lua] = "-Dwith_lua=true,-Dwith_lua=false,lua" -PACKAGECONFIG[zstd] = "-Dwith_zstd=true,-Dwith_zstd=false,zstd" - -inherit meson pkgconfig update-rc.d gettext systemd - -INITSCRIPT_NAME = "lighttpd" -INITSCRIPT_PARAMS = "defaults 70" - -SYSTEMD_SERVICE:${PN} = "lighttpd.service" - -do_install:append() { - install -d ${D}${sysconfdir}/init.d ${D}${sysconfdir}/lighttpd ${D}${sysconfdir}/lighttpd.d ${D}/www/pages/dav - install -m 0755 ${WORKDIR}/lighttpd ${D}${sysconfdir}/init.d - install -m 0644 ${WORKDIR}/lighttpd.conf ${D}${sysconfdir}/lighttpd - install -m 0644 ${WORKDIR}/index.html.lighttpd ${D}/www/pages/index.html - - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${S}/doc/systemd/lighttpd.service ${D}${systemd_system_unitdir} - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@BASE_BINDIR@,${base_bindir},g' \ - ${D}${systemd_system_unitdir}/lighttpd.service - #For FHS compliance, create symbolic links to /var/log and /var/tmp for logs and temporary data - ln -sf ${localstatedir}/log ${D}/www/logs - ln -sf ${localstatedir}/tmp ${D}/www/var -} - -# bitbake.conf sets ${libdir}/${BPN}/* in FILES, which messes up the module split. -# So we re-do the variable. -FILES:${PN} = "${sysconfdir} /www ${sbindir}" - -CONFFILES:${PN} = "${sysconfdir}/lighttpd/lighttpd.conf" - -PACKAGES_DYNAMIC += "^lighttpd-module-.*" - -python populate_packages:prepend () { - lighttpd_libdir = d.expand('${prefix}/lib/lighttpd') - do_split_packages(d, lighttpd_libdir, r'^mod_(.*)\.so$', 'lighttpd-module-%s', 'Lighttpd module for %s', extra_depends='') -} diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb new file mode 100644 index 0000000000..801162867c --- /dev/null +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb @@ -0,0 +1,79 @@ +SUMMARY = "Lightweight high-performance web server" +HOMEPAGE = "http://www.lighttpd.net/" +DESCRIPTION = "Lightweight high-performance web server is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more)" +BUGTRACKER = "http://redmine.lighttpd.net/projects/lighttpd/issues" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=e4dac5c6ab169aa212feb5028853a579" + +SECTION = "net" +RDEPENDS:${PN} = "lighttpd-module-dirlisting \ + lighttpd-module-indexfile \ + lighttpd-module-staticfile" +RRECOMMENDS:${PN} = "lighttpd-module-access \ + lighttpd-module-accesslog" + +SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ + file://index.html.lighttpd \ + file://lighttpd.conf \ + file://lighttpd \ + " + +SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b" + +DEPENDS = "virtual/crypt" + +PACKAGECONFIG ??= "openssl pcre zlib \ + ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} \ +" + +PACKAGECONFIG[libev] = "-Dwith_libev=true,-Dwith_libev=false,libev" +PACKAGECONFIG[mysql] = "-Dwith_mysql=true,-Dwith_mysql=false,mariadb" +PACKAGECONFIG[ldap] = "-Dwith_ldap=true,-Dwith_ldap=false,openldap" +PACKAGECONFIG[attr] = "-Dwith_xattr=true,-Dwith_xattr=false,attr" +PACKAGECONFIG[openssl] = "-Dwith_openssl=true,-Dwith_openssl=false,openssl" +PACKAGECONFIG[krb5] = "-Dwith_krb5=true,-Dwith_krb5=false,krb5" +PACKAGECONFIG[pcre] = "-Dwith_pcre=true,-Dwith_pcre=false,libpcre" +PACKAGECONFIG[zlib] = "-Dwith_zlib=true,-Dwith_zlib=false,zlib" +PACKAGECONFIG[bzip2] = "-Dwith_bzip=true,-Dwith_bzip=false,bzip2" +PACKAGECONFIG[webdav-props] = "-Dwith_webdav_props=true,-Dwith_webdav_props=false,libxml2 sqlite3" +PACKAGECONFIG[webdav-locks] = "-Dwith_webdav_locks=true,-Dwith_webdav_locks=false,util-linux" +PACKAGECONFIG[lua] = "-Dwith_lua=true,-Dwith_lua=false,lua" +PACKAGECONFIG[zstd] = "-Dwith_zstd=true,-Dwith_zstd=false,zstd" + +inherit meson pkgconfig update-rc.d gettext systemd + +INITSCRIPT_NAME = "lighttpd" +INITSCRIPT_PARAMS = "defaults 70" + +SYSTEMD_SERVICE:${PN} = "lighttpd.service" + +do_install:append() { + install -d ${D}${sysconfdir}/init.d ${D}${sysconfdir}/lighttpd ${D}${sysconfdir}/lighttpd.d ${D}/www/pages/dav + install -m 0755 ${WORKDIR}/lighttpd ${D}${sysconfdir}/init.d + install -m 0644 ${WORKDIR}/lighttpd.conf ${D}${sysconfdir}/lighttpd + install -m 0644 ${WORKDIR}/index.html.lighttpd ${D}/www/pages/index.html + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${S}/doc/systemd/lighttpd.service ${D}${systemd_system_unitdir} + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@BASE_BINDIR@,${base_bindir},g' \ + ${D}${systemd_system_unitdir}/lighttpd.service + #For FHS compliance, create symbolic links to /var/log and /var/tmp for logs and temporary data + ln -sf ${localstatedir}/log ${D}/www/logs + ln -sf ${localstatedir}/tmp ${D}/www/var +} + +# bitbake.conf sets ${libdir}/${BPN}/* in FILES, which messes up the module split. +# So we re-do the variable. +FILES:${PN} = "${sysconfdir} /www ${sbindir}" + +CONFFILES:${PN} = "${sysconfdir}/lighttpd/lighttpd.conf" + +PACKAGES_DYNAMIC += "^lighttpd-module-.*" + +python populate_packages:prepend () { + lighttpd_libdir = d.expand('${prefix}/lib/lighttpd') + do_split_packages(d, lighttpd_libdir, r'^mod_(.*)\.so$', 'lighttpd-module-%s', 'Lighttpd module for %s', extra_depends='') +} diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch new file mode 100644 index 0000000000..94dd418f36 --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch @@ -0,0 +1,58 @@ +From de988c9b5605a711b306c4203545b8d761875177 Mon Sep 17 00:00:00 2001 +From: Jan Stancek +Date: Mon, 31 Jan 2022 12:00:46 +0100 +Subject: [PATCH] syscalls/pread02: extend buffer to avoid glibc overflow + detection + +Test started failing with recent glibc (glibc-2.34.9000-38.fc36), +which detects that buffer in pread is potentially too small: + tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s + *** buffer overflow detected ***: terminated + tst_test.c:1484: TBROK: Test killed by SIGIOT/SIGABRT! + +(gdb) bt + #0 __pthread_kill_implementation at pthread_kill.c:44 + #1 0x00007ffff7e46f73 in __pthread_kill_internal at pthread_kill.c:78 + #2 0x00007ffff7df6a36 in __GI_raise at ../sysdeps/posix/raise.c:26 + #3 0x00007ffff7de082f in __GI_abort () at abort.c:79 + #4 0x00007ffff7e3b01e in __libc_message at ../sysdeps/posix/libc_fatal.c:155 + #5 0x00007ffff7ed945a in __GI___fortify_fail at fortify_fail.c:26 + #6 0x00007ffff7ed7dc6 in __GI___chk_fail () at chk_fail.c:28 + #7 0x00007ffff7ed8214 in __pread_chk at pread_chk.c:26 + #8 0x0000000000404d1a in pread at /usr/include/bits/unistd.h:74 + #9 verify_pread (n=) at pread02.c:44 + #10 0x000000000040dc19 in run_tests () at tst_test.c:1246 + #11 testrun () at tst_test.c:1331 + #12 fork_testrun () at tst_test.c:1462 + #13 0x000000000040e9a1 in tst_run_tcases + #14 0x0000000000404bde in main + +Extend it to number of bytes we are trying to read from fd. + +Upstream-Status: Backport +[https://github.com/linux-test-project/ltp/commit/de988c9b5605a711b306c4203545b8d761875177] + +Signed-off-by: Jan Stancek +Acked-by: Petr Vorel +Reviewed-by: Cyril Hrubis +Signed-off-by: Xiangyu Chen +--- + testcases/kernel/syscalls/pread/pread02.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testcases/kernel/syscalls/pread/pread02.c b/testcases/kernel/syscalls/pread/pread02.c +index de2a81fff..fda5fd190 100644 +--- a/testcases/kernel/syscalls/pread/pread02.c ++++ b/testcases/kernel/syscalls/pread/pread02.c +@@ -39,7 +39,7 @@ struct test_case_t { + static void verify_pread(unsigned int n) + { + struct test_case_t *tc = &tcases[n]; +- char buf; ++ char buf[K1]; + + TST_EXP_FAIL2(pread(*tc->fd, &buf, tc->nb, tc->offst), tc->exp_errno, + "pread(%d, %zu, %ld) %s", *tc->fd, tc->nb, tc->offst, tc->desc); +-- +2.34.1 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20220121.bb b/poky/meta/recipes-extended/ltp/ltp_20220121.bb index 8a13dcf9d0..4ae54492f3 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20220121.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20220121.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=ht file://0001-Remove-OOM-tests-from-runtest-mm.patch \ file://0001-metadata-parse.sh-sort-filelist-for-reproducibility.patch \ file://disable_hanging_tests.patch \ + file://0001-syscalls-pread02-extend-buffer-to-avoid-glibc-overflow-detection.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/pam/libpam/99_pam b/poky/meta/recipes-extended/pam/libpam/99_pam index 97e990d10b..a88247be13 100644 --- a/poky/meta/recipes-extended/pam/libpam/99_pam +++ b/poky/meta/recipes-extended/pam/libpam/99_pam @@ -1 +1 @@ -d root root 0755 /var/run/sepermit none +d root root 0755 /run/sepermit none diff --git a/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch new file mode 100644 index 0000000000..6c04769713 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch @@ -0,0 +1,27 @@ +From aed5a184401fbbe901cb825be4004ced885b6f9a Mon Sep 17 00:00:00 2001 +From: Andrei Gherzan +Date: Wed, 24 Aug 2022 00:54:47 +0200 +Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl + +Upstream-Status: Inappropriate [issue reported at https://github.com/shadow-maint/shadow/issues/557] +Signed-off-by: Andrei Gherzan +--- + lib/nss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/nss.c b/lib/nss.c +index af3e95a..74e0e16 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -57,7 +57,7 @@ void nss_init(char *nsswitch_path) { + // subid: files + nssfp = fopen(nsswitch_path, "r"); + if (!nssfp) { +- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); ++ //fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); + atomic_store(&nss_init_completed, true); + return; + } +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index f5fdf436f7..5106b95571 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -26,6 +26,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \ " SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ @@ -33,6 +34,7 @@ SRC_URI:append:class-nativesdk = " \ SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" + # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/chpasswd \ @@ -149,6 +151,13 @@ do_install:append() { # Handle link properly after rename, otherwise missing files would # lead rpm failed dependencies. ln -sf newgrp.${BPN} ${D}${bindir}/sg + + # usermod requires the subuid/subgid files to be in place before being + # able to use the -v/-V flags otherwise it fails: + # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V + install -d ${D}${sysconfdir} + touch ${D}${sysconfdir}/subuid + touch ${D}${sysconfdir}/subgid } PACKAGES =+ "${PN}-base" diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch b/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch new file mode 100644 index 0000000000..bb35b3030a --- /dev/null +++ b/poky/meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch @@ -0,0 +1,43 @@ +From ea9ee4dd64ee88e03a959b2c694aa8feb53c7e78 Mon Sep 17 00:00:00 2001 +From: He Zhe +Date: Wed, 28 Sep 2022 16:47:24 +0800 +Subject: [PATCH] stress-cpu: disable float128 math on powerpc64 to avoid + SIGILL + +float128 requires instructions of xsmaddqp and xsmsubqp which are added to +qemu since v7.0 by the following commit. +https://github.com/qemu/qemu/commit/3bb1aed246d7b59ceee625a82628f7369d492a8f + +While kirkstone is still at v6.2 and thus experiences SIGILL as follow +root@qemuppc64:~# stress-ng --cpu 2 --timeout 30s +stress-ng: info: [972] setting to a 30 second run per stressor +stress-ng: info: [972] dispatching hogs: 2 cpu +stress-ng: info: [973] stressor terminated with unexpected signal signal 4 'SIGILL' + + +Upstream-Status: Inappropriate [This is specific to kirkstone since qemu on +master branch has upgraded to v7.1.] + +Signed-off-by: He Zhe +--- + stress-cpu.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/stress-cpu.c b/stress-cpu.c +index 0a08f1d1..2849e715 100644 +--- a/stress-cpu.c ++++ b/stress-cpu.c +@@ -41,6 +41,10 @@ + #undef HAVE_FLOAT_DECIMAL128 + #endif + ++#if defined(STRESS_ARCH_PPC64) ++#undef HAVE_FLOAT128 ++#endif ++ + #define GAMMA (0.57721566490153286060651209008240243104215933593992L) + #define OMEGA (0.56714329040978387299996866221035554975381578718651L) + #define PSI (3.35988566624317755317201130291892717968890513373197L) +-- +2.25.1 + diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb index fe177a4de0..807ecd3466 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.13.12.bb @@ -5,7 +5,9 @@ HOMEPAGE = "https://github.com/ColinIanKing/stress-ng#readme" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master" +SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \ + file://0001-stress-cpu-disable-float128-math-on-powerpc64-to-avo.patch \ + " SRCREV = "f59bcb2fe1e25042e77d5e4942f72bfa026fa305" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch new file mode 100644 index 0000000000..ec793ac8ff --- /dev/null +++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch @@ -0,0 +1,109 @@ +From 9c97b5db237a793e0d1b6b0241570bdc6e35ee24 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 7 Aug 2022 17:42:24 -0700 +Subject: [PATCH] Fix implicit-function-declaration warnings + +These are seen with clang-15+ + +Upstream-Status: Inappropriate [upstream is dead] +Signed-off-by: Khem Raj +--- + hosts_access.c | 3 +++ + safe_finger.c | 1 + + shell_cmd.c | 3 +++ + tcpd.c | 2 +- + tcpdchk.c | 1 + + workarounds.c | 1 + + 6 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/hosts_access.c b/hosts_access.c +index 0133e5e..58697ea 100644 +--- a/hosts_access.c ++++ b/hosts_access.c +@@ -33,6 +33,7 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + #include + #include ++#include + #include + #include + #include +@@ -45,6 +46,8 @@ static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22"; + #endif + + extern int errno; ++extern int match_pattern_ylo(const char *s, const char *pattern); ++extern unsigned long cidr_mask_addr(char* str); + + #ifndef INADDR_NONE + #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ +diff --git a/safe_finger.c b/safe_finger.c +index 23afab1..a6458fb 100644 +--- a/safe_finger.c ++++ b/safe_finger.c +@@ -34,6 +34,7 @@ static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41"; + #include + + extern void exit(); ++extern int pipe_stdin(char **argv); + + /* Local stuff */ + +diff --git a/shell_cmd.c b/shell_cmd.c +index 62d31bc..a566092 100644 +--- a/shell_cmd.c ++++ b/shell_cmd.c +@@ -16,10 +16,13 @@ static char sccsid[] = "@(#) shell_cmd.c 1.5 94/12/28 17:42:44"; + + #include + #include ++#include ++#include + #include + #include + #include + #include ++#include + + extern void exit(); + +diff --git a/tcpd.c b/tcpd.c +index dc9ff17..4353caa 100644 +--- a/tcpd.c ++++ b/tcpd.c +@@ -46,7 +46,7 @@ void fix_options(struct request_info *); + int allow_severity = SEVERITY; /* run-time adjustable */ + int deny_severity = LOG_WARNING; /* ditto */ + +-main(argc, argv) ++void main(argc, argv) + int argc; + char **argv; + { +diff --git a/tcpdchk.c b/tcpdchk.c +index 5dca8bd..67c12ce 100644 +--- a/tcpdchk.c ++++ b/tcpdchk.c +@@ -38,6 +38,7 @@ static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25"; + + extern int errno; + extern void exit(); ++extern unsigned long cidr_mask_addr(char* str); + extern int optind; + extern char *optarg; + +diff --git a/workarounds.c b/workarounds.c +index b22b378..6335049 100644 +--- a/workarounds.c ++++ b/workarounds.c +@@ -21,6 +21,7 @@ char sccsid[] = "@(#) workarounds.c 1.6 96/03/19 16:22:25"; + #include + #include + #include ++#include + + extern int errno; + +-- +2.37.1 + diff --git a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb index 814d7fd913..8137d257c8 100644 --- a/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb +++ b/poky/meta/recipes-extended/tcp-wrappers/tcp-wrappers_7.6.bb @@ -50,6 +50,7 @@ SRC_URI = "http://ftp.porcupine.org/pub/security/tcp_wrappers_${PV}.tar.gz \ file://fix_warnings.patch \ file://fix_warnings2.patch \ file://0001-Remove-fgets-extern-declaration.patch \ + file://0001-Fix-implicit-function-declaration-warnings.patch \ " SRC_URI[md5sum] = "e6fa25f71226d090f34de3f6b122fb5a" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index cdd1a2ac3c..d3c78e9157 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2022a" +PV = "2022d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,6 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "f8575e7e33be9ee265df2081092526b81c80abac3f4a04399ae9d4d91cdadac7" -SRC_URI[tzdata.sha256sum] = "ef7fffd9f4f50f4f58328b35022a32a5a056b245c5cb3d6791dddb342f871664" +SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0" +SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0" diff --git a/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch b/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch new file mode 100644 index 0000000000..8c419e1d11 --- /dev/null +++ b/poky/meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch @@ -0,0 +1,37 @@ +From ca1d379fa13c4055d42d2ff3a647b4397768efcd Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 23 Aug 2022 19:23:26 -0700 +Subject: [PATCH] shutdown: Do not guard sys/quota.h sys/swap.h and + sys/reboot.h with __GLIBC__ + +These headers are provided by uclibc/musl/glibc and bionic so we can +assume they are not needed to be glibc specific includes. This also +ensures that we get proper declaration of reboot() API + +Upstream-Status: Submitted [https://sourceforge.net/p/watchdog/patches/12/] +Signed-off-by: Khem Raj +--- + src/shutdown.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/shutdown.c b/src/shutdown.c +index 1d9a857..6aea0d0 100644 +--- a/src/shutdown.c ++++ b/src/shutdown.c +@@ -29,13 +29,9 @@ + #include "extern.h" + #include "ext2_mnt.h" + +-#if defined __GLIBC__ + #include + #include + #include +-#else /* __GLIBC__ */ +-#include +-#endif /* __GLIBC__ */ + + #include + +-- +2.37.2 + diff --git a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb index 1163846ed8..26fcc10487 100644 --- a/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb +++ b/poky/meta/recipes-extended/watchdog/watchdog_5.16.bb @@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/watchdog/watchdog-${PV}.tar.gz \ file://watchdog.init \ file://wd_keepalive.init \ file://0001-wd_keepalive.service-use-run-instead-of-var-run.patch \ + file://0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch \ " SRC_URI[md5sum] = "1b4f51cabc64d1bee2fce7cdd626831f" diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index 62ee70d244..897417314d 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -30,6 +30,8 @@ INITSCRIPT_PARAMS = "defaults" PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-libwrap,,tcp-wrappers" +CFLAGS += "-D_GNU_SOURCE" + CONFFILES:${PN} = "${sysconfdir}/xinetd.conf" do_install:append() { diff --git a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch deleted file mode 100644 index e43e73cf12..0000000000 --- a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch +++ /dev/null @@ -1,96 +0,0 @@ -From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001 -From: Lasse Collin -Date: Tue, 29 Mar 2022 19:19:12 +0300 -Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). - -Malicious filenames can make xzgrep to write to arbitrary files -or (with a GNU sed extension) lead to arbitrary code execution. - -xzgrep from XZ Utils versions up to and including 5.2.5 are -affected. 5.3.1alpha and 5.3.2alpha are affected as well. -This patch works for all of them. - -This bug was inherited from gzip's zgrep. gzip 1.12 includes -a fix for zgrep. - -The issue with the old sed script is that with multiple newlines, -the N-command will read the second line of input, then the -s-commands will be skipped because it's not the end of the -file yet, then a new sed cycle starts and the pattern space -is printed and emptied. So only the last line or two get escaped. - -One way to fix this would be to read all lines into the pattern -space first. However, the included fix is even simpler: All lines -except the last line get a backslash appended at the end. To ensure -that shell command substitution doesn't eat a possible trailing -newline, a colon is appended to the filename before escaping. -The colon is later used to separate the filename from the grep -output so it is fine to add it here instead of a few lines later. - -The old code also wasn't POSIX compliant as it used \n in the -replacement section of the s-command. Using \ is the -POSIX compatible method. - -LC_ALL=C was added to the two critical sed commands. POSIX sed -manual recommends it when using sed to manipulate pathnames -because in other locales invalid multibyte sequences might -cause issues with some sed implementations. In case of GNU sed, -these particular sed scripts wouldn't have such problems but some -other scripts could have, see: - - info '(sed)Locale Considerations' - -This vulnerability was discovered by: -cleemy desu wayo working with Trend Micro Zero Day Initiative - -Thanks to Jim Meyering and Paul Eggert discussing the different -ways to fix this and for coordinating the patch release schedule -with gzip. - -Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch] -CVE: CVE-2022-1271 - -Signed-off-by: Ralph Siemsen ---- - src/scripts/xzgrep.in | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in -index 9db5c3a..f64dddb 100644 ---- a/src/scripts/xzgrep.in -+++ b/src/scripts/xzgrep.in -@@ -179,22 +179,26 @@ for i; do - { test $# -eq 1 || test $no_filename -eq 1; }; then - eval "$grep" - else -+ # Append a colon so that the last character will never be a newline -+ # which would otherwise get lost in shell command substitution. -+ i="$i:" -+ -+ # Escape & \ | and newlines only if such characters are present -+ # (speed optimization). - case $i in - (*' - '* | *'&'* | *'\'* | *'|'*) -- i=$(printf '%s\n' "$i" | -- sed ' -- $!N -- $s/[&\|]/\\&/g -- $s/\n/\\n/g -- ');; -+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; - esac -- sed_script="s|^|$i:|" -+ -+ # $i already ends with a colon so don't add it here. -+ sed_script="s|^|$i|" - - # Fail if grep or sed fails. - r=$( - exec 4>&1 -- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- -+ (eval "$grep" 4>&-; echo $? >&4) 3>&- | -+ LC_ALL=C sed "$sed_script" >&3 4>&- - ) || r=2 - exit $r - fi >&3 5>&- diff --git a/poky/meta/recipes-extended/xz/xz_5.2.5.bb b/poky/meta/recipes-extended/xz/xz_5.2.5.bb deleted file mode 100644 index 720e070f4a..0000000000 --- a/poky/meta/recipes-extended/xz/xz_5.2.5.bb +++ /dev/null @@ -1,47 +0,0 @@ -SUMMARY = "Utilities for managing LZMA compressed files" -HOMEPAGE = "https://tukaani.org/xz/" -DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils." -SECTION = "base" - -# The source includes bits of PD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the -# only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our -# packages, and the LGPL bits are under lib/, which appears to be used for -# libgnu, which appears to be used for DOS builds. So we're left with -# GPL-2.0-or-later and PD. -LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD" -LICENSE:${PN} = "GPL-2.0-or-later" -LICENSE:${PN}-dev = "GPL-2.0-or-later" -LICENSE:${PN}-staticdev = "GPL-2.0-or-later" -LICENSE:${PN}-doc = "GPL-2.0-or-later" -LICENSE:${PN}-dbg = "GPL-2.0-or-later" -LICENSE:${PN}-locale = "GPL-2.0-or-later" -LICENSE:liblzma = "PD" - -LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ - file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.GPLv3;md5=d32239bcb673463ab874e80d47fae504 \ - file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ - file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ - " - -SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \ - file://CVE-2022-1271.patch \ - " -SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717" -SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10" -UPSTREAM_CHECK_REGEX = "xz-(?P\d+(\.\d+)+)\.tar" - -CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" - -inherit autotools gettext - -PACKAGES =+ "liblzma" - -FILES:liblzma = "${libdir}/liblzma*${SOLIBS}" - -inherit update-alternatives -ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE:${PN} = "xz xzcat unxz \ - lzma lzcat unlzma" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/xz/xz_5.2.6.bb b/poky/meta/recipes-extended/xz/xz_5.2.6.bb new file mode 100644 index 0000000000..3482622471 --- /dev/null +++ b/poky/meta/recipes-extended/xz/xz_5.2.6.bb @@ -0,0 +1,44 @@ +SUMMARY = "Utilities for managing LZMA compressed files" +HOMEPAGE = "https://tukaani.org/xz/" +DESCRIPTION = "XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils." +SECTION = "base" + +# The source includes bits of PD, GPL-2.0, GPL-3.0, LGPL-2.1-or-later, but the +# only file which is GPL-3.0 is an m4 macro which isn't shipped in any of our +# packages, and the LGPL bits are under lib/, which appears to be used for +# libgnu, which appears to be used for DOS builds. So we're left with +# GPL-2.0-or-later and PD. +LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD" +LICENSE:${PN} = "GPL-2.0-or-later" +LICENSE:${PN}-dev = "GPL-2.0-or-later" +LICENSE:${PN}-staticdev = "GPL-2.0-or-later" +LICENSE:${PN}-doc = "GPL-2.0-or-later" +LICENSE:${PN}-dbg = "GPL-2.0-or-later" +LICENSE:${PN}-locale = "GPL-2.0-or-later" +LICENSE:liblzma = "PD" + +LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ + file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING.GPLv3;md5=d32239bcb673463ab874e80d47fae504 \ + file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ + file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ + " + +SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" +SRC_URI[sha256sum] = "a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0" +UPSTREAM_CHECK_REGEX = "xz-(?P\d+(\.\d+)+)\.tar" + +CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" + +inherit autotools gettext + +PACKAGES =+ "liblzma" + +FILES:liblzma = "${libdir}/liblzma*${SOLIBS}" + +inherit update-alternatives +ALTERNATIVE_PRIORITY = "100" +ALTERNATIVE:${PN} = "xz xzcat unxz \ + lzma lzcat unlzma" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb deleted file mode 100644 index f9d60ff2a9..0000000000 --- a/poky/meta/recipes-gnome/epiphany/epiphany_42.3.bb +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "WebKit based web browser for GNOME" -DESCRIPTION = "Epiphany is an open source web browser for the Linux desktop environment. \ -It provides a simple and easy-to-use internet browsing experience." -HOMEPAGE = "https://wiki.gnome.org/Apps/Web" -BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany" -LICENSE = "GPL-3.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -DEPENDS = " \ - webkitgtk \ - gcr \ - gsettings-desktop-schemas \ - nettle \ - json-glib \ - libarchive \ - libdazzle \ - libhandy \ - glib-2.0-native \ - coreutils-native \ - " - -GNOMEBASEBUILDCLASS = "meson" -inherit gnomebase gsettings features_check gettext mime-xdg -REQUIRED_DISTRO_FEATURES = "x11 opengl" - -SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive \ - file://0002-help-meson.build-disable-the-use-of-yelp.patch \ - file://migrator.patch \ - file://distributor.patch \ - " -SRC_URI[archive.sha256sum] = "7316d3c6500e825d8e57293fa58047c56727bee16cd6b6ac804ffe5d9b229560" - -PACKAGECONFIG_SOUP ?= "soup2" -PACKAGECONFIG ??= "${PACKAGECONFIG_SOUP}" - -# Developer mode enables debugging -PACKAGECONFIG[developer-mode] = "-Ddeveloper_mode=true,-Ddeveloper_mode=false" -PACKAGECONFIG[soup2] = "-Dsoup2=enabled,-Dsoup2=disabled,libsoup-2.4,,,soup3" -PACKAGECONFIG[soup3] = ",,libsoup,,,soup2" -PACKAGECONFIG[libportal] = "-Dlibportal=enabled,-Dlibportal=disabled,libportal" - -FILES:${PN} += "${datadir}/dbus-1 ${datadir}/gnome-shell/search-providers ${datadir}/metainfo" -RDEPENDS:${PN} = "iso-codes adwaita-icon-theme gsettings-desktop-schemas" diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb new file mode 100644 index 0000000000..9efd2800da --- /dev/null +++ b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb @@ -0,0 +1,43 @@ +SUMMARY = "WebKit based web browser for GNOME" +DESCRIPTION = "Epiphany is an open source web browser for the Linux desktop environment. \ +It provides a simple and easy-to-use internet browsing experience." +HOMEPAGE = "https://wiki.gnome.org/Apps/Web" +BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany" +LICENSE = "GPL-3.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = " \ + webkitgtk \ + gcr \ + gsettings-desktop-schemas \ + nettle \ + json-glib \ + libarchive \ + libdazzle \ + libhandy \ + glib-2.0-native \ + coreutils-native \ + " + +GNOMEBASEBUILDCLASS = "meson" +inherit gnomebase gsettings features_check gettext mime-xdg +REQUIRED_DISTRO_FEATURES = "x11 opengl" + +SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive \ + file://0002-help-meson.build-disable-the-use-of-yelp.patch \ + file://migrator.patch \ + file://distributor.patch \ + " +SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860" + +PACKAGECONFIG_SOUP ?= "soup2" +PACKAGECONFIG ??= "${PACKAGECONFIG_SOUP}" + +# Developer mode enables debugging +PACKAGECONFIG[developer-mode] = "-Ddeveloper_mode=true,-Ddeveloper_mode=false" +PACKAGECONFIG[soup2] = "-Dsoup2=enabled,-Dsoup2=disabled,libsoup-2.4,,,soup3" +PACKAGECONFIG[soup3] = ",,libsoup,,,soup2" +PACKAGECONFIG[libportal] = "-Dlibportal=enabled,-Dlibportal=disabled,libportal" + +FILES:${PN} += "${datadir}/dbus-1 ${datadir}/gnome-shell/search-providers ${datadir}/metainfo" +RDEPENDS:${PN} = "iso-codes adwaita-icon-theme gsettings-desktop-schemas" diff --git a/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb b/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb index 717c31c325..8719884f25 100644 --- a/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb +++ b/poky/meta/recipes-gnome/gcr/gcr_3.40.0.bb @@ -13,6 +13,8 @@ DEPENDS = "p11-kit glib-2.0 libgcrypt gnupg-native \ CACHED_CONFIGUREVARS += "ac_cv_path_GPG='gpg2'" +CFLAGS += "-D_GNU_SOURCE" + GNOMEBASEBUILDCLASS = "meson" GTKDOC_MESON_OPTION = "gtk_doc" inherit gnomebase gtk-icon-cache gtk-doc features_check upstream-version-is-even vala gobject-introspection gettext mime mime-xdg diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch index a8206a4507..02cc9a2a70 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch @@ -1,4 +1,4 @@ -From ba73bb0f3d2023839bc3b681c49b7ec1192cceb4 Mon Sep 17 00:00:00 2001 +From f81b60ebcbbfd9548c8aa1e388662c429068d1e3 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Sat, 8 May 2021 21:58:54 +0200 Subject: [PATCH] Add use_prebuilt_tools option @@ -18,7 +18,7 @@ Signed-off-by: Alexander Kanavin 5 files changed, 42 insertions(+), 19 deletions(-) diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build -index 8b0590b..7331491 100644 +index 54ff9dd..2e321cf 100644 --- a/gdk-pixbuf/meson.build +++ b/gdk-pixbuf/meson.build @@ -342,13 +342,20 @@ foreach bin: gdkpixbuf_bin @@ -45,16 +45,18 @@ index 8b0590b..7331491 100644 # load the installed cache; we always build it by default loaders_cache = custom_target('loaders.cache', diff --git a/meson.build b/meson.build -index 7a1409b..0bc73eb 100644 +index 813bd43..a93e6f7 100644 --- a/meson.build +++ b/meson.build -@@ -403,16 +403,16 @@ subdir('gdk-pixbuf') +@@ -369,18 +369,18 @@ subdir('gdk-pixbuf') # i18n subdir('po') -if not meson.is_cross_build() +if not meson.is_cross_build() or get_option('use_prebuilt_tools') - subdir('tests') + if get_option('tests') + subdir('tests') + endif - subdir('thumbnailer') endif +subdir('thumbnailer') @@ -69,10 +71,10 @@ index 7a1409b..0bc73eb 100644 gdk_pixbuf_bindir, gdk_pixbuf_libdir, diff --git a/meson_options.txt b/meson_options.txt -index 0ee6718..cc29855 100644 +index d198d99..1c899e9 100644 --- a/meson_options.txt +++ b/meson_options.txt -@@ -49,4 +49,8 @@ option('gio_sniffing', +@@ -53,4 +53,8 @@ option('gio_sniffing', description: 'Perform file type detection using GIO (Unused on MacOS and Windows)', type: 'boolean', value: true) @@ -82,7 +84,7 @@ index 0ee6718..cc29855 100644 + value: false) diff --git a/tests/meson.build b/tests/meson.build -index 7c6cb11..1029e6a 100644 +index 28c2525..d97c02d 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -5,6 +5,12 @@ diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch index 25410b11ea..dd580f8162 100644 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/fatal-loader.patch @@ -1,4 +1,4 @@ -From f00603d58d844422363b896ea7d07aaf48ddaa66 Mon Sep 17 00:00:00 2001 +From b511bd1efb43ffc49c753e309717a242ec686ef1 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 1 Apr 2014 17:23:36 +0100 Subject: [PATCH] gdk-pixbuf: add an option so that loader errors are fatal @@ -14,10 +14,10 @@ Signed-off-by: Ross Burton 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/gdk-pixbuf/queryloaders.c b/gdk-pixbuf/queryloaders.c -index 312aa78..b813d99 100644 +index 1d39b44..2b00815 100644 --- a/gdk-pixbuf/queryloaders.c +++ b/gdk-pixbuf/queryloaders.c -@@ -212,7 +212,7 @@ write_loader_info (GString *contents, const char *path, GdkPixbufFormat *info) +@@ -216,7 +216,7 @@ write_loader_info (GString *contents, const char *path, GdkPixbufFormat *info) g_string_append_c (contents, '\n'); } @@ -26,7 +26,7 @@ index 312aa78..b813d99 100644 query_module (GString *contents, const char *dir, const char *file) { char *path; -@@ -221,6 +221,7 @@ query_module (GString *contents, const char *dir, const char *file) +@@ -225,6 +225,7 @@ query_module (GString *contents, const char *dir, const char *file) void (*fill_vtable) (GdkPixbufModule *module); gpointer fill_info_ptr; gpointer fill_vtable_ptr; @@ -34,7 +34,7 @@ index 312aa78..b813d99 100644 if (g_path_is_absolute (file)) path = g_strdup (file); -@@ -270,10 +271,13 @@ query_module (GString *contents, const char *dir, const char *file) +@@ -274,10 +275,13 @@ query_module (GString *contents, const char *dir, const char *file) g_module_error()); else g_fprintf (stderr, "Cannot load loader %s\n", path); @@ -47,8 +47,8 @@ index 312aa78..b813d99 100644 + return ret; } - #ifdef G_OS_WIN32 -@@ -314,6 +318,7 @@ int main (int argc, char **argv) + #if defined(G_OS_WIN32) && defined(GDK_PIXBUF_RELOCATABLE) +@@ -318,6 +322,7 @@ int main (int argc, char **argv) gint first_file = 1; GFile *pixbuf_libdir_file; gchar *pixbuf_libdir; @@ -56,7 +56,7 @@ index 312aa78..b813d99 100644 #ifdef G_OS_WIN32 gchar *libdir; -@@ -452,7 +457,9 @@ int main (int argc, char **argv) +@@ -456,7 +461,9 @@ int main (int argc, char **argv) } modules = g_list_sort (modules, (GCompareFunc)strcmp); for (l = modules; l != NULL; l = l->next) @@ -67,7 +67,7 @@ index 312aa78..b813d99 100644 g_list_free_full (modules, g_free); g_free (moduledir); #else -@@ -468,7 +475,8 @@ int main (int argc, char **argv) +@@ -472,7 +479,8 @@ int main (int argc, char **argv) infilename = g_locale_to_utf8 (infilename, -1, NULL, NULL, NULL); #endif @@ -77,7 +77,7 @@ index 312aa78..b813d99 100644 } g_free (cwd); } -@@ -486,5 +494,8 @@ int main (int argc, char **argv) +@@ -490,5 +498,8 @@ int main (int argc, char **argv) g_free (pixbuf_libdir); diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb deleted file mode 100644 index 55c16e4d66..0000000000 --- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.6.bb +++ /dev/null @@ -1,128 +0,0 @@ -SUMMARY = "Image loading library for GTK+" -DESCRIPTION = "The GDK Pixbuf library provides: Image loading and saving \ -facilities, fast scaling and compositing of pixbufs and Simple animation \ -loading (ie. animated GIFs)" -HOMEPAGE = "https://wiki.gnome.org/Projects/GdkPixbuf" -BUGTRACKER = "https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues" - -LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ - file://gdk-pixbuf/gdk-pixbuf.h;endline=26;md5=72b39da7cbdde2e665329fef618e1d6b \ - " - -SECTION = "libs" - -DEPENDS = "glib-2.0 gdk-pixbuf-native shared-mime-info" -DEPENDS:remove:class-native = "gdk-pixbuf-native" - -MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" - -SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ - file://run-ptest \ - file://fatal-loader.patch \ - file://0001-Add-use_prebuilt_tools-option.patch \ - " - -SRC_URI[sha256sum] = "c4a6b75b7ed8f58ca48da830b9fa00ed96d668d3ab4b1f723dcf902f78bde77f" - -inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package - -GIR_MESON_OPTION = 'introspection' -GIR_MESON_ENABLE_FLAG = "enabled" -GIR_MESON_DISABLE_FLAG = "disabled" - -LIBV = "2.10.0" - -GDK_PIXBUF_LOADERS ?