From 1e488cdf844bf4aa82d3c90875a56fb35c7f210d Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Tue, 3 Oct 2023 09:44:52 -0500 Subject: subtree updates oct 3 2023 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit poky: fc25449687..a61e021c65: Alberto Planas (1): bitbake.conf: add unzstd in HOSTTOOLS Alejandro Hernandez Samaniego (2): baremetal-helloworld: Update SRCREV to fix entry addresses for ARM architectures baremetal-helloworld: Fix race condition Alex Kiernan (2): rootfs: Add debugfs package db file copy and cleanup rpm: Pick debugfs package db files/dirs explicitly Alexander Kanavin (35): maintaines.inc: unassign Richard Weinberger from erofs-utils entry maintainers.inc: unassign Andreas Müller from itstool entry maintainers.inc: unassign Pascal Bach from cmake entry maintainers.inc: correct unassigned entries maintainers.inc: correct Carlos Rafael Giani's email address apr: upgrade 1.7.3 -> 1.7.4 scripts/runqemu: split lock dir creation into a reusable function scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes qemu: a pending patch was submitted and accepted upstream maintainers.inc: unassign Adrian Bunk from wireless-regdb maintainers.inc: unassign Alistair Francis from opensbi maintainers.inc: unassign Chase Qi from libc-test maintainers.inc: unassign Oleksandr Kravchuk from python3 and all other items maintainers.inc: unassign Ricardo Neri from ovmf grub: submit determinism.patch upstream gawk: upgrade 5.2.1 -> 5.2.2 gnupg: upgrade 2.4.0 -> 2.4.2 libx11: upgrade 1.8.4 -> 1.8.5 linux-firmware: upgrade 20230404 -> 20230515 serf: upgrade 1.3.9 -> 1.3.10 wget: upgrade 1.21.3 -> 1.21.4 wireless-regdb: upgrade 2023.02.13 -> 2023.05.03 gdb: upgrade 13.1 -> 13.2 sysfsutils: fetch a supported fork from github diffutils: update 3.9 -> 3.10 libproxy: fetch from git cargo.bbclass: set up cargo environment in common do_compile rust-common.bbclass: move musl-specific linking fix from rust-source.inc Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock" ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE glibc-locale: use stricter matching for metapackages' runtime dependencies devtool/upgrade: raise an error if extracting source produces more than one directory curl: ensure all ptest failures are caught python3: upgrade 3.11.2 -> 3.11.3 python3: update 3.11.3 -> 3.11.4 Alexis Lothoré (2): scripts/resulttool: add mention about new detected tests oeqa/utils/gitarchive: fix tag computation when creating archive Andrej Valek (2): busybox: 1.36.0 -> 1.36.1 maintainers.inc: Modify email address Anuj Mittal (7): gstreamer1.0: upgrade 1.22.2 -> 1.22.3 selftest/cases/glibc.py: fix the override syntax glibc/check-test-wrapper: don't emit warnings from ssh selftest/cases/glibc.py: increase the memory for testing oeqa/utils/nfs: allow requesting non-udp ports selftest/cases/glibc.py: switch to using NFS over TCP gstreamer1.0: upgrade 1.22.4 -> 1.22.5 Archana Polampalli (3): qemu: fix CVE-2023-0330 bind: upgrade 9.18.15 -> 9.18.16 vim: upgrade 9.0.1592 -> 9.0.1664 BELOUARGA Mohamed (2): meta: lib: oe: npm_registry: Add more safe caracters linux-firmware : Add firmware of RTL8822 serie Benjamin Bouvier (1): util-linux: add alternative links for ipcs,ipcrm Bruce Ashfield (33): linux-yocto/6.1: update to v6.1.26 linux-yocto/6.1: update to v6.1.27 linux-yocto/6.1: update to v6.1.28 linux-yocto/6.1: update to v6.1.29 linux-yocto/6.1: update to v6.1.30 linux-yocto/6.1: update to v6.1.31 linux-yocto/6.1: update to v6.1.32 linux-yocto/5.15: update to v5.15.114 linux-yocto/5.15: update to v5.15.115 linux-yocto/5.15: update to v5.15.116 linux-yocto/5.15: update to v5.15.117 linux-yocto/5.15: update to v5.15.118 linux-yocto/5.15: cfg: fix DECNET configuration warning linux-yocto/6.1: update to v6.1.33 linux-yocto/6.1: fix intermittent x86 boot hangs linux-yocto/6.1: update to v6.1.34 linux-yocto/6.1: update to v6.1.35 linux-yocto/5.15: update to v5.15.119 linux-yocto/5.15: update to v5.15.120 linux-yocto/6.1: update to v6.1.36 linux-yocto/6.1: update to v6.1.37 linux-yocto/6.1: update to v6.1.38 linux-yocto/5.15: update to v5.15.122 linux-yocto/5.15: update to v5.15.123 linux-yocto/5.15: update to v5.15.124 linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity linux-yocto/6.1: update to v6.1.41 linux-yocto/6.1: update to v6.1.43 linux-yocto/6.1: update to v6.1.44 linux-yocto/6.1: update to v6.1.45 linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup linux-yocto/6.1: update to v6.1.46 linux-yocto/6.1: fix IRQ-80 warnings Changqing Li (4): systemd: fix a dead link under /var/log dnf: only write the log lock to root for native dnf rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock erofs-utils: fix CVE-2023-33551/CVE-2023-33552 Charlie Wu (1): devtool: Fix the wrong variable in srcuri_entry Chee Yang Lee (6): python3-requests: fix CVE-2023-32681 curl: fix CVE-2023-32001 ghostscript: fix CVE-2023-38559 librsvg: upgrade to 2.54.6 libssh2: fix CVE-2020-22218 python3: update to 3.11.5 Chen Qi (13): cmake.bbclass: do not search host paths for find_program() qemurunner.py: fix error message about qmp sdk.py: error out when moving file fails sdk.py: fix moving dnf contents rpm: write macros under libdir zip: fix configure check by using _Static_assert zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS unzip: fix configure check for cross compilation unzip: remove hardcoded LARGE_FILE_SUPPORT ncurses: fix CVE-2023-29491 cmake.bbclass: fix allarch override syntax multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation Daniel Semkowicz (1): dev-manual: wic.rst: Update native tools build command Deepthi Hemraj (2): glibc: stable 2.37 branch updates. binutils: stable 2.40 branch updates Denys Dmytriyenko (1): binutils: move packaging of gprofng static lib into common .inc Dmitry Baryshkov (3): openssl: fix building on riscv32 linux-firmware: package firmare for Dragonboard 410c linux-firmware: split platform-specific Adreno shaders to separate packages Ed Beroset (1): ref-manual: add clarification for SRCREV Enrico Scholz (1): shadow-sysroot: add license information Etienne Cordonnier (2): libxcrypt: fix hard-coded ".so" extension vim: update obsolete comment Fabien Mahot (2): useradd-example: package typo correction oeqa/selftest/bbtests: add non-existent prefile/postfile tests Frieder Paape (1): image_types: Fix