= "png jpeg" - -PACKAGECONFIG = "${GDK_PIXBUF_LOADERS} \ - ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" -PACKAGECONFIG:class-native = "${GDK_PIXBUF_LOADERS}" - -PACKAGECONFIG[png] = "-Dpng=true,-Dpng=false,libpng" -PACKAGECONFIG[jpeg] = "-Djpeg=true,-Djpeg=false,jpeg" -PACKAGECONFIG[tiff] = "-Dtiff=true,-Dtiff=false,tiff" -PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" - -EXTRA_OEMESON:class-target = " \ - -Duse_prebuilt_tools=true \ -" - -EXTRA_OEMESON:class-nativesdk = " \ - -Duse_prebuilt_tools=true \ -" - -PACKAGES =+ "${PN}-xlib" - -# For GIO image type sniffing -RDEPENDS:${PN} = "shared-mime-info" - -FILES:${PN}-xlib = "${libdir}/*pixbuf_xlib*${SOLIBS}" -ALLOW_EMPTY:${PN}-xlib = "1" - -FILES:${PN} += "${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" - -FILES:${PN}-bin += "${datadir}/thumbnailers/gdk-pixbuf-thumbnailer.thumbnailer" - -FILES:${PN}-dev += " \ - ${bindir}/gdk-pixbuf-csource \ - ${bindir}/gdk-pixbuf-pixdata \ - ${bindir}/gdk-pixbuf-print-mime-types \ - ${includedir}/* \ - ${libdir}/gdk-pixbuf-2.0/${LIBV}/loaders/*.la \ -" - -PACKAGES_DYNAMIC += "^gdk-pixbuf-loader-.*" -PACKAGES_DYNAMIC:class-native = "" - -python populate_packages:prepend () { - postinst_pixbufloader = d.getVar("postinst_pixbufloader") - - loaders_root = d.expand('${libdir}/gdk-pixbuf-2.0/${LIBV}/loaders') - - packages = ' '.join(do_split_packages(d, loaders_root, r'^libpixbufloader-(.*)\.so$', 'gdk-pixbuf-loader-%s', 'GDK pixbuf loader for %s')) - d.setVar('PIXBUF_PACKAGES', packages) - - # The test suite exercises all the loaders, so ensure they are all - # dependencies of the ptest package. - d.appendVar("RDEPENDS:%s-ptest" % d.getVar('PN'), " " + packages) -} - -do_install:append() { - # Copy gdk-pixbuf-query-loaders into libdir so it is always available - # in multilib builds. - cp ${D}/${bindir}/gdk-pixbuf-query-loaders ${D}/${libdir}/gdk-pixbuf-2.0/ - -} - -# Remove a bad fuzzing attempt that sporadically fails without a way to reproduce -do_install_ptest() { - rm ${D}/${datadir}/installed-tests/gdk-pixbuf/pixbuf-randomly-modified.test -} - -do_install:append:class-native() { - find ${D}${libdir} -name "libpixbufloader-*.la" -exec rm \{\} \; - - create_wrapper ${D}/${bindir}/gdk-pixbuf-csource \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - - create_wrapper ${D}/${bindir}/gdk-pixbuf-pixdata \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - - create_wrapper ${D}/${bindir}/gdk-pixbuf-print-mime-types \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache - - create_wrapper ${D}/${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \ - GDK_PIXBUF_MODULEDIR=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders - - create_wrapper ${D}/${bindir}/gdk-pixbuf-query-loaders \ - XDG_DATA_DIRS=${STAGING_DATADIR} \ - GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \ - GDK_PIXBUF_MODULEDIR=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders -} -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb new file mode 100644 index 0000000000..d33718e3ea --- /dev/null +++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb @@ -0,0 +1,132 @@ +SUMMARY = "Image loading library for GTK+" +DESCRIPTION = "The GDK Pixbuf library provides: Image loading and saving \ +facilities, fast scaling and compositing of pixbufs and Simple animation \ +loading (ie. animated GIFs)" +HOMEPAGE = "https://wiki.gnome.org/Projects/GdkPixbuf" +BUGTRACKER = "https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues" + +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ + file://gdk-pixbuf/gdk-pixbuf.h;endline=26;md5=72b39da7cbdde2e665329fef618e1d6b \ + " + +SECTION = "libs" + +DEPENDS = "glib-2.0 gdk-pixbuf-native shared-mime-info" +DEPENDS:remove:class-native = "gdk-pixbuf-native" + +MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" + +SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ + file://run-ptest \ + file://fatal-loader.patch \ + file://0001-Add-use_prebuilt_tools-option.patch \ + " + +SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962" + +inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package + +GIR_MESON_OPTION = 'introspection' +GIR_MESON_ENABLE_FLAG = "enabled" +GIR_MESON_DISABLE_FLAG = "disabled" + +LIBV = "2.10.0" + +GDK_PIXBUF_LOADERS ?= "png jpeg" + +PACKAGECONFIG = "${GDK_PIXBUF_LOADERS} \ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" +PACKAGECONFIG:class-native = "${GDK_PIXBUF_LOADERS}" + +PACKAGECONFIG[png] = "-Dpng=enabled,-Dpng=disabled,libpng" +PACKAGECONFIG[jpeg] = "-Djpeg=enabled,-Djpeg=disabled,jpeg" +PACKAGECONFIG[tiff] = "-Dtiff=enabled,-Dtiff=disabled,tiff" +PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false" + +EXTRA_OEMESON = "-Dman=false" + +EXTRA_OEMESON:append:class-target = " \ + -Duse_prebuilt_tools=true \ +" + +EXTRA_OEMESON:append:class-nativesdk = " \ + -Duse_prebuilt_tools=true \ +" + +PACKAGES =+ "${PN}-xlib" + +# For GIO image type sniffing +RDEPENDS:${PN} = "shared-mime-info" + +FILES:${PN}-xlib = "${libdir}/*pixbuf_xlib*${SOLIBS}" +ALLOW_EMPTY:${PN}-xlib = "1" + +FILES:${PN} += "${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" + +FILES:${PN}-bin += "${datadir}/thumbnailers/gdk-pixbuf-thumbnailer.thumbnailer" + +FILES:${PN}-dev += " \ + ${bindir}/gdk-pixbuf-csource \ + ${bindir}/gdk-pixbuf-pixdata \ + ${bindir}/gdk-pixbuf-print-mime-types \ + ${includedir}/* \ + ${libdir}/gdk-pixbuf-2.0/${LIBV}/loaders/*.la \ +" + +PACKAGES_DYNAMIC += "^gdk-pixbuf-loader-.*" +PACKAGES_DYNAMIC:class-native = "" + +python populate_packages:prepend () { + postinst_pixbufloader = d.getVar("postinst_pixbufloader") + + loaders_root = d.expand('${libdir}/gdk-pixbuf-2.0/${LIBV}/loaders') + + packages = ' '.join(do_split_packages(d, loaders_root, r'^libpixbufloader-(.*)\.so$', 'gdk-pixbuf-loader-%s', 'GDK pixbuf loader for %s')) + d.setVar('PIXBUF_PACKAGES', packages) + + # The test suite exercises all the loaders, so ensure they are all + # dependencies of the ptest package. + d.appendVar("RDEPENDS:%s-ptest" % d.getVar('PN'), " " + packages) +} + +do_install:append() { + # Copy gdk-pixbuf-query-loaders into libdir so it is always available + # in multilib builds. + cp ${D}/${bindir}/gdk-pixbuf-query-loaders ${D}/${libdir}/gdk-pixbuf-2.0/ + +} + +do_install_ptest() { + # Remove a bad fuzzing attempt that sporadically fails without a way to reproduce + rm ${D}/${datadir}/installed-tests/gdk-pixbuf/pixbuf-randomly-modified.test + # https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/215 + rm ${D}/${datadir}/installed-tests/gdk-pixbuf/pixbuf-jpeg.test +} + +do_install:append:class-native() { + find ${D}${libdir} -name "libpixbufloader-*.la" -exec rm \{\} \; + + create_wrapper ${D}/${bindir}/gdk-pixbuf-csource \ + XDG_DATA_DIRS=${STAGING_DATADIR} \ + GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache + + create_wrapper ${D}/${bindir}/gdk-pixbuf-pixdata \ + XDG_DATA_DIRS=${STAGING_DATADIR} \ + GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache + + create_wrapper ${D}/${bindir}/gdk-pixbuf-print-mime-types \ + XDG_DATA_DIRS=${STAGING_DATADIR} \ + GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache + + create_wrapper ${D}/${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \ + XDG_DATA_DIRS=${STAGING_DATADIR} \ + GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \ + GDK_PIXBUF_MODULEDIR=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders + + create_wrapper ${D}/${bindir}/gdk-pixbuf-query-loaders \ + XDG_DATA_DIRS=${STAGING_DATADIR} \ + GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \ + GDK_PIXBUF_MODULEDIR=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders +} +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb index 67081bb8cb..ffb813d290 100644 --- a/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/poky/meta/recipes-graphics/cairo/cairo_1.16.0.bb @@ -17,9 +17,13 @@ LICENSE:${PN}-doc = "MPL-1.1 | LGPL-2.1-only" LICENSE:${PN}-gobject = "MPL-1.1 | LGPL-2.1-only" LICENSE:${PN}-script-interpreter = "MPL-1.1 | LGPL-2.1-only" LICENSE:${PN}-perf-utils = "GPL-3.0-or-later" +# Adapt the licenses for cairo-dbg and cairo-src depending on whether +# cairo-trace is being built. +LICENSE:${PN}-dbg = "(MPL-1.1 | LGPL-2.1-only)${@bb.utils.contains('PACKAGECONFIG', 'trace', ' & GPL-3.0-or-later', '', d)}" +LICENSE:${PN}-src = "(MPL-1.1 | LGPL-2.1-only)${@bb.utils.contains('PACKAGECONFIG', 'trace', ' & GPL-3.0-or-later', '', d)}" LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77 \ - file://util/cairo-trace/COPYING-GPL-3;md5=d32239bcb673463ab874e80d47fae504" + ${@bb.utils.contains('PACKAGECONFIG', 'trace', 'file://util/cairo-trace/COPYING-GPL-3;md5=d32239bcb673463ab874e80d47fae504', '', d)}" DEPENDS = "fontconfig glib-2.0 libpng pixman zlib" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb deleted file mode 100644 index fdc035d5f7..0000000000 --- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.3.bb +++ /dev/null @@ -1,62 +0,0 @@ -SUMMARY = "Hardware accelerated JPEG compression/decompression library" -DESCRIPTION = "libjpeg-turbo is a derivative of libjpeg that uses SIMD instructions (MMX, SSE2, NEON) to accelerate baseline JPEG compression and decompression" -HOMEPAGE = "http://libjpeg-turbo.org/" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://cdjpeg.h;endline=13;md5=8a61af33cc1c681cd5cc297150bbb5bd \ - file://jpeglib.h;endline=16;md5=52b5eaade8d5b6a452a7693dfe52c084 \ - file://djpeg.c;endline=11;md5=510b386442ab6a27ee241fc5669bc5ea \ - " -DEPENDS:append:x86-64:class-target = " nasm-native" -DEPENDS:append:x86:class-target = " nasm-native" - -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ - file://0001-libjpeg-turbo-fix-package_qa-error.patch \ - " - -SRC_URI[sha256sum] = "467b310903832b033fe56cd37720d1b73a6a3bd0171dbf6ff0b620385f4f76d0" -UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" -UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P(\d+[\.\-_]*)+)/" - -PE = "1" - -# Drop-in replacement for jpeg -PROVIDES = "jpeg" -RPROVIDES:${PN} += "jpeg" -RREPLACES:${PN} += "jpeg" -RCONFLICTS:${PN} += "jpeg" - -inherit cmake pkgconfig - -export NASMENV = "--reproducible --debug-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" - -# Add nasm-native dependency consistently for all build arches is hard -EXTRA_OECMAKE:append:class-native = " -DWITH_SIMD=False" -EXTRA_OECMAKE:append:class-nativesdk = " -DWITH_SIMD=False" - -# Work around missing x32 ABI support -EXTRA_OECMAKE:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", "-DWITH_SIMD=False", "", d)}" - -# Work around missing non-floating point ABI support in MIPS -EXTRA_OECMAKE:append:class-target = " ${@bb.utils.contains("MIPSPKGSFX_FPU", "-nf", "-DWITH_SIMD=False", "", d)}" - -EXTRA_OECMAKE:append:class-target:arm = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "", "-DWITH_SIMD=False", d)}" -EXTRA_OECMAKE:append:class-target:armeb = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "", "-DWITH_SIMD=False", d)}" - -# Provide a workaround if Altivec unit is not present in PPC -EXTRA_OECMAKE:append:class-target:powerpc = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}" -EXTRA_OECMAKE:append:class-target:powerpc64 = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}" -EXTRA_OECMAKE:append:class-target:powerpc64le = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}" - -DEBUG_OPTIMIZATION:append:armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" -DEBUG_OPTIMIZATION:append:armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" - -PACKAGES =+ "jpeg-tools libturbojpeg" - -DESCRIPTION:jpeg-tools = "The jpeg-tools package includes client programs to access libjpeg functionality. These tools allow for the compression, decompression, transformation and display of JPEG files and benchmarking of the libjpeg library." -FILES:jpeg-tools = "${bindir}/*" - -DESCRIPTION:libturbojpeg = "A SIMD-accelerated JPEG codec which provides only TurboJPEG APIs" -FILES:libturbojpeg = "${libdir}/libturbojpeg.so.*" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb new file mode 100644 index 0000000000..1708fa97f0 --- /dev/null +++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb @@ -0,0 +1,62 @@ +SUMMARY = "Hardware accelerated JPEG compression/decompression library" +DESCRIPTION = "libjpeg-turbo is a derivative of libjpeg that uses SIMD instructions (MMX, SSE2, NEON) to accelerate baseline JPEG compression and decompression" +HOMEPAGE = "http://libjpeg-turbo.org/" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://cdjpeg.h;endline=13;md5=8a61af33cc1c681cd5cc297150bbb5bd \ + file://jpeglib.h;endline=16;md5=52b5eaade8d5b6a452a7693dfe52c084 \ + file://djpeg.c;endline=11;md5=510b386442ab6a27ee241fc5669bc5ea \ + " +DEPENDS:append:x86-64:class-target = " nasm-native" +DEPENDS:append:x86:class-target = " nasm-native" + +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ + file://0001-libjpeg-turbo-fix-package_qa-error.patch \ + " + +SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b" +UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/" +UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P(\d+[\.\-_]*)+)/" + +PE = "1" + +# Drop-in replacement for jpeg +PROVIDES = "jpeg" +RPROVIDES:${PN} += "jpeg" +RREPLACES:${PN} += "jpeg" +RCONFLICTS:${PN} += "jpeg" + +inherit cmake pkgconfig + +export NASMENV = "--reproducible --debug-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" + +# Add nasm-native dependency consistently for all build arches is hard +EXTRA_OECMAKE:append:class-native = " -DWITH_SIMD=False" +EXTRA_OECMAKE:append:class-nativesdk = " -DWITH_SIMD=False" + +# Work around missing x32 ABI support +EXTRA_OECMAKE:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", "-DWITH_SIMD=False", "", d)}" + +# Work around missing non-floating point ABI support in MIPS +EXTRA_OECMAKE:append:class-target = " ${@bb.utils.contains("MIPSPKGSFX_FPU", "-nf", "-DWITH_SIMD=False", "", d)}" + +EXTRA_OECMAKE:append:class-target:arm = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "", "-DWITH_SIMD=False", d)}" +EXTRA_OECMAKE:append:class-target:armeb = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "", "-DWITH_SIMD=False", d)}" + +# Provide a workaround if Altivec unit is not present in PPC +EXTRA_OECMAKE:append:class-target:powerpc = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}" +EXTRA_OECMAKE:append:class-target:powerpc64 = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}" +EXTRA_OECMAKE:append:class-target:powerpc64le = " ${@bb.utils.contains("TUNE_FEATURES", "altivec", "", "-DWITH_SIMD=False", d)}" + +DEBUG_OPTIMIZATION:append:armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" +DEBUG_OPTIMIZATION:append:armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" + +PACKAGES =+ "jpeg-tools libturbojpeg" + +DESCRIPTION:jpeg-tools = "The jpeg-tools package includes client programs to access libjpeg functionality. These tools allow for the compression, decompression, transformation and display of JPEG files and benchmarking of the libjpeg library." +FILES:jpeg-tools = "${bindir}/*" + +DESCRIPTION:libturbojpeg = "A SIMD-accelerated JPEG codec which provides only TurboJPEG APIs" +FILES:libturbojpeg = "${libdir}/libturbojpeg.so.*" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch b/poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch deleted file mode 100644 index 1ac0695222..0000000000 --- a/poky/meta/recipes-graphics/wayland/weston/dont-use-plane-add-prop.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ece4c3d261aeec230869c0304ed1011ff6837c16 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sat, 12 Sep 2020 14:04:04 -0700 -Subject: [PATCH] Fix atomic modesetting with musl - -atomic modesetting seems to fail with drm weston backend and this patch fixes -it, below errors are seen before weston exits - -atomic: couldn't commit new state: Invalid argument - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/wayland/weston/-/issues/158] -Signed-off-by: Khem Raj - ---- - libweston/backend-drm/kms.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libweston/backend-drm/kms.c b/libweston/backend-drm/kms.c -index 780d007..9994da1 100644 ---- a/libweston/backend-drm/kms.c -+++ b/libweston/backend-drm/kms.c -@@ -1142,8 +1142,8 @@ drm_pending_state_apply_atomic(struct drm_pending_state *pending_state, - wl_list_for_each(plane, &b->plane_list, link) { - drm_debug(b, "\t\t[atomic] starting with plane %lu disabled\n", - (unsigned long) plane->plane_id); -- plane_add_prop(req, plane, WDRM_PLANE_CRTC_ID, 0); -- plane_add_prop(req, plane, WDRM_PLANE_FB_ID, 0); -+ //plane_add_prop(req, plane, WDRM_PLANE_CRTC_ID, 0); -+ //plane_add_prop(req, plane, WDRM_PLANE_FB_ID, 0); - } - - flags |= DRM_MODE_ATOMIC_ALLOW_MODESET; diff --git a/poky/meta/recipes-graphics/wayland/weston_10.0.1.bb b/poky/meta/recipes-graphics/wayland/weston_10.0.1.bb deleted file mode 100644 index e27dac164e..0000000000 --- a/poky/meta/recipes-graphics/wayland/weston_10.0.1.bb +++ /dev/null @@ -1,144 +0,0 @@ -SUMMARY = "Weston, a Wayland compositor" -DESCRIPTION = "Weston is the reference implementation of a Wayland compositor" -HOMEPAGE = "http://wayland.freedesktop.org" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=d79ee9e66bb0f95d3386a7acae780b70 \ - file://libweston/compositor.c;endline=27;md5=eb6d5297798cabe2ddc65e2af519bcf0 \ - " - -SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \ - file://weston.png \ - file://weston.desktop \ - file://xwayland.weston-start \ - file://systemd-notify.weston-start \ - " - -SRC_URI:append:libc-musl = " file://dont-use-plane-add-prop.patch " - -SRC_URI[sha256sum] = "8a9e52506a865a7410981b04f8341b89b84106db8531ab1f9fdd37b5dc034115" - -UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" - -inherit meson pkgconfig useradd - -# depends on virtual/egl -# -require ${THISDIR}/required-distro-features.inc - -DEPENDS = "libxkbcommon gdk-pixbuf pixman cairo glib-2.0" -DEPENDS += "wayland wayland-protocols libinput virtual/egl pango wayland-native" - -LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'lto', '-Wl,-z,undefs', '', d)}" - -WESTON_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:1])}" - -EXTRA_OEMESON += "-Dpipewire=false" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'kms wayland egl clients', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ - ${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \ - ${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'sysvinit', 'launcher-libseat', '', d)} \ - image-jpeg \ - screenshare \ - shell-desktop \ - shell-fullscreen \ - shell-ivi" - -# Can be 'damage', 'im', 'egl', 'shm', 'touch', 'dmabuf-feedback', 'dmabuf-v4l', 'dmabuf-egl' or 'all' -SIMPLECLIENTS ?= "all" - -# -# Compositor choices -# -# Weston on KMS -PACKAGECONFIG[kms] = "-Dbackend-drm=true,-Dbackend-drm=false,drm udev virtual/egl virtual/libgles2 virtual/libgbm mtdev" -# Weston on Wayland (nested Weston) -PACKAGECONFIG[wayland] = "-Dbackend-wayland=true,-Dbackend-wayland=false,virtual/egl virtual/libgles2" -# Weston on X11 -PACKAGECONFIG[x11] = "-Dbackend-x11=true,-Dbackend-x11=false,virtual/libx11 libxcb libxcb libxcursor cairo" -# Headless Weston -PACKAGECONFIG[headless] = "-Dbackend-headless=true,-Dbackend-headless=false" -# Weston on framebuffer -PACKAGECONFIG[fbdev] = "-Ddeprecated-backend-fbdev=true,-Ddeprecated-backend-fbdev=false,udev mtdev" -# Weston on RDP -PACKAGECONFIG[rdp] = "-Dbackend-rdp=true,-Dbackend-rdp=false,freerdp" -# weston-launch -PACKAGECONFIG[launch] = "-Ddeprecated-weston-launch=true,-Ddeprecated-weston-launch=false,drm" -# VA-API desktop recorder -PACKAGECONFIG[vaapi] = "-Dbackend-drm-screencast-vaapi=true,-Dbackend-drm-screencast-vaapi=false,libva" -# Weston with EGL support -PACKAGECONFIG[egl] = "-Drenderer-gl=true,-Drenderer-gl=false,virtual/egl" -# Weston with lcms support -PACKAGECONFIG[lcms] = "-Dcolor-management-lcms=true,-Dcolor-management-lcms=false,lcms" -# Weston with webp support -PACKAGECONFIG[webp] = "-Dimage-webp=true,-Dimage-webp=false,libwebp" -# Weston with systemd-login support -PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus" -# Weston with Xwayland support (requires X11 and Wayland) -PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false" -# colord CMS support -PACKAGECONFIG[colord] = "-Dcolor-management-colord=true,-Dcolor-management-colord=false,colord" -# Clients support -PACKAGECONFIG[clients] = "-Dsimple-clients=${SIMPLECLIENTS} -Ddemo-clients=true,-Dsimple-clients= -Ddemo-clients=false" -# Virtual remote output with GStreamer on DRM backend -PACKAGECONFIG[remoting] = "-Dremoting=true,-Dremoting=false,gstreamer1.0 gstreamer1.0-plugins-base" -# Weston with screen-share support -PACKAGECONFIG[screenshare] = "-Dscreenshare=true,-Dscreenshare=false" -# Traditional desktop shell -PACKAGECONFIG[shell-desktop] = "-Dshell-desktop=true,-Dshell-desktop=false" -# Fullscreen shell -PACKAGECONFIG[shell-fullscreen] = "-Dshell-fullscreen=true,-Dshell-fullscreen=false" -# In-Vehicle Infotainment (IVI) shell -PACKAGECONFIG[shell-ivi] = "-Dshell-ivi=true,-Dshell-ivi=false" -# JPEG image loading support -PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg" -# support libseat based launch -PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd" - -do_install:append() { - # Weston doesn't need the .la files to load modules, so wipe them - rm -f ${D}/${libdir}/libweston-${WESTON_MAJOR_VERSION}/*.la - - # If X11, ship a desktop file to launch it - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then - install -d ${D}${datadir}/applications - install ${WORKDIR}/weston.desktop ${D}${datadir}/applications - - install -d ${D}${datadir}/icons/hicolor/48x48/apps - install ${WORKDIR}/weston.png ${D}${datadir}/icons/hicolor/48x48/apps - fi - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'yes', 'no', d)}" = "yes" ]; then - install -Dm 644 ${WORKDIR}/xwayland.weston-start ${D}${datadir}/weston-start/xwayland - fi - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'yes', 'no', d)}" = "yes" ]; then - install -Dm 644 ${WORKDIR}/systemd-notify.weston-start ${D}${datadir}/weston-start/systemd-notify - fi - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'launch', 'yes', 'no', d)}" = "yes" ]; then - chmod u+s ${D}${bindir}/weston-launch - fi -} - -PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'xwayland', '${PN}-xwayland', '', d)} \ - libweston-${WESTON_MAJOR_VERSION} ${PN}-examples" - -FILES:${PN}-dev += "${libdir}/${BPN}/libexec_weston.so" -FILES:${PN} = "${bindir}/weston ${bindir}/weston-terminal ${bindir}/weston-info ${bindir}/weston-launch ${bindir}/wcap-decode ${libexecdir} ${libdir}/${BPN}/*.so* ${datadir}" - -FILES:libweston-${WESTON_MAJOR_VERSION} = "${libdir}/lib*${SOLIBS} ${libdir}/libweston-${WESTON_MAJOR_VERSION}/*.so" -SUMMARY:libweston-${WESTON_MAJOR_VERSION} = "Helper library for implementing 'wayland window managers'." - -FILES:${PN}-examples = "${bindir}/*" - -FILES:${PN}-xwayland = "${libdir}/libweston-${WESTON_MAJOR_VERSION}/xwayland.so" -RDEPENDS:${PN}-xwayland += "xwayland" - -RDEPENDS:${PN} += "xkeyboard-config" -RRECOMMENDS:${PN} = "weston-init liberation-fonts" -RRECOMMENDS:${PN}-dev += "wayland-protocols" - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "--system weston-launch" diff --git a/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb new file mode 100644 index 0000000000..f81a33fd1e --- /dev/null +++ b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb @@ -0,0 +1,142 @@ +SUMMARY = "Weston, a Wayland compositor" +DESCRIPTION = "Weston is the reference implementation of a Wayland compositor" +HOMEPAGE = "http://wayland.freedesktop.org" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=d79ee9e66bb0f95d3386a7acae780b70 \ + file://libweston/compositor.c;endline=27;md5=eb6d5297798cabe2ddc65e2af519bcf0 \ + " + +SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \ + file://weston.png \ + file://weston.desktop \ + file://xwayland.weston-start \ + file://systemd-notify.weston-start \ + " + +SRC_URI[sha256sum] = "89646ca0d9f8d413c2767e5c3828eaa3fa149c2a105b3729a6894fa7cf1549e7" + +UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html" + +inherit meson pkgconfig useradd + +# depends on virtual/egl +# +require ${THISDIR}/required-distro-features.inc + +DEPENDS = "libxkbcommon gdk-pixbuf pixman cairo glib-2.0" +DEPENDS += "wayland wayland-protocols libinput virtual/egl pango wayland-native" + +LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'lto', '-Wl,-z,undefs', '', d)}" + +WESTON_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:1])}" + +EXTRA_OEMESON += "-Dpipewire=false" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'kms wayland egl clients', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ + ${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \ + ${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'sysvinit', 'launcher-libseat', '', d)} \ + image-jpeg \ + screenshare \ + shell-desktop \ + shell-fullscreen \ + shell-ivi" + +# Can be 'damage', 'im', 'egl', 'shm', 'touch', 'dmabuf-feedback', 'dmabuf-v4l', 'dmabuf-egl' or 'all' +SIMPLECLIENTS ?= "all" + +# +# Compositor choices +# +# Weston on KMS +PACKAGECONFIG[kms] = "-Dbackend-drm=true,-Dbackend-drm=false,drm udev virtual/egl virtual/libgles2 virtual/libgbm mtdev" +# Weston on Wayland (nested Weston) +PACKAGECONFIG[wayland] = "-Dbackend-wayland=true,-Dbackend-wayland=false,virtual/egl virtual/libgles2" +# Weston on X11 +PACKAGECONFIG[x11] = "-Dbackend-x11=true,-Dbackend-x11=false,virtual/libx11 libxcb libxcb libxcursor cairo" +# Headless Weston +PACKAGECONFIG[headless] = "-Dbackend-headless=true,-Dbackend-headless=false" +# Weston on framebuffer +PACKAGECONFIG[fbdev] = "-Ddeprecated-backend-fbdev=true,-Ddeprecated-backend-fbdev=false,udev mtdev" +# Weston on RDP +PACKAGECONFIG[rdp] = "-Dbackend-rdp=true,-Dbackend-rdp=false,freerdp" +# weston-launch +PACKAGECONFIG[launch] = "-Ddeprecated-weston-launch=true,-Ddeprecated-weston-launch=false,drm" +# VA-API desktop recorder +PACKAGECONFIG[vaapi] = "-Dbackend-drm-screencast-vaapi=true,-Dbackend-drm-screencast-vaapi=false,libva" +# Weston with EGL support +PACKAGECONFIG[egl] = "-Drenderer-gl=true,-Drenderer-gl=false,virtual/egl" +# Weston with lcms support +PACKAGECONFIG[lcms] = "-Dcolor-management-lcms=true,-Dcolor-management-lcms=false,lcms" +# Weston with webp support +PACKAGECONFIG[webp] = "-Dimage-webp=true,-Dimage-webp=false,libwebp" +# Weston with systemd-login support +PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus" +# Weston with Xwayland support (requires X11 and Wayland) +PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false" +# colord CMS support +PACKAGECONFIG[colord] = "-Dcolor-management-colord=true,-Dcolor-management-colord=false,colord" +# Clients support +PACKAGECONFIG[clients] = "-Dsimple-clients=${SIMPLECLIENTS} -Ddemo-clients=true,-Dsimple-clients= -Ddemo-clients=false" +# Virtual remote output with GStreamer on DRM backend +PACKAGECONFIG[remoting] = "-Dremoting=true,-Dremoting=false,gstreamer1.0 gstreamer1.0-plugins-base" +# Weston with screen-share support +PACKAGECONFIG[screenshare] = "-Dscreenshare=true,-Dscreenshare=false" +# Traditional desktop shell +PACKAGECONFIG[shell-desktop] = "-Dshell-desktop=true,-Dshell-desktop=false" +# Fullscreen shell +PACKAGECONFIG[shell-fullscreen] = "-Dshell-fullscreen=true,-Dshell-fullscreen=false" +# In-Vehicle Infotainment (IVI) shell +PACKAGECONFIG[shell-ivi] = "-Dshell-ivi=true,-Dshell-ivi=false" +# JPEG image loading support +PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg" +# support libseat based launch +PACKAGECONFIG[launcher-libseat] = "-Dlauncher-libseat=true,-Dlauncher-libseat=false,seatd" + +do_install:append() { + # Weston doesn't need the .la files to load modules, so wipe them + rm -f ${D}/${libdir}/libweston-${WESTON_MAJOR_VERSION}/*.la + + # If X11, ship a desktop file to launch it + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then + install -d ${D}${datadir}/applications + install ${WORKDIR}/weston.desktop ${D}${datadir}/applications + + install -d ${D}${datadir}/icons/hicolor/48x48/apps + install ${WORKDIR}/weston.png ${D}${datadir}/icons/hicolor/48x48/apps + fi + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'yes', 'no', d)}" = "yes" ]; then + install -Dm 644 ${WORKDIR}/xwayland.weston-start ${D}${datadir}/weston-start/xwayland + fi + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'yes', 'no', d)}" = "yes" ]; then + install -Dm 644 ${WORKDIR}/systemd-notify.weston-start ${D}${datadir}/weston-start/systemd-notify + fi + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'launch', 'yes', 'no', d)}" = "yes" ]; then + chmod u+s ${D}${bindir}/weston-launch + fi +} + +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'xwayland', '${PN}-xwayland', '', d)} \ + libweston-${WESTON_MAJOR_VERSION} ${PN}-examples" + +FILES:${PN}-dev += "${libdir}/${BPN}/libexec_weston.so" +FILES:${PN} = "${bindir}/weston ${bindir}/weston-terminal ${bindir}/weston-info ${bindir}/weston-launch ${bindir}/wcap-decode ${libexecdir} ${libdir}/${BPN}/*.so* ${datadir}" + +FILES:libweston-${WESTON_MAJOR_VERSION} = "${libdir}/lib*${SOLIBS} ${libdir}/libweston-${WESTON_MAJOR_VERSION}/*.so" +SUMMARY:libweston-${WESTON_MAJOR_VERSION} = "Helper library for implementing 'wayland window managers'." + +FILES:${PN}-examples = "${bindir}/*" + +FILES:${PN}-xwayland = "${libdir}/libweston-${WESTON_MAJOR_VERSION}/xwayland.so" +RDEPENDS:${PN}-xwayland += "xwayland" + +RDEPENDS:${PN} += "xkeyboard-config" +RRECOMMENDS:${PN} = "weston-init liberation-fonts" +RRECOMMENDS:${PN}-dev += "wayland-protocols" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system weston-launch" diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb index a6ab9ca56d..dea7b65a7c 100644 --- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb +++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\ DEPENDS = "git-native" -SRCREV = "90598a5fae1172e3f7782a1b02f7b7518efd32c8" +SRCREV = "ba600ef61a85966596126a6e8d936971905e8749" PV = "0.3+git${SRCPV}" inherit native diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb deleted file mode 100644 index 91c32e49d6..0000000000 --- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb +++ /dev/null @@ -1,1083 +0,0 @@ -SUMMARY = "Firmware files for use with Linux kernel" -HOMEPAGE = "https://www.kernel.org/" -DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \ -that contains firmware binary blobs necessary for partial or full functionality \ -of certain hardware devices." -SECTION = "kernel" - -LICENSE = "\ - Firmware-Abilis \ - & Firmware-adsp_sst \ - & Firmware-agere \ - & Firmware-amdgpu \ - & Firmware-amd-ucode \ - & Firmware-amlogic_vdec \ - & Firmware-atheros_firmware \ - & Firmware-atmel \ - & Firmware-broadcom_bcm43xx \ - & Firmware-ca0132 \ - & Firmware-cavium \ - & Firmware-chelsio_firmware \ - & Firmware-cw1200 \ - & Firmware-cypress \ - & Firmware-dib0700 \ - & Firmware-e100 \ - & Firmware-ene_firmware \ - & Firmware-fw_sst_0f28 \ - & Firmware-go7007 \ - & Firmware-GPLv2 \ - & Firmware-hfi1_firmware \ - & Firmware-i915 \ - & Firmware-ibt_firmware \ - & Firmware-ice \ - & Firmware-it913x \ - & Firmware-iwlwifi_firmware \ - & Firmware-IntcSST2 \ - & Firmware-kaweth \ - & Firmware-Lontium \ - & Firmware-Marvell \ - & Firmware-moxa \ - & Firmware-myri10ge_firmware \ - & Firmware-netronome \ - & Firmware-nvidia \ - & Firmware-OLPC \ - & Firmware-ath9k-htc \ - & Firmware-phanfw \ - & Firmware-qat \ - & Firmware-qcom \ - & Firmware-qla1280 \ - & Firmware-qla2xxx \ - & Firmware-qualcommAthos_ar3k \ - & Firmware-qualcommAthos_ath10k \ - & Firmware-r8a779x_usb3 \ - & Firmware-radeon \ - & Firmware-ralink_a_mediatek_company_firmware \ - & Firmware-ralink-firmware \ - & Firmware-rtlwifi_firmware \ - & Firmware-imx-sdma_firmware \ - & Firmware-siano \ - & Firmware-ti-connectivity \ - & Firmware-ti-keystone \ - & Firmware-ueagle-atm4-firmware \ - & Firmware-via_vt6656 \ - & Firmware-wl1251 \ - & Firmware-xc4000 \ - & Firmware-xc5000 \ - & Firmware-xc5000c \ - & WHENCE \ -" - -LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ - file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ - file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ - file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ - file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ - file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ - file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ - file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ - file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \ - file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \ - file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \ - file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \ - file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \ - file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \ - file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \ - file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \ - file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \ - file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \ - file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \ - file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \ - file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \ - file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ - file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ - file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ - file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ - file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ - file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ - file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \ - file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ - file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ - file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \ - file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ - file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ - file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ - file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ - file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \ - file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ - file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ - file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ - file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ - file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ - file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ - file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ - file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ - file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \ - file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \ - file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \ - file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \ - file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \ - file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \ - file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \ - file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \ - file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \ - file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \ - file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \ - file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \ - file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \ - file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ - file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ - file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ - file://WHENCE;md5=${WHENCE_CHKSUM} \ - " -# WHENCE checksum is defined separately to ease overriding it if -# class-devupstream is selected. -WHENCE_CHKSUM = "def08711eb23ba967fb7e1f8cff66178" - -# These are not common licenses, set NO_GENERIC_LICENSE for them -# so that the license files will be copied from fetched source -NO_GENERIC_LICENSE[Firmware-Abilis] = "LICENCE.Abilis" -NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst" -NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere" -NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu" -NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode" -NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec" -NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware" -NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel" -NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx" -NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132" -NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence" -NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium" -NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware" -NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200" -NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress" -NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700" -NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100" -NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware" -NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28" -NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007" -NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2" -NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" -NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" -NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" -NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" -NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2" -NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x" -NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware" -NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth" -NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium" -NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell" -NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek" -NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa" -NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware" -NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome" -NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia" -NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" -NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" -NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" -NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" -NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" -NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" -NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" -NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" -NO_GENERIC_LICENSE[Firmware-qualcommAthos_ath10k] = "LICENSE.QualcommAtheros_ath10k" -NO_GENERIC_LICENSE[Firmware-r8a779x_usb3] = "LICENCE.r8a779x_usb3" -NO_GENERIC_LICENSE[Firmware-radeon] = "LICENSE.radeon" -NO_GENERIC_LICENSE[Firmware-ralink_a_mediatek_company_firmware] = "LICENCE.ralink_a_mediatek_company_firmware" -NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt" -NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt" -NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano" -NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware" -NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity" -NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone" -NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware" -NO_GENERIC_LICENSE[Firmware-via_vt6656] = "LICENCE.via_vt6656" -NO_GENERIC_LICENSE[Firmware-wl1251] = "LICENCE.wl1251" -NO_GENERIC_LICENSE[Firmware-xc4000] = "LICENCE.xc4000" -NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000" -NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c" -NO_GENERIC_LICENSE[WHENCE] = "WHENCE" - -PE = "1" - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz \ -" - -BBCLASSEXTEND = "devupstream:target" -SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git;protocol=https;branch=main" -# Pin this to the 20220509 release, override this in local.conf -SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" - -SRC_URI[sha256sum] = "0abec827a035c82bdcabdf82aa37ded247bc682ef05861bd409ea6f477bab81d" - -inherit allarch - -CLEANBROKEN = "1" - -do_compile() { - : -} - -do_install() { - oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install - cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/ -} - - -PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ - ${PN}-mt7601u-license ${PN}-mt7601u \ - ${PN}-radeon-license ${PN}-radeon \ - ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ - ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ - ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ - ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ - ${PN}-vt6656-license ${PN}-vt6656 \ - ${PN}-rs9113 ${PN}-rs9116 \ - ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ - ${PN}-rtl8168 \ - ${PN}-cypress-license \ - ${PN}-broadcom-license \ - ${PN}-bcm-0bb4-0306 \ - ${PN}-bcm43143 \ - ${PN}-bcm43236b \ - ${PN}-bcm43241b0 \ - ${PN}-bcm43241b4 \ - ${PN}-bcm43241b5 \ - ${PN}-bcm43242a \ - ${PN}-bcm4329 \ - ${PN}-bcm4329-fullmac \ - ${PN}-bcm4330 \ - ${PN}-bcm4334 \ - ${PN}-bcm43340 \ - ${PN}-bcm4335 \ - ${PN}-bcm43362 \ - ${PN}-bcm4339 \ - ${PN}-bcm43430 \ - ${PN}-bcm43430a0 \ - ${PN}-bcm43455 \ - ${PN}-bcm4350 \ - ${PN}-bcm4350c2 \ - ${PN}-bcm4354 \ - ${PN}-bcm4356 \ - ${PN}-bcm4356-pcie \ - ${PN}-bcm43569 \ - ${PN}-bcm43570 \ - ${PN}-bcm4358 \ - ${PN}-bcm43602 \ - ${PN}-bcm4366b \ - ${PN}-bcm4366c \ - ${PN}-bcm4371 \ - ${PN}-bcm4373 \ - ${PN}-bcm43xx \ - ${PN}-bcm43xx-hdr \ - ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ - ${PN}-gplv2-license ${PN}-carl9170 \ - ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ - \ - ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \ - \ - ${PN}-iwlwifi-license ${PN}-iwlwifi \ - ${PN}-iwlwifi-135-6 \ - ${PN}-iwlwifi-3160-7 ${PN}-iwlwifi-3160-8 ${PN}-iwlwifi-3160-9 \ - ${PN}-iwlwifi-3160-10 ${PN}-iwlwifi-3160-12 ${PN}-iwlwifi-3160-13 \ - ${PN}-iwlwifi-3160-16 ${PN}-iwlwifi-3160-17 \ - ${PN}-iwlwifi-6000-4 ${PN}-iwlwifi-6000g2a-5 ${PN}-iwlwifi-6000g2a-6 \ - ${PN}-iwlwifi-6000g2b-5 ${PN}-iwlwifi-6000g2b-6 \ - ${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \ - ${PN}-iwlwifi-7260 \ - ${PN}-iwlwifi-7265 \ - ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \ - ${PN}-iwlwifi-9000 \ - ${PN}-iwlwifi-misc \ - ${PN}-ibt-license ${PN}-ibt \ - ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \ - ${PN}-ibt-17 \ - ${PN}-ibt-20 \ - ${PN}-ibt-misc \ - ${PN}-i915-license ${PN}-i915 \ - ${PN}-ice-license ${PN}-ice \ - ${PN}-adsp-sst-license ${PN}-adsp-sst \ - ${PN}-bnx2-mips \ - ${PN}-liquidio \ - ${PN}-nvidia-license \ - ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \ - ${PN}-nvidia-gpu \ - ${PN}-netronome-license ${PN}-netronome \ - ${PN}-qat ${PN}-qat-license \ - ${PN}-qcom-license \ - ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ - ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ - ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ - ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ - ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \ - ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ - ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ - ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ - ${PN}-lt9611uxc ${PN}-lontium-license \ - ${PN}-whence-license \ - ${PN}-license \ - " - -# For atheros -LICENSE:${PN}-ar9170 = "Firmware-atheros_firmware" -LICENSE:${PN}-ath3k = "Firmware-atheros_firmware" -LICENSE:${PN}-ath6k = "Firmware-atheros_firmware" -LICENSE:${PN}-ath9k = "Firmware-atheros_firmware" -LICENSE:${PN}-atheros-license = "Firmware-atheros_firmware" - -FILES:${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware" -FILES:${PN}-ar9170 = " \ - ${nonarch_base_libdir}/firmware/ar9170*.fw \ -" -FILES:${PN}-ath3k = " \ - ${nonarch_base_libdir}/firmware/ath3k*fw \ -" -FILES:${PN}-ath6k = " \ - ${nonarch_base_libdir}/firmware/ath6k \ -" -FILES:${PN}-ath9k = " \ - ${nonarch_base_libdir}/firmware/ar9271.fw \ - ${nonarch_base_libdir}/firmware/ar7010*.fw \ - ${nonarch_base_libdir}/firmware/htc_9271.fw \ - ${nonarch_base_libdir}/firmware/htc_7010.fw \ - ${nonarch_base_libdir}/firmware/ath9k_htc/htc_7010-1.4.0.fw \ - ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \ -" - -RDEPENDS:${PN}-ar9170 += "${PN}-atheros-license" -RDEPENDS:${PN}-ath6k += "${PN}-atheros-license" -RDEPENDS:${PN}-ath9k += "${PN}-atheros-license" - -# For carl9170 -LICENSE:${PN}-carl9170 = "Firmware-GPLv2" -LICENSE:${PN}-gplv2-license = "Firmware-GPLv2" - -FILES:${PN}-gplv2-license = "${nonarch_base_libdir}/firmware/GPL-2" -FILES:${PN}-carl9170 = " \ - ${nonarch_base_libdir}/firmware/carl9170*.fw \ -" - -RDEPENDS:${PN}-carl9170 += "${PN}-gplv2-license" - -# For QualCommAthos -LICENSE:${PN}-ar3k = "Firmware-qualcommAthos_ar3k & Firmware-atheros_firmware" -LICENSE:${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k" -LICENSE:${PN}-ath10k = "Firmware-qualcommAthos_ath10k" -LICENSE:${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k" -LICENSE:${PN}-qca = "Firmware-qualcommAthos_ath10k" - -FILES:${PN}-ar3k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ar3k" -FILES:${PN}-ar3k = " \ - ${nonarch_base_libdir}/firmware/ar3k \ -" - -FILES:${PN}-ath10k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ath10k" -FILES:${PN}-ath10k = " \ - ${nonarch_base_libdir}/firmware/ath10k \ -" - -FILES:${PN}-ath11k = " \ - ${nonarch_base_libdir}/firmware/ath11k \ -" - -FILES:${PN}-qca = " \ - ${nonarch_base_libdir}/firmware/qca \ -" - -RDEPENDS:${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license" -RDEPENDS:${PN}-ath10k += "${PN}-ath10k-license" -RDEPENDS:${PN}-ath11k += "${PN}-ath10k-license" -RDEPENDS:${PN}-qca += "${PN}-ath10k-license" - -# For ralink -LICENSE:${PN}-ralink = "Firmware-ralink-firmware" -LICENSE:${PN}-ralink-license = "Firmware-ralink-firmware" - -FILES:${PN}-ralink-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink-firmware.txt" -FILES:${PN}-ralink = " \ - ${nonarch_base_libdir}/firmware/rt*.bin \ -" - -RDEPENDS:${PN}-ralink += "${PN}-ralink-license" - -# For mediatek MT7601U -LICENSE:${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware" -LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" - -FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" -FILES:${PN}-mt7601u = " \ - ${nonarch_base_libdir}/firmware/mt7601u.bin \ -" - -RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license" - -# For radeon -LICENSE:${PN}-radeon = "Firmware-radeon" -LICENSE:${PN}-radeon-license = "Firmware-radeon" - -FILES:${PN}-radeon-license = "${nonarch_base_libdir}/firmware/LICENSE.radeon" -FILES:${PN}-radeon = " \ - ${nonarch_base_libdir}/firmware/radeon \ -" - -RDEPENDS:${PN}-radeon += "${PN}-radeon-license" - -# For lontium -LICENSE:${PN}-lt9611uxc = "Firmware-Lontium" - -FILES:${PN}-lontium-license = "${nonarch_base_libdir}/firmware/LICENSE.Lontium" -FILES:${PN}-lt9611uxc = "${nonarch_base_libdir}/firmware/lt9611uxc_fw.bin" - -# For marvell -LICENSE:${PN}-pcie8897 = "Firmware-Marvell" -LICENSE:${PN}-pcie8997 = "Firmware-Marvell" -LICENSE:${PN}-sd8686 = "Firmware-Marvell" -LICENSE:${PN}-sd8688 = "Firmware-Marvell" -LICENSE:${PN}-sd8787 = "Firmware-Marvell" -LICENSE:${PN}-sd8797 = "Firmware-Marvell" -LICENSE:${PN}-sd8801 = "Firmware-Marvell" -LICENSE:${PN}-sd8887 = "Firmware-Marvell" -LICENSE:${PN}-sd8897 = "Firmware-Marvell" -LICENSE:${PN}-sd8997 = "Firmware-Marvell" -LICENSE:${PN}-usb8997 = "Firmware-Marvell" -LICENSE:${PN}-marvell-license = "Firmware-Marvell" - -FILES:${PN}-marvell-license = "${nonarch_base_libdir}/firmware/LICENCE.Marvell" -FILES:${PN}-pcie8897 = " \ - ${nonarch_base_libdir}/firmware/mrvl/pcie8897_uapsta.bin \ -" -FILES:${PN}-pcie8997 = " \ - ${nonarch_base_libdir}/firmware/mrvl/pcie8997_wlan_v4.bin \ - ${nonarch_base_libdir}/firmware/mrvl/pcieuart8997_combo_v4.bin \ - ${nonarch_base_libdir}/firmware/mrvl/pcieusb8997_combo_v4.bin \ -" -FILES:${PN}-sd8686 = " \ - ${nonarch_base_libdir}/firmware/libertas/sd8686_v9* \ - ${nonarch_base_libdir}/firmware/sd8686* \ -" -FILES:${PN}-sd8688 = " \ - ${nonarch_base_libdir}/firmware/libertas/sd8688* \ - ${nonarch_base_libdir}/firmware/mrvl/sd8688* \ -" -FILES:${PN}-sd8787 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8787_uapsta.bin \ -" -FILES:${PN}-sd8797 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8797_uapsta.bin \ -" -FILES:${PN}-sd8801 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8801_uapsta.bin \ -" -FILES:${PN}-sd8887 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8887_uapsta.bin \ -" -FILES:${PN}-sd8897 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \ -" -do_install:append() { - # The kernel 5.6.x driver still uses the old name, provide a symlink for - # older kernels - ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin -} -FILES:${PN}-sd8997 = " \ - ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \ - ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \ -" -FILES:${PN}-usb8997 = " \ - ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \ -" - -RDEPENDS:${PN}-sd8686 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8688 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8787 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8797 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8801 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8887 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8897 += "${PN}-marvell-license" -RDEPENDS:${PN}-sd8997 += "${PN}-marvell-license" -RDEPENDS:${PN}-usb8997 += "${PN}-marvell-license" - -# For netronome -LICENSE:${PN}-netronome = "Firmware-netronome" - -FILES:${PN}-netronome-license = " \ - ${nonarch_base_libdir}/firmware/LICENCE.Netronome \ -" -FILES:${PN}-netronome = " \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0081*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \ - ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \ - ${nonarch_base_libdir}/firmware/netronome/bpf \ - ${nonarch_base_libdir}/firmware/netronome/flower \ - ${nonarch_base_libdir}/firmware/netronome/nic \ - ${nonarch_base_libdir}/firmware/netronome/nic-sriov \ -" - -RDEPENDS:${PN}-netronome += "${PN}-netronome-license" - -# For Nvidia -LICENSE:${PN}-nvidia-gpu = "Firmware-nvidia" -LICENSE:${PN}-nvidia-tegra = "Firmware-nvidia" -LICENSE:${PN}-nvidia-tegra-k1 = "Firmware-nvidia" -LICENSE:${PN}-nvidia-license = "Firmware-nvidia" - -FILES:${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia" -FILES:${PN}-nvidia-tegra = " \ - ${nonarch_base_libdir}/firmware/nvidia/tegra* \ - ${nonarch_base_libdir}/firmware/nvidia/gm20b \ - ${nonarch_base_libdir}/firmware/nvidia/gp10b \ -" -FILES:${PN}-nvidia-tegra-k1 = " \ - ${nonarch_base_libdir}/firmware/nvidia/tegra124 \ - ${nonarch_base_libdir}/firmware/nvidia/gk20a \ -" -FILES:${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia" - -RDEPENDS:${PN}-nvidia-gpu += "${PN}-nvidia-license" -RDEPENDS:${PN}-nvidia-tegra += "${PN}-nvidia-license" -RDEPENDS:${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" - -# For RSI RS911x WiFi -LICENSE:${PN}-rs9113 = "WHENCE" -LICENSE:${PN}-rs9116 = "WHENCE" - -FILES:${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps " -FILES:${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps " - -RDEPENDS:${PN}-rs9113 += "${PN}-whence-license" -RDEPENDS:${PN}-rs9116 += "${PN}-whence-license" - -# For rtl -LICENSE:${PN}-rtl8188 = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl8192ce = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl8192su = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl8723 = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl8821 = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl-license = "Firmware-rtlwifi_firmware" -LICENSE:${PN}-rtl8168 = "WHENCE" - -FILES:${PN}-rtl-license = " \ - ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ -" -FILES:${PN}-rtl8188 = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8188*.bin \ -" -FILES:${PN}-rtl8192cu = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cufw*.bin \ -" -FILES:${PN}-rtl8192ce = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cfw*.bin \ -" -FILES:${PN}-rtl8192su = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8712u.bin \ -" -FILES:${PN}-rtl8723 = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8723*.bin \ -" -FILES:${PN}-rtl8821 = " \ - ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ -" -FILES:${PN}-rtl8168 = " \ - ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ -" - -RDEPENDS:${PN}-rtl8188 += "${PN}-rtl-license" -RDEPENDS:${PN}-rtl8192ce += "${PN}-rtl-license" -RDEPENDS:${PN}-rtl8192cu += "${PN}-rtl-license" -RDEPENDS:${PN}-rtl8192su = "${PN}-rtl-license" -RDEPENDS:${PN}-rtl8723 += "${PN}-rtl-license" -RDEPENDS:${PN}-rtl8821 += "${PN}-rtl-license" -RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license" - -# For ti-connectivity -LICENSE:${PN}-wlcommon = "Firmware-ti-connectivity" -LICENSE:${PN}-wl12xx = "Firmware-ti-connectivity" -LICENSE:${PN}-wl18xx = "Firmware-ti-connectivity" -LICENSE:${PN}-ti-connectivity-license = "Firmware-ti-connectivity" - -FILES:${PN}-ti-connectivity-license = "${nonarch_base_libdir}/firmware/LICENCE.ti-connectivity" -# wl18xx optionally needs wl1271-nvs.bin (which itself is a symlink to -# wl127x-nvs.bin) - see linux/drivers/net/wireless/ti/wlcore/sdio.c -# and drivers/net/wireless/ti/wlcore/spi.c. -# While they're optional and actually only used to override the MAC -# address on wl18xx, driver loading will delay (by udev timout - 60s) -# if not there. So let's make it available always. Because it's a -# symlink, both need to go to wlcommon. -FILES:${PN}-wlcommon = " \ - ${nonarch_base_libdir}/firmware/ti-connectivity/TI* \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl127x-nvs.bin \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl1271-nvs.bin \ -" -FILES:${PN}-wl12xx = " \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl12* \ -" -FILES:${PN}-wl18xx = " \ - ${nonarch_base_libdir}/firmware/ti-connectivity/wl18* \ -" - -RDEPENDS:${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" -RDEPENDS:${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" - -# For vt6656 -LICENSE:${PN}-vt6656 = "Firmware-via_vt6656" -LICENSE:${PN}-vt6656-license = "Firmware-via_vt6656" - -FILES:${PN}-vt6656-license = "${nonarch_base_libdir}/firmware/LICENCE.via_vt6656" -FILES:${PN}-vt6656 = " \ - ${nonarch_base_libdir}/firmware/vntwusb.fw \ -" - -RDEPENDS:${PN}-vt6656 = "${PN}-vt6656-license" - -# For broadcom - -# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u - -LICENSE:${PN}-broadcom-license = "Firmware-broadcom_bcm43xx" -FILES:${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx" - -# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES:\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES - -FILES:${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw" -FILES:${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw" -FILES:${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin" -FILES:${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin" -FILES:${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin" -FILES:${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*" -FILES:${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin" -FILES:${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin" -FILES:${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \ -" -FILES:${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin" -FILES:${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin" -FILES:${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin" -FILES:${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin" -FILES:${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \ -" -FILES:${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*" -FILES:${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \ -" -FILES:${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin" -FILES:${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin" -FILES:${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \ -" -FILES:${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin" -FILES:${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \ -" -FILES:${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin" -FILES:${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \ -" -FILES:${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin" -FILES:${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin" -FILES:${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin" - -# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE:\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done -# Currently 1st one and last 6 have cypress LICENSE - -LICENSE:${PN}-bcm43xx = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43xx += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43xx-hdr += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4329-fullmac += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43236b = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43236b += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4329 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4329 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4330 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4330 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4334 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4334 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4335 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4335 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4339 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4339 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43241b0 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43241b4 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43241b5 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43242a = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43242a += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43143 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43143 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43430a0 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43455 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43455 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4350c2 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4350 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4350 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4356 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4356 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43569 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43569 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43570 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43570 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4358 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4358 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm43602 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm43602 += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4366b = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4366b += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4366c = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4366c += "${PN}-broadcom-license" -LICENSE:${PN}-bcm4371 = "Firmware-broadcom_bcm43xx" -RDEPENDS:${PN}-bcm4371 += "${PN}-broadcom-license" - -# For broadcom cypress - -LICENSE:${PN}-cypress-license = "Firmware-cypress" -FILES:${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress" - -FILES:${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd" -FILES:${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*" -FILES:${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*" -FILES:${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*" -FILES:${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \ -" -FILES:${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \ -" -FILES:${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ - ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ - ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \ -" - -LICENSE:${PN}-bcm-0bb4-0306 = "Firmware-cypress" -RDEPENDS:${PN}-bcm-0bb4-0306 += "${PN}-cypress-license" -LICENSE:${PN}-bcm43340 = "Firmware-cypress" -RDEPENDS:${PN}-bcm43340 += "${PN}-cypress-license" -LICENSE:${PN}-bcm43362 = "Firmware-cypress" -RDEPENDS:${PN}-bcm43362 += "${PN}-cypress-license" -LICENSE:${PN}-bcm43430 = "Firmware-cypress" -RDEPENDS:${PN}-bcm43430 += "${PN}-cypress-license" -LICENSE:${PN}-bcm4354 = "Firmware-cypress" -RDEPENDS:${PN}-bcm4354 += "${PN}-cypress-license" -LICENSE:${PN}-bcm4356-pcie = "Firmware-cypress" -RDEPENDS:${PN}-bcm4356-pcie += "${PN}-cypress-license" -LICENSE:${PN}-bcm4373 = "Firmware-cypress" -RDEPENDS:${PN}-bcm4373 += "${PN}-cypress-license" - -# For Broadcom bnx2-mips -# -# which is a separate case to the other Broadcom firmwares since its -# license is contained in the shared WHENCE file. - -LICENSE:${PN}-bnx2-mips = "WHENCE" -LICENSE:${PN}-whence-license = "WHENCE" - -FILES:${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw" -FILES:${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE" - -RDEPENDS:${PN}-bnx2-mips += "${PN}-whence-license" - -# For imx-sdma -LICENSE:${PN}-imx-sdma-imx6q = "Firmware-imx-sdma_firmware" -LICENSE:${PN}-imx-sdma-imx7d = "Firmware-imx-sdma_firmware" -LICENSE:${PN}-imx-sdma-license = "Firmware-imx-sdma_firmware" - -FILES:${PN}-imx-sdma-imx6q = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx6q.bin" - -RPROVIDES:${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" -RREPLACES:${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" -RCONFLICTS:${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" - -FILES:${PN}-imx-sdma-imx7d = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx7d.bin" - -FILES:${PN}-imx-sdma-license = "${nonarch_base_libdir}/firmware/LICENSE.sdma_firmware" - -RDEPENDS:${PN}-imx-sdma-imx6q += "${PN}-imx-sdma-license" -RDEPENDS:${PN}-imx-sdma-imx7d += "${PN}-imx-sdma-license" - -# For iwlwifi -LICENSE:${PN}-iwlwifi = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-135-6 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-7 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-8 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-9 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-10 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-12 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-13 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-16 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-3160-17 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6000-4 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6000g2a-5 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6000g2a-6 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6000g2b-5 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6000g2b-6 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6050-4 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-6050-5 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-7260 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-7265 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-7265d = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-8000c = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-8265 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-9000 = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-misc = "Firmware-iwlwifi_firmware" -LICENSE:${PN}-iwlwifi-license = "Firmware-iwlwifi_firmware" - - -FILES:${PN}-iwlwifi-license = "${nonarch_base_libdir}/firmware/LICENCE.iwlwifi_firmware" -FILES:${PN}-iwlwifi-135-6 = "${nonarch_base_libdir}/firmware/iwlwifi-135-6.ucode" -FILES:${PN}-iwlwifi-3160-7 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-7.ucode" -FILES:${PN}-iwlwifi-3160-8 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-8.ucode" -FILES:${PN}-iwlwifi-3160-9 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-9.ucode" -FILES:${PN}-iwlwifi-3160-10 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-10.ucode" -FILES:${PN}-iwlwifi-3160-12 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-12.ucode" -FILES:${PN}-iwlwifi-3160-13 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-13.ucode" -FILES:${PN}-iwlwifi-3160-16 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-16.ucode" -FILES:${PN}-iwlwifi-3160-17 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-17.ucode" -FILES:${PN}-iwlwifi-6000-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6000-4.ucode" -FILES:${PN}-iwlwifi-6000g2a-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-5.ucode" -FILES:${PN}-iwlwifi-6000g2a-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-6.ucode" -FILES:${PN}-iwlwifi-6000g2b-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-5.ucode" -FILES:${PN}-iwlwifi-6000g2b-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-6.ucode" -FILES:${PN}-iwlwifi-6050-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-4.ucode" -FILES:${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.ucode" -FILES:${PN}-iwlwifi-7260 = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode" -FILES:${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode" -FILES:${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode" -FILES:${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" -FILES:${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" -FILES:${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" -FILES:${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" - -RDEPENDS:${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-7 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-8 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-9 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-10 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-12 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-13 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-16 