reproducible builds for initramfs and UKI img Frieder Schrempf (1): psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox Hannu Lounento (1): profile-manual: fix blktrace remote usage instructions Ian Ray (1): systemd-systemctl: support instance expansion in WantedBy Jaeyoon Jung (1): cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig Jermain Horsman (1): logrotate: Do not create logrotate.status file Joe Slater (1): ghostscript: fix CVE-2023-36664 Joel Stanley (1): kernel: don't fail if Modules.symvers doesn't exist Jose Quaresma (8): kernel: config modules directories are handled by kernel-module-split kernel-module-split: install config modules directories only when they are needed kernel-module-split: use context manager to open files kernel-module-split: make autoload and probeconf distribution specific kernel-module-split add systemd modulesloaddir and modprobedir config openssl: add PERLEXTERNAL path to test its existence openssl: use a glob on the PERLEXTERNAL to track updates on the path go: update 1.20.5 -> 1.20.6 Julien Stephan (1): automake: fix buildtest patch Jörg Sommer (2): runqemu-gen-tapdevs: Refactoring runqemu-ifupdown/get-tapdevs: Add support for ip tuntap Kai Kang (4): pm-utils: fix multilib conflictions webkitgtk: 2.38.5 -> 2.38.6 webkitgtk: fix CVE-2023-32439 webkitgtk: fix CVE-2023-32435 Khem Raj (10): systemd: Drop a backport perf: Make built-in libtraceevent plugins cohabit with external libtraceevent glibc: Pass linker choice via compiler flags babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature parted: Add missing libuuid to linker cmdline for libparted-fs-resize.so rpcsvc-proto: Upgrade to 1.4.4 libxml2: Do not use lld linker when building with tests on rv64 python3-bcrypt: Use BFD linker when building tests meson.bbclass: Point to llvm-config from native sysroot build-sysroots: Add SUMMARY field Lee Chee Yang (7): migration-guides: add release notes for 4.0.10 migration-guides: add release notes for 4.0.11 migration-guides: add release notes for 4.2.2 migration-guides: add release notes for 4.2.3 migration-guides: add release notes for 4.0.12 bind: update to 9.18.19 ffmpeg: 5.1.2 -> 5.1.3 Marc Ferland (1): connman: fix warning by specifying runstatedir at configure time Marek Vasut (1): linux-firmware: Fix mediatek mt7601u firmware path Mark Hatle (1): tcf-agent: Update to 1.8.0 release Markus Niebel (1): wic: fix wrong attempt to create file system in upartitioned regions Markus Volk (3): ell: upgrade 0.56 -> 0.57 gtk4: upgrade 4.10.3 -> 4.10.4 gtk4: upgrade 4.10.4 -> 4.10.5 Martin Jansa (8): libx11: remove unused patch and FILESEXTRAPATHS qemu: remove unused qemu-7.0.0-glibc-2.36.patch minicom: remove unused patch files inetutils: remove unused patch files libgloss: remove unused patch file kmod: remove unused ptest.patch tcl: prevent installing another copy of tzdata gcc: backport a fix for ICE caused by CVE-2023-4039.patch Michael Halstead (4): resulttool/resultutils: allow index generation despite corrupt json yocto-uninative: Update hashes for uninative 4.1 yocto-uninative: Update to 4.2 for glibc 2.38 yocto-uninative: Update to 4.3 Michael Opdenacker (13): ref-manual: releases.svg: updates conf.py: add macro for Mitre CVE links ref-manual: LTS releases now supported for 4 years poky.conf: update SANITY_TESTED_DISTROS to match autobuilder scripts/create-pull-request: update URLs to git repositories ref-manual: system-requirements: update supported distros manuals: add new contributor guide dev-manual: disk-space: mention faster "find" command to trim sstate cache sdk-manual: extensible.rst: fix multiple formatting issues dev-manual: disk-space: improve wording for obsolete sstate cache files dev-manual: new-recipe.rst fix inconsistency with contributor guide contributor-guide: recipe-style-guide: add Upstream-Status dev-manual: licenses: mention SPDX for license compliance Mikko Rapeli (1): useradd-staticids.bbclass: improve error message Mingli Yu (5): curl: fix CVE-2023-28319 through CVE-2023-28322 python3-numpy: remove NPY_INLINE, use inline instead acpica: Update SRC_URI cups: Fix CVE-2023-34241 ruby: Fix CVE-2023-36617 Narpat Mali (5): python3-certifi: upgrade 2022.12.7 -> 2023.7.22 ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018 python3-git: upgrade 3.1.31 -> 3.1.32 python3-pygments: fix for CVE-2022-40896 python3-git: upgrade 3.1.32 -> 3.1.37 Natasha Bailey (1): tiff: backport a fix for CVE-2023-2731 Oleksandr Hnatiuk (2): file: return wrapper to fix builds when file is in buildtools-tarball file: fix the way path is written to environment-setup.d Ovidiu Panait (7): mdadm: fix util-linux ptest dependency mdadm: fix 07revert-inplace ptest mdadm: fix segfaults when running ptests mdadm: skip running known broken ptests mdadm: re-add mdadm-ptest to PTESTS_SLOW mdadm: add util-linux-blockdev ptest dependency mdadm: skip running 04update-uuid and 07revert-inplace testcases Peter Marko (7): cve-update-nvd2-native: fix cvssV3 metrics cve-update-nvd2-native: retry all errors and sleep between retries cve-update-nvd2-native: increase retry count libjpeg-turbo: patch CVE-2023-2804 python3: ignore CVE-2023-36632 libarchive: ignore CVE-2023-30571 openssl: Upgrade 3.1.1 -> 3.1.2 Peter Suti (1): externalsrc: fix dependency chain issues Poonam Jadhav (1): pixman: Remove duplication of license MIT Quentin Schulz (3): docs: bsp-guide: bsp: fix typo docs: ref-manual: terms: fix typos in SPDX term uboot-extlinux-config.bbclass: fix old override syntax in comment Randolph Sapp (6): weston-init: make sure the render group exists weston-init: add weston user to the render group weston-init: add the weston user to the wayland group weston-init: fix the mixed indentation weston-init: guard against systemd configs weston-init: add profile to point users to global socket Richard Purdie (24): selftest/license: Exclude from world layer.conf: Add missing dependency exclusion v86d: Improve kernel dependency strace: Disable failing test bitbake: runqueue: Fix deferred task/multiconfig race issue strace: Merge two similar patches strace: Update patches/tests with upstream fixes ptest-runner: Pull in sync fix to improve log warnings ptest-runner: Ensure data writes don't race ptest-runner: Pull in "runner: Remove threads and mutexes" fix gcc-testsuite: Fix ppc cpu specification ptest-runner: Pull in parallel test fixes and output handling glibc-testsuite: Fix network restrictions causing test failures oeqa/target/ssh: Ensure EAGAIN doesn't truncate output oeqa/runtime/ltp: Increase ltp test output timeout ltp: Add kernel loopback module dependency target/ssh: Ensure exit code set for commands oeqa/ssh: Further improve process exit handling pseudo: Fix to work with glibc 2.38 lib/package_manager: Improve repo artefact filtering gnupg: Fix reproducibility failure resulttool/report: Avoid divide by zero build-sysroots: Ensure dependency chains are minimal vim: Upgrade 9.0.1664 -> 9.0.1894 Riyaz Khan (1): openssh: Remove BSD-4-clause contents completely from codebase Roland Hieber (2): template: fix typo in section header ref-manual: point outdated link to the new location Ross Burton (24): ninja: ignore CVE-2021-4336, wrong ninja binutils: fix CVE-2023-1972 pkgconf: upgrade 1.9.4 -> 1.9.5 git: upgrade to 2.39.3 gobject-introspection: remove obsolete DEPENDS cve-update-nvd2-native: handle all configuration nodes, not just first cve-update-nvd2-native: use exact times, don't truncate cve-update-nvd2-native: log a little more cve-update-nvd2-native: actually use API keys tiff: upgrade to 4.5.1 gcc: don't pass --enable-standard-branch-protection machine/arch-arm64: add -mbranch-protection=standard pkgconf: update SRC_URI python3: fix missing comma in get_module_deps3.py oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case rootfs_rpm: don't depend on opkg-native for update-alternatives ltp: add RDEPENDS on findutils openssh: upgrade to 9.3p2 linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries linux/cve-exclusion: add generated CVE_CHECK_IGNOREs procps: backport fix for CVE-2023-4016 graphene: fix runtime detection of IEEE754 behaviour gcc: Fix -fstack-protector issue on aarch64 linux-yocto: update CVE exclusions Sakib Sajal (4): go: Upgrade 1.20.4 -> 1.20.5 bno_plot.py, btt_plot.py: Ask for python3 specifically go: fix CVE-2023-24531 go: upgrade 1.20.6 -> 1.20.7 Sanjana (1): binutils: Fix CVE-2023-39128 Sanjay Chitroda (2): cups: Fix CVE-2023-32324 curl: Add CVE-2023-28320 follow-up fix Siddharth (1): tiff: Security fix for CVE-2023-25434 and CVE-2023-26965 Siddharth Doshi (1): gdb: Fix CVE-2023-39128 Soumya (1): perl: Fix CVE-2023-31484 & CVE-2023-31486 Staffan Rydén (1): kernel: Fix path comparison in kernel staging dir symlinking Steve Sakoman (6): maintainers.inc: update version for gcc-source Revert "systemd: fix a dead link under /var/log" poky.conf: bump version for 4.2.2 release build-appliance-image: Update to mickledore head revision poky.conf: bump version for 4.2.3 release build-appliance-image: Update to mickledore head revision Stéphane Veyret (1): scripts/oe-setup-builddir: copy conf-notes.txt to build dir Sudip Mukherjee (2): dpkg: upgrade to v1.21.22 bind: upgrade to v9.18.17 Sundeep KOKKONDA (1): gcc : upgrade to v12.3 Thomas Roos (1): testimage/oeqa: Drop testimage_dump_host functionality Tim Orling (1): openssl: upgrade 3.1.0 -> 3.1.1 Tom Hochstein (1): weston: Cleanup and fix x11 and xwayland dependencies Trevor Gamblin (4): bind: upgrade 9.18.13 -> 9.18.14 glib-networking: use correct error code in ptest vim: upgrade 9.0.1527 -> 9.0.1592 linux-firmware: upgrade 20230515 -> 20230625 Wang Mingyu (24): babeltrace2: upgrade 2.0.4 -> 2.0.5 fribidi: upgrade 1.0.12 -> 1.0.13 libdnf: upgrade 0.70.0 -> 0.70.1 libmicrohttpd: upgrade 0.9.76 -> 0.9.77 libxft: upgrade 2.3.7 -> 2.3.8 libxpm: upgrade 3.5.15 -> 3.5.16 mobile-broadband-provider-info: upgrade 20221107 -> 20230416 bind: upgrade 9.18.14 -> 9.18.15 xdpyinfo: upgrade 1.3.3 -> 1.3.4 libxml2: upgrade 2.10.3 -> 2.10.4 freetype: upgrade 2.13.0 -> 2.13.1 gstreamer1.0: upgrade 1.22.3 -> 1.22.4 libassuan: upgrade 2.5.5 -> 2.5.6 libksba: upgrade 1.6.3 -> 1.6.4 libx11: upgrade 1.8.5 -> 1.8.6 lttng-ust: upgrade 2.13.5 -> 2.13.6 taglib: upgrade 1.13 -> 1.13.1 libwebp: upgrade 1.3.0 -> 1.3.1 libnss-nis: upgrade 3.1 -> 3.2 opkg: upgrade 0.6.1 -> 0.6.2 opkg-utils: upgrade 0.5.0 -> 0.6.2 file: upgrade 5.44 -> 5.45 tar: upgrade 1.34 -> 1.35 bind: upgrade 9.18.17 -> 9.18.18 Xiangyu Chen (1): dbus: upgrade 1.14.6 -> 1.14.8 Yash Shinde (1): glibc: fix CVE-2023-4527 Yi Zhao (1): ifupdown: install missing directories Yoann Congal (3): recipetool: Fix inherit in created -native* recipes oeqa/selftest/devtool: add unit test for "devtool add -b" dev-manual: remove unsupported :term: markup inside markup Yogita Urade (8): dmidecode: fix CVE-2023-30630 qemu: fix CVE-2023-3301 qemu: fix CVE-2023-3255 qemu: fix CVE-2023-2861 inetutils: fix CVE-2023-40303 nghttp2: fix CVE-2023-35945 dropbear: fix CVE-2023-36328 qemu: fix CVE-2023-3354 Yuta Hayama (1): systemd-systemctl: fix errors in instance name expansion nikhil (1): libwebp: Fix CVE-2023-1999 sanjana (2): binutils: stable 2.40 branch updates glibc: stable 2.37 branch updates meta-openembedded: 9286582126..922f41b39f: Armin Kuster (1): openldap: update to 2.5.16. Beniamin Sandu (1): lmsensors: do not pull in unneeded perl modules for run-time dependencies Changqing Li (2): redis: upgrade 6.2.12 -> 6.2.13 redis: upgrade 7.0.11 -> 7.0.12 Chee Yang Lee (2): rabbitmq-c: Fix CVE-2023-35789 c-ares: upgrade 1.19.0 -> 1.19.1 Chen Qi (3): redis: use the files path correctly grpc: fix CVE-2023-32732 grpc: fix CVE-2023-33953 Chris Dimich (1): image_types_sparse: Fix syntax error Hitendra Prajapati (4): wireshark: Fix CVE-2023-2855 & CVE-2023-2856 wireshark: Fix CVE-2023-2858 & CVE-2023-2879 wireshark: CVE-2023-2952 XRA dissector infinite loop wireshark: Fix Multiple CVEs Jasper Orschulko (1): yaml-cpp: Fix cmake export Joe Slater (3): libgpiod: modify test 'gpioset: toggle (continuous)' python3-sqlparse: fix CVE-2023-30608 libgpiod: modify RDEPENDS for ptest Khem Raj (2): fftw: Check for TOOLCHAIN_OPTIONS to be non-empty before sed ops system-config-printer: Delete __pycache__ files Lee Chee Yang (2): opensc: fix CVE-2023-2977 x11vnc: Fix CVE-2020-29074 Linus Jacobson (1): khronos-cts: Replace wayland feature dependancy with vulkan Martin Jansa (5): libiio: use main branch instead of master mongodb: enable hardware crc32 only with crc in TUNE_FEATURES khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python libcyusbserial: fix installed-vs-shipped QA issue with multilib tcpreplay: fix pcap detection with /usr/lib32 multilib Mingli Yu (6): dialog: Update the SRC_URI gnulib: Update SRC_URI yajl: Fix CVE-2023-33460 iniparser: Fix CVE-2023-33461 php: Upgrade to 8.2.8 mcelog: Drop unneeded autotools-brokensep Polampalli, Archana (6): tcpreplay: upgrade 4.4.3 -> 4.4.4 nodejs: upgrade 18.14.2 -> 18.16.1 yasm: fix CVE-2023-31975 nodejs: upgrade 18.16.1 -> 18.17.1 hwloc: fix CVE-2022-47022 python3-appdirs: print ptest results in unified format Ross Burton (5): glade: add autoconf-archive-native DEPENDS libgxim: add autoconf-archive-native DEPENDS libblockdev: clean up DEPENDS imsettings: add missing DEPENDS on autoconf-archive-native system-config-printer: clean up DEPENDS Sandeep Gundlupet Raju 837 (1): opencv: Revert fix runtime dependencies Sanjay Chitroda (1): netkit-telnet: Fix CVE-2022-39028 Soumya (1): yasm: fix CVE-2023-37732 Soumya Sambu (1): krb5: Fix CVE-2023-36054 Soumya via (1): opencv: Fix for CVE-2023-2617 Urade, Yogita t.mo (1): c-ares: fix CVE-2023-32067 Wang Mingyu (3): python3-django: upgrade 4.1.7 -> 4.2.1 iperf3: upgrade 3.13 -> 3.14 tcpdump: upgrade 4.99.3 -> 4.99.4 Xiangyu Chen (2): libbpf: installing uapi headers for native package meta-oe: add pahole to NON_MULTILIB_RECIPES Yi Zhao (4): frr: upgrade 8.4.2 -> 8.4.4 mbedtls: upgrade 2.28.2 -> 2.28.3 open-vm-tools: Security fix CVE-2023-20867 frr: Security fix CVE-2023-3748 Yogita Urade (1): poppler: fix CVE-2023-34872 meta-arm: 8db460fa5d..6e199b354e: Abdellatif El Khlifi (6): arm-bsp/documentation: corstone1000: Update change log arm-bsp/doc: corstone1000: Update the software architecture document arm-bsp/documentation: corstone1000: update the release note arm-bsp/documentation: corstone1000: update user guide kas: set the SHAs for 2023.06 release arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472 Adam Johnston (2): CI: Platform specific Trusted Services config arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP Anton Antonov (1): arm/oeqa: Make ts-service-test config match selected SPs Denys Dmytriyenko (1): optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y Emekcan Aras (7): arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure arm-bsp/u-boot: corstone1000: Enable EFI set/get time services arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test arm-bsp/trusted-services: corstone1000: Fix Capsule Update Gyorgy Szing (11): arm/trusted-services: update TS version optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot optee-os: Add support for TOS_FW_CONFIG on qemu arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu optee-test: backport SWd ABI compatibility changes optee-os: enable SPMC test arm/oeqa: enable OP-TEE SPMC tests trusted-services: update documentation arm/trusted-services: disable psa-iat on qemuarm64-secureboot arm/trusted-services: fix nanopb build error optee-os: unblock NWd interrupts Jon Mason (3): CI: remove master refspec for meta-virtualization yml file arm/linux-yocto: move 6.1 patches to a unique bbappend README: remove reference to meta-arm-autonomy Robbie Cao (1): arm/recipes-kernel: Add preempt-rt support for generic-arm64 Rui Miguel Silva (3): arm-bsp/trusted-services:corstone1000: remove already merged patches arm-bsp/trusted-services: remove merged patches for corstone1000 arm-bps/corstone1000: setup trusted service proxy configuration Tomás González (2): arm-bsp/documentation: corstone1000: Update the user guide arm-bsp/documentation: corstone1000: Update the release notes Change-Id: I19ad289a1580a28192b5c063d06553d4e171687b Signed-off-by: Andrew Geissler --- .../meta-oe/recipes-devtools/glade/glade_3.22.2.bb | 1 + ...mgr-EventEngine-Improve-server-handling-o.patch | 224 ++++++++++++++++ .../grpc/grpc/0001-fix-CVE-2023-32732.patch | 81 ++++++ .../meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb | 2 + .../nodejs/nodejs-oe-cache-18.14/oe-npm-cache | 77 ------ .../nodejs/nodejs-oe-cache-18.17/oe-npm-cache | 77 ++++++ .../nodejs/nodejs-oe-cache-native_18.14.bb | 21 -- .../nodejs/nodejs-oe-cache-native_18.17.bb | 21 ++ ...isable-running-gyp-files-for-bundled-deps.patch | 7 +- .../recipes-devtools/nodejs/nodejs_18.14.2.bb | 185 ------------- .../recipes-devtools/nodejs/nodejs_18.17.1.bb | 185 +++++++++++++ .../meta-oe/recipes-devtools/php/php_8.2.6.bb | 294 --------------------- .../meta-oe/recipes-devtools/php/php_8.2.8.bb | 294 +++++++++++++++++++++ .../yajl/yajl/CVE-2023-33460_1.patch | 43 +++ .../yajl/yajl/CVE-2023-33460_2.patch | 31 +++ .../meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 5 +- .../yasm/yasm/CVE-2023-31975.patch | 29 ++ .../yasm/yasm/CVE-2023-37732.patch | 41 +++ .../meta-oe/recipes-devtools/yasm/yasm_git.bb | 2 + 19 files changed, 1041 insertions(+), 579 deletions(-) create mode 100644 meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch delete mode 100755 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.14/oe-npm-cache create mode 100755 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.14.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.14.2.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.1.bb delete mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.6.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb create mode 100644 meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch create mode 100644 meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch (limited to 'meta-openembedded/meta-oe/recipes-devtools') diff --git a/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb index 6c1112038c..28b1279390 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/glade/glade_3.22.