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-3160-17 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6000-4 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6000g2a-5 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6000g2a-6 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6000g2b-5 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6000g2b-6 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6050-4 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-6050-5 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-7265d = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-8000c = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-8265 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-9000 = "${PN}-iwlwifi-license" -RDEPENDS:${PN}-iwlwifi-misc = "${PN}-iwlwifi-license" - -# -iwlwifi-misc is a "catch all" package that includes all the iwlwifi -# firmwares that are not already included in other -iwlwifi- packages. -# -iwlwifi is a virtual package that depends upon all iwlwifi packages. -# These are distinct in order to allow the -misc firmwares to be installed -# without pulling in every other iwlwifi package. -ALLOW_EMPTY:${PN}-iwlwifi = "1" -ALLOW_EMPTY:${PN}-iwlwifi-misc = "1" - -# Handle package updating for the newly merged iwlwifi groupings -RPROVIDES:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" -RREPLACES:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" -RCONFLICTS:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" - -RPROVIDES:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" -RREPLACES:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" -RCONFLICTS:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" - -# For ibt -LICENSE:${PN}-ibt-license = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-11-5 = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-12-16 = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-17 = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-20 = "Firmware-ibt_firmware" -LICENSE:${PN}-ibt-misc = "Firmware-ibt_firmware" - -FILES:${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware" -FILES:${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bseq" -FILES:${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq" -FILES:${PN}-ibt-11-5 = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc" -FILES:${PN}-ibt-12-16 = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi ${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc" -FILES:${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc" -FILES:${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc" -FILES:${PN}-ibt-misc = "${nonarch_base_libdir}/firmware/intel/ibt-*" - -RDEPENDS:${PN}-ibt-hw-37-7 = "${PN}-ibt-license" -RDEPENDS:${PN}-ibt-hw-37.8 = "${PN}-ibt-license" -RDEPENDS:${PN}-ibt-11-5 = "${PN}-ibt-license" -RDEPENDS:${PN}-ibt-12-16 = "${PN}-ibt-license" -RDEPENDS:${PN}-ibt-17 = "${PN}-ibt-license" -RDEPENDS:${PN}-ibt-20 = "${PN}-ibt-license" -RDEPENDS:${PN}-ibt-misc = "${PN}-ibt-license" - -ALLOW_EMPTY:${PN}-ibt= "1" -ALLOW_EMPTY:${PN}-ibt-misc = "1" - -LICENSE:${PN}-i915 = "Firmware-i915" -LICENSE:${PN}-i915-license = "Firmware-i915" -FILES:${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915" -FILES:${PN}-i915 = "${nonarch_base_libdir}/firmware/i915" -RDEPENDS:${PN}-i915 = "${PN}-i915-license" - -LICENSE:${PN}-ice = "Firmware-ice" -LICENSE:${PN}-ice-license = "Firmware-ice" -FILES:${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice" -FILES:${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice" -RDEPENDS:${PN}-ice = "${PN}-ice-license" - -FILES:${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst" -LICENSE:${PN}-adsp-sst = "Firmware-adsp_sst" -LICENSE:${PN}-adsp-sst-license = "Firmware-adsp_sst" -FILES:${PN}-adsp-sst = "${nonarch_base_libdir}/firmware/intel/dsp_fw*" -RDEPENDS:${PN}-adsp-sst = "${PN}-adsp-sst-license" - -# For QAT -LICENSE:${PN}-qat = "Firmware-qat" -LICENSE:${PN}-qat-license = "Firmware-qat" -FILES:${PN}-qat-license = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware" -FILES:${PN}-qat = "${nonarch_base_libdir}/firmware/qat*.bin" -RDEPENDS:${PN}-qat = "${PN}-qat-license" - -# For QCOM VPU/GPU and SDM845 -LICENSE:${PN}-qcom-license = "Firmware-qcom" -FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" -FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" -FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" -FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" -FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" -FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" -FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" -FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw" -FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" -FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw" -FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" -FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" -FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" -FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" -FILES:${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*" -FILES:${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn" -FILES:${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" -FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" -FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" -FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" -FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" -RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a630 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-sm8250-audio = "${PN}-qcom-license" -RDEPENDS:${PN}-qcom-sm8250-compute = "${PN}-qcom-license" - -FILES:${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio" - -# For Amlogic VDEC -LICENSE:${PN}-amlogic-vdec = "Firmware-amlogic_vdec" -FILES:${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec" -FILES:${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*" -RDEPENDS:${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license" - -# For other firmwares -# Maybe split out to separate packages when needed. -LICENSE:${PN} = "\ - Firmware-Abilis \ - & Firmware-agere \ - & Firmware-amdgpu \ - & Firmware-amd-ucode \ - & Firmware-amlogic_vdec \ - & Firmware-atmel \ - & Firmware-ca0132 \ - & Firmware-cavium \ - & Firmware-chelsio_firmware \ - & Firmware-cw1200 \ - & Firmware-dib0700 \ - & Firmware-e100 \ - & Firmware-ene_firmware \ - & Firmware-fw_sst_0f28 \ - & Firmware-go7007 \ - & Firmware-hfi1_firmware \ - & Firmware-ibt_firmware \ - & Firmware-it913x \ - & Firmware-IntcSST2 \ - & Firmware-kaweth \ - & Firmware-moxa \ - & Firmware-myri10ge_firmware \ - & Firmware-nvidia \ - & Firmware-OLPC \ - & Firmware-ath9k-htc \ - & Firmware-phanfw \ - & Firmware-qat \ - & Firmware-qcom \ - & Firmware-qla1280 \ - & Firmware-qla2xxx \ - & Firmware-r8a779x_usb3 \ - & Firmware-radeon \ - & Firmware-ralink_a_mediatek_company_firmware \ - & Firmware-ralink-firmware \ - & Firmware-imx-sdma_firmware \ - & Firmware-siano \ - & Firmware-ti-connectivity \ - & Firmware-ti-keystone \ - & Firmware-ueagle-atm4-firmware \ - & Firmware-wl1251 \ - & Firmware-xc4000 \ - & Firmware-xc5000 \ - & Firmware-xc5000c \ - & WHENCE \ -" - -FILES:${PN}-license += "${nonarch_base_libdir}/firmware/LICEN*" -FILES:${PN} += "${nonarch_base_libdir}/firmware/*" -RDEPENDS:${PN} += "${PN}-license" -RDEPENDS:${PN} += "${PN}-whence-license" - -# Make linux-firmware depend on all of the split-out packages. -# Make linux-firmware-iwlwifi depend on all of the split-out iwlwifi packages. -# Make linux-firmware-ibt depend on all of the split-out ibt packages. -python populate_packages:prepend () { - firmware_pkgs = oe.utils.packages_filter_out_system(d) - d.appendVar('RRECOMMENDS:linux-firmware', ' ' + ' '.join(firmware_pkgs)) - - iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs) - d.appendVar('RRECOMMENDS:linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs)) - - ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs) - d.appendVar('RRECOMMENDS:linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs)) -} - -# Firmware files are generally not ran on the CPU, so they can be -# allarch despite being architecture specific -INSANE_SKIP = "arch" diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb new file mode 100644 index 0000000000..45c9d0e861 --- /dev/null +++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb @@ -0,0 +1,1105 @@ +SUMMARY = "Firmware files for use with Linux kernel" +HOMEPAGE = "https://www.kernel.org/" +DESCRIPTION = "Linux firmware is a package distributed alongside the Linux kernel \ +that contains firmware binary blobs necessary for partial or full functionality \ +of certain hardware devices." +SECTION = "kernel" + +LICENSE = "\ + Firmware-Abilis \ + & Firmware-adsp_sst \ + & Firmware-agere \ + & Firmware-amdgpu \ + & Firmware-amd-ucode \ + & Firmware-amlogic_vdec \ + & Firmware-atheros_firmware \ + & Firmware-atmel \ + & Firmware-broadcom_bcm43xx \ + & Firmware-ca0132 \ + & Firmware-cavium \ + & Firmware-chelsio_firmware \ + & Firmware-cw1200 \ + & Firmware-cypress \ + & Firmware-dib0700 \ + & Firmware-e100 \ + & Firmware-ene_firmware \ + & Firmware-fw_sst_0f28 \ + & Firmware-go7007 \ + & Firmware-GPLv2 \ + & Firmware-hfi1_firmware \ + & Firmware-i915 \ + & Firmware-ibt_firmware \ + & Firmware-ice \ + & Firmware-it913x \ + & Firmware-iwlwifi_firmware \ + & Firmware-IntcSST2 \ + & Firmware-kaweth \ + & Firmware-Lontium \ + & Firmware-Marvell \ + & Firmware-moxa \ + & Firmware-myri10ge_firmware \ + & Firmware-netronome \ + & Firmware-nvidia \ + & Firmware-OLPC \ + & Firmware-ath9k-htc \ + & Firmware-phanfw \ + & Firmware-qat \ + & Firmware-qcom \ + & Firmware-qla1280 \ + & Firmware-qla2xxx \ + & Firmware-qualcommAthos_ar3k \ + & Firmware-qualcommAthos_ath10k \ + & Firmware-r8a779x_usb3 \ + & Firmware-radeon \ + & Firmware-ralink_a_mediatek_company_firmware \ + & Firmware-ralink-firmware \ + & Firmware-rtlwifi_firmware \ + & Firmware-imx-sdma_firmware \ + & Firmware-siano \ + & Firmware-ti-connectivity \ + & Firmware-ti-keystone \ + & Firmware-ueagle-atm4-firmware \ + & Firmware-via_vt6656 \ + & Firmware-wl1251 \ + & Firmware-xc4000 \ + & Firmware-xc5000 \ + & Firmware-xc5000c \ + & WHENCE \ +" + +LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ + file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \ + file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \ + file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \ + file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \ + file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \ + file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \ + file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \ + file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \ + file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \ + file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \ + file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \ + file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \ + file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \ + file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \ + file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \ + file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \ + file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \ + file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \ + file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \ + file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \ + file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \ + file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \ + file://LICENSE.ice;md5=742ab4850f2670792940e6d15c974b2f \ + file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \ + file://LICENCE.iwlwifi_firmware;md5=2ce6786e0fc11ac6e36b54bb9b799f1b \ + file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \ + file://LICENSE.Lontium;md5=4ec8dc582ff7295f39e2ca6a7b0be2b6 \ + file://LICENCE.Marvell;md5=28b6ed8bd04ba105af6e4dcd6e997772 \ + file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \ + file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \ + file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \ + file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \ + file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \ + file://LICENCE.NXP;md5=58bb8ba632cd729b9ba6183bc6aed36f \ + file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \ + file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \ + file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \ + file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \ + file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \ + file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \ + file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \ + file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \ + file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \ + file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \ + file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \ + file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \ + file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \ + file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \ + file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \ + file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \ + file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \ + file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \ + file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \ + file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \ + file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \ + file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \ + file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \ + file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \ + file://WHENCE;md5=${WHENCE_CHKSUM} \ + " +# WHENCE checksum is defined separately to ease overriding it if +# class-devupstream is selected. +WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20" + +# These are not common licenses, set NO_GENERIC_LICENSE for them +# so that the license files will be copied from fetched source +NO_GENERIC_LICENSE[Firmware-Abilis] = "LICENCE.Abilis" +NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst" +NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere" +NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu" +NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode" +NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec" +NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware" +NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel" +NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx" +NO_GENERIC_LICENSE[Firmware-ca0132] = "LICENCE.ca0132" +NO_GENERIC_LICENSE[Firmware-cadence] = "LICENCE.cadence" +NO_GENERIC_LICENSE[Firmware-cavium] = "LICENCE.cavium" +NO_GENERIC_LICENSE[Firmware-chelsio_firmware] = "LICENCE.chelsio_firmware" +NO_GENERIC_LICENSE[Firmware-cw1200] = "LICENCE.cw1200" +NO_GENERIC_LICENSE[Firmware-cypress] = "LICENCE.cypress" +NO_GENERIC_LICENSE[Firmware-dib0700] = "LICENSE.dib0700" +NO_GENERIC_LICENSE[Firmware-e100] = "LICENCE.e100" +NO_GENERIC_LICENSE[Firmware-ene_firmware] = "LICENCE.ene_firmware" +NO_GENERIC_LICENSE[Firmware-fw_sst_0f28] = "LICENCE.fw_sst_0f28" +NO_GENERIC_LICENSE[Firmware-go7007] = "LICENCE.go7007" +NO_GENERIC_LICENSE[Firmware-GPLv2] = "GPL-2" +NO_GENERIC_LICENSE[Firmware-hfi1_firmware] = "LICENSE.hfi1_firmware" +NO_GENERIC_LICENSE[Firmware-i915] = "LICENSE.i915" +NO_GENERIC_LICENSE[Firmware-ibt_firmware] = "LICENCE.ibt_firmware" +NO_GENERIC_LICENSE[Firmware-ice] = "LICENSE.ice" +NO_GENERIC_LICENSE[Firmware-IntcSST2] = "LICENCE.IntcSST2" +NO_GENERIC_LICENSE[Firmware-it913x] = "LICENCE.it913x" +NO_GENERIC_LICENSE[Firmware-iwlwifi_firmware] = "LICENCE.iwlwifi_firmware" +NO_GENERIC_LICENSE[Firmware-kaweth] = "LICENCE.kaweth" +NO_GENERIC_LICENSE[Firmware-Lontium] = "LICENSE.Lontium" +NO_GENERIC_LICENSE[Firmware-Marvell] = "LICENCE.Marvell" +NO_GENERIC_LICENSE[Firmware-mediatek] = "LICENCE.mediatek" +NO_GENERIC_LICENSE[Firmware-moxa] = "LICENCE.moxa" +NO_GENERIC_LICENSE[Firmware-myri10ge_firmware] = "LICENCE.myri10ge_firmware" +NO_GENERIC_LICENSE[Firmware-netronome] = "LICENCE.Netronome" +NO_GENERIC_LICENSE[Firmware-nvidia] = "LICENCE.nvidia" +NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC" +NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware" +NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw" +NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware" +NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom" +NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280" +NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx" +NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k" +NO_GENERIC_LICENSE[Firmware-qualcommAthos_ath10k] = "LICENSE.QualcommAtheros_ath10k" +NO_GENERIC_LICENSE[Firmware-r8a779x_usb3] = "LICENCE.r8a779x_usb3" +NO_GENERIC_LICENSE[Firmware-radeon] = "LICENSE.radeon" +NO_GENERIC_LICENSE[Firmware-ralink_a_mediatek_company_firmware] = "LICENCE.ralink_a_mediatek_company_firmware" +NO_GENERIC_LICENSE[Firmware-ralink-firmware] = "LICENCE.ralink-firmware.txt" +NO_GENERIC_LICENSE[Firmware-rtlwifi_firmware] = "LICENCE.rtlwifi_firmware.txt" +NO_GENERIC_LICENSE[Firmware-siano] = "LICENCE.siano" +NO_GENERIC_LICENSE[Firmware-imx-sdma_firmware] = "LICENSE.sdma_firmware" +NO_GENERIC_LICENSE[Firmware-ti-connectivity] = "LICENCE.ti-connectivity" +NO_GENERIC_LICENSE[Firmware-ti-keystone] = "LICENCE.ti-keystone" +NO_GENERIC_LICENSE[Firmware-ueagle-atm4-firmware] = "LICENCE.ueagle-atm4-firmware" +NO_GENERIC_LICENSE[Firmware-via_vt6656] = "LICENCE.via_vt6656" +NO_GENERIC_LICENSE[Firmware-wl1251] = "LICENCE.wl1251" +NO_GENERIC_LICENSE[Firmware-xc4000] = "LICENCE.xc4000" +NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000" +NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c" +NO_GENERIC_LICENSE[WHENCE] = "WHENCE" + +PE = "1" + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz \ +" + +BBCLASSEXTEND = "devupstream:target" +SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git;protocol=https;branch=main" +# Pin this to the 20220509 release, override this in local.conf +SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" + +SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9" + +inherit allarch + +CLEANBROKEN = "1" + +do_compile() { + : +} + +do_install() { + oe_runmake 'DESTDIR=${D}' 'FIRMWAREDIR=${nonarch_base_libdir}/firmware' install + cp GPL-2 LICEN[CS]E.* WHENCE ${D}${nonarch_base_libdir}/firmware/ +} + + +PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ + ${PN}-mt7601u-license ${PN}-mt7601u \ + ${PN}-radeon-license ${PN}-radeon \ + ${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \ + ${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \ + ${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \ + ${PN}-ti-connectivity-license ${PN}-wlcommon ${PN}-wl12xx ${PN}-wl18xx \ + ${PN}-vt6656-license ${PN}-vt6656 \ + ${PN}-rs9113 ${PN}-rs9116 \ + ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8168 \ + ${PN}-cypress-license \ + ${PN}-broadcom-license \ + ${PN}-bcm-0bb4-0306 \ + ${PN}-bcm43143 \ + ${PN}-bcm43236b \ + ${PN}-bcm43241b0 \ + ${PN}-bcm43241b4 \ + ${PN}-bcm43241b5 \ + ${PN}-bcm43242a \ + ${PN}-bcm4329 \ + ${PN}-bcm4329-fullmac \ + ${PN}-bcm4330 \ + ${PN}-bcm4334 \ + ${PN}-bcm43340 \ + ${PN}-bcm4335 \ + ${PN}-bcm43362 \ + ${PN}-bcm4339 \ + ${PN}-bcm43430 \ + ${PN}-bcm43430a0 \ + ${PN}-bcm43455 \ + ${PN}-bcm4350 \ + ${PN}-bcm4350c2 \ + ${PN}-bcm4354 \ + ${PN}-bcm4356 \ + ${PN}-bcm4356-pcie \ + ${PN}-bcm43569 \ + ${PN}-bcm43570 \ + ${PN}-bcm4358 \ + ${PN}-bcm43602 \ + ${PN}-bcm4366b \ + ${PN}-bcm4366c \ + ${PN}-bcm4371 \ + ${PN}-bcm4373 \ + ${PN}-bcm43xx \ + ${PN}-bcm43xx-hdr \ + ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ + ${PN}-gplv2-license ${PN}-carl9170 \ + ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ + \ + ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \ + \ + ${PN}-iwlwifi-license ${PN}-iwlwifi \ + ${PN}-iwlwifi-135-6 \ + ${PN}-iwlwifi-3160-7 ${PN}-iwlwifi-3160-8 ${PN}-iwlwifi-3160-9 \ + ${PN}-iwlwifi-3160-10 ${PN}-iwlwifi-3160-12 ${PN}-iwlwifi-3160-13 \ + ${PN}-iwlwifi-3160-16 ${PN}-iwlwifi-3160-17 \ + ${PN}-iwlwifi-6000-4 ${PN}-iwlwifi-6000g2a-5 ${PN}-iwlwifi-6000g2a-6 \ + ${PN}-iwlwifi-6000g2b-5 ${PN}-iwlwifi-6000g2b-6 \ + ${PN}-iwlwifi-6050-4 ${PN}-iwlwifi-6050-5 \ + ${PN}-iwlwifi-7260 \ + ${PN}-iwlwifi-7265 \ + ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \ + ${PN}-iwlwifi-9000 \ + ${PN}-iwlwifi-misc \ + ${PN}-ibt-license ${PN}-ibt \ + ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \ + ${PN}-ibt-17 \ + ${PN}-ibt-20 \ + ${PN}-ibt-misc \ + ${PN}-i915-license ${PN}-i915 \ + ${PN}-ice-license ${PN}-ice \ + ${PN}-adsp-sst-license ${PN}-adsp-sst \ + ${PN}-bnx2-mips \ + ${PN}-liquidio \ + ${PN}-nvidia-license \ + ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \ + ${PN}-nvidia-gpu \ + ${PN}-netronome-license ${PN}-netronome \ + ${PN}-qat ${PN}-qat-license \ + ${PN}-qcom-license \ + ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \ + ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \ + ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \ + ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \ + ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \ + ${PN}-qcom-sc8280xp-lenovo-x13s-compat \ + ${PN}-qcom-sc8280xp-lenovo-x13s-audio \ + ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \ + ${PN}-qcom-sc8280xp-lenovo-x13s-compute \ + ${PN}-qcom-sc8280xp-lenovo-x13s-sensors \ + ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \ + ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \ + ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \ + ${PN}-lt9611uxc ${PN}-lontium-license \ + ${PN}-whence-license \ + ${PN}-license \ + " + +# For atheros +LICENSE:${PN}-ar9170 = "Firmware-atheros_firmware" +LICENSE:${PN}-ath3k = "Firmware-atheros_firmware" +LICENSE:${PN}-ath6k = "Firmware-atheros_firmware" +LICENSE:${PN}-ath9k = "Firmware-atheros_firmware" +LICENSE:${PN}-atheros-license = "Firmware-atheros_firmware" + +FILES:${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_firmware" +FILES:${PN}-ar9170 = " \ + ${nonarch_base_libdir}/firmware/ar9170*.fw \ +" +FILES:${PN}-ath3k = " \ + ${nonarch_base_libdir}/firmware/ath3k*fw \ +" +FILES:${PN}-ath6k = " \ + ${nonarch_base_libdir}/firmware/ath6k \ +" +FILES:${PN}-ath9k = " \ + ${nonarch_base_libdir}/firmware/ar9271.fw \ + ${nonarch_base_libdir}/firmware/ar7010*.fw \ + ${nonarch_base_libdir}/firmware/htc_9271.fw \ + ${nonarch_base_libdir}/firmware/htc_7010.fw \ + ${nonarch_base_libdir}/firmware/ath9k_htc/htc_7010-1.4.0.fw \ + ${nonarch_base_libdir}/firmware/ath9k_htc/htc_9271-1.4.0.fw \ +" + +RDEPENDS:${PN}-ar9170 += "${PN}-atheros-license" +RDEPENDS:${PN}-ath6k += "${PN}-atheros-license" +RDEPENDS:${PN}-ath9k += "${PN}-atheros-license" + +# For carl9170 +LICENSE:${PN}-carl9170 = "Firmware-GPLv2" +LICENSE:${PN}-gplv2-license = "Firmware-GPLv2" + +FILES:${PN}-gplv2-license = "${nonarch_base_libdir}/firmware/GPL-2" +FILES:${PN}-carl9170 = " \ + ${nonarch_base_libdir}/firmware/carl9170*.fw \ +" + +RDEPENDS:${PN}-carl9170 += "${PN}-gplv2-license" + +# For QualCommAthos +LICENSE:${PN}-ar3k = "Firmware-qualcommAthos_ar3k & Firmware-atheros_firmware" +LICENSE:${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k" +LICENSE:${PN}-ath10k = "Firmware-qualcommAthos_ath10k" +LICENSE:${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k" +LICENSE:${PN}-qca = "Firmware-qualcommAthos_ath10k" + +FILES:${PN}-ar3k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ar3k" +FILES:${PN}-ar3k = " \ + ${nonarch_base_libdir}/firmware/ar3k \ +" + +FILES:${PN}-ath10k-license = "${nonarch_base_libdir}/firmware/LICENSE.QualcommAtheros_ath10k" +FILES:${PN}-ath10k = " \ + ${nonarch_base_libdir}/firmware/ath10k \ +" + +FILES:${PN}-ath11k = " \ + ${nonarch_base_libdir}/firmware/ath11k \ +" + +FILES:${PN}-qca = " \ + ${nonarch_base_libdir}/firmware/qca \ +" + +RDEPENDS:${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license" +RDEPENDS:${PN}-ath10k += "${PN}-ath10k-license" +RDEPENDS:${PN}-ath11k += "${PN}-ath10k-license" +RDEPENDS:${PN}-qca += "${PN}-ath10k-license" + +# For ralink +LICENSE:${PN}-ralink = "Firmware-ralink-firmware" +LICENSE:${PN}-ralink-license = "Firmware-ralink-firmware" + +FILES:${PN}-ralink-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink-firmware.txt" +FILES:${PN}-ralink = " \ + ${nonarch_base_libdir}/firmware/rt*.bin \ +" + +RDEPENDS:${PN}-ralink += "${PN}-ralink-license" + +# For mediatek MT7601U +LICENSE:${PN}-mt7601u = "Firmware-ralink_a_mediatek_company_firmware" +LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" + +FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" +FILES:${PN}-mt7601u = " \ + ${nonarch_base_libdir}/firmware/mt7601u.bin \ +" + +RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license" + +# For radeon +LICENSE:${PN}-radeon = "Firmware-radeon" +LICENSE:${PN}-radeon-license = "Firmware-radeon" + +FILES:${PN}-radeon-license = "${nonarch_base_libdir}/firmware/LICENSE.radeon" +FILES:${PN}-radeon = " \ + ${nonarch_base_libdir}/firmware/radeon \ +" + +RDEPENDS:${PN}-radeon += "${PN}-radeon-license" + +# For lontium +LICENSE:${PN}-lt9611uxc = "Firmware-Lontium" + +FILES:${PN}-lontium-license = "${nonarch_base_libdir}/firmware/LICENSE.Lontium" +FILES:${PN}-lt9611uxc = "${nonarch_base_libdir}/firmware/lt9611uxc_fw.bin" + +# For marvell +LICENSE:${PN}-pcie8897 = "Firmware-Marvell" +LICENSE:${PN}-pcie8997 = "Firmware-Marvell" +LICENSE:${PN}-sd8686 = "Firmware-Marvell" +LICENSE:${PN}-sd8688 = "Firmware-Marvell" +LICENSE:${PN}-sd8787 = "Firmware-Marvell" +LICENSE:${PN}-sd8797 = "Firmware-Marvell" +LICENSE:${PN}-sd8801 = "Firmware-Marvell" +LICENSE:${PN}-sd8887 = "Firmware-Marvell" +LICENSE:${PN}-sd8897 = "Firmware-Marvell" +LICENSE:${PN}-sd8997 = "Firmware-Marvell" +LICENSE:${PN}-usb8997 = "Firmware-Marvell" +LICENSE:${PN}-marvell-license = "Firmware-Marvell" + +FILES:${PN}-marvell-license = "${nonarch_base_libdir}/firmware/LICENCE.Marvell" +FILES:${PN}-pcie8897 = " \ + ${nonarch_base_libdir}/firmware/mrvl/pcie8897_uapsta.bin \ +" +FILES:${PN}-pcie8997 = " \ + ${nonarch_base_libdir}/firmware/mrvl/pcie8997_wlan_v4.bin \ + ${nonarch_base_libdir}/firmware/mrvl/pcieuart8997_combo_v4.bin \ + ${nonarch_base_libdir}/firmware/mrvl/pcieusb8997_combo_v4.bin \ +" +FILES:${PN}-sd8686 = " \ + ${nonarch_base_libdir}/firmware/libertas/sd8686_v9* \ + ${nonarch_base_libdir}/firmware/sd8686* \ +" +FILES:${PN}-sd8688 = " \ + ${nonarch_base_libdir}/firmware/libertas/sd8688* \ + ${nonarch_base_libdir}/firmware/mrvl/sd8688* \ +" +FILES:${PN}-sd8787 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8787_uapsta.bin \ +" +FILES:${PN}-sd8797 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8797_uapsta.bin \ +" +FILES:${PN}-sd8801 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8801_uapsta.bin \ +" +FILES:${PN}-sd8887 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8887_uapsta.bin \ +" +FILES:${PN}-sd8897 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8897_uapsta.bin \ +" +do_install:append() { + # The kernel 5.6.x driver still uses the old name, provide a symlink for + # older kernels + ln -fs sdsd8997_combo_v4.bin ${D}${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin +} +FILES:${PN}-sd8997 = " \ + ${nonarch_base_libdir}/firmware/mrvl/sd8997_uapsta.bin \ + ${nonarch_base_libdir}/firmware/mrvl/sdsd8997_combo_v4.bin \ +" +FILES:${PN}-usb8997 = " \ + ${nonarch_base_libdir}/firmware/mrvl/usbusb8997_combo_v4.bin \ +" + +RDEPENDS:${PN}-sd8686 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8688 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8787 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8797 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8801 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8887 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8897 += "${PN}-marvell-license" +RDEPENDS:${PN}-sd8997 += "${PN}-marvell-license" +RDEPENDS:${PN}-usb8997 += "${PN}-marvell-license" + +# For netronome +LICENSE:${PN}-netronome = "Firmware-netronome" + +FILES:${PN}-netronome-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.Netronome \ +" +FILES:${PN}-netronome = " \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0081*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0096*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0097*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0099*.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0011_2x40.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0058-0012_2x40.nffw \ + ${nonarch_base_libdir}/firmware/netronome/nic_AMDA0078-0011_1x100.nffw \ + ${nonarch_base_libdir}/firmware/netronome/bpf \ + ${nonarch_base_libdir}/firmware/netronome/flower \ + ${nonarch_base_libdir}/firmware/netronome/nic \ + ${nonarch_base_libdir}/firmware/netronome/nic-sriov \ +" + +RDEPENDS:${PN}-netronome += "${PN}-netronome-license" + +# For Nvidia +LICENSE:${PN}-nvidia-gpu = "Firmware-nvidia" +LICENSE:${PN}-nvidia-tegra = "Firmware-nvidia" +LICENSE:${PN}-nvidia-tegra-k1 = "Firmware-nvidia" +LICENSE:${PN}-nvidia-license = "Firmware-nvidia" + +FILES:${PN}-nvidia-gpu = "${nonarch_base_libdir}/firmware/nvidia" +FILES:${PN}-nvidia-tegra = " \ + ${nonarch_base_libdir}/firmware/nvidia/tegra* \ + ${nonarch_base_libdir}/firmware/nvidia/gm20b \ + ${nonarch_base_libdir}/firmware/nvidia/gp10b \ +" +FILES:${PN}-nvidia-tegra-k1 = " \ + ${nonarch_base_libdir}/firmware/nvidia/tegra124 \ + ${nonarch_base_libdir}/firmware/nvidia/gk20a \ +" +FILES:${PN}-nvidia-license = "${nonarch_base_libdir}/firmware/LICENCE.nvidia" + +RDEPENDS:${PN}-nvidia-gpu += "${PN}-nvidia-license" +RDEPENDS:${PN}-nvidia-tegra += "${PN}-nvidia-license" +RDEPENDS:${PN}-nvidia-tegra-k1 += "${PN}-nvidia-license" + +# For RSI RS911x WiFi +LICENSE:${PN}-rs9113 = "WHENCE" +LICENSE:${PN}-rs9116 = "WHENCE" + +FILES:${PN}-rs9113 = " ${nonarch_base_libdir}/firmware/rsi/rs9113*.rps " +FILES:${PN}-rs9116 = " ${nonarch_base_libdir}/firmware/rsi/rs9116*.rps " + +RDEPENDS:${PN}-rs9113 += "${PN}-whence-license" +RDEPENDS:${PN}-rs9116 += "${PN}-whence-license" + +# For rtl +LICENSE:${PN}-rtl8188 = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8192cu = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8192ce = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8192su = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8723 = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8821 = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl-license = "Firmware-rtlwifi_firmware" +LICENSE:${PN}-rtl8168 = "WHENCE" + +FILES:${PN}-rtl-license = " \ + ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ +" +FILES:${PN}-rtl8188 = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8188*.bin \ +" +FILES:${PN}-rtl8192cu = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cufw*.bin \ +" +FILES:${PN}-rtl8192ce = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8192cfw*.bin \ +" +FILES:${PN}-rtl8192su = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8712u.bin \ +" +FILES:${PN}-rtl8723 = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8723*.bin \ +" +FILES:${PN}-rtl8821 = " \ + ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ +" +FILES:${PN}-rtl8168 = " \ + ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ +" + +RDEPENDS:${PN}-rtl8188 += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8192ce += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8192cu += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8192su = "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8723 += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license" + +# For ti-connectivity +LICENSE:${PN}-wlcommon = "Firmware-ti-connectivity" +LICENSE:${PN}-wl12xx = "Firmware-ti-connectivity" +LICENSE:${PN}-wl18xx = "Firmware-ti-connectivity" +LICENSE:${PN}-ti-connectivity-license = "Firmware-ti-connectivity" + +FILES:${PN}-ti-connectivity-license = "${nonarch_base_libdir}/firmware/LICENCE.ti-connectivity" +# wl18xx optionally needs wl1271-nvs.bin (which itself is a symlink to +# wl127x-nvs.bin) - see linux/drivers/net/wireless/ti/wlcore/sdio.c +# and drivers/net/wireless/ti/wlcore/spi.c. +# While they're optional and actually only used to override the MAC +# address on wl18xx, driver loading will delay (by udev timout - 60s) +# if not there. So let's make it available always. Because it's a +# symlink, both need to go to wlcommon. +FILES:${PN}-wlcommon = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/TI* \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl127x-nvs.bin \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl1271-nvs.bin \ +" +FILES:${PN}-wl12xx = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl12* \ +" +FILES:${PN}-wl18xx = " \ + ${nonarch_base_libdir}/firmware/ti-connectivity/wl18* \ +" + +RDEPENDS:${PN}-wl12xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" +RDEPENDS:${PN}-wl18xx = "${PN}-ti-connectivity-license ${PN}-wlcommon" + +# For vt6656 +LICENSE:${PN}-vt6656 = "Firmware-via_vt6656" +LICENSE:${PN}-vt6656-license = "Firmware-via_vt6656" + +FILES:${PN}-vt6656-license = "${nonarch_base_libdir}/firmware/LICENCE.via_vt6656" +FILES:${PN}-vt6656 = " \ + ${nonarch_base_libdir}/firmware/vntwusb.fw \ +" + +RDEPENDS:${PN}-vt6656 = "${PN}-vt6656-license" + +# For broadcom + +# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e " \${PN}-$pkg \\"; done | sort -u + +LICENSE:${PN}-broadcom-license = "Firmware-broadcom_bcm43xx" +FILES:${PN}-broadcom-license = "${nonarch_base_libdir}/firmware/LICENCE.broadcom_bcm43xx" + +# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo "$i - $pkg"; echo -e "FILES:\${PN}-$pkg = \"\${nonarch_base_libdir}/firmware/brcm/$i\""; done | grep ^FILES + +FILES:${PN}-bcm43xx = "${nonarch_base_libdir}/firmware/brcm/bcm43xx-0.fw" +FILES:${PN}-bcm43xx-hdr = "${nonarch_base_libdir}/firmware/brcm/bcm43xx_hdr-0.fw" +FILES:${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin" +FILES:${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin" +FILES:${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin" +FILES:${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*" +FILES:${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin" +FILES:${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin" +FILES:${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4339-sdio.bin \ +" +FILES:${PN}-bcm43241b0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b0-sdio.bin" +FILES:${PN}-bcm43241b4 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b4-sdio.bin" +FILES:${PN}-bcm43241b5 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43241b5-sdio.bin" +FILES:${PN}-bcm43242a = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43242a.bin" +FILES:${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \ +" +FILES:${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*" +FILES:${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43455-sdio.