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aabe87591cb8ae0f3c68be6977bb5522 \ file://COPYING.LGPL;md5=252890d9eee26aab7b432e8b8a616475" DEPENDS = "gtk+3 glib-2.0 libxml2 intltool-native \ gnome-common-native \ + autoconf-archive-native \ " inherit features_check autotools pkgconfig gnomebase gobject-introspection mime-xdg diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch new file mode 100644 index 0000000000..4488df172f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch @@ -0,0 +1,224 @@ +From b3c105c59dfb7d932b36b0d9ac7ab62875ab23e8 Mon Sep 17 00:00:00 2001 +From: AJ Heller +Date: Wed, 12 Jul 2023 18:42:09 -0700 +Subject: [PATCH] [backport][iomgr][EventEngine] Improve server handling of + file descriptor exhaustion (#33672) + +Backport of #33656 + +CVE: CVE-2023-33953 + +Upstream-Status: Backport [1e86ca5834b94cae7d5e6d219056c0fc895cf95d] +The patch is backported with tweaks to fit 1.50.1. + +Signed-off-by: Chen Qi +--- + .../event_engine/posix_engine/posix_engine.h | 1 + + src/core/lib/iomgr/tcp_server_posix.cc | 51 ++++++++++++++----- + src/core/lib/iomgr/tcp_server_utils_posix.h | 14 ++++- + .../iomgr/tcp_server_utils_posix_common.cc | 22 ++++++++ + 4 files changed, 73 insertions(+), 15 deletions(-) + +diff --git a/src/core/lib/event_engine/posix_engine/posix_engine.h b/src/core/lib/event_engine/posix_engine/posix_engine.h +index eac6dfb4c5..866c04bcfa 100644 +--- a/src/core/lib/event_engine/posix_engine/posix_engine.h ++++ b/src/core/lib/event_engine/posix_engine/posix_engine.h +@@ -97,6 +97,7 @@ class PosixEventEngine final : public EventEngine { + const DNSResolver::ResolverOptions& options) override; + void Run(Closure* closure) override; + void Run(absl::AnyInvocable closure) override; ++ // Caution!! The timer implementation cannot create any fds. See #20418. + TaskHandle RunAfter(Duration when, Closure* closure) override; + TaskHandle RunAfter(Duration when, + absl::AnyInvocable closure) override; +diff --git a/src/core/lib/iomgr/tcp_server_posix.cc b/src/core/lib/iomgr/tcp_server_posix.cc +index d43113fb03..32be997cff 100644 +--- a/src/core/lib/iomgr/tcp_server_posix.cc ++++ b/src/core/lib/iomgr/tcp_server_posix.cc +@@ -16,13 +16,17 @@ + * + */ + +-/* FIXME: "posix" files shouldn't be depending on _GNU_SOURCE */ ++#include ++ ++#include ++ ++#include ++ ++// FIXME: "posix" files shouldn't be depending on _GNU_SOURCE + #ifndef _GNU_SOURCE + #define _GNU_SOURCE + #endif + +-#include +- + #include "src/core/lib/iomgr/port.h" + + #ifdef GRPC_POSIX_SOCKET_TCP_SERVER +@@ -44,6 +48,7 @@ + #include "absl/strings/str_format.h" + + #include ++#include + #include + #include + #include +@@ -63,6 +68,8 @@ + #include "src/core/lib/resource_quota/api.h" + + static std::atomic num_dropped_connections{0}; ++static constexpr grpc_core::Duration kRetryAcceptWaitTime{ ++ grpc_core::Duration::Seconds(1)}; + + using ::grpc_event_engine::experimental::EndpointConfig; + +@@ -195,21 +202,35 @@ static void on_read(void* arg, grpc_error_handle err) { + if (fd < 0) { + if (errno == EINTR) { + continue; +- } else if (errno == EAGAIN || errno == ECONNABORTED || +- errno == EWOULDBLOCK) { ++ } ++ // When the process runs out of fds, accept4() returns EMFILE. When this ++ // happens, the connection is left in the accept queue until either a ++ // read event triggers the on_read callback, or time has passed and the ++ // accept should be re-tried regardless. This callback is not cancelled, ++ // so a spurious wakeup may occur even when there's nothing to accept. ++ // This is not a performant code path, but if an fd limit has been ++ // reached, the system is likely in an unhappy state regardless. ++ if (errno == EMFILE) { + grpc_fd_notify_on_read(sp->emfd, &sp->read_closure); ++ if (gpr_atm_full_xchg(&sp->retry_timer_armed, true)) return; ++ grpc_timer_init(&sp->retry_timer, ++ grpc_core::Timestamp::Now() + kRetryAcceptWaitTime, ++ &sp->retry_closure); + return; ++ } ++ if (errno == EAGAIN || errno == ECONNABORTED || errno == EWOULDBLOCK) { ++ grpc_fd_notify_on_read(sp->emfd, &sp->read_closure); ++ return; ++ } ++ gpr_mu_lock(&sp->server->mu); ++ if (!sp->server->shutdown_listeners) { ++ gpr_log(GPR_ERROR, "Failed accept4: %s", strerror(errno)); + } else { +- gpr_mu_lock(&sp->server->mu); +- if (!sp->server->shutdown_listeners) { +- gpr_log(GPR_ERROR, "Failed accept4: %s", strerror(errno)); +- } else { +- /* if we have shutdown listeners, accept4 could fail, and we +- needn't notify users */ +- } +- gpr_mu_unlock(&sp->server->mu); +- goto error; ++ // if we have shutdown listeners, accept4 could fail, and we ++ // needn't notify users + } ++ gpr_mu_unlock(&sp->server->mu); ++ goto error; + } + + if (sp->server->memory_quota->IsMemoryPressureHigh()) { +@@ -403,6 +424,7 @@ static grpc_error_handle clone_port(grpc_tcp_listener* listener, + sp->port_index = listener->port_index; + sp->fd_index = listener->fd_index + count - i; + GPR_ASSERT(sp->emfd); ++ grpc_tcp_server_listener_initialize_retry_timer(sp); + while (listener->server->tail->next != nullptr) { + listener->server->tail = listener->server->tail->next; + } +@@ -575,6 +597,7 @@ static void tcp_server_shutdown_listeners(grpc_tcp_server* s) { + if (s->active_ports) { + grpc_tcp_listener* sp; + for (sp = s->head; sp; sp = sp->next) { ++ grpc_timer_cancel(&sp->retry_timer); + grpc_fd_shutdown(sp->emfd, + GRPC_ERROR_CREATE_FROM_STATIC_STRING("Server shutdown")); + } +diff --git a/src/core/lib/iomgr/tcp_server_utils_posix.h b/src/core/lib/iomgr/tcp_server_utils_posix.h +index 94faa2c17e..2e78ce555f 100644 +--- a/src/core/lib/iomgr/tcp_server_utils_posix.h ++++ b/src/core/lib/iomgr/tcp_server_utils_posix.h +@@ -25,6 +25,7 @@ + #include "src/core/lib/iomgr/resolve_address.h" + #include "src/core/lib/iomgr/socket_utils_posix.h" + #include "src/core/lib/iomgr/tcp_server.h" ++#include "src/core/lib/iomgr/timer.h" + #include "src/core/lib/resource_quota/memory_quota.h" + + /* one listening port */ +@@ -47,6 +48,11 @@ typedef struct grpc_tcp_listener { + identified while iterating through 'next'. */ + struct grpc_tcp_listener* sibling; + int is_sibling; ++ // If an accept4() call fails, a timer is started to drain the accept queue in ++ // case no further connection attempts reach the gRPC server. ++ grpc_closure retry_closure; ++ grpc_timer retry_timer; ++ gpr_atm retry_timer_armed; + } grpc_tcp_listener; + + /* the overall server */ +@@ -126,4 +132,10 @@ grpc_error_handle grpc_tcp_server_prepare_socket( + /* Ruturn true if the platform supports ifaddrs */ + bool grpc_tcp_server_have_ifaddrs(void); + +-#endif /* GRPC_CORE_LIB_IOMGR_TCP_SERVER_UTILS_POSIX_H */ ++// Initialize (but don't start) the timer and callback to retry accept4() on a ++// listening socket after file descriptors have been exhausted. This must be ++// called when creating a new listener. ++void grpc_tcp_server_listener_initialize_retry_timer( ++ grpc_tcp_listener* listener); ++ ++#endif // GRPC_SRC_CORE_LIB_IOMGR_TCP_SERVER_UTILS_POSIX_H +diff --git a/src/core/lib/iomgr/tcp_server_utils_posix_common.cc b/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +index 73a6b943ec..0e671c6485 100644 +--- a/src/core/lib/iomgr/tcp_server_utils_posix_common.cc ++++ b/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +@@ -18,6 +18,8 @@ + + #include + ++#include ++ + #include "src/core/lib/iomgr/port.h" + + #ifdef GRPC_POSIX_SOCKET_TCP_SERVER_UTILS_COMMON +@@ -80,6 +82,24 @@ static int get_max_accept_queue_size(void) { + return s_max_accept_queue_size; + } + ++static void listener_retry_timer_cb(void* arg, grpc_error_handle err) { ++ // Do nothing if cancelled. ++ if (!err.ok()) return; ++ grpc_tcp_listener* listener = static_cast(arg); ++ gpr_atm_no_barrier_store(&listener->retry_timer_armed, false); ++ if (!grpc_fd_is_shutdown(listener->emfd)) { ++ grpc_fd_set_readable(listener->emfd); ++ } ++} ++ ++void grpc_tcp_server_listener_initialize_retry_timer( ++ grpc_tcp_listener* listener) { ++ gpr_atm_no_barrier_store(&listener->retry_timer_armed, false); ++ grpc_timer_init_unset(&listener->retry_timer); ++ GRPC_CLOSURE_INIT(&listener->retry_closure, listener_retry_timer_cb, listener, ++ grpc_schedule_on_exec_ctx); ++} ++ + static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd, + const grpc_resolved_address* addr, + unsigned port_index, +@@ -112,6 +132,8 @@ static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd, + sp->server = s; + sp->fd = fd; + sp->emfd = grpc_fd_create(fd, name.c_str(), true); ++ grpc_tcp_server_listener_initialize_retry_timer(sp); ++ + memcpy(&sp->addr, addr, sizeof(grpc_resolved_address)); + sp->port = port; + sp->port_index = port_index; +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch new file mode 100644 index 0000000000..ab46897b12 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch @@ -0,0 +1,81 @@ +From d39489045b5aa73e27713e3cbacb8832c1140ec8 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 9 Aug 2023 13:33:45 +0800 +Subject: [PATCH] fix CVE-2023-32732 + +CVE: CVE-2023-32732 + +Upstream-Status: Backport [https://github.com/grpc/grpc/pull/32309/commits/6a7850ef4f042ac26559854266dddc79bfbc75b2] +The original patch is adjusted to fit the current 1.50.1 version. + +Signed-off-by: Chen Qi +--- + .../ext/transport/chttp2/transport/hpack_parser.cc | 10 +++++++--- + src/core/ext/transport/chttp2/transport/internal.h | 2 -- + src/core/ext/transport/chttp2/transport/parsing.cc | 6 ++---- + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc +index f2e49022dc3..cd459d15238 100644 +--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc ++++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc +@@ -1211,12 +1211,16 @@ class HPackParser::Parser { + "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this limit.", + *frame_length_, metadata_size_limit_); + if (metadata_buffer_ != nullptr) metadata_buffer_->Clear(); ++ // StreamId is used as a signal to skip this stream but keep the connection ++ // alive + return input_->MaybeSetErrorAndReturn( + [] { + return grpc_error_set_int( +- GRPC_ERROR_CREATE_FROM_STATIC_STRING( +- "received initial metadata size exceeds limit"), +- GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED); ++ grpc_error_set_int( ++ GRPC_ERROR_CREATE_FROM_STATIC_STRING( ++ "received initial metadata size exceeds limit"), ++ GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED), ++ GRPC_ERROR_INT_STREAM_ID, 0); + }, + false); + } +diff --git a/src/core/ext/transport/chttp2/transport/internal.h b/src/core/ext/transport/chttp2/transport/internal.h +index 4a2f4261d83..f8b544d9583 100644 +--- a/src/core/ext/transport/chttp2/transport/internal.h ++++ b/src/core/ext/transport/chttp2/transport/internal.h +@@ -542,8 +542,6 @@ struct grpc_chttp2_stream { + + grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture(); + +- /** saw some stream level error */ +- grpc_error_handle forced_close_error = GRPC_ERROR_NONE; + /** how many header frames have we received? */ + uint8_t header_frames_received = 0; + /** number of bytes received - reset at end of parse thread execution */ +diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc b/src/core/ext/transport/chttp2/transport/parsing.cc +index 980f13543f6..afe6da190b6 100644 +--- a/src/core/ext/transport/chttp2/transport/parsing.cc ++++ b/src/core/ext/transport/chttp2/transport/parsing.cc +@@ -22,6 +22,7 @@ + #include + + #include ++#include + + #include "absl/base/attributes.h" + #include "absl/status/status.h" +@@ -719,10 +720,7 @@ static grpc_error_handle parse_frame_slice(grpc_chttp2_transport* t, + } + grpc_chttp2_parsing_become_skip_parser(t); + if (s) { +- s->forced_close_error = err; +- grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id, +- GRPC_HTTP2_PROTOCOL_ERROR, +- &s->stats.outgoing); ++ grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus())); + } else { + GRPC_ERROR_UNREF(err); + } +-- +2.34.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb index 7b8a25c277..3cfd0210db 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb @@ -26,6 +26,8 @@ SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BR file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ file://0001-cmake-add-separate-export-for-plugin-targets.patch \ file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ + file://0001-fix-CVE-2023-32732.patch \ + file://0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch \ " # Fixes build with older compilers 4.8 especially on ubuntu 14.04 CXXFLAGS:append:class-native = " -Wl,--no-as-needed" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.14/oe-npm-cache deleted file mode 100755 index f596207648..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.14/oe-npm-cache +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/env node - -/// Usage: oe-npm-cache -/// ... meta - metainformation about package -/// tgz - tarball - -const process = require("node:process"); - -module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); - -const cacache = require('cacache') -const fs = require('fs') - -// argv[0] is 'node', argv[1] is this script -const cache_dir = process.argv[2] -const type = process.argv[3] -const key = process.argv[4] -const file = process.argv[5] - -const data = fs.readFileSync(file) - -// metadata content is highly nodejs dependent; when cache entries are not -// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' -// (CachePolicy::satisfies()) -const xlate = { - 'meta': { - 'key_prefix': 'make-fetch-happen:request-cache:', - 'metadata': function() { - return { - time: Date.now(), - url: key, - reqHeaders: { - 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', - }, - resHeaders: { - "content-type": "application/json", - "status": 200, - }, - options: { - compress: true, - } - }; - }, - }, - - 'tgz': { - 'key_prefix': 'make-fetch-happen:request-cache:', - 'metadata': function() { - return { - time: Date.now(), - url: key, - reqHeaders: { - 'accept': '*/*', - }, - resHeaders: { - "content-type": "application/octet-stream", - "status": 200, - }, - options: { - compress: true, - }, - }; - }, - }, -}; - -const info = xlate[type]; -let opts = {} - -if (info.metadata) { - opts['metadata'] = info.metadata(); -} - -cacache.put(cache_dir, info.key_prefix + key, data, opts) - .then(integrity => { - console.log(`Saved content of ${key} (${file}).`); -}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache new file mode 100755 index 0000000000..f596207648 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-18.17/oe-npm-cache @@ -0,0 +1,77 @@ +#!/usr/bin/env node + +/// Usage: oe-npm-cache +/// ... meta - metainformation about package +/// tgz - tarball + +const process = require("node:process"); + +module.paths.unshift("@@libdir@@/node_modules/npm/node_modules"); + +const cacache = require('cacache') +const fs = require('fs') + +// argv[0] is 'node', argv[1] is this script +const cache_dir = process.argv[2] +const type = process.argv[3] +const key = process.argv[4] +const file = process.argv[5] + +const data = fs.readFileSync(file) + +// metadata content is highly nodejs dependent; when cache entries are not +// found, place debug statements in 'make-fetch-happen/lib/cache/policy.js' +// (CachePolicy::satisfies()) +const xlate = { + 'meta': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': 'application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*', + }, + resHeaders: { + "content-type": "application/json", + "status": 200, + }, + options: { + compress: true, + } + }; + }, + }, + + 'tgz': { + 'key_prefix': 'make-fetch-happen:request-cache:', + 'metadata': function() { + return { + time: Date.now(), + url: key, + reqHeaders: { + 'accept': '*/*', + }, + resHeaders: { + "content-type": "application/octet-stream", + "status": 200, + }, + options: { + compress: true, + }, + }; + }, + }, +}; + +const info = xlate[type]; +let opts = {} + +if (info.metadata) { + opts['metadata'] = info.metadata(); +} + +cacache.put(cache_dir, info.key_prefix + key, data, opts) + .then(integrity => { + console.log(`Saved content of ${key} (${file}).`); +}) diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.14.bb deleted file mode 100644 index a61dd5018f..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.14.bb +++ /dev/null @@ -1,21 +0,0 @@ -DESCRIPTION = "OE helper for manipulating npm cache" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" - -SRC_URI = "\ - file://oe-npm-cache \ -" - -inherit native - -B = "${WORKDIR}/build" - -do_configure() { - sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' -} - -do_install() { - install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache -} - -RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb new file mode 100644 index 0000000000..a61dd5018f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_18.17.bb @@ -0,0 +1,21 @@ +DESCRIPTION = "OE helper for manipulating npm cache" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +SRC_URI = "\ + file://oe-npm-cache \ +" + +inherit native + +B = "${WORKDIR}/build" + +do_configure() { + sed -e 's!@@libdir@@!${libdir}!g' < '${WORKDIR}/oe-npm-cache' > '${B}/oe-npm-cache' +} + +do_install() { + install -D -p -m 0755 ${B}/oe-npm-cache ${D}${bindir}/oe-npm-cache +} + +RDEPENDS:${PN} = "nodejs-native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch index 356c98d176..059b5cc070 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch @@ -29,10 +29,13 @@ python prune_sources() { } do_unpack[postfuncs] += "prune_sources" +Signed-off-by: Archana Polampalli --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/Makefile b/Makefile +index 0be0659d..3c442014 100644 --- a/Makefile +++ b/Makefile @@ -169,7 +169,7 @@ with-code-cache test-code-cache: @@ -41,6 +44,8 @@ do_unpack[postfuncs] += "prune_sources" out/Makefile: config.gypi common.gypi node.gyp \ - deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ + deps/llhttp/llhttp.gyp \ - deps/simdutf/simdutf.gyp \ + deps/simdutf/simdutf.gyp deps/ada/ada.gyp \ tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.14.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.14.2.bb deleted file mode 100644 index 19df7d542a..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.14.2.bb +++ /dev/null @@ -1,185 +0,0 @@ -DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" -HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2dff1ccca11e333f1388e34f7e2d1de3" - -CVE_PRODUCT = "nodejs node.js" - -DEPENDS = "openssl file-replacement-native" -DEPENDS:append:class-target = " qemu-native" -DEPENDS:append:class-native = " c-ares-native" - -inherit pkgconfig python3native qemu ptest - -COMPATIBLE_MACHINE:armv4 = "(!.*armv4).*" -COMPATIBLE_MACHINE:armv5 = "(!.*armv5).*" -COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*" - -COMPATIBLE_HOST:riscv64 = "null" -COMPATIBLE_HOST:riscv32 = "null" -COMPATIBLE_HOST:powerpc = "null" - -SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ - file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://big-endian.patch \ - file://mips-less-memory.patch \ - file://system-c-ares.patch \ - file://0001-liftoff-Correct-function-signatures.patch \ - file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ - file://run-ptest \ - " - -SRC_URI:append:class-target = " \ - file://0001-Using-native-binaries.patch \ - " -SRC_URI:append:toolchain-clang:x86 = " \ - file://libatomic.patch \ - " -SRC_URI:append:toolchain-clang:powerpc64le = " \ - file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ - " -SRC_URI[sha256sum] = "fbc364dd25fee2cacc0f2033db2d86115fc07575310ea0e64408b8170d09c685" - -S = "${WORKDIR}/node-v${PV}" - -# v8 errors out if you have set CCACHE -CCACHE = "" - -def map_nodejs_arch(a, d): - import re - - if re.match('i.86$', a): return 'ia32' - elif re.match('x86_64$', a): return 'x64' - elif re.match('aarch64$', a): return 'arm64' - elif re.match('(powerpc64|powerpc64le|ppc64le)$', a): return 'ppc64' - elif re.match('powerpc$', a): return 'ppc' - return a - -ARCHFLAGS:arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ - ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ - bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ - '--with-arm-fpu=vfp', d), d), d)}" -ARCHFLAGS:append:mips = " --v8-lite-mode" -ARCHFLAGS:append:mipsel = " --v8-lite-mode" -ARCHFLAGS ?