* \ +" +FILES:${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin" +FILES:${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin" +FILES:${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-sdio.* \ +" +FILES:${PN}-bcm43569 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43569.bin" +FILES:${PN}-bcm43570 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43570-pcie.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43570-pcie.bin \ +" +FILES:${PN}-bcm4358 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4358-pcie.bin" +FILES:${PN}-bcm43602 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \ +" +FILES:${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin" +FILES:${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin" +FILES:${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin" + +# for i in `grep brcm WHENCE | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE:\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done +# Currently 1st one and last 6 have cypress LICENSE + +LICENSE:${PN}-bcm43xx = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43xx += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43xx-hdr = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43xx-hdr += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4329-fullmac = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4329-fullmac += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43236b = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43236b += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4329 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4329 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4330 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4330 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4334 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4334 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4335 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4335 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4339 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4339 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43241b0 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43241b0 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43241b4 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43241b4 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43241b5 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43241b5 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43242a = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43242a += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43143 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43143 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43430a0 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43430a0 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43455 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43455 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4350c2 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4350c2 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4350 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4350 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4356 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4356 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43569 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43569 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43570 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43570 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4358 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4358 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm43602 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm43602 += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4366b = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4366b += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4366c = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4366c += "${PN}-broadcom-license" +LICENSE:${PN}-bcm4371 = "Firmware-broadcom_bcm43xx" +RDEPENDS:${PN}-bcm4371 += "${PN}-broadcom-license" + +# For broadcom cypress + +LICENSE:${PN}-cypress-license = "Firmware-cypress" +FILES:${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress" + +FILES:${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd" +FILES:${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43340-sdio.*" +FILES:${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43362-sdio.*" +FILES:${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac43430-sdio.*" +FILES:${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4354-sdio.bin \ +" +FILES:${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.* \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4356-pcie.* \ +" +FILES:${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ + ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \ +" + +LICENSE:${PN}-bcm-0bb4-0306 = "Firmware-cypress" +RDEPENDS:${PN}-bcm-0bb4-0306 += "${PN}-cypress-license" +LICENSE:${PN}-bcm43340 = "Firmware-cypress" +RDEPENDS:${PN}-bcm43340 += "${PN}-cypress-license" +LICENSE:${PN}-bcm43362 = "Firmware-cypress" +RDEPENDS:${PN}-bcm43362 += "${PN}-cypress-license" +LICENSE:${PN}-bcm43430 = "Firmware-cypress" +RDEPENDS:${PN}-bcm43430 += "${PN}-cypress-license" +LICENSE:${PN}-bcm4354 = "Firmware-cypress" +RDEPENDS:${PN}-bcm4354 += "${PN}-cypress-license" +LICENSE:${PN}-bcm4356-pcie = "Firmware-cypress" +RDEPENDS:${PN}-bcm4356-pcie += "${PN}-cypress-license" +LICENSE:${PN}-bcm4373 = "Firmware-cypress" +RDEPENDS:${PN}-bcm4373 += "${PN}-cypress-license" + +# For Broadcom bnx2-mips +# +# which is a separate case to the other Broadcom firmwares since its +# license is contained in the shared WHENCE file. + +LICENSE:${PN}-bnx2-mips = "WHENCE" +LICENSE:${PN}-whence-license = "WHENCE" + +FILES:${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw" +FILES:${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE" + +RDEPENDS:${PN}-bnx2-mips += "${PN}-whence-license" + +# For imx-sdma +LICENSE:${PN}-imx-sdma-imx6q = "Firmware-imx-sdma_firmware" +LICENSE:${PN}-imx-sdma-imx7d = "Firmware-imx-sdma_firmware" +LICENSE:${PN}-imx-sdma-license = "Firmware-imx-sdma_firmware" + +FILES:${PN}-imx-sdma-imx6q = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx6q.bin" + +RPROVIDES:${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" +RREPLACES:${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" +RCONFLICTS:${PN}-imx-sdma-imx6q = "firmware-imx-sdma-imx6q" + +FILES:${PN}-imx-sdma-imx7d = "${nonarch_base_libdir}/firmware/imx/sdma/sdma-imx7d.bin" + +FILES:${PN}-imx-sdma-license = "${nonarch_base_libdir}/firmware/LICENSE.sdma_firmware" + +RDEPENDS:${PN}-imx-sdma-imx6q += "${PN}-imx-sdma-license" +RDEPENDS:${PN}-imx-sdma-imx7d += "${PN}-imx-sdma-license" + +# For iwlwifi +LICENSE:${PN}-iwlwifi = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-135-6 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-7 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-8 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-9 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-10 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-12 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-13 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-16 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-3160-17 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6000-4 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6000g2a-5 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6000g2a-6 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6000g2b-5 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6000g2b-6 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6050-4 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-6050-5 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-7260 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-7265 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-7265d = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-8000c = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-8265 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-9000 = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-misc = "Firmware-iwlwifi_firmware" +LICENSE:${PN}-iwlwifi-license = "Firmware-iwlwifi_firmware" + + +FILES:${PN}-iwlwifi-license = "${nonarch_base_libdir}/firmware/LICENCE.iwlwifi_firmware" +FILES:${PN}-iwlwifi-135-6 = "${nonarch_base_libdir}/firmware/iwlwifi-135-6.ucode" +FILES:${PN}-iwlwifi-3160-7 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-7.ucode" +FILES:${PN}-iwlwifi-3160-8 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-8.ucode" +FILES:${PN}-iwlwifi-3160-9 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-9.ucode" +FILES:${PN}-iwlwifi-3160-10 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-10.ucode" +FILES:${PN}-iwlwifi-3160-12 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-12.ucode" +FILES:${PN}-iwlwifi-3160-13 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-13.ucode" +FILES:${PN}-iwlwifi-3160-16 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-16.ucode" +FILES:${PN}-iwlwifi-3160-17 = "${nonarch_base_libdir}/firmware/iwlwifi-3160-17.ucode" +FILES:${PN}-iwlwifi-6000-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6000-4.ucode" +FILES:${PN}-iwlwifi-6000g2a-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-5.ucode" +FILES:${PN}-iwlwifi-6000g2a-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2a-6.ucode" +FILES:${PN}-iwlwifi-6000g2b-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-5.ucode" +FILES:${PN}-iwlwifi-6000g2b-6 = "${nonarch_base_libdir}/firmware/iwlwifi-6000g2b-6.ucode" +FILES:${PN}-iwlwifi-6050-4 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-4.ucode" +FILES:${PN}-iwlwifi-6050-5 = "${nonarch_base_libdir}/firmware/iwlwifi-6050-5.ucode" +FILES:${PN}-iwlwifi-7260 = "${nonarch_base_libdir}/firmware/iwlwifi-7260-*.ucode" +FILES:${PN}-iwlwifi-7265 = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.ucode" +FILES:${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode" +FILES:${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" +FILES:${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" +FILES:${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" +FILES:${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" + +RDEPENDS:${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-7 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-8 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-9 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-10 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-12 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-13 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-16 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-3160-17 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6000-4 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6000g2a-5 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6000g2a-6 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6000g2b-5 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6000g2b-6 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6050-4 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-6050-5 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-7265d = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-8000c = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-8265 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-9000 = "${PN}-iwlwifi-license" +RDEPENDS:${PN}-iwlwifi-misc = "${PN}-iwlwifi-license" + +# -iwlwifi-misc is a "catch all" package that includes all the iwlwifi +# firmwares that are not already included in other -iwlwifi- packages. +# -iwlwifi is a virtual package that depends upon all iwlwifi packages. +# These are distinct in order to allow the -misc firmwares to be installed +# without pulling in every other iwlwifi package. +ALLOW_EMPTY:${PN}-iwlwifi = "1" +ALLOW_EMPTY:${PN}-iwlwifi-misc = "1" + +# Handle package updating for the newly merged iwlwifi groupings +RPROVIDES:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" +RREPLACES:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" +RCONFLICTS:${PN}-iwlwifi-7265 = "${PN}-iwlwifi-7265-8 ${PN}-iwlwifi-7265-9" + +RPROVIDES:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" +RREPLACES:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" +RCONFLICTS:${PN}-iwlwifi-7260 = "${PN}-iwlwifi-7260-7 ${PN}-iwlwifi-7260-8 ${PN}-iwlwifi-7260-9" + +# For ibt +LICENSE:${PN}-ibt-license = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-11-5 = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-12-16 = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-17 = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-20 = "Firmware-ibt_firmware" +LICENSE:${PN}-ibt-misc = "Firmware-ibt_firmware" + +FILES:${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware" +FILES:${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bseq" +FILES:${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq" +FILES:${PN}-ibt-11-5 = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc" +FILES:${PN}-ibt-12-16 = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi ${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc" +FILES:${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc" +FILES:${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi ${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc" +FILES:${PN}-ibt-misc = "${nonarch_base_libdir}/firmware/intel/ibt-*" + +RDEPENDS:${PN}-ibt-hw-37-7 = "${PN}-ibt-license" +RDEPENDS:${PN}-ibt-hw-37.8 = "${PN}-ibt-license" +RDEPENDS:${PN}-ibt-11-5 = "${PN}-ibt-license" +RDEPENDS:${PN}-ibt-12-16 = "${PN}-ibt-license" +RDEPENDS:${PN}-ibt-17 = "${PN}-ibt-license" +RDEPENDS:${PN}-ibt-20 = "${PN}-ibt-license" +RDEPENDS:${PN}-ibt-misc = "${PN}-ibt-license" + +ALLOW_EMPTY:${PN}-ibt= "1" +ALLOW_EMPTY:${PN}-ibt-misc = "1" + +LICENSE:${PN}-i915 = "Firmware-i915" +LICENSE:${PN}-i915-license = "Firmware-i915" +FILES:${PN}-i915-license = "${nonarch_base_libdir}/firmware/LICENSE.i915" +FILES:${PN}-i915 = "${nonarch_base_libdir}/firmware/i915" +RDEPENDS:${PN}-i915 = "${PN}-i915-license" + +LICENSE:${PN}-ice = "Firmware-ice" +LICENSE:${PN}-ice-license = "Firmware-ice" +FILES:${PN}-ice-license = "${nonarch_base_libdir}/firmware/LICENSE.ice" +FILES:${PN}-ice = "${nonarch_base_libdir}/firmware/intel/ice" +RDEPENDS:${PN}-ice = "${PN}-ice-license" + +FILES:${PN}-adsp-sst-license = "${nonarch_base_libdir}/firmware/LICENCE.adsp_sst" +LICENSE:${PN}-adsp-sst = "Firmware-adsp_sst" +LICENSE:${PN}-adsp-sst-license = "Firmware-adsp_sst" +FILES:${PN}-adsp-sst = "${nonarch_base_libdir}/firmware/intel/dsp_fw*" +RDEPENDS:${PN}-adsp-sst = "${PN}-adsp-sst-license" + +# For QAT +LICENSE:${PN}-qat = "Firmware-qat" +LICENSE:${PN}-qat-license = "Firmware-qat" +FILES:${PN}-qat-license = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware" +FILES:${PN}-qat = "${nonarch_base_libdir}/firmware/qat*.bin" +RDEPENDS:${PN}-qat = "${PN}-qat-license" + +# For QCOM VPU/GPU and SDM845 +LICENSE:${PN}-qcom-license = "Firmware-qcom" +FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt" +FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*" +FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*" +FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*" +FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*" +FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*" +FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*" +FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw" +FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw" +FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw" +FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*" +FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*" +FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*" +FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*" +FILES:${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*" +FILES:${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*adsp*.* ${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*" +FILES:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*" +FILES:${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*" +FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*" +FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn" +FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*" +FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*" +RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a630 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sm8250-audio = "${PN}-qcom-license" +RDEPENDS:${PN}-qcom-sm8250-compute = "${PN}-qcom-license" + +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" +RRECOMMENDS:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${PN}-qcom-sc8280xp-lenovo-x13s-compat" + +FILES:${PN}-liquidio = "${nonarch_base_libdir}/firmware/liquidio" + +# For Amlogic VDEC +LICENSE:${PN}-amlogic-vdec = "Firmware-amlogic_vdec" +FILES:${PN}-amlogic-vdec-license = "${nonarch_base_libdir}/firmware/LICENSE.amlogic_vdec" +FILES:${PN}-amlogic-vdec = "${nonarch_base_libdir}/firmware/meson/vdec/*" +RDEPENDS:${PN}-amlogic-vdec = "${PN}-amlogic-vdec-license" + +# For other firmwares +# Maybe split out to separate packages when needed. +LICENSE:${PN} = "\ + Firmware-Abilis \ + & Firmware-agere \ + & Firmware-amdgpu \ + & Firmware-amd-ucode \ + & Firmware-amlogic_vdec \ + & Firmware-atmel \ + & Firmware-ca0132 \ + & Firmware-cavium \ + & Firmware-chelsio_firmware \ + & Firmware-cw1200 \ + & Firmware-dib0700 \ + & Firmware-e100 \ + & Firmware-ene_firmware \ + & Firmware-fw_sst_0f28 \ + & Firmware-go7007 \ + & Firmware-hfi1_firmware \ + & Firmware-ibt_firmware \ + & Firmware-it913x \ + & Firmware-IntcSST2 \ + & Firmware-kaweth \ + & Firmware-moxa \ + & Firmware-myri10ge_firmware \ + & Firmware-nvidia \ + & Firmware-OLPC \ + & Firmware-ath9k-htc \ + & Firmware-phanfw \ + & Firmware-qat \ + & Firmware-qcom \ + & Firmware-qla1280 \ + & Firmware-qla2xxx \ + & Firmware-r8a779x_usb3 \ + & Firmware-radeon \ + & Firmware-ralink_a_mediatek_company_firmware \ + & Firmware-ralink-firmware \ + & Firmware-imx-sdma_firmware \ + & Firmware-siano \ + & Firmware-ti-connectivity \ + & Firmware-ti-keystone \ + & Firmware-ueagle-atm4-firmware \ + & Firmware-wl1251 \ + & Firmware-xc4000 \ + & Firmware-xc5000 \ + & Firmware-xc5000c \ + & WHENCE \ +" + +FILES:${PN}-license += "${nonarch_base_libdir}/firmware/LICEN*" +FILES:${PN} += "${nonarch_base_libdir}/firmware/*" +RDEPENDS:${PN} += "${PN}-license" +RDEPENDS:${PN} += "${PN}-whence-license" + +# Make linux-firmware depend on all of the split-out packages. +# Make linux-firmware-iwlwifi depend on all of the split-out iwlwifi packages. +# Make linux-firmware-ibt depend on all of the split-out ibt packages. +python populate_packages:prepend () { + firmware_pkgs = oe.utils.packages_filter_out_system(d) + d.appendVar('RRECOMMENDS:linux-firmware', ' ' + ' '.join(firmware_pkgs)) + + iwlwifi_pkgs = filter(lambda x: x.find('-iwlwifi-') != -1, firmware_pkgs) + d.appendVar('RRECOMMENDS:linux-firmware-iwlwifi', ' ' + ' '.join(iwlwifi_pkgs)) + + ibt_pkgs = filter(lambda x: x.find('-ibt-') != -1, firmware_pkgs) + d.appendVar('RRECOMMENDS:linux-firmware-ibt', ' ' + ' '.join(ibt_pkgs)) +} + +# Firmware files are generally not ran on the CPU, so they can be +# allarch despite being architecture specific +INSANE_SKIP = "arch" + +# Don't warn about already stripped files +INSANE_SKIP:${PN} = "already-stripped" diff --git a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb index c64629d094..d5039264c4 100644 --- a/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb +++ b/poky/meta/recipes-kernel/linux-libc-headers/linux-libc-headers_5.16.bb @@ -7,7 +7,7 @@ SRC_URI:append:libc-musl = "\ file://0001-include-linux-stddef.h-in-swab.h-uapi-header.patch \ " -SRC_URI:append = "\ +SRC_URI += "\ file://0001-scripts-Use-fixed-input-and-output-files-instead-of-.patch \ file://0001-kbuild-install_headers.sh-Strip-_UAPI-from-if-define.patch \ " diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb index d35632071b..75b1cb2a49 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb @@ -50,7 +50,7 @@ PACKAGECONFIG[dt-validation] = ",,python3-dtschema-native" # we need the wrappers if validation isn't in the packageconfig DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'dt-validation', '', 'python3-dtschema-wrapper-native', d)}" -COMPATIBLE_MACHINE = "(qemuarm|qemux86|qemuppc|qemumips|qemumips64|qemux86-64|qemuriscv32|qemuriscv64)" +COMPATIBLE_MACHINE = "^(qemuarm|qemux86|qemuppc|qemumips|qemumips64|qemux86-64|qemuriscv32|qemuriscv64)$" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index 9387c67cfb..7ce21f0719 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6df690626649ba5430a379f63a5f7b7423ce2e48" -SRCREV_meta ?= "ed7e0c3bb9464387ba99fedd5ea32bf78ae2fe45" +SRCREV_machine ?= "932359383ea84843300c03ee6633881de1af488b" +SRCREV_meta ?= "92c947578207d27db250ee7250bacc11d9d80d4f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.135" +LINUX_VERSION ?= "5.10.143" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" @@ -31,7 +31,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" LINUX_KERNEL_TYPE = "preempt-rt" -COMPATIBLE_MACHINE = "(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 32c7db2c74..6f8648e004 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "13ee019f28013cf8c102a3ffaadfa5e9ae9743e1" -SRCREV_meta ?= "f7f709bf874f85baff9f2fb0ac0341c08399b144" +SRCREV_machine ?= "dba1b7d90813231782bdeda1bd169c93b35c94e0" +SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.59" +LINUX_VERSION ?= "5.15.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" @@ -31,7 +31,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" LINUX_KERNEL_TYPE = "preempt-rt" -COMPATIBLE_MACHINE = "(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)$" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index d7aa3281cc..760b2be437 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.135" +LINUX_VERSION ?= "5.10.143" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,16 +15,16 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine:qemuarm ?= "3b1c4608c04d645b292f13cc550b5151e032794b" -SRCREV_machine ?= "cbfab86927ad95da60b8d49957ca941df615d877" -SRCREV_meta ?= "ed7e0c3bb9464387ba99fedd5ea32bf78ae2fe45" +SRCREV_machine:qemuarm ?= "f794496466680c6dbd36cb34b3e0884d0ee48d2d" +SRCREV_machine ?= "8173de3a22ec3395be1ae01dbe823d076313641a" +SRCREV_meta ?= "92c947578207d27db250ee7250bacc11d9d80d4f" PV = "${LINUX_VERSION}+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -COMPATIBLE_MACHINE = "qemux86|qemux86-64|qemuarm|qemuarmv5" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm|qemuarmv5)$" # Functionality flags KERNEL_FEATURES = "" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 8eb138e78b..4f2bb48743 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.59" +LINUX_VERSION ?= "5.15.68" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,15 +14,15 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "86c19d4c40f475e09a076d55391fa66d96a1b3ac" -SRCREV_meta ?= "f7f709bf874f85baff9f2fb0ac0341c08399b144" +SRCREV_machine ?= "33e7eea5c4545a973cf01a849c2b45fa0cd1fa13" +SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" PV = "${LINUX_VERSION}+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -COMPATIBLE_MACHINE = "qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5" +COMPATIBLE_MACHINE = "^(qemux86|qemux86-64|qemuarm64|qemuarm|qemuarmv5)$" # Functionality flags KERNEL_FEATURES = "" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc index cabc8f4975..7ea661e138 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto.inc +++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc @@ -60,7 +60,7 @@ do_install:append(){ KERNEL_FEATURES:append:qemuall=" features/kernel-sample/kernel-sample.scc" KERNEL_DEBUG_OPTIONS ?= "stack" -KERNEL_EXTRA_ARGS:append:x86-64 = "${@bb.utils.contains('KERNEL_DEBUG_OPTIONS', 'stack', 'HOST_LIBELF_LIBS="-L${RECIPE_SYSROOT_NATIVE}/usr/lib/pkgconfig/../../../usr/lib/ -lelf"', '', d)}" +KERNEL_EXTRA_ARGS:append:x86-64 = " ${@bb.utils.contains('KERNEL_DEBUG_OPTIONS', 'stack', 'HOST_LIBELF_LIBS="-L${RECIPE_SYSROOT_NATIVE}/usr/lib/pkgconfig/../../../usr/lib/ -lelf"', '', d)}" do_devshell:prepend() { # setup native pkg-config variables (kconfig scripts call pkg-config directly, cannot generically be overriden to pkg-config-native) diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 73a58e59a0..bf43f77100 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,23 +13,23 @@ KBRANCH:qemux86 ?= "v5.10/standard/base" KBRANCH:qemux86-64 ?= "v5.10/standard/base" KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "23ab0f8300e7b90fdf1e0be923933d5cfd03b618" -SRCREV_machine:qemuarm64 ?= "5ff1949cbb7ff90ae3e4dc6fd0fd9876ffaab9d2" -SRCREV_machine:qemumips ?= "01c75770046189608bb4ea9977521ec58a15b6bf" -SRCREV_machine:qemuppc ?= "7dd170da9eacb57c6d8eff88ca24b8bf55ab042a" -SRCREV_machine:qemuriscv64 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemuriscv32 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemux86 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemux86-64 ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_machine:qemumips64 ?= "a099189ac94c7218c09f1519ea4222fb2d9070be" -SRCREV_machine ?= "d09b184cbc0321794bda715ab560dec077a048d0" -SRCREV_meta ?= "ed7e0c3bb9464387ba99fedd5ea32bf78ae2fe45" +SRCREV_machine:qemuarm ?= "1cfbadeee39ed8d3a8840586a57eee0cf1686f62" +SRCREV_machine:qemuarm64 ?= "12f0f8c4af04c4d4cb7762b7a2e5cfaa917f8fe9" +SRCREV_machine:qemumips ?= "4b9e240c03b2b60be378ae2cc9a321922201de8f" +SRCREV_machine:qemuppc ?= "7914a529e3ccd64f347439d5cabc202d24af3ea0" +SRCREV_machine:qemuriscv64 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemuriscv32 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemux86 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemux86-64 ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_machine:qemumips64 ?= "05365e1787c60331f88bec98dd0fcca08ce78b06" +SRCREV_machine ?= "8cf777336c9b7160ffdf1e8d7e4d8ee0cd8cdb37" +SRCREV_meta ?= "92c947578207d27db250ee7250bacc11d9d80d4f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.135" +LINUX_VERSION ?= "5.10.143" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" @@ -42,7 +42,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" -COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32" +COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32)$" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 083f87727b..2f91fb7a37 100644 --- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -13,24 +13,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "c33f2e2ad3fdcc1c9539f80fb51b49f68c544c03" -SRCREV_machine:qemuarm64 ?= "e8a14fadeb24619f20d3caebc01c7f26c49f768a" -SRCREV_machine:qemumips ?= "c5f07eee39e4e03e90de3e71a3f6448fdb73921a" -SRCREV_machine:qemuppc ?= "b5873d3a40b837059a36179174863cb4c7f9e109" -SRCREV_machine:qemuriscv64 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemuriscv32 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemux86 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemux86-64 ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_machine:qemumips64 ?= "a6c0767511eed80395777e42d33fdc8405bff2b4" -SRCREV_machine ?= "efe20512212b0e85b5f884b1bfc8fbba2b43541a" -SRCREV_meta ?= "f7f709bf874f85baff9f2fb0ac0341c08399b144" +SRCREV_machine:qemuarm ?= "efe28b4b16d4a1a19f59b4650a0bfb23ffc8c40e" +SRCREV_machine:qemuarm64 ?= "66986670c45f63d2ed2078e07aa817ede88025ad" +SRCREV_machine:qemumips ?= "aeeb80fd7f684aca830adb7daf32cfd80637cf3a" +SRCREV_machine:qemuppc ?= "5c6387a562af89ec92546c1374a120ac240f14e6" +SRCREV_machine:qemuriscv64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemuriscv32 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemux86 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemux86-64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_machine:qemumips64 ?= "20ec37851f4ee9965120937dcf2567f15e72e07a" +SRCREV_machine ?= "0e51e571701842db33ad96f6ddc8cc6b23230627" +SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "d676d6149a2f4b4d66b8ea0a1dfef30a54cf5750" +SRCREV_machine:class-devupstream ?= "dd20085f2a88b6cdb12bdcdbd2d7a761c86b184a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.59" +LINUX_VERSION ?= "5.15.68" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" @@ -51,7 +51,7 @@ KCONF_BSP_AUDIT_LEVEL = "1" KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb" -COMPATIBLE_MACHINE = "qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32" +COMPATIBLE_MACHINE = "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64|qemuriscv64|qemuriscv32)$" # Functionality flags KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc" diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch new file mode 100644 index 0000000000..1c3918be5c --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch @@ -0,0 +1,92 @@ +From 5dab3d515b6f5c5ac80c8e7674628495e3bf4ac6 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Mon, 22 Aug 2022 14:16:27 -0400 +Subject: [PATCH] fix: adjust range v5.10.137 in block probe + +See upstream commit, backported in v5.10.137 : + +commit 1cb3032406423b25aa984854b4d78e0100d292dd +Author: Christoph Hellwig +Date: Thu Dec 3 17:21:39 2020 +0100 + + block: remove the request_queue to argument request based tracepoints + + [ Upstream commit a54895fa057c67700270777f7661d8d3c7fda88a ] + + The request_queue can trivially be derived from the request. + +Change-Id: I01f96a437641421faf993b4b031171c372bd0374 +Signed-off-by: Michael Jeanson +Signed-off-by: Mathieu Desnoyers + +Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/5dab3d515b6f5c5ac80c8e7674628495e3bf4ac6] +Signed-off-by: Steve Sakoman + +--- + include/instrumentation/events/block.h | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/include/instrumentation/events/block.h b/include/instrumentation/events/block.h +index 882e6e08..d4821c12 100644 +--- a/include/instrumentation/events/block.h ++++ b/include/instrumentation/events/block.h +@@ -366,7 +366,8 @@ LTTNG_TRACEPOINT_EVENT(block_rq_requeue, + lttng_req_op(rq), lttng_req_rw(rq), blk_rq_bytes(rq)) + ) + ) +-#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_requeue - place block IO request back on a queue + * @rq: block IO operation request +@@ -611,7 +612,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS(block_rq, + ctf_array_text(char, comm, current->comm, TASK_COMM_LEN) + ) + ) +-#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + LTTNG_TRACEPOINT_EVENT_CLASS(block_rq, + + TP_PROTO(struct request *rq), +@@ -746,7 +748,8 @@ LTTNG_TRACEPOINT_EVENT_CLASS_CODE(block_rq, + ) + #endif /* #else #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,11,0)) */ + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_insert - insert block operation request into queue + * @rq: block IO operation request +@@ -781,7 +784,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(block_rq, block_rq_insert, + ) + #endif + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_issue - issue pending block IO request operation to device driver + * @rq: block IO operation operation request +@@ -812,7 +816,8 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(block_rq, block_rq_issue, + ) + #endif + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_merge - merge request with another one in the elevator + * @rq: block IO operation operation request +@@ -1632,7 +1637,8 @@ LTTNG_TRACEPOINT_EVENT(block_rq_remap, + lttng_req_op(rq), lttng_req_rw(rq), blk_rq_bytes(rq)) + ) + ) +-#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0)) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) \ ++ || LTTNG_KERNEL_RANGE(5,10,137, 5,11,0)) + /** + * block_rq_remap - map request for a block operation request + * @rq: block IO operation request diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch new file mode 100644 index 0000000000..21e27ffc5e --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch @@ -0,0 +1,68 @@ +From 8e42c4821fb5f5cb816b6ddf73d9a13ba3298a63 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Wed, 10 Aug 2022 11:07:14 -0400 +Subject: [PATCH] fix: tie compaction probe build to CONFIG_COMPACTION + +The definition of 'struct compact_control' in 'mm/internal.h' depends on +CONFIG_COMPACTION being defined. Only build the compaction probe when +this configuration option is enabled. + +Thanks to Bruce Ashfield for reporting this +issue. + +Upstream-Status: Backport [https://review.lttng.org/c/lttng-modules/+/8660] + +Change-Id: I81e77aa9c1bf10452c152d432fe5224df0db42c9 +Signed-off-by: Michael Jeanson +--- + src/probes/Kbuild | 34 ++++++++++++++++++---------------- + 1 file changed, 18 insertions(+), 16 deletions(-) + +diff --git a/src/probes/Kbuild b/src/probes/Kbuild +index 2908cf75..3e556b8e 100644 +--- a/src/probes/Kbuild ++++ b/src/probes/Kbuild +@@ -167,22 +167,24 @@ ifneq ($(CONFIG_BTRFS_FS),) + endif # $(wildcard $(btrfs_dep)) + endif # CONFIG_BTRFS_FS + +-# A dependency on internal header 'mm/internal.h' was introduced in v5.18 +-compaction_dep = $(srctree)/mm/internal.h +-compaction_dep_wildcard = $(wildcard $(compaction_dep)) +-compaction_dep_check = $(shell \ +-if [ \( $(VERSION) -ge 6 \ +- -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ +- -z "$(compaction_dep_wildcard)" ] ; then \ +- echo "warn" ; \ +-else \ +- echo "ok" ; \ +-fi ;) +-ifeq ($(compaction_dep_check),ok) +- obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o +-else +- $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) +-endif # $(wildcard $(compaction_dep)) ++ifneq ($(CONFIG_COMPACTION),) ++ # A dependency on internal header 'mm/internal.h' was introduced in v5.18 ++ compaction_dep = $(srctree)/mm/internal.h ++ compaction_dep_wildcard = $(wildcard $(compaction_dep)) ++ compaction_dep_check = $(shell \ ++ if [ \( $(VERSION) -ge 6 \ ++ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \ ++ -z "$(compaction_dep_wildcard)" ] ; then \ ++ echo "warn" ; \ ++ else \ ++ echo "ok" ; \ ++ fi ;) ++ ifeq ($(compaction_dep_check),ok) ++ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o ++ else ++ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.) ++ endif # $(wildcard $(compaction_dep)) ++endif # CONFIG_COMPACTION + + ifneq ($(CONFIG_EXT4_FS),) + ext4_dep = $(srctree)/fs/ext4/*.h +-- +2.34.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch new file mode 100644 index 0000000000..62376806c8 --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch @@ -0,0 +1,106 @@ +From 8d5da4d2a3d7d9173208f4e8dc7a709f0bfc9820 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Wed, 8 Jun 2022 12:56:36 -0400 +Subject: [PATCH 1/3] fix: mm/page_alloc: fix tracepoint + mm_page_alloc_zone_locked() (v5.19) + +See upstream commit : + + commit 10e0f7530205799e7e971aba699a7cb3a47456de + Author: Wonhyuk Yang + Date: Thu May 19 14:08:54 2022 -0700 + + mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() + + Currently, trace point mm_page_alloc_zone_locked() doesn't show correct + information. + + First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated + from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use + requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA. + + Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages + to be stored on the per-cpu lists") percpu-list can store high order + pages. But trace point determine whether it is a refiil of percpu-list by + comparing requested order and 0. + + To handle these problems, make mm_page_alloc_zone_locked() only be called + by __rmqueue_smallest with correct migration type. With a new argument + called percpu_refill, it can show roughly whether it is a refill of + percpu-list. + +Upstream-Status: Backport + +Change-Id: I2e4a57393757f12b9c5a4566c4d1102ee2474a09 +Signed-off-by: Michael Jeanson +Signed-off-by: Mathieu Desnoyers +--- + include/instrumentation/events/kmem.h | 45 +++++++++++++++++++++++++++ + 1 file changed, 45 insertions(+) + +diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h +index 29c0fb7f..8c19e962 100644 +--- a/include/instrumentation/events/kmem.h ++++ b/include/instrumentation/events/kmem.h +@@ -218,6 +218,50 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc, + ) + ) + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) ++LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, ++ ++ TP_PROTO(struct page *page, unsigned int order, int migratetype, ++ int percpu_refill), ++ ++ TP_ARGS(page, order, migratetype, percpu_refill), ++ ++ TP_FIELDS( ++ ctf_integer_hex(struct page *, page, page) ++ ctf_integer(unsigned long, pfn, ++ page ? page_to_pfn(page) : -1UL) ++ ctf_integer(unsigned int, order, order) ++ ctf_integer(int, migratetype, migratetype) ++ ctf_integer(int, percpu_refill, percpu_refill) ++ ) ++) ++ ++LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked, ++ ++ kmem_mm_page_alloc_zone_locked, ++ ++ TP_PROTO(struct page *page, unsigned int order, int migratetype, ++ int percpu_refill), ++ ++ TP_ARGS(page, order, migratetype, percpu_refill) ++) ++ ++LTTNG_TRACEPOINT_EVENT_MAP(mm_page_pcpu_drain, ++ ++ kmem_mm_page_pcpu_drain, ++ ++ TP_PROTO(struct page *page, unsigned int order, int migratetype), ++ ++ TP_ARGS(page, order, migratetype), ++ ++ TP_FIELDS( ++ ctf_integer(unsigned long, pfn, ++ page ? page_to_pfn(page) : -1UL) ++ ctf_integer(unsigned int, order, order) ++ ctf_integer(int, migratetype, migratetype) ++ ) ++) ++#else + LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page, + + TP_PROTO(struct page *page, unsigned int order, int migratetype), +@@ -250,6 +294,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_pcpu_drain, + + TP_ARGS(page, order, migratetype) + ) ++#endif + + #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,19,2) \ + || LTTNG_KERNEL_RANGE(3,14,36, 3,15,0) \ +-- +2.19.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch new file mode 100644 index 0000000000..84c97d5f90 --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch @@ -0,0 +1,76 @@ +From b5d1c38665cd69d7d1c94231fe0609da5c8afbc3 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Wed, 8 Jun 2022 13:07:59 -0400 +Subject: [PATCH 2/3] fix: fs: Remove flags parameter from aops->write_begin + (v5.19) + +See upstream commit : + + commit 9d6b0cd7579844761ed68926eb3073bab1dca87b + Author: Matthew Wilcox (Oracle) + Date: Tue Feb 22 14:31:43 2022 -0500 + + fs: Remove flags parameter from aops->write_begin + + There are no more aop flags left, so remove the parameter. + +Upstream-Status: Backport + +Change-Id: I82725b93e13d749f52a631b2ac60df81a5e839f8 +Signed-off-by: Michael Jeanson +Signed-off-by: Mathieu Desnoyers +--- + include/instrumentation/events/ext4.h | 30 +++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/include/instrumentation/events/ext4.h b/include/instrumentation/events/ext4.h +index 513762c0..222416ec 100644 +--- a/include/instrumentation/events/ext4.h ++++ b/include/instrumentation/events/ext4.h +@@ -122,6 +122,35 @@ LTTNG_TRACEPOINT_EVENT(ext4_begin_ordered_truncate, + ) + ) + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) ++LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, ++ ++ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), ++ ++ TP_ARGS(inode, pos, len), ++ ++ TP_FIELDS( ++ ctf_integer(dev_t, dev, inode->i_sb->s_dev) ++ ctf_integer(ino_t, ino, inode->i_ino) ++ ctf_integer(loff_t, pos, pos) ++ ctf_integer(unsigned int, len, len) ++ ) ++) ++ ++LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_write_begin, ++ ++ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), ++ ++ TP_ARGS(inode, pos, len) ++) ++ ++LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, ++ ++ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len), ++ ++ TP_ARGS(inode, pos, len) ++) ++#else + LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin, + + TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, +@@ -153,6 +182,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin, + + TP_ARGS(inode, pos, len, flags) + ) ++#endif + + LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_end, + TP_PROTO(struct inode *inode, loff_t pos, unsigned int len, +-- +2.19.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch new file mode 100644 index 0000000000..63f9c40d92 --- /dev/null +++ b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch @@ -0,0 +1,124 @@ +From 526f13c844cd29f89bd3e924867d9ddfe3c40ade Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Wed, 15 Jun 2022 12:07:16 -0400 +Subject: [PATCH 3/3] fix: workqueue: Fix type of cpu in trace event (v5.19) + +See upstream commit : + + commit 873a400938b31a1e443c4d94b560b78300787540 + Author: Wonhyuk Yang + Date: Wed May 4 11:32:03 2022 +0900 + + workqueue: Fix type of cpu in trace event + + The trace event "workqueue_queue_work" use unsigned int type for + req_cpu, cpu. This casue confusing cpu number like below log. + + $ cat /sys/kernel/debug/tracing/trace + cat-317 [001] ...: workqueue_queue_work: ... req_cpu=8192 cpu=4294967295 + + So, change unsigned type to signed type in the trace event. After + applying this patch, cpu number will be printed as -1 instead of + 4294967295 as folllows. + + $ cat /sys/kernel/debug/tracing/trace + cat-1338 [002] ...: workqueue_queue_work: ... req_cpu=8192 cpu=-1 + +Upstream-Status: Backport + +Change-Id: I478083c350b6ec314d87e9159dc5b342b96daed7 +Signed-off-by: Michael Jeanson +Signed-off-by: Mathieu Desnoyers +--- + include/instrumentation/events/workqueue.h | 49 ++++++++++++++++++++-- + 1 file changed, 46 insertions(+), 3 deletions(-) + +diff --git a/include/instrumentation/events/workqueue.h b/include/instrumentation/events/workqueue.h +index 023b65a8..5693cf89 100644 +--- a/include/instrumentation/events/workqueue.h ++++ b/include/instrumentation/events/workqueue.h +@@ -28,10 +28,35 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, + ) + ) + ++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0)) + /** + * workqueue_queue_work - called when a work gets queued + * @req_cpu: the requested cpu +- * @cwq: pointer to struct cpu_workqueue_struct ++ * @pwq: pointer to struct pool_workqueue ++ * @work: pointer to struct work_struct ++ * ++ * This event occurs when a work is queued immediately or once a ++ * delayed work is actually queued on a workqueue (ie: once the delay ++ * has been reached). ++ */ ++LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, ++ ++ TP_PROTO(int req_cpu, struct pool_workqueue *pwq, ++ struct work_struct *work), ++ ++ TP_ARGS(req_cpu, pwq, work), ++ ++ TP_FIELDS( ++ ctf_integer_hex(void *, work, work) ++ ctf_integer_hex(void *, function, work->func) ++ ctf_integer(int, req_cpu, req_cpu) ++ ) ++) ++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) ++/** ++ * workqueue_queue_work - called when a work gets queued ++ * @req_cpu: the requested cpu ++ * @pwq: pointer to struct pool_workqueue + * @work: pointer to struct work_struct + * + * This event occurs when a work is queued immediately or once a +@@ -40,17 +65,34 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work, + */ + LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, + +-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0)) + TP_PROTO(unsigned int req_cpu, struct pool_workqueue *pwq, + struct work_struct *work), + + TP_ARGS(req_cpu, pwq, work), ++ ++ TP_FIELDS( ++ ctf_integer_hex(void *, work, work) ++ ctf_integer_hex(void *, function, work->func) ++ ctf_integer(unsigned int, req_cpu, req_cpu) ++ ) ++) + #else ++/** ++ * workqueue_queue_work - called when a work gets queued ++ * @req_cpu: the requested cpu ++ * @cwq: pointer to struct cpu_workqueue_struct ++ * @work: pointer to struct work_struct ++ * ++ * This event occurs when a work is queued immediately or once a ++ * delayed work is actually queued on a workqueue (ie: once the delay ++ * has been reached). ++ */ ++LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, ++ + TP_PROTO(unsigned int req_cpu, struct cpu_workqueue_struct *cwq, + struct work_struct *work), + + TP_ARGS(req_cpu, cwq, work), +-#endif + + TP_FIELDS( + ctf_integer_hex(void *, work, work) +@@ -58,6 +100,7 @@ LTTNG_TRACEPOINT_EVENT(workqueue_queue_work, + ctf_integer(unsigned int, req_cpu, req_cpu) + ) + ) ++#endif + + /** + * workqueue_activate_work - called when a work gets activated +-- +2.19.1 + diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb index bee2204b42..80b9ceec3f 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb +++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb @@ -11,7 +11,12 @@ include lttng-platforms.inc SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0009-Rename-genhd-wrapper-to-blkdev.patch \ + file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \ + file://0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch \ + file://0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch \ file://0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch \ + file://0001-fix-compaction.patch \ + file://0001-fix-adjust-range-v5.10.137-in-block-probe.patch \ " # Use :append here so that the patch is applied also when using devupstream diff --git a/poky/meta/recipes-kernel/lttng/lttng-platforms.inc b/poky/meta/recipes-kernel/lttng/lttng-platforms.inc index 933c65d85d..900e36df82 100644 --- a/poky/meta/recipes-kernel/lttng/lttng-platforms.inc +++ b/poky/meta/recipes-kernel/lttng/lttng-platforms.inc @@ -15,3 +15,7 @@ LTTNGUST:arc = "" COMPATIBLE_HOST:arc:pn-lttng-ust = "null" +# Whether the platform supports lttng-tools +# lttng-tools requires SYS_ppoll and SYS_pselect6 which are not supported on riscv32. +# It's also turned off for riscv32 in meta-riscv. See https://github.com/riscv/meta-riscv/blob/master/conf/layer.conf +COMPATIBLE_HOST:riscv32:pn-lttng-tools = "null" diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb index 95e7eae9fe..772bc2dea1 100644 --- a/poky/meta/recipes-kernel/perf/perf.bb +++ b/poky/meta/recipes-kernel/perf/perf.bb @@ -144,6 +144,9 @@ do_install() { # we are checking for this make target to be compatible with older perf versions if ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'true', 'false', d)} && grep -q install-python_ext ${S}/tools/perf/Makefile*; then oe_runmake DESTDIR=${D} install-python_ext + if [ -e ${D}${libdir}/python*/site-packages/perf-*/SOURCES.txt ]; then + sed -i -e 's#${WORKDIR}##g' ${D}${libdir}/python*/site-packages/perf-*/SOURCES.txt + fi fi } @@ -203,7 +206,7 @@ do_configure:prepend () { if [ -e "${S}/tools/perf/Makefile.perf" ]; then sed -i -e 's,\ .config-detected, $(OUTPUT)/config-detected,g' \ ${S}/tools/perf/Makefile.perf - sed -i -e "s,prefix='\$(DESTDIR_SQ)/usr'$,prefix='\$(DESTDIR_SQ)/usr' --install-lib='\$(DESTDIR)\$(PYTHON_SITEPACKAGES_DIR)',g" \ + sed -i -e "s,prefix='\$(DESTDIR_SQ)/usr'$,prefix='\$(DESTDIR_SQ)/usr' --install-lib='\$(PYTHON_SITEPACKAGES_DIR)' --root='\$(DESTDIR)',g" \ ${S}/tools/perf/Makefile.perf # backport https://github.com/torvalds/linux/commit/e4ffd066ff440a57097e9140fa9e16ceef905de8 sed -i -e 's,\($(Q)$(SHELL) .$(arch_errno_tbl).\) $(CC) $(arch_errno_hdr_dir),\1 $(firstword $(CC)) $(arch_errno_hdr_dir),g' \ @@ -244,6 +247,9 @@ do_configure:prepend () { # change the Makefile line to remove everything before 'tools/perf' sed -i -e "s%srcdir_SQ = \$(subst ','\\\'',\$(srcdir))%srcdir_SQ = \$(patsubst \%tools/perf,tools/perf,\$(subst ','\\\'',\$(srcdir)))%g" \ ${S}/tools/perf/Makefile.config + # Avoid hardcoded path to python-native + sed -i -e 's#\(PYTHON_WORD := \)$(call shell-wordify,$(PYTHON))#\1 python3#g' \ + ${S}/tools/perf/Makefile.config fi if [ -e "${S}/tools/perf/tests/Build" ]; then # OUTPUT is the full path, we have python on the path so we remove it from the diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb deleted file mode 100644 index 2eba4f873b..0000000000 --- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.06.06.bb +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "Wireless Central Regulatory Domain Database" -HOMEPAGE = "https://wireless.wiki.kernel.org/en/developers/regulatory/crda" -SECTION = "net" -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" - -SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" -SRC_URI[sha256sum] = "ac00f97efecce5046ed069d1d93f3365fdf994c7c7854a8fc50831e959537230" - -inherit bin_package allarch - -do_install() { - install -d -m0755 ${D}${nonarch_libdir}/crda - install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys - install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin - install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem - - install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db - install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s -} - -# Install static regulatory DB in /lib/firmware for kernel to load. -# This requires Linux kernel >= v4.15. -# For kernel <= v4.14, inherit the kernel_wireless_regdb.bbclass -# (in meta-networking) in kernel's recipe. -PACKAGES = "${PN}-static ${PN}" -RCONFLICTS:${PN} = "${PN}-static" - -FILES:${PN}-static = " \ - ${nonarch_base_libdir}/firmware/regulatory.db \ - ${nonarch_base_libdir}/firmware/regulatory.db.p7s \ -" - -# Native users might want to use the source of regulatory DB. -# This is for example used by Linux kernel <= v4.14 and -# kernel_wireless_regdb.bbclass in meta-networking. -do_install:append:class-native() { - install -m 0644 -D db.txt ${D}${libdir}/crda/db.txt -} - -RSUGGESTS:${PN} = "crda" - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb new file mode 100644 index 0000000000..357e79d7e1 --- /dev/null +++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb @@ -0,0 +1,43 @@ +SUMMARY = "Wireless Central Regulatory Domain Database" +HOMEPAGE = "https://wireless.wiki.kernel.org/en/developers/regulatory/crda" +SECTION = "net" +LICENSE = "ISC" +LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" + +SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" +SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84" + +inherit bin_package allarch + +do_install() { + install -d -m0755 ${D}${nonarch_libdir}/crda + install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys + install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin + install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem + + install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db + install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s +} + +# Install static regulatory DB in /lib/firmware for kernel to load. +# This requires Linux kernel >= v4.15. +# For kernel <= v4.14, inherit the kernel_wireless_regdb.bbclass +# (in meta-networking) in kernel's recipe. +PACKAGES = "${PN}-static ${PN}" +RCONFLICTS:${PN} = "${PN}-static" + +FILES:${PN}-static = " \ + ${nonarch_base_libdir}/firmware/regulatory.db \ + ${nonarch_base_libdir}/firmware/regulatory.db.p7s \ +" + +# Native users might want to use the source of regulatory DB. +# This is for example used by Linux kernel <= v4.14 and +# kernel_wireless_regdb.bbclass in meta-networking. +do_install:append:class-native() { + install -m 0644 -D db.txt ${D}${libdir}/crda/db.txt +} + +RSUGGESTS:${PN} = "crda" + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb deleted file mode 100644 index 61e3d92e95..0000000000 --- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb +++ /dev/null @@ -1,35 +0,0 @@ -SUMMARY = "PNG image format decoding library" -DESCRIPTION = "An open source project to develop and maintain the reference \ -library for use in applications that read, create, and manipulate PNG \ -(Portable Network Graphics) raster image files. " -HOMEPAGE = "http://www.libpng.org/" -SECTION = "libs" -LICENSE = "Libpng" -LIC_FILES_CHKSUM = "file://LICENSE;md5=b0085051bf265bac2bfc38bc89f50000" -DEPENDS = "zlib" - -LIBV = "16" - -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" -SRC_URI[md5sum] = "015e8e15db1eecde5f2eb9eb5b6e59e9" -SRC_URI[sha256sum] = "505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca" - -MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" - -UPSTREAM_CHECK_URI = "http://libpng.org/pub/png/libpng.html" - -BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config" - -inherit autotools binconfig-disabled pkgconfig - -# Work around missing symbols -EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}" - -PACKAGES =+ "${PN}-tools" - -FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" - -BBCLASSEXTEND = "native nativesdk" - -# CVE-2019-17371 is actually a memory leak in gif2png 2.x -CVE_CHECK_IGNORE += "CVE-2019-17371" diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb new file mode 100644 index 0000000000..dc627203ef --- /dev/null +++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb @@ -0,0 +1,34 @@ +SUMMARY = "PNG image format decoding library" +DESCRIPTION = "An open source project to develop and maintain the reference \ +library for use in applications that read, create, and manipulate PNG \ +(Portable Network Graphics) raster image files. " +HOMEPAGE = "http://www.libpng.org/" +SECTION = "libs" +LICENSE = "Libpng" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5c900cc124ba35a274073b5de7639b13" +DEPENDS = "zlib" + +LIBV = "16" + +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" +SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be" + +MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/" + +UPSTREAM_CHECK_URI = "http://libpng.org/pub/png/libpng.html" + +BINCONFIG = "${bindir}/libpng-config ${bindir}/libpng16-config" + +inherit autotools binconfig-disabled pkgconfig + +# Work around missing symbols +EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}" + +PACKAGES =+ "${PN}-tools" + +FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" + +BBCLASSEXTEND = "native nativesdk" + +# CVE-2019-17371 is actually a memory leak in gif2png 2.x +CVE_CHECK_IGNORE += "CVE-2019-17371" diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch new file mode 100644 index 0000000000..48ca56982f --- /dev/null +++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch @@ -0,0 +1,29 @@ +From 3fc1fdda0068981340cc7ae136173731275e2c5e Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Thu, 18 Aug 2022 10:46:30 +0530 +Subject: [PATCH] CVE-2022-34526 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990] +CVE: CVE-2022-34526 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_dirinfo.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 8565dfb..0f722a5 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -1157,6 +1157,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) + default: + return 1; + } ++ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) { ++ return 0; ++ } + /* Check if codec specific tags are allowed for the current + * compression scheme (codec) */ + switch (tif->tif_dir.td_compression) { +-- +2.25.1 + diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 149516508f..b5ccd859f3 100644 --- a/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -21,6 +21,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ file://CVE-2022-1354.patch \ file://CVE-2022-1355.patch \ + file://CVE-2022-34526.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb deleted file mode 100644 index 281cff1bf2..0000000000 --- a/poky/meta/recipes-multimedia/webp/libwebp_1.2.2.bb +++ /dev/null @@ -1,55 +0,0 @@ -SUMMARY = "WebP is an image format designed for the Web" -DESCRIPTION = "WebP is a method of lossy and lossless compression that can be \ - used on a large variety of photographic, translucent and \ - graphical images found on the web. The degree of lossy \ - compression is adjustable so a user can choose the trade-off \ - between file size and image quality. WebP typically achieves \ - an average of 30% more compression than JPEG and JPEG 2000, \ - without loss of image quality." -HOMEPAGE = "https://developers.google.com/speed/webp/" -SECTION = "libs" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \ - file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7" - -SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz" -SRC_URI[sha256sum] = "7656532f837af5f4cec3ff6bafe552c044dc39bf453587bd5b77450802f4aee6" - -UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html" - -EXTRA_OECONF = " \ - --disable-wic \ - --enable-libwebpmux \ - --enable-libwebpdemux \ - --enable-threading \ -" - -# Do not trust configure to determine if neon is available. -# -EXTRA_OECONF_ARM = " \ - ${@bb.utils.contains("TUNE_FEATURES","neon","--enable-neon","--disable-neon",d)} \ -" -EXTRA_OECONF:append:arm = " ${EXTRA_OECONF_ARM}" -EXTRA_OECONF:append:armeb = " ${EXTRA_OECONF_ARM}" - -inherit autotools lib_package - -PACKAGECONFIG ??= "" - -# libwebpdecoder is a subset of libwebp, don't build it unless requested -PACKAGECONFIG[decoder] = "--enable-libwebpdecoder,--disable-libwebpdecoder" - -# Apply for examples programs: cwebp and dwebp -PACKAGECONFIG[gif] = "--enable-gif,--disable-gif,giflib" -PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg" -PACKAGECONFIG[png] = "--enable-png,--disable-png,,libpng" -PACKAGECONFIG[tiff] = "--enable-tiff,--disable-tiff,tiff" - -# Apply only for example program vwebp -PACKAGECONFIG[gl] = "--enable-gl,--disable-gl,mesa-glut" - -PACKAGES =+ "${PN}-gif2webp" - -DESCRIPTION:${PN}-gif2webp = "Simple tool to convert animated GIFs to WebP" -FILES:${PN}-gif2webp = "${bindir}/gif2webp" diff --git a/poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb b/poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb new file mode 100644 index 0000000000..263589846a --- /dev/null +++ b/poky/meta/recipes-multimedia/webp/libwebp_1.2.4.bb @@ -0,0 +1,55 @@ +SUMMARY = "WebP is an image format designed for the Web" +DESCRIPTION = "WebP is a method of lossy and lossless compression that can be \ + used on a large variety of photographic, translucent and \ + graphical images found on the web. The degree of lossy \ + compression is adjustable so a user can choose the trade-off \ + between file size and image quality. WebP typically achieves \ + an average of 30% more compression than JPEG and JPEG 2000, \ + without loss of image quality." +HOMEPAGE = "https://developers.google.com/speed/webp/" +SECTION = "libs" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=6e8dee932c26f2dab503abf70c96d8bb \ + file://PATENTS;md5=c6926d0cb07d296f886ab6e0cc5a85b7" + +SRC_URI = "http://downloads.webmproject.org/releases/webp/${BP}.tar.gz" +SRC_URI[sha256sum] = "7bf5a8a28cc69bcfa8cb214f2c3095703c6b73ac5fba4d5480c205331d9494df" + +UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html" + +EXTRA_OECONF = " \ + --disable-wic \ + --enable-libwebpmux \ + --enable-libwebpdemux \ + --enable-threading \ +" + +# Do not trust configure to determine if neon is available. +# +EXTRA_OECONF_ARM = " \ + ${@bb.utils.contains("TUNE_FEATURES","neon","--enable-neon","--disable-neon",d)} \ +" +EXTRA_OECONF:append:arm = " ${EXTRA_OECONF_ARM}" +EXTRA_OECONF:append:armeb = " ${EXTRA_OECONF_ARM}" + +inherit autotools lib_package + +PACKAGECONFIG ??= "" + +# libwebpdecoder is a subset of libwebp, don't build it unless requested +PACKAGECONFIG[decoder] = "--enable-libwebpdecoder,--disable-libwebpdecoder" + +# Apply for examples programs: cwebp and dwebp +PACKAGECONFIG[gif] = "--enable-gif,--disable-gif,giflib" +PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg" +PACKAGECONFIG[png] = "--enable-png,--disable-png,,libpng" +PACKAGECONFIG[tiff] = "--enable-tiff,--disable-tiff,tiff" + +# Apply only for example program vwebp +PACKAGECONFIG[gl] = "--enable-gl,--disable-gl,mesa-glut" + +PACKAGES =+ "${PN}-gif2webp" + +DESCRIPTION:${PN}-gif2webp = "Simple tool to convert animated GIFs to WebP" +FILES:${PN}-gif2webp = "${bindir}/gif2webp" diff --git a/poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb b/poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb deleted file mode 100644 index ac4ee3eb23..0000000000 --- a/poky/meta/recipes-sato/webkit/libwpe_1.12.0.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "General-purpose library specifically developed for the WPE-flavored port of WebKit." -HOMEPAGE = "https://github.com/WebPlatformForEmbedded/libwpe" -BUGTRACKER = "https://github.com/WebPlatformForEmbedded/libwpe/issues" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=371a616eb4903c6cb79e9893a5f615cc" -DEPENDS = "virtual/egl libxkbcommon" - -inherit cmake features_check pkgconfig - -REQUIRED_DISTRO_FEATURES = "opengl" - -SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "e8eeca228a6b4c36294cfb63f7d3ba9ada47a430904a5a973b3c99c96a44c18c" - -# This is a tweak of upstream-version-is-even needed because -# ipstream directory contains tarballs for other components as well. -UPSTREAM_CHECK_REGEX = "libwpe-(?P\d+\.(\d*[02468])+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb b/poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb new file mode 100644 index 0000000000..77ca517ef7 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/libwpe_1.12.3.bb @@ -0,0 +1,18 @@ +SUMMARY = "General-purpose library specifically developed for the WPE-flavored port of WebKit." +HOMEPAGE = "https://github.com/WebPlatformForEmbedded/libwpe" +BUGTRACKER = "https://github.com/WebPlatformForEmbedded/libwpe/issues" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=371a616eb4903c6cb79e9893a5f615cc" +DEPENDS = "virtual/egl libxkbcommon" + +inherit cmake features_check pkgconfig + +REQUIRED_DISTRO_FEATURES = "opengl" + +SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" +SRC_URI[sha256sum] = "b84fdbfbc849ce4fdf084bb28b58e5463b1b4b6cc8f200dc77b41f8545d5329d" + +# This is a tweak of upstream-version-is-even needed because +# ipstream directory contains tarballs for other components as well. +UPSTREAM_CHECK_REGEX = "libwpe-(?P\d+\.(\d*[02468])+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb deleted file mode 100644 index df4ff63121..0000000000 --- a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.4.bb +++ /dev/null @@ -1,167 +0,0 @@ -SUMMARY = "WebKit web rendering engine for the GTK+ platform" -HOMEPAGE = "https://www.webkitgtk.org/" -BUGTRACKER = "https://bugs.webkit.org/" - -LICENSE = "BSD-2-Clause & LGPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://Source/JavaScriptCore/COPYING.LIB;md5=d0c6d6397a5d84286dda758da57bd691 \ - file://Source/WebCore/LICENSE-APPLE;md5=4646f90082c40bcf298c285f8bab0b12 \ - file://Source/WebCore/LICENSE-LGPL-2;md5=36357ffde2b64ae177b2494445b79d21 \ - file://Source/WebCore/LICENSE-LGPL-2.1;md5=a778a33ef338abbaf8b8a7c36b6eec80 \ - " - -SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ - file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \ - file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \ - file://0001-Fix-build-without-opengl-or-es.patch \ - file://reproducibility.patch \ - file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \ - " - -SRC_URI[sha256sum] = "b6bebe1f85a479d968c19e44a4704622ef8cef61636ad1b2406b77d16ae2e2a8" - -inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc - -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'opengl', '', d)}" - -CVE_PRODUCT = "webkitgtk webkitgtk\+" - -DEPENDS = " \ - ruby-native \ - gperf-native \ - cairo \ - harfbuzz \ - jpeg \ - atk \ - libwebp \ - gtk+3 \ - libxslt \ - libtasn1 \ - libnotify \ - gstreamer1.0 \ - gstreamer1.0-plugins-base \ - " - -PACKAGECONFIG_SOUP ?= "soup2" -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd wayland x11', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'webgl opengl', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', 'webgl gles2', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'opengl-or-es', '', d)} \ - enchant \ - libsecret \ - ${PACKAGECONFIG_SOUP} \ - " - -PACKAGECONFIG[wayland] = "-DENABLE_WAYLAND_TARGET=ON,-DENABLE_WAYLAND_TARGET=OFF,wayland libwpe wpebackend-fdo wayland-native" -PACKAGECONFIG[angle] = "-DUSE_ANGLE_WEBGL=ON,-DUSE_ANGLE_WEBGL=OFF" -PACKAGECONFIG[x11] = "-DENABLE_X11_TARGET=ON,-DENABLE_X11_TARGET=OFF,virtual/libx11 libxcomposite libxdamage libxrender libxt" -PACKAGECONFIG[geoclue] = "-DENABLE_GEOLOCATION=ON,-DENABLE_GEOLOCATION=OFF,geoclue" -PACKAGECONFIG[enchant] = "-DENABLE_SPELLCHECK=ON,-DENABLE_SPELLCHECK=OFF,enchant2" -PACKAGECONFIG[gles2] = "-DENABLE_GLES2=ON,-DENABLE_GLES2=OFF,virtual/libgles2" -PACKAGECONFIG[webgl] = "-DENABLE_WEBGL=ON,-DENABLE_WEBGL=OFF,virtual/egl" -PACKAGECONFIG[opengl] = "-DENABLE_GRAPHICS_CONTEXT_GL=ON,-DENABLE_GRAPHICS_CONTEXT_GL=OFF,virtual/egl" -PACKAGECONFIG[opengl-or-es] = "-DUSE_OPENGL_OR_ES=ON,-DUSE_OPENGL_OR_ES=OFF" -PACKAGECONFIG[libsecret] = "-DUSE_LIBSECRET=ON,-DUSE_LIBSECRET=OFF,libsecret" -PACKAGECONFIG[libhyphen] = "-DUSE_LIBHYPHEN=ON,-DUSE_LIBHYPHEN=OFF,libhyphen" -PACKAGECONFIG[woff2] = "-DUSE_WOFF2=ON,-DUSE_WOFF2=OFF,woff2" -PACKAGECONFIG[openjpeg] = "-DUSE_OPENJPEG=ON,-DUSE_OPENJPEG=OFF,openjpeg" -PACKAGECONFIG[systemd] = "-DUSE_SYSTEMD=ON,-DUSE_SYSTEMD=off,systemd" -PACKAGECONFIG[reduce-size] = "-DCMAKE_BUILD_TYPE=MinSizeRel,-DCMAKE_BUILD_TYPE=Release,," -PACKAGECONFIG[lcms] = "-DUSE_LCMS=ON,-DUSE_LCMS=OFF,lcms" -PACKAGECONFIG[soup2] = "-DUSE_SOUP2=ON,-DUSE_SOUP2=OFF,libsoup-2.4,,,soup3" -PACKAGECONFIG[soup3] = ",,libsoup,,,soup2" -PACKAGECONFIG[journald] = "-DENABLE_JOURNALD_LOG=ON,-DENABLE_JOURNALD_LOG=OFF,systemd" - -# webkitgtk is full of /usr/bin/env python, particular for generating docs -do_configure[postfuncs] += "setup_python_link" -setup_python_link() { - if [ ! -e ${STAGING_BINDIR_NATIVE}/python ]; then - ln -s `which python3` ${STAGING_BINDIR_NATIVE}/python - fi -} - -EXTRA_OECMAKE = " \ - -DPORT=GTK \ - ${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_INTROSPECTION=ON', '-DENABLE_INTROSPECTION=OFF', d)} \ - ${@bb.utils.contains('GTKDOC_ENABLED', 'True', '-DENABLE_GTKDOC=ON', '-DENABLE_GTKDOC=OFF', d)} \ - -DENABLE_MINIBROWSER=ON \ - -DPYTHON_EXECUTABLE=`which python3` \ - -DENABLE_BUBBLEWRAP_SANDBOX=OFF \ - -DENABLE_GAMEPAD=OFF \ - " - -# Javascript JIT is not supported on ARC -EXTRA_OECMAKE:append:arc = " -DENABLE_JIT=OFF " -# By default 25-bit "medium" calls are used on ARC -# which is not enough for binaries larger than 32 MiB -CFLAGS:append:arc = " -mlong-calls" -CXXFLAGS:append:arc = " -mlong-calls" - -# Needed for non-mesa graphics stacks when x11 is disabled -CXXFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}" - -# Javascript JIT is not supported on powerpc -EXTRA_OECMAKE:append:powerpc = " -DENABLE_JIT=OFF " -EXTRA_OECMAKE:append:powerpc64 = " -DENABLE_JIT=OFF " - -# ARM JIT code does not build on ARMv4/5/6 anymore -EXTRA_OECMAKE:append:armv5 = " -DENABLE_JIT=OFF " -EXTRA_OECMAKE:append:armv6 = " -DENABLE_JIT=OFF " -EXTRA_OECMAKE:append:armv4 = " -DENABLE_JIT=OFF " - -EXTRA_OECMAKE:append:mipsarch = " -DUSE_LD_GOLD=OFF " -EXTRA_OECMAKE:append:powerpc = " -DUSE_LD_GOLD=OFF " - -# JIT and gold linker does not work on RISCV -EXTRA_OECMAKE:append:riscv32 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF" -EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF" - -# JIT not supported on MIPS either -EXTRA_OECMAKE:append:mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON " - -# JIT not supported on X32 -# An attempt was made to upstream JIT support for x32 in -# https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as -# unresolved due to limited X32 adoption. -EXTRA_OECMAKE:append:x86-x32 = " -DENABLE_JIT=OFF " - -SECURITY_CFLAGS:remove:aarch64 = "-fpie" -SECURITY_CFLAGS:append:aarch64 = " -fPIE" - -FILES:${PN} += "${libdir}/webkit2gtk-4.*/injected-bundle/libwebkit2gtkinjectedbundle.so" - -RRECOMMENDS:${PN} += "ca-certificates shared-mime-info" - -# http://errors.yoctoproject.org/Errors/Details/20370/ -ARM_INSTRUCTION_SET:armv4 = "arm" -ARM_INSTRUCTION_SET:armv5 = "arm" -ARM_INSTRUCTION_SET:armv6 = "arm" - -# https://bugzilla.yoctoproject.org/show_bug.cgi?id=9474 -# https://bugs.webkit.org/show_bug.cgi?id=159880 -# JSC JIT can build on ARMv7 with -marm, but doesn't work on runtime. -# Upstream only tests regularly the JSC JIT on ARMv7 with Thumb2 (-mthumb). -ARM_INSTRUCTION_SET:armv7a = "thumb" -ARM_INSTRUCTION_SET:armv7r = "thumb" -ARM_INSTRUCTION_SET:armv7ve = "thumb" - -# introspection inside qemu-arm hangs forever on musl/arm builds -# therefore disable GI_DATA -GI_DATA_ENABLED:libc-musl:armv7a = "False" -GI_DATA_ENABLED:libc-musl:armv7ve = "False" - -# Can't be built with ccache -CCACHE_DISABLE = "1" - -PACKAGE_PREPROCESS_FUNCS += "src_package_preprocess" -src_package_preprocess () { - # Trim build paths from comments in generated sources to ensure reproducibility - sed -i -e "s,${WORKDIR},,g" \ - ${B}/JavaScriptCore/DerivedSources/*.h \ - ${B}/JavaScriptCore/DerivedSources/yarr/*.h \ - ${B}/JavaScriptCore/PrivateHeaders/JavaScriptCore/*.h \ - ${B}/WebKit2Gtk/DerivedSources/webkit2/*.cpp \ - ${B}/WebKit2Gtk/DerivedSources/webkit2/*.h - -} - diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb new file mode 100644 index 0000000000..026e24ae39 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb @@ -0,0 +1,166 @@ +SUMMARY = "WebKit web rendering engine for the GTK+ platform" +HOMEPAGE = "https://www.webkitgtk.org/" +BUGTRACKER = "https://bugs.webkit.org/" + +LICENSE = "BSD-2-Clause & LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://Source/JavaScriptCore/COPYING.LIB;md5=d0c6d6397a5d84286dda758da57bd691 \ + file://Source/WebCore/LICENSE-APPLE;md5=4646f90082c40bcf298c285f8bab0b12 \ + file://Source/WebCore/LICENSE-LGPL-2;md5=36357ffde2b64ae177b2494445b79d21 \ + file://Source/WebCore/LICENSE-LGPL-2.1;md5=a778a33ef338abbaf8b8a7c36b6eec80 \ + " + +SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ + file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \ + file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \ + file://0001-Fix-build-without-opengl-or-es.patch \ + file://reproducibility.patch \ + file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \ + " +SRC_URI[sha256sum] = "0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743" + +inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc + +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" +REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'opengl', '', d)}" + +CVE_PRODUCT = "webkitgtk webkitgtk\+" + +DEPENDS = " \ + ruby-native \ + gperf-native \ + cairo \ + harfbuzz \ + jpeg \ + atk \ + libwebp \ + gtk+3 \ + libxslt \ + libtasn1 \ + libnotify \ + gstreamer1.0 \ + gstreamer1.0-plugins-base \ + " + +PACKAGECONFIG_SOUP ?= "soup2" +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd wayland x11', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'webgl opengl', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', 'webgl gles2', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'opengl-or-es', '', d)} \ + enchant \ + libsecret \ + ${PACKAGECONFIG_SOUP} \ + " + +PACKAGECONFIG[wayland] = "-DENABLE_WAYLAND_TARGET=ON,-DENABLE_WAYLAND_TARGET=OFF,wayland libwpe wpebackend-fdo wayland-native" +PACKAGECONFIG[angle] = "-DUSE_ANGLE_WEBGL=ON,-DUSE_ANGLE_WEBGL=OFF" +PACKAGECONFIG[x11] = "-DENABLE_X11_TARGET=ON,-DENABLE_X11_TARGET=OFF,virtual/libx11 libxcomposite libxdamage libxrender libxt" +PACKAGECONFIG[geoclue] = "-DENABLE_GEOLOCATION=ON,-DENABLE_GEOLOCATION=OFF,geoclue" +PACKAGECONFIG[enchant] = "-DENABLE_SPELLCHECK=ON,-DENABLE_SPELLCHECK=OFF,enchant2" +PACKAGECONFIG[gles2] = "-DENABLE_GLES2=ON,-DENABLE_GLES2=OFF,virtual/libgles2" +PACKAGECONFIG[webgl] = "-DENABLE_WEBGL=ON,-DENABLE_WEBGL=OFF,virtual/egl" +PACKAGECONFIG[opengl] = "-DENABLE_GRAPHICS_CONTEXT_GL=ON,-DENABLE_GRAPHICS_CONTEXT_GL=OFF,virtual/egl" +PACKAGECONFIG[opengl-or-es] = "-DUSE_OPENGL_OR_ES=ON,-DUSE_OPENGL_OR_ES=OFF" +PACKAGECONFIG[libsecret] = "-DUSE_LIBSECRET=ON,-DUSE_LIBSECRET=OFF,libsecret" +PACKAGECONFIG[libhyphen] = "-DUSE_LIBHYPHEN=ON,-DUSE_LIBHYPHEN=OFF,libhyphen" +PACKAGECONFIG[woff2] = "-DUSE_WOFF2=ON,-DUSE_WOFF2=OFF,woff2" +PACKAGECONFIG[openjpeg] = "-DUSE_OPENJPEG=ON,-DUSE_OPENJPEG=OFF,openjpeg" +PACKAGECONFIG[systemd] = "-DUSE_SYSTEMD=ON,-DUSE_SYSTEMD=off,systemd" +PACKAGECONFIG[reduce-size] = "-DCMAKE_BUILD_TYPE=MinSizeRel,-DCMAKE_BUILD_TYPE=Release,," +PACKAGECONFIG[lcms] = "-DUSE_LCMS=ON,-DUSE_LCMS=OFF,lcms" +PACKAGECONFIG[soup2] = "-DUSE_SOUP2=ON,-DUSE_SOUP2=OFF,libsoup-2.4,,,soup3" +PACKAGECONFIG[soup3] = ",,libsoup,,,soup2" +PACKAGECONFIG[journald] = "-DENABLE_JOURNALD_LOG=ON,-DENABLE_JOURNALD_LOG=OFF,systemd" + +# webkitgtk is full of /usr/bin/env python, particular for generating docs +do_configure[postfuncs] += "setup_python_link" +setup_python_link() { + if [ ! -e ${STAGING_BINDIR_NATIVE}/python ]; then + ln -s `which python3` ${STAGING_BINDIR_NATIVE}/python + fi +} + +EXTRA_OECMAKE = " \ + -DPORT=GTK \ + ${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_INTROSPECTION=ON', '-DENABLE_INTROSPECTION=OFF', d)} \ + ${@bb.utils.contains('GTKDOC_ENABLED', 'True', '-DENABLE_GTKDOC=ON', '-DENABLE_GTKDOC=OFF', d)} \ + -DENABLE_MINIBROWSER=ON \ + -DPYTHON_EXECUTABLE=`which python3` \ + -DENABLE_BUBBLEWRAP_SANDBOX=OFF \ + -DENABLE_GAMEPAD=OFF \ + " + +# Javascript JIT is not supported on ARC +EXTRA_OECMAKE:append:arc = " -DENABLE_JIT=OFF " +# By default 25-bit "medium" calls are used on ARC +# which is not enough for binaries larger than 32 MiB +CFLAGS:append:arc = " -mlong-calls" +CXXFLAGS:append:arc = " -mlong-calls" + +# Needed for non-mesa graphics stacks when x11 is disabled +CXXFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}" + +# Javascript JIT is not supported on powerpc +EXTRA_OECMAKE:append:powerpc = " -DENABLE_JIT=OFF " +EXTRA_OECMAKE:append:powerpc64 = " -DENABLE_JIT=OFF " + +# ARM JIT code does not build on ARMv4/5/6 anymore +EXTRA_OECMAKE:append:armv5 = " -DENABLE_JIT=OFF " +EXTRA_OECMAKE:append:armv6 = " -DENABLE_JIT=OFF " +EXTRA_OECMAKE:append:armv4 = " -DENABLE_JIT=OFF " + +EXTRA_OECMAKE:append:mipsarch = " -DUSE_LD_GOLD=OFF " +EXTRA_OECMAKE:append:powerpc = " -DUSE_LD_GOLD=OFF " + +# JIT and gold linker does not work on RISCV +EXTRA_OECMAKE:append:riscv32 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF" +EXTRA_OECMAKE:append:riscv64 = " -DUSE_LD_GOLD=OFF -DENABLE_JIT=OFF" + +# JIT not supported on MIPS either +EXTRA_OECMAKE:append:mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON " + +# JIT not supported on X32 +# An attempt was made to upstream JIT support for x32 in +# https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as +# unresolved due to limited X32 adoption. +EXTRA_OECMAKE:append:x86-x32 = " -DENABLE_JIT=OFF " + +SECURITY_CFLAGS:remove:aarch64 = "-fpie" +SECURITY_CFLAGS:append:aarch64 = " -fPIE" + +FILES:${PN} += "${libdir}/webkit2gtk-4.*/injected-bundle/libwebkit2gtkinjectedbundle.so" + +RRECOMMENDS:${PN} += "ca-certificates shared-mime-info" + +# http://errors.yoctoproject.org/Errors/Details/20370/ +ARM_INSTRUCTION_SET:armv4 = "arm" +ARM_INSTRUCTION_SET:armv5 = "arm" +ARM_INSTRUCTION_SET:armv6 = "arm" + +# https://bugzilla.yoctoproject.org/show_bug.cgi?id=9474 +# https://bugs.webkit.org/show_bug.cgi?id=159880 +# JSC JIT can build on ARMv7 with -marm, but doesn't work on runtime. +# Upstream only tests regularly the JSC JIT on ARMv7 with Thumb2 (-mthumb). +ARM_INSTRUCTION_SET:armv7a = "thumb" +ARM_INSTRUCTION_SET:armv7r = "thumb" +ARM_INSTRUCTION_SET:armv7ve = "thumb" + +# introspection inside qemu-arm hangs forever on musl/arm builds +# therefore disable GI_DATA +GI_DATA_ENABLED:libc-musl:armv7a = "False" +GI_DATA_ENABLED:libc-musl:armv7ve = "False" + +# Can't be built with ccache +CCACHE_DISABLE = "1" + +PACKAGE_PREPROCESS_FUNCS += "src_package_preprocess" +src_package_preprocess () { + # Trim build paths from comments in generated sources to ensure reproducibility + sed -i -e "s,${WORKDIR},,g" \ + ${B}/JavaScriptCore/DerivedSources/*.h \ + ${B}/JavaScriptCore/DerivedSources/yarr/*.h \ + ${B}/JavaScriptCore/PrivateHeaders/JavaScriptCore/*.h \ + ${B}/WebKit2Gtk/DerivedSources/webkit2/*.cpp \ + ${B}/WebKit2Gtk/DerivedSources/webkit2/*.h + +} + diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.0.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.0.bb deleted file mode 100644 index 4a18467ea4..0000000000 --- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.0.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "WPE's backend based on a freedesktop.org stack." -HOMEPAGE = "https://github.com/Igalia/WPEBackend-fdo" -BUGTRACKER = "https://github.com/Igalia/WPEBackend-fdo/issues" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=1f62cef2e3645e3e74eb05fd389d7a66" -DEPENDS = "glib-2.0 libxkbcommon wayland virtual/egl libwpe libepoxy" - -DEPENDS:append:class-target = " wayland-native" - -inherit meson features_check pkgconfig - -REQUIRED_DISTRO_FEATURES = "opengl" - -SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "6239c9c15523410798d66315de6b491712ab30009ba180f3e0dd076d9b0074ac" - -# Especially helps compiling with clang which enable this as error when -# using c++11 -CXXFLAGS += "-Wno-c++11-narrowing" - -# This is a tweak of upstream-version-is-even needed because -# ipstream directory contains tarballs for other components as well. -UPSTREAM_CHECK_REGEX = "wpebackend-fdo-(?P\d+\.(\d*[02468])+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb new file mode 100644 index 0000000000..5f776c13e6 --- /dev/null +++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb @@ -0,0 +1,24 @@ +SUMMARY = "WPE's backend based on a freedesktop.org stack." +HOMEPAGE = "https://github.com/Igalia/WPEBackend-fdo" +BUGTRACKER = "https://github.com/Igalia/WPEBackend-fdo/issues" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=1f62cef2e3645e3e74eb05fd389d7a66" +DEPENDS = "glib-2.0 libxkbcommon wayland virtual/egl libwpe libepoxy" + +DEPENDS:append:class-target = " wayland-native" + +inherit meson features_check pkgconfig + +REQUIRED_DISTRO_FEATURES = "opengl" + +SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz" +SRC_URI[sha256sum] = "45aa833c44ec292f31fa943b01b8cc75e54eb623ad7ba6a66fc2f118fe69e629" + +# Especially helps compiling with clang which enable this as error when +# using c++11 +CXXFLAGS += "-Wno-c++11-narrowing" + +# This is a tweak of upstream-version-is-even needed because +# ipstream directory contains tarballs for other components as well. +UPSTREAM_CHECK_REGEX = "wpebackend-fdo-(?P\d+\.(\d*[02468])+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch new file mode 100644 index 0000000000..d0a9bd9129 --- /dev/null +++ b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch @@ -0,0 +1,52 @@ +From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 23 Aug 2022 22:42:03 -0700 +Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type + +APR's configure script uses AC_TRY_RUN to detect whether the return type +of strerror_r is int. When cross-compiling this defaults to no. + +This commit adds an AC_CACHE_CHECK so users who cross-compile APR may +influence the outcome with a configure variable. + +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065] +Signed-off-by: Khem Raj +--- + build/apr_common.m4 | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/build/apr_common.m4 b/build/apr_common.m4 +index cbf2a4c..42e75cf 100644 +--- a/build/apr_common.m4 ++++ b/build/apr_common.m4 +@@ -525,8 +525,9 @@ dnl string. + dnl + dnl + AC_DEFUN([APR_CHECK_STRERROR_R_RC], [ +-AC_MSG_CHECKING(for type of return code from strerror_r) +-AC_TRY_RUN([ ++AC_CACHE_CHECK([whether return code from strerror_r has type int], ++[ac_cv_strerror_r_rc_int], ++[AC_TRY_RUN([ + #include + #include + #include +@@ -542,14 +543,10 @@ main() + }], [ + ac_cv_strerror_r_rc_int=yes ], [ + ac_cv_strerror_r_rc_int=no ], [ +- ac_cv_strerror_r_rc_int=no ] ) ++ ac_cv_strerror_r_rc_int=no ] ) ] ) + if test "x$ac_cv_strerror_r_rc_int" = xyes; then + AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int]) +- msg="int" +-else +- msg="pointer" + fi +-AC_MSG_RESULT([$msg]) + ] ) + + dnl +-- +2.37.2 + diff --git a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch new file mode 100644 index 0000000000..fa6202da79 --- /dev/null +++ b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch @@ -0,0 +1,62 @@ +From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 26 Aug 2022 00:28:08 -0700 +Subject: [PATCH] configure: Remove runtime test for mmap that can map + /dev/zero + +This never works for cross-compile moreover it ends up disabling +ac_cv_file__dev_zero which then results in compiler errors in shared +mutexes + +Upstream-Status: Inappropriate [Cross-compile specific] +Signed-off-by: Khem Raj +--- + configure.in | 32 -------------------------------- + 1 file changed, 32 deletions(-) + +diff --git a/configure.in b/configure.in +index a99049d..f1f55c7 100644 +--- a/configure.in ++++ b/configure.in +@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \ + APR_CHECK_DEFINE(MAP_ANON, sys/mman.h) + AC_CHECK_FILE(/dev/zero) + +-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that. +-if test "$ac_cv_func_mmap" = "yes" && +- test "$ac_cv_file__dev_zero" = "yes"; then +- AC_MSG_CHECKING(for mmap that can map /dev/zero) +- AC_TRY_RUN([ +-#include +-#include +-#include +-#ifdef HAVE_SYS_MMAN_H +-#include +-#endif +- int main() +- { +- int fd; +- void *m; +- fd = open("/dev/zero", O_RDWR); +- if (fd < 0) { +- return 1; +- } +- m = mmap(0, sizeof(void*), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); +- if (m == (void *)-1) { /* aka MAP_FAILED */ +- return 2; +- } +- if (munmap(m, sizeof(void*)) < 0) { +- return 3; +- } +- return 0; +- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no]) +- +- AC_MSG_RESULT($ac_cv_file__dev_zero) +-fi +- + # Now we determine which one is our anonymous shmem preference. + haveshmgetanon="0" + havemmapzero="0" +-- +2.37.2 + diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb index 9c826d4380..cb4bb936d7 100644 --- a/poky/meta/recipes-support/apr/apr_1.7.0.bb +++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb @@ -24,6 +24,8 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ file://autoconf270.patch \ + file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \ + file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ file://CVE-2021-35940.patch \ " @@ -36,17 +38,30 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'" # Added to fix some issues with cmake. Refer to https://github.com/bmwcarit/meta-ros/issues/68#issuecomment-19896928 CACHED_CONFIGUREVARS += "apr_cv_mutex_recursive=yes" - +# Enable largefile +CACHED_CONFIGUREVARS += "apr_cv_use_lfs64=yes" +# Additional AC_TRY_RUN tests which will need to be cached for cross compile +CACHED_CONFIGUREVARS += "apr_cv_epoll=yes epoll_create1=yes apr_cv_sock_cloexec=yes \ + ac_cv_struct_rlimit=yes \ + ac_cv_func_sem_open=yes \ + apr_cv_process_shared_works=yes \ + apr_cv_mutex_robust_shared=yes \ + " # Also suppress trying to use sctp. # CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no ac_cv_header_netinet_sctp_uio_h=no" -CACHED_CONFIGUREVARS += "ac_cv_sizeof_struct_iovec=yes" +# ac_cv_sizeof_struct_iovec is deduced using runtime check which will fail during cross-compile +CACHED_CONFIGUREVARS += "${@['ac_cv_sizeof_struct_iovec=16','ac_cv_sizeof_struct_iovec=8'][d.getVar('SITEINFO_BITS') != '32']}" + CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes" +CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" +PACKAGECONFIG:append:libc-musl = " xsi-strerror" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[timed-tests] = "--enable-timed-tests,--disable-timed-tests," +PACKAGECONFIG[xsi-strerror] = "ac_cv_strerror_r_rc_int=yes,ac_cv_strerror_r_rc_int=no," do_configure:prepend() { # Avoid absolute paths for grep since it causes failures diff --git a/poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch b/poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch new file mode 100644 index 0000000000..df8b285700 --- /dev/null +++ b/poky/meta/recipes-support/boost/boost/0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch @@ -0,0 +1,82 @@ +From 78fd284a42caabe8815cb0870b46e5567872e75b Mon Sep 17 00:00:00 2001 +From: Dmitry +Date: Sat, 11 Dec 2021 16:58:23 +0300 +Subject: [PATCH] Don't skip install targets if there's no in ureqs + (#113) + +--- + src/tools/stage.jam | 4 ++++ + test/install_build_no.py | 26 ++++++++++++++++++++++++++ + test/test_all.py | 1 + + 3 files changed, 31 insertions(+) + create mode 100755 test/install_build_no.py + +Fixes install of boost fiber shared libraries which are missing in 1.78.0 +but working in 1.79.0. Only kirkstone affected by this. + +Upstream-Status: Backport + +Signed-off-by: Mikko Rapeli + +diff --git a/tools/build/src/tools/stage.jam b/tools/build/src/tools/stage.jam +index c5f02e3ba..325129dc8 100644 +--- a/tools/build/src/tools/stage.jam ++++ b/tools/build/src/tools/stage.jam +@@ -478,6 +478,10 @@ class install-target-class : basic-target + return [ sequence.unique $(result2) ] ; + } + ++ rule skip-from-usage-requirements ( ) ++ { ++ } ++ + # Returns true iff 'type' is subtype of some element of 'types-to-include'. + # + local rule include-type ( type : types-to-include * ) +diff --git a/tools/build/test/install_build_no.py b/tools/build/test/install_build_no.py +new file mode 100755 +index 000000000..0ccf3c5cc +--- /dev/null ++++ b/tools/build/test/install_build_no.py +@@ -0,0 +1,26 @@ ++#!/usr/bin/python ++ ++# Copyright 2021 Dmitry Arkhipov (grisumbras@gmail.com) ++# Distributed under the Boost Software License, Version 1.0. ++# (See accompanying file LICENSE.txt or https://www.bfgroup.xyz/b2/LICENSE.txt) ++ ++# Check that no in usage-requirements of dependencies does not affect ++# install rule, i.e. a skipped installed target does not affect insallation of ++# other targets. ++ ++import BoostBuild ++ ++t = BoostBuild.Tester() ++ ++t.write("a.cpp", "int main() {}\n") ++ ++t.write("jamroot.jam", """ ++make x : : maker : no ; ++exe a : a.cpp ; ++install install : x a ; ++""") ++ ++t.run_build_system() ++t.expect_addition("install/a.exe") ++ ++t.cleanup() +diff --git a/tools/build/test/test_all.py b/tools/build/test/test_all.py +index b7ef5ad70..9ed729d01 100644 +--- a/tools/build/test/test_all.py ++++ b/tools/build/test/test_all.py +@@ -250,6 +250,7 @@ tests = ["abs_workdir", + "inherit_toolset", + "inherited_dependency", + "inline", ++ "install_build_no", + "libjpeg", + "liblzma", + "libpng", +-- +2.20.1 + diff --git a/poky/meta/recipes-support/boost/boost_1.78.0.bb b/poky/meta/recipes-support/boost/boost_1.78.0.bb index 58be9dcf12..08364a4c3c 100644 --- a/poky/meta/recipes-support/boost/boost_1.78.0.bb +++ b/poky/meta/recipes-support/boost/boost_1.78.0.bb @@ -7,4 +7,5 @@ SRC_URI += "file://boost-CVE-2012-2677.patch \ file://0001-dont-setup-compiler-flags-m32-m64.patch \ file://de657e01635306085488290ea83de541ec393f8b.patch \ file://0001-futex-fix-build-on-32-bit-architectures-using-64-bit.patch \ + file://0001-Don-t-skip-install-targets-if-there-s-build-no-in-ur.patch \ " diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch new file mode 100644 index 0000000000..7b6f81bd02 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-35252.patch @@ -0,0 +1,72 @@ +From 62c09239ac4e08239c8e363b06901fc80637d8c7 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 29 Aug 2022 00:09:17 +0200 +Subject: [PATCH] cookie: reject cookies with "control bytes" + +Rejects 0x01 - 0x1f (except 0x09) plus 0x7f + +Reported-by: Axel Chong + +Bug: https://curl.se/docs/CVE-2022-35252.html + +CVE-2022-35252 + +Closes #9381 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb] + +Signed-off-by: Robert Joslyn +--- + lib/cookie.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/lib/cookie.c b/lib/cookie.c +index cb0c03b..e0470a1 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -438,6 +438,30 @@ static bool bad_domain(const char *domain) + return TRUE; + } + ++/* ++ RFC 6265 section 4.1.1 says a server should accept this range: ++ ++ cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ++ ++ But Firefox and Chrome as of June 2022 accept space, comma and double-quotes ++ fine. The prime reason for filtering out control bytes is that some HTTP ++ servers return 400 for requests that contain such. ++*/ ++static int invalid_octets(const char *p) ++{ ++ /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */ ++ static const char badoctets[] = { ++ "\x01\x02\x03\x04\x05\x06\x07\x08\x0a" ++ "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" ++ "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f" ++ }; ++ size_t vlen, len; ++ /* scan for all the octets that are *not* in cookie-octet */ ++ len = strcspn(p, badoctets); ++ vlen = strlen(p); ++ return (len != vlen); ++} ++ + /* + * Curl_cookie_add + * +@@ -590,6 +614,11 @@ Curl_cookie_add(struct Curl_easy *data, + badcookie = TRUE; + break; + } ++ if(invalid_octets(whatptr) || invalid_octets(name)) { ++ infof(data, "invalid octets in name/value, cookie dropped"); ++ badcookie = TRUE; ++ break; ++ } + } + else if(!len) { + /* +-- +2.35.1 + diff --git a/poky/meta/recipes-support/curl/curl_7.82.0.bb b/poky/meta/recipes-support/curl/curl_7.82.0.bb index 67de0220c6..5368c91f5c 100644 --- a/poky/meta/recipes-support/curl/curl_7.82.0.bb +++ b/poky/meta/recipes-support/curl/curl_7.82.0.bb @@ -28,6 +28,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-32206.patch \ file://CVE-2022-32207.patch \ file://CVE-2022-32208.patch \ + file://CVE-2022-35252.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" diff --git a/poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch b/poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch new file mode 100644 index 0000000000..c1c1def194 --- /dev/null +++ b/poky/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch @@ -0,0 +1,282 @@ +From 8161fec931f416f5ca6aa31bb53751e140a93046 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati +Date: Tue, 16 Aug 2022 16:56:15 +0530 +Subject: [PATCH] CVE-2022-2509 + +Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2] +CVE: CVE-2022-2509 +Signed-off-by: Hitendra Prajapati +--- + NEWS | 4 + + lib/x509/pkcs7.c | 3 +- + tests/Makefile.am | 2 +- + tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++ + 4 files changed, 222 insertions(+), 2 deletions(-) + create mode 100644 tests/pkcs7-verify-double-free.c + +diff --git a/NEWS b/NEWS +index 36381f0..02c4040 100644 +--- a/NEWS ++++ b/NEWS +@@ -7,6 +7,10 @@ See the end for copying conditions. + + * Version 3.7.4 (released 2022-03-17) + ++** libgnutls: Fixed double free during verification of pkcs7 signatures. ++ Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium] ++ [CVE-2022-2509] ++ + ** libgnutls: Added support for certificate compression as defined in RFC8879. + ** certtool: Added option --compress-cert that allows user to specify compression + methods for certificate compression. +diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c +index 1f35fab..d5be7f4 100644 +--- a/lib/x509/pkcs7.c ++++ b/lib/x509/pkcs7.c +@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, + issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags); + + if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) { +- if (prev) gnutls_x509_crt_deinit(prev); ++ if (prev && prev != signer) ++ gnutls_x509_crt_deinit(prev); + prev = issuer; + break; + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index cec0a4e..b3cb56c 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -230,7 +230,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ + tls13-without-timeout-func buffer status-request-revoked \ + set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ +- x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name ++ x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name pkcs7-verify-double-free + + ctests += tls-channel-binding + +diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c +new file mode 100644 +index 0000000..fadf307 +--- /dev/null ++++ b/tests/pkcs7-verify-double-free.c +@@ -0,0 +1,215 @@ ++/* ++ * Copyright (C) 2022 Red Hat, Inc. ++ * ++ * Author: Zoltan Fridrich ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software: you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS. If not, see . ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++ ++#include "utils.h" ++ ++static char rca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n" ++ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" ++ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n" ++ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n" ++ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n" ++ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n" ++ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n" ++ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" ++ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n" ++ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n" ++ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n" ++ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n" ++ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n" ++ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n" ++ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n" ++ "LirBWjg89RoAjFQ7bTE=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ca_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" ++ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n" ++ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n" ++ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n" ++ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n" ++ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n" ++ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n" ++ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n" ++ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n" ++ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n" ++ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n" ++ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n" ++ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n" ++ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n" ++ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n" ++ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char ee_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n" ++ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n" ++ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n" ++ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n" ++ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n" ++ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n" ++ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n" ++ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n" ++ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n" ++ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n" ++ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n" ++ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n" ++ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n" ++ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n" ++ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n" ++ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n" ++ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n" ++ "-----END CERTIFICATE-----\n"; ++ ++static char msg_pem[] = ++ "-----BEGIN PKCS7-----\n" ++ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n" ++ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n" ++ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n" ++ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" ++ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n" ++ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n" ++ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n" ++ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n" ++ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n" ++ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n" ++ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n" ++ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n" ++ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n" ++ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n" ++ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n" ++ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n" ++ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n" ++ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n" ++ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n" ++ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n" ++ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n" ++ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n" ++ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n" ++ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n" ++ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n" ++ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n" ++ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n" ++ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n" ++ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n" ++ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n" ++ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n" ++ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n" ++ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n" ++ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n" ++ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n" ++ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n" ++ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n" ++ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n" ++ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n" ++ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n" ++ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n" ++ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n" ++ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n" ++ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n" ++ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n" ++ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n" ++ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n" ++ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n" ++ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n" ++ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n" ++ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n" ++ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n" ++ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n" ++ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n" ++ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n" ++ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n" ++ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n" ++ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n" ++ "-----END PKCS7-----\n"; ++ ++const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 }; ++const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 }; ++const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 }; ++const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 }; ++ ++static void tls_log_func(int level, const char *str) ++{ ++ fprintf(stderr, "%s |<%d>| %s", "err", level, str); ++} ++ ++#define CHECK(X)\ ++{\ ++ r = X;\ ++ if (r < 0)\ ++ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\ ++}\ ++ ++void doit(void) ++{ ++ int r; ++ gnutls_x509_crt_t rca_cert = NULL; ++ gnutls_x509_crt_t ca_cert = NULL; ++ gnutls_x509_crt_t ee_cert = NULL; ++ gnutls_x509_trust_list_t tlist = NULL; ++ gnutls_pkcs7_t pkcs7 = NULL; ++ gnutls_datum_t data = { (unsigned char *)"xxx", 3 }; ++ ++ if (debug) { ++ gnutls_global_set_log_function(tls_log_func); ++ gnutls_global_set_log_level(4711); ++ } ++ ++ // Import certificates ++ CHECK(gnutls_x509_crt_init(&rca_cert)); ++ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ca_cert)); ++ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM)); ++ CHECK(gnutls_x509_crt_init(&ee_cert)); ++ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Setup trust store ++ CHECK(gnutls_x509_trust_list_init(&tlist, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0)); ++ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0)); ++ ++ // Setup pkcs7 structure ++ CHECK(gnutls_pkcs7_init(&pkcs7)); ++ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM)); ++ ++ // Signature verification ++ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0); ++ ++ gnutls_x509_crt_deinit(rca_cert); ++ gnutls_x509_crt_deinit(ca_cert); ++ gnutls_x509_crt_deinit(ee_cert); ++ gnutls_x509_trust_list_deinit(tlist, 0); ++ gnutls_pkcs7_deinit(pkcs7); ++} +-- +2.25.1 + diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb index b34eb7f5f0..94e7f0d58e 100644 --- a/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ + file://CVE-2022-2509.patch \ " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" diff --git a/poky/meta/recipes-support/gnutls/libtasn1_4.18.0.bb b/poky/meta/recipes-support/gnutls/libtasn1_4.18.0.bb deleted file mode 100644 index db49adc1c2..0000000000 --- a/poky/meta/recipes-support/gnutls/libtasn1_4.18.0.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "Library for ASN.1 and DER manipulation" -DESCRIPTION = "A highly portable C library that encodes and decodes \ -DER/BER data following an ASN.1 schema. " -HOMEPAGE = "http://www.gnu.org/software/libtasn1/" - -LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" -LICENSE:${PN}-bin = "GPL-3.0-or-later" -LICENSE:${PN} = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ - file://COPYING;md5=75ac100ec923f959898182307970c360" - -SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ - file://dont-depend-on-help2man.patch \ - " - -DEPENDS = "bison-native" - -SRC_URI[sha256sum] = "4365c154953563d64c67a024b607d1ee75c6db76e0d0f65709ea80a334cd1898" - -inherit autotools texinfo lib_package gtk-doc - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/gnutls/libtasn1_4.19.0.bb b/poky/meta/recipes-support/gnutls/libtasn1_4.19.0.bb new file mode 100644 index 0000000000..5fb8b54c06 --- /dev/null +++ b/poky/meta/recipes-support/gnutls/libtasn1_4.19.0.bb @@ -0,0 +1,23 @@ +SUMMARY = "Library for ASN.1 and DER manipulation" +DESCRIPTION = "A highly portable C library that encodes and decodes \ +DER/BER data following an ASN.1 schema. " +HOMEPAGE = "http://www.gnu.org/software/libtasn1/" + +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ + file://COPYING;md5=75ac100ec923f959898182307970c360" + +SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ + file://dont-depend-on-help2man.patch \ + " + +DEPENDS = "bison-native" + +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" + +inherit autotools texinfo lib_package gtk-doc + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.10.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.10.0.bb deleted file mode 100644 index 857fe463ef..0000000000 --- a/poky/meta/recipes-support/iso-codes/iso-codes_4.10.0.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "ISO language, territory, currency, script codes and their translations" -DESCRIPTION = "Provides lists of various ISO standards (e.g. country, \ -language, language scripts, and currency names) in one place, rather \ -than repeated in many programs throughout the system." -HOMEPAGE = "https://salsa.debian.org/iso-codes-team/iso-codes" -BUGTRACKER = "https://salsa.debian.org/iso-codes-team/iso-codes/issues" - -LICENSE = "LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" - -SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" -SRCREV = "9a6c24ee40e737ab34273c1af13a8dabcae888dd" - -# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which -# are inhibited by allarch -DEPENDS = "gettext-native" - -S = "${WORKDIR}/git" - -inherit allarch autotools - -FILES:${PN} += "${datadir}/xml/" diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb new file mode 100644 index 0000000000..be573981b0 --- /dev/null +++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "ISO language, territory, currency, script codes and their translations" +DESCRIPTION = "Provides lists of various ISO standards (e.g. country, \ +language, language scripts, and currency names) in one place, rather \ +than repeated in many programs throughout the system." +HOMEPAGE = "https://salsa.debian.org/iso-codes-team/iso-codes" +BUGTRACKER = "https://salsa.debian.org/iso-codes-team/iso-codes/issues" + +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;" +SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985" + +# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which +# are inhibited by allarch +DEPENDS = "gettext-native" + +S = "${WORKDIR}/git" + +inherit allarch autotools + +FILES:${PN} += "${datadir}/xml/" diff --git a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb deleted file mode 100644 index 8ea8436977..0000000000 --- a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "A library for atomic integer operations" -DESCRIPTION = "Package provides semi-portable access to hardware-provided atomic memory update operations on a number of architectures." -HOMEPAGE = "https://github.com/ivmai/libatomic_ops/" -SECTION = "optional" -PROVIDES += "libatomics-ops" -LICENSE = "GPL-2.0-only & MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://doc/LICENSING.txt;md5=e00dd5c8ac03a14c5ae5225a4525fa2d \ - " - -SRC_URI = "https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz" -UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases" - -SRC_URI[sha256sum] = "f0ab566e25fce08b560e1feab6a3db01db4a38e5bc687804334ef3920c549f3e" - -S = "${WORKDIR}/libatomic_ops-${PV}" - -ALLOW_EMPTY:${PN} = "1" - -inherit autotools pkgconfig - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb new file mode 100644 index 0000000000..fad92df507 --- /dev/null +++ b/poky/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb @@ -0,0 +1,22 @@ +SUMMARY = "A library for atomic integer operations" +DESCRIPTION = "Package provides semi-portable access to hardware-provided atomic memory update operations on a number of architectures." +HOMEPAGE = "https://github.com/ivmai/libatomic_ops/" +SECTION = "optional" +PROVIDES += "libatomics-ops" +LICENSE = "GPL-2.0-only & MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://doc/LICENSING.txt;md5=dfc50c7cea7b66935844587a0f7389e7 \ + " + +SRC_URI = "https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz" +UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases" + +SRC_URI[sha256sum] = "390f244d424714735b7050d056567615b3b8f29008a663c262fb548f1802d292" + +S = "${WORKDIR}/libatomic_ops-${PV}" + +ALLOW_EMPTY:${PN} = "1" + +inherit autotools pkgconfig + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch index 9884fb5641..3f4c7e57ae 100644 --- a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch +++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -1,4 +1,4 @@ -From fc60e000169618a4adced845b9462d36ced1efdd Mon Sep 17 00:00:00 2001 +From 1c234bc39446eb9b23896e85dd67b02976d46c3d Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Thu, 14 Oct 2021 15:57:36 +0800 Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl diff --git a/poky/meta/recipes-support/libcap/libcap_2.63.bb b/poky/meta/recipes-support/libcap/libcap_2.63.bb deleted file mode 100644 index 9e341c4bd0..0000000000 --- a/poky/meta/recipes-support/libcap/libcap_2.63.bb +++ /dev/null @@ -1,80 +0,0 @@ -SUMMARY = "Library for getting/setting POSIX.1e capabilities" -DESCRIPTION = "A library providing the API to access POSIX capabilities. \ -These allow giving various kinds of specific privileges to individual \ -users, without giving them full root permissions." -HOMEPAGE = "http://sites.google.com/site/fullycapable/" -# no specific GPL version required -LICENSE = "BSD-3-Clause | GPL-2.0-only" -LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=0ad4c9c052b9719ee4fce1bfc7c7dee4" -LIC_FILES_CHKSUM = "\ - file://License;md5=e2370ba375efe9e1a095c26d37e483b8 \ - ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \ -" - -DEPENDS = "hostperl-runtime-native gperf-native" - -SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ - file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ - file://0002-tests-do-not-run-target-executables.patch \ - " -SRC_URI:append:class-nativesdk = " \ - file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ - " -SRC_URI[sha256sum] = "0c637b8f44fc7d8627787e9cf57f15ac06c1ddccb53e41feec5496be3466f77f" - -UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" - -inherit lib_package - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG:class-native ??= "" - -PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" - -EXTRA_OEMAKE = " \ - INDENT= \ - lib='${baselib}' \ - RAISE_SETFCAP=no \ - DYNAMIC=yes \ - USE_GPERF=yes \ -" - -EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" - -do_compile() { - unset CFLAGS BUILD_CFLAGS - oe_runmake \ - ${PACKAGECONFIG_CONFARGS} \ - AR="${AR}" \ - CC="${CC}" \ - RANLIB="${RANLIB}" \ - OBJCOPY="${OBJCOPY}" \ - COPTS="${CFLAGS}" \ - BUILD_COPTS="${BUILD_CFLAGS}" -} - -do_install() { - oe_runmake install \ - ${PACKAGECONFIG_CONFARGS} \ - DESTDIR="${D}" \ - prefix="${prefix}" \ - SBINDIR="${sbindir}" -} - -do_install:append() { - # Move the library to base_libdir - install -d ${D}${base_libdir} - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mv ${D}${libdir}/libcap* ${D}${base_libdir} - if [ -d ${D}${libdir}/security ]; then - mv ${D}${libdir}/security ${D}${base_libdir} - fi - fi -} - -FILES:${PN}-dev += "${base_libdir}/*.so" - -# pam files -FILES:${PN} += "${base_libdir}/security/*.so" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/libcap/libcap_2.65.bb b/poky/meta/recipes-support/libcap/libcap_2.65.bb new file mode 100644 index 0000000000..8013d40769 --- /dev/null +++ b/poky/meta/recipes-support/libcap/libcap_2.65.bb @@ -0,0 +1,80 @@ +SUMMARY = "Library for getting/setting POSIX.1e capabilities" +DESCRIPTION = "A library providing the API to access POSIX capabilities. \ +These allow giving various kinds of specific privileges to individual \ +users, without giving them full root permissions." +HOMEPAGE = "http://sites.google.com/site/fullycapable/" +# no specific GPL version required +LICENSE = "BSD-3-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=0ad4c9c052b9719ee4fce1bfc7c7dee4" +LIC_FILES_CHKSUM = "\ + file://License;md5=e2370ba375efe9e1a095c26d37e483b8 \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \ +" + +DEPENDS = "hostperl-runtime-native gperf-native" + +SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ + file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ + file://0002-tests-do-not-run-target-executables.patch \ + " +SRC_URI:append:class-nativesdk = " \ + file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ + " +SRC_URI[sha256sum] = "73e350020cc31fe15360879d19384ffa3395a825f065fcf6bda3a5cdf965bebd" + +UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" + +inherit lib_package + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG:class-native ??= "" + +PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" + +EXTRA_OEMAKE = " \ + INDENT= \ + lib='${baselib}' \ + RAISE_SETFCAP=no \ + DYNAMIC=yes \ + USE_GPERF=yes \ +" + +EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" + +do_compile() { + unset CFLAGS BUILD_CFLAGS + oe_runmake \ + ${PACKAGECONFIG_CONFARGS} \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ + COPTS="${CFLAGS}" \ + BUILD_COPTS="${BUILD_CFLAGS}" +} + +do_install() { + oe_runmake install \ + ${PACKAGECONFIG_CONFARGS} \ + DESTDIR="${D}" \ + prefix="${prefix}" \ + SBINDIR="${sbindir}" +} + +do_install:append() { + # Move the library to base_libdir + install -d ${D}${base_libdir} + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mv ${D}${libdir}/libcap* ${D}${base_libdir} + if [ -d ${D}${libdir}/security ]; then + mv ${D}${libdir}/security ${D}${base_libdir} + fi + fi +} + +FILES:${PN}-dev += "${base_libdir}/*.so" + +# pam files +FILES:${PN} += "${base_libdir}/security/*.so" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/liburcu/liburcu_0.13.1.bb b/poky/meta/recipes-support/liburcu/liburcu_0.13.1.bb deleted file mode 100644 index 66763349d2..0000000000 --- a/poky/meta/recipes-support/liburcu/liburcu_0.13.1.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "Userspace RCU (read-copy-update) library" -DESCRIPTION = "A userspace RCU (read-copy-update) library. This data \ -synchronization library provides read-side access which scales linearly \ -with the number of cores. " -HOMEPAGE = "http://lttng.org/urcu" -BUGTRACKER = "http://lttng.org/project/issues" - -LICENSE = "LGPL-2.1-or-later & MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \ - file://include/urcu/urcu.h;beginline=4;endline=32;md5=4de0d68d3a997643715036d2209ae1d9 \ - file://include/urcu/uatomic/x86.h;beginline=4;endline=21;md5=58e50bbd8a2f073bb5500e6554af0d0b" - -SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2" - -SRC_URI[sha256sum] = "3213f33d2b8f710eb920eb1abb279ec04bf8ae6361f44f2513c28c20d3363083" - -S = "${WORKDIR}/userspace-rcu-${PV}" -inherit autotools multilib_header - -CPPFLAGS:append:riscv64 = " -pthread -D_REENTRANT" - -do_install:append() { - oe_multilib_header urcu/config.h -} diff --git a/poky/meta/recipes-support/liburcu/liburcu_0.13.2.bb b/poky/meta/recipes-support/liburcu/liburcu_0.13.2.bb new file mode 100644 index 0000000000..6ecf2e21c0 --- /dev/null +++ b/poky/meta/recipes-support/liburcu/liburcu_0.13.2.bb @@ -0,0 +1,24 @@ +SUMMARY = "Userspace RCU (read-copy-update) library" +DESCRIPTION = "A userspace RCU (read-copy-update) library. This data \ +synchronization library provides read-side access which scales linearly \ +with the number of cores. " +HOMEPAGE = "http://lttng.org/urcu" +BUGTRACKER = "http://lttng.org/project/issues" + +LICENSE = "LGPL-2.1-or-later & MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \ + file://include/urcu/urcu.h;beginline=4;endline=32;md5=4de0d68d3a997643715036d2209ae1d9 \ + file://include/urcu/uatomic/x86.h;beginline=4;endline=21;md5=58e50bbd8a2f073bb5500e6554af0d0b" + +SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2" + +SRC_URI[sha256sum] = "1213fd9f1b0b74da7de2bb74335b76098db9738fec5d3cdc07c0c524f34fc032" + +S = "${WORKDIR}/userspace-rcu-${PV}" +inherit autotools multilib_header + +CPPFLAGS:append:riscv64 = " -pthread -D_REENTRANT" + +do_install:append() { + oe_multilib_header urcu/config.h +} diff --git a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch deleted file mode 100644 index 5ac8f6691f..0000000000 --- a/poky/meta/recipes-support/lz4/files/CVE-2021-3520.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 -From: Jasper Lievisse Adriaanse -Date: Fri, 26 Feb 2021 15:21:20 +0100 -Subject: [PATCH] Fix potential memory corruption with negative memmove() size - -Upstream-Status: Backport -https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7 -CVE: CVE-2021-3520 -Signed-off-by: Armin Kuster - ---- - lib/lz4.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/lib/lz4.c -=================================================================== ---- git.orig/lib/lz4.c -+++ git/lib/lz4.c -@@ -1665,7 +1665,7 @@ LZ4_decompress_generic( - const size_t dictSize /* note : = 0 if noDict */ - ) - { -- if (src == NULL) { return -1; } -+ if ((src == NULL) || (outputSize < 0)) { return -1; } - - { const BYTE* ip = (const BYTE*) src; - const BYTE* const iend = ip + srcSize; diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb b/poky/meta/recipes-support/lz4/lz4_1.9.3.bb deleted file mode 100644 index 129a86b681..0000000000 --- a/poky/meta/recipes-support/lz4/lz4_1.9.3.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Extremely Fast Compression algorithm" -DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems." -HOMEPAGE = "https://github.com/lz4/lz4" - -LICENSE = "BSD-2-Clause | GPL-2.0-only" -LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \ - file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \ - " - -PE = "1" - -SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3" - -SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ - file://CVE-2021-3520.patch \ - " -UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" - -S = "${WORKDIR}/git" - -# Fixed in r118, which is larger than the current version. -CVE_CHECK_IGNORE += "CVE-2014-4715" - -EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" - -do_install() { - oe_runmake install -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.4.bb b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb new file mode 100644 index 0000000000..a2a178bab5 --- /dev/null +++ b/poky/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -0,0 +1,29 @@ +SUMMARY = "Extremely Fast Compression algorithm" +DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems." +HOMEPAGE = "https://github.com/lz4/lz4" + +LICENSE = "BSD-2-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \ + file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \ + " + +PE = "1" + +SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" + +SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" + +S = "${WORKDIR}/git" + +# Fixed in r118, which is larger than the current version. +CVE_CHECK_IGNORE += "CVE-2014-4715" + +EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" + +do_install() { + oe_runmake install +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb b/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb index 169cac8965..e6cc71a547 100644 --- a/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb +++ b/poky/meta/recipes-support/pinentry/pinentry_1.2.0.bb @@ -32,5 +32,8 @@ PACKAGECONFIG[secret] = "--enable-libsecret, --disable-libsecret, libsecret" EXTRA_OECONF = " \ --disable-rpath \ " +EXTRA_OECONF:append:libc-musl = " \ + ac_cv_should_define__xopen_source=yes \ +" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch b/poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch new file mode 100644 index 0000000000..9e8f039ef6 --- /dev/null +++ b/poky/meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch @@ -0,0 +1,26 @@ +From ec75530b8d8268cb07d8e476d79e1b0e59492fa2 Mon Sep 17 00:00:00 2001 +From: drh +Date: Thu, 18 Aug 2022 15:10:46 +0200 +Subject: [PATCH] sqlite: Increase the size of loop variables in the printf() implementation + +Increase the size of loop variables in the printf() implementation to avoid integer overflow on multi-gigabyte string arguments. CVE-2022-35737. + +This bug fix refers to: CVE-2022-35737 and it's a backport of a fix added in sqlite 3.39.2 (2022-07-21). + +Signed-off-by: Ghassane Ben El Aattar ghassaneb.aattar@huawei.com + +CVE: CVE-2022-35737 + +Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7] +--- + sqlite3.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index f867d62..490199a 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -30234,1 +30234,2 @@ static int vxprintf( +- int i, j, k, n, isnull; ++ i64 i, j, k, n; ++ int isnull; diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index d56a3a0209..628f630657 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.38.5.bb @@ -3,7 +3,9 @@ require sqlite3.inc LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" -SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \ + file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \ +" SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c" # -19242 is only an issue in specific development branch commits diff --git a/poky/meta/recipes-support/vim/files/crosscompile.patch b/poky/meta/recipes-support/vim/files/crosscompile.patch deleted file mode 100644 index 583d3fc7b0..0000000000 --- a/poky/meta/recipes-support/vim/files/crosscompile.patch +++ /dev/null @@ -1,51 +0,0 @@ -configure.ac: Fix create_timer solaris test for cross compiling - -A runtime test was added for create_timer however this meant cross compiling -would no longer work. Allow a cache value to be specified to allow cross -compiling again. - -Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org - -Upstream-Status: Submitted [https://github.com/vim/vim/pull/10777] - -Index: git/src/configure.ac -=================================================================== ---- git.orig/src/configure.ac -+++ git/src/configure.ac -@@ -3814,7 +3814,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( - dnl Check for timer_create. It probably requires the 'rt' library. - dnl Run the program to find out if timer_create(CLOCK_MONOTONIC) actually - dnl works, on Solaris timer_create() exists but fails at runtime. --AC_MSG_CHECKING([for timer_create]) -+AC_CACHE_CHECK([for timer_create], [vim_cv_timer_create], - save_LIBS="$LIBS" - LIBS="$LIBS -lrt" - AC_RUN_IFELSE([AC_LANG_PROGRAM([ -@@ -3831,7 +3831,7 @@ static void set_flag(union sigval sv) {} - if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) - exit(1); // cannot create a monotonic timer - ])], -- AC_MSG_RESULT(yes; with -lrt); AC_DEFINE(HAVE_TIMER_CREATE), -+ AC_MSG_NOTICE(timer_create with -lrt); vim_cv_timer_create=yes, - LIBS="$save_LIBS" - AC_RUN_IFELSE([AC_LANG_PROGRAM([ - #include -@@ -3847,8 +3847,16 @@ static void set_flag(union sigval sv) {} - if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0) - exit(1); // cannot create a monotonic timer - ])], -- AC_MSG_RESULT(yes); AC_DEFINE(HAVE_TIMER_CREATE), -- AC_MSG_RESULT(no))) -+ vim_cv_timer_create=yes, -+ vim_cv_timer_create=no), -+ AC_MSG_ERROR(cross-compiling: please set 'vim_cv_timer_create') -+ ) -+) -+ -+if test "x$vim_cv_timer_create" = "xyes" ; then -+ AC_DEFINE(HAVE_TIMER_CREATE) -+fi -+ - - AC_CACHE_CHECK([whether stat() ignores a trailing slash], [vim_cv_stat_ignores_slash], - [ diff --git a/poky/meta/recipes-support/vim/files/racefix.patch b/poky/meta/recipes-support/vim/files/racefix.patch deleted file mode 100644 index 34bd37d650..0000000000 --- a/poky/meta/recipes-support/vim/files/racefix.patch +++ /dev/null @@ -1,37 +0,0 @@ -po/Makefile: Avoid race over LINGUAS file - -The creation of the LINGUAS file is duplicated for each desktop file -which can lead the commands to race against each other. One target might -remove it before another has been able to use it. Rework the makefile to -avoid this as the expense of leaving the file on disk. - -Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org - -Upstream-Status: Submitted [https://github.com/vim/vim/pull/10776] - -Index: git/src/po/Makefile -=================================================================== ---- git.orig/src/po/Makefile -+++ git/src/po/Makefile -@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM - # Delete the temporary files - rm *.js - --vim.desktop: vim.desktop.in $(POFILES) -+LINGUAS: - echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS -+ -+vim.desktop: vim.desktop.in $(POFILES) LINGUAS - $(MSGFMT) --desktop -d . --template vim.desktop.in -o tmp_vim.desktop -- rm -f LINGUAS - if command -v desktop-file-validate; then desktop-file-validate tmp_vim.desktop; fi - mv tmp_vim.desktop vim.desktop - --gvim.desktop: gvim.desktop.in $(POFILES) -- echo $(LANGUAGES) | tr " " "\n" |sed -e '/\./d' | sort > LINGUAS -+gvim.desktop: gvim.desktop.in $(POFILES) LINGUAS - $(MSGFMT) --desktop -d . --template gvim.desktop.in -o tmp_gvim.desktop -- rm -f LINGUAS - if command -v desktop-file-validate; then desktop-file-validate tmp_gvim.desktop; fi - mv tmp_gvim.desktop gvim.desktop - diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc index 31229534e4..cbc370100b 100644 --- a/poky/meta/recipes-support/vim/vim.inc +++ b/poky/meta/recipes-support/vim/vim.inc @@ -18,12 +18,10 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ - file://racefix.patch \ - file://crosscompile.patch \ " -PV .= ".0063" -SRCREV = "d61efa50f8f5b9d9dcbc136705cc33874f0fdcb3" +PV .= ".0598" +SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/scripts/create-pull-request b/poky/scripts/create-pull-request index 8eefcf63a5..2f91a355b0 100755 --- a/poky/scripts/create-pull-request +++ b/poky/scripts/create-pull-request @@ -128,7 +128,7 @@ PROTO_RE="[a-z][a-z+]*://" GIT_RE="\(^\($PROTO_RE\)\?\)\($USER_RE@\)\?\([^:/]*\)[:/]\(.*\)" REMOTE_URL=${REMOTE_URL%.git} REMOTE_REPO=$(echo $REMOTE_URL | sed "s#$GIT_RE#\5#") -REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#git://\4/\5#") +REMOTE_URL=$(echo $REMOTE_URL | sed "s#$GIT_RE#https://\4/\5#") if [ -z "$BRANCH" ]; then BRANCH=$(git branch | grep -e "^\* " | cut -d' ' -f2) diff --git a/poky/scripts/devtool b/poky/scripts/devtool index af4811b922..20d785c7f7 100755 --- a/poky/scripts/devtool +++ b/poky/scripts/devtool @@ -104,6 +104,7 @@ def read_workspace(): for fn in glob.glob(os.path.join(config.workspace_path, 'appends', '*.bbappend')): with open(fn, 'r') as f: pnvalues = {} + pn = None for line in f: res = externalsrc_re.match(line.rstrip()) if res: @@ -123,6 +124,9 @@ def read_workspace(): elif line.startswith('# srctreebase: '): pnvalues['srctreebase'] = line.split(':', 1)[1].strip() if pnvalues: + if not pn: + raise DevtoolError("Found *.bbappend in %s, but could not determine EXTERNALSRC:pn-*. " + "Maybe still using old syntax?" % config.workspace_path) if not pnvalues.get('srctreebase', None): pnvalues['srctreebase'] = pnvalues['srctree'] logger.debug('Found recipe %s' % pnvalues) @@ -314,10 +318,10 @@ def main(): args = parser.parse_args(unparsed_args, namespace=global_args) - if not getattr(args, 'no_workspace', False): - read_workspace() - try: + if not getattr(args, 'no_workspace', False): + read_workspace() + ret = args.func(args, config, basepath, workspace) except DevtoolError as err: if str(err): diff --git a/poky/scripts/lib/devtool/upgrade.py b/poky/scripts/lib/devtool/upgrade.py index 0357ec07bf..39a1910a49 100644 --- a/poky/scripts/lib/devtool/upgrade.py +++ b/poky/scripts/lib/devtool/upgrade.py @@ -119,20 +119,19 @@ def _write_append(rc, srctree, same_dir, no_same_dir, rev, copied, workspace, d) f.write('# original_files: %s\n' % ' '.join(copied)) return af -def _cleanup_on_error(rf, srctree): - rfp = os.path.split(rf)[0] # recipe folder - rfpp = os.path.split(rfp)[0] # recipes folder - if os.path.exists(rfp): - shutil.rmtree(rfp) - if not len(os.listdir(rfpp)): - os.rmdir(rfpp) +def _cleanup_on_error(rd, srctree): + rdp = os.path.split(rd)[0] # recipes folder + if os.path.exists(rd): + shutil.rmtree(rd) + if not len(os.listdir(rdp)): + os.rmdir(rdp) srctree = os.path.abspath(srctree) if os.path.exists(srctree): shutil.rmtree(srctree) -def _upgrade_error(e, rf, srctree, keep_failure=False, extramsg=None): - if rf and not keep_failure: - _cleanup_on_error(rf, srctree) +def _upgrade_error(e, rd, srctree, keep_failure=False, extramsg=None): + if not keep_failure: + _cleanup_on_error(rd, srctree) logger.error(e) if extramsg: logger.error(extramsg) @@ -337,7 +336,10 @@ def _create_new_recipe(newpv, md5, sha256, srcrev, srcbranch, srcsubdir_old, src replacing = True new_src_uri = [] for entry in src_uri: - scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(entry) + try: + scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(entry) + except bb.fetch2.MalformedUrl as e: + raise DevtoolError("Could not decode SRC_URI: {}".format(e)) if replacing and scheme in ['git', 'gitsm']: branch = params.get('branch', 'master') if rd.expand(branch) != srcbranch: @@ -426,7 +428,7 @@ def _create_new_recipe(newpv, md5, sha256, srcrev, srcbranch, srcsubdir_old, src try: rd = tinfoil.parse_recipe_file(fullpath, False) except bb.tinfoil.TinfoilCommandFailed as e: - _upgrade_error(e, fullpath, srctree, keep_failure, 'Parsing of upgraded recipe failed') + _upgrade_error(e, os.path.dirname(fullpath), srctree, keep_failure, 'Parsing of upgraded recipe failed') oe.recipeutils.patch_recipe(rd, fullpath, newvalues) return fullpath, copied @@ -568,10 +570,9 @@ def upgrade(args, config, basepath, workspace): new_licenses = _extract_licenses(srctree_s, (rd.getVar('LIC_FILES_CHKSUM') or "")) license_diff = _generate_license_diff(old_licenses, new_licenses) rf, copied = _create_new_recipe(args.version, md5, sha256, args.srcrev, srcbranch, srcsubdir1, srcsubdir2, config.workspace_path, tinfoil, rd, license_diff, new_licenses, srctree, args.keep_failure) - except bb.process.CmdError as e: - _upgrade_error(e, rf, srctree, args.keep_failure) - except DevtoolError as e: - _upgrade_error(e, rf, srctree, args.keep_failure) + except (bb.process.CmdError, DevtoolError) as e: + recipedir = os.path.join(config.workspace_path, 'recipes', rd.getVar('BPN')) + _upgrade_error(e, recipedir, srctree, args.keep_failure) standard._add_md5(config, pn, os.path.dirname(rf)) af = _write_append(rf, srctree_s, args.same_dir, args.no_same_dir, rev2, diff --git a/poky/scripts/lib/wic/misc.py b/poky/scripts/lib/wic/misc.py index 3e11822996..a8aab6c524 100644 --- a/poky/scripts/lib/wic/misc.py +++ b/poky/scripts/lib/wic/misc.py @@ -140,11 +140,12 @@ def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""): cmd_and_args = pseudo + cmd_and_args hosttools_dir = get_bitbake_var("HOSTTOOLS_DIR") + target_sys = get_bitbake_var("TARGET_SYS") - native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin:%s/bin:%s" % \ + native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin:%s/usr/bin/%s:%s/bin:%s" % \ (native_sysroot, native_sysroot, - native_sysroot, native_sysroot, - hosttools_dir) + native_sysroot, native_sysroot, target_sys, + native_sysroot, hosttools_dir) native_cmd_and_args = "export PATH=%s:$PATH;%s" % \ (native_paths, cmd_and_args) diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py index 0391aebdc8..a65a5b9780 100644 --- a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py +++ b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py @@ -326,21 +326,20 @@ class BootimgEFIPlugin(SourcePlugin): exec_cmd(install_cmd) staging_dir_host = get_bitbake_var("STAGING_DIR_HOST") + target_sys = get_bitbake_var("TARGET_SYS") # https://www.freedesktop.org/software/systemd/man/systemd-stub.html - objcopy_cmd = "objcopy \ - --add-section .osrel=%s --change-section-vma .osrel=0x20000 \ - --add-section .cmdline=%s --change-section-vma .cmdline=0x30000 \ - --add-section .linux=%s --change-section-vma .linux=0x2000000 \ - --add-section .initrd=%s --change-section-vma .initrd=0x3000000 \ - %s %s" % \ - ("%s/usr/lib/os-release" % staging_dir_host, - cmdline.name, - "%s/%s" % (staging_kernel_dir, kernel), - initrd.name, - efi_stub, - "%s/EFI/Linux/linux.efi" % hdddir) - exec_cmd(objcopy_cmd) + objcopy_cmd = "%s-objcopy" % target_sys + objcopy_cmd += " --add-section .osrel=%s/usr/lib/os-release" % staging_dir_host + objcopy_cmd += " --change-section-vma .osrel=0x20000" + objcopy_cmd += " --add-section .cmdline=%s" % cmdline.name + objcopy_cmd += " --change-section-vma .cmdline=0x30000" + objcopy_cmd += " --add-section .linux=%s/%s" % (staging_kernel_dir, kernel) + objcopy_cmd += " --change-section-vma .linux=0x2000000" + objcopy_cmd += " --add-section .initrd=%s" % initrd.name + objcopy_cmd += " --change-section-vma .initrd=0x3000000" + objcopy_cmd += " %s %s/EFI/Linux/linux.efi" % (efi_stub, hdddir) + exec_native_cmd(objcopy_cmd, native_sysroot) else: install_cmd = "install -m 0644 %s/%s %s/%s" % \ (staging_kernel_dir, kernel, hdddir, kernel) diff --git a/poky/scripts/oe-setup-builddir b/poky/scripts/oe-setup-builddir index 54048e62ec..5d644168cb 100755 --- a/poky/scripts/oe-setup-builddir +++ b/poky/scripts/oe-setup-builddir @@ -74,9 +74,10 @@ fi if [ ! -r "$BUILDDIR/conf/local.conf" ]; then cat <= p_filesz): print("ERROR: could not relocate %s, interp size = %i and %i is needed." \ % (elf_file_name, p_memsz, len(new_dl_path) + 1)) - break + return False dl_path = new_dl_path + b("\0") * (p_filesz - len(new_dl_path)) f.seek(p_offset) f.write(dl_path) break + return True def change_dl_sysdirs(elf_file_name): if arch == 32: @@ -222,6 +223,7 @@ else: executables_list = sys.argv[3:] +errors = False for e in executables_list: perms = os.stat(e)[stat.ST_MODE] if os.access(e, os.W_OK|os.R_OK): @@ -247,7 +249,8 @@ for e in executables_list: arch = get_arch() if arch: parse_elf_header() - change_interpreter(e) + if not change_interpreter(e): + errors = True change_dl_sysdirs(e) """ change permissions back """ @@ -260,3 +263,6 @@ for e in executables_list: print("New file size for %s is different. Looks like a relocation error!", e) sys.exit(-1) +if errors: + print("Relocation of one or more executables failed.") + sys.exit(-1) diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu index 6e1f073ed2..1525081ad5 100755 --- a/poky/scripts/runqemu +++ b/poky/scripts/runqemu @@ -1375,7 +1375,7 @@ class BaseConfig(object): elif "-display sdl" in output: self.sdl = True else: - self.qemu_opt += '-display none' + self.qemu_opt += ' -display none' if self.sdl == True or self.gtk == True or self.egl_headless == True: @@ -1500,6 +1500,9 @@ class BaseConfig(object): cmd = "%s %s" % (self.qemu_opt, kernel_opts) cmds = shlex.split(cmd) logger.info('Running %s\n' % cmd) + with open('/proc/uptime', 'r') as f: + uptime_seconds = f.readline().split()[0] + logger.info('Host uptime: %s\n' % uptime_seconds) pass_fds = [] if self.taplock_descriptor: pass_fds = [self.taplock_descriptor.fileno()] @@ -1523,6 +1526,9 @@ class BaseConfig(object): signal.signal(signal.SIGTERM, signal.SIG_IGN) logger.info("Cleaning up") + with open('/proc/uptime', 'r') as f: + uptime_seconds = f.readline().split()[0] + logger.info('Host uptime: %s\n' % uptime_seconds) if self.cleantap: cmd = ('sudo', self.qemuifdown, self.tap, self.bindir_native) logger.debug('Running %s' % str(cmd)) diff --git a/poky/scripts/runqemu.README b/poky/scripts/runqemu.README index da9abd7dfb..e5f4b4634c 100644 --- a/poky/scripts/runqemu.README +++ b/poky/scripts/runqemu.README @@ -1,12 +1,12 @@ Using OE images with QEMU ========================= -OE-Core can generate qemu bootable kernels and images with can be used +OE-Core can generate qemu bootable kernels and images which can be used on a desktop system. The scripts currently support booting ARM, MIPS, PowerPC -and x86 (32 and 64 bit) images. The scripts can be used within the OE build -system or externaly. +and x86 (32 and 64 bit) images. The scripts can be used within the OE build +system or externally. -The runqemu script is run as: +The runqemu script is run as: runqemu @@ -15,13 +15,13 @@ where: is the machine/architecture to use (qemuarm/qemumips/qemuppc/qemux86/qemux86-64) is the path to a kernel (e.g. zimage-qemuarm.bin) is the path to an ext2 image (e.g. filesystem-qemuarm.ext2) or an nfs directory - -If isn't specified, the script will try to detect the machine name + +If isn't specified, the script will try to detect the machine name from the name of the file. If isn't specified, nfs booting will be assumed. -When used within the build system, it will default to qemuarm, ext2 and the last kernel and +When used within the build system, it will default to qemuarm, ext2 and the last kernel and core-image-sato-sdk image built by the build system. If an sdk image isn't present it will look for sato and minimal images. @@ -31,7 +31,7 @@ Full usage instructions can be seen by running the command with no options speci Notes ===== - - The scripts run qemu using sudo. Change perms on /dev/net/tun to + - The scripts run qemu using sudo. Change perms on /dev/net/tun to run as non root. The runqemu-gen-tapdevs script can also be used by root to prepopulate the appropriate network devices. - You can access the host computer at 192.168.7.1 within the image. -- cgit v1.2.3