= "" - -PACKAGECONFIG ??= "ares brotli icu zlib" - -PACKAGECONFIG[ares] = "--shared-cares,,c-ares" -PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" -PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" -PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" -PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" -PACKAGECONFIG[shared] = "--shared" -PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" - -# We don't want to cross-compile during target compile, -# and we need to use the right flags during host compile, -# too. -EXTRA_OEMAKE = "\ - CC.host='${CC}' \ - CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ - CXX.host='${CXX}' \ - CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ - LDFLAGS.host='${LDFLAGS}' \ - AR.host='${AR}' \ - \ - builddir_name=./ \ -" - -EXTRANATIVEPATH += "file-native" - -python prune_sources() { - import shutil - - shutil.rmtree(d.getVar('S') + '/deps/openssl') - if 'ares' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/cares') - if 'brotli' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/brotli') - if 'libuv' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/uv') - if 'nghttp2' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/nghttp2') - if 'zlib' in d.getVar('PACKAGECONFIG'): - shutil.rmtree(d.getVar('S') + '/deps/zlib') -} -do_unpack[postfuncs] += "prune_sources" - -# V8's JIT infrastructure requires binaries such as mksnapshot and -# mkpeephole to be run in the host during the build. However, these -# binaries must have the same bit-width as the target (e.g. a x86_64 -# host targeting ARMv6 needs to produce a 32-bit binary). Instead of -# depending on a third Yocto toolchain, we just build those binaries -# for the target and run them on the host with QEMU. -python do_create_v8_qemu_wrapper () { - """Creates a small wrapper that invokes QEMU to run some target V8 binaries - on the host.""" - qemu_libdirs = [d.expand('${STAGING_DIR_HOST}${libdir}'), - d.expand('${STAGING_DIR_HOST}${base_libdir}')] - qemu_cmd = qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), - qemu_libdirs) - wrapper_path = d.expand('${B}/v8-qemu-wrapper.sh') - with open(wrapper_path, 'w') as wrapper_file: - wrapper_file.write("""#!/bin/sh - -# This file has been generated automatically. -# It invokes QEMU to run binaries built for the target in the host during the -# build process. - -%s "$@" -""" % qemu_cmd) - os.chmod(wrapper_path, 0o755) -} - -do_create_v8_qemu_wrapper[dirs] = "${B}" -addtask create_v8_qemu_wrapper after do_configure before do_compile - -LDFLAGS:append:x86 = " -latomic" - -CROSS_FLAGS = "--cross-compiling" -CROSS_FLAGS:class-native = "--no-cross-compiling" - -# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi -do_configure () { - GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES - # $TARGET_ARCH settings don't match --dest-cpu settings - python3 configure.py --verbose --prefix=${prefix} \ - --shared-openssl \ - --without-dtrace \ - --without-etw \ - --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ - --dest-os=linux \ - --libdir=${baselib} \ - ${CROSS_FLAGS} \ - ${ARCHFLAGS} \ - ${PACKAGECONFIG_CONFARGS} -} - -do_compile () { - install -D ${RECIPE_SYSROOT_NATIVE}/etc/ssl/openssl.cnf ${B}/deps/openssl/nodejs-openssl.cnf - install -D ${B}/v8-qemu-wrapper.sh ${B}/out/Release/v8-qemu-wrapper.sh - oe_runmake BUILDTYPE=Release -} - -do_install () { - oe_runmake install DESTDIR=${D} -} - -do_install_ptest () { - cp -r ${B}/out/Release/cctest ${D}${PTEST_PATH}/ - cp -r ${B}/test ${D}${PTEST_PATH} - chown -R root:root ${D}${PTEST_PATH} -} - -PACKAGES =+ "${PN}-npm" -FILES:${PN}-npm = "${nonarch_libdir}/node_modules ${bindir}/npm ${bindir}/npx ${bindir}/corepack" -RDEPENDS:${PN}-npm = "bash python3-core python3-shell python3-datetime \ - python3-misc python3-multiprocessing" - -PACKAGES =+ "${PN}-systemtap" -FILES:${PN}-systemtap = "${datadir}/systemtap" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.1.bb new file mode 100644 index 0000000000..402cf56717 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_18.17.1.bb @@ -0,0 +1,185 @@ +DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" +HOMEPAGE = "http://nodejs.org" +LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bc1f9ebe76be76f163e3b675303ad9cd" + +CVE_PRODUCT = "nodejs node.js" + +DEPENDS = "openssl file-replacement-native" +DEPENDS:append:class-target = " qemu-native" +DEPENDS:append:class-native = " c-ares-native" + +inherit pkgconfig python3native qemu ptest + +COMPATIBLE_MACHINE:armv4 = "(!.*armv4).*" +COMPATIBLE_MACHINE:armv5 = "(!.*armv5).*" +COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*" + +COMPATIBLE_HOST:riscv64 = "null" +COMPATIBLE_HOST:riscv32 = "null" +COMPATIBLE_HOST:powerpc = "null" + +SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ + file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ + file://0004-v8-don-t-override-ARM-CFLAGS.patch \ + file://big-endian.patch \ + file://mips-less-memory.patch \ + file://system-c-ares.patch \ + file://0001-liftoff-Correct-function-signatures.patch \ + file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ + file://run-ptest \ + " + +SRC_URI:append:class-target = " \ + file://0001-Using-native-binaries.patch \ + " +SRC_URI:append:toolchain-clang:x86 = " \ + file://libatomic.patch \ + " +SRC_URI:append:toolchain-clang:powerpc64le = " \ + file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ + " +SRC_URI[sha256sum] = "f215cf03d0f00f07ac0b674c6819f804c1542e16f152da04980022aeccf5e65a" + +S = "${WORKDIR}/node-v${PV}" + +# v8 errors out if you have set CCACHE +CCACHE = "" + +def map_nodejs_arch(a, d): + import re + + if re.match('i.86$', a): return 'ia32' + elif re.match('x86_64$', a): return 'x64' + elif re.match('aarch64$', a): return 'arm64' + elif re.match('(powerpc64|powerpc64le|ppc64le)$', a): return 'ppc64' + elif re.match('powerpc$', a): return 'ppc' + return a + +ARCHFLAGS:arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '--with-arm-float-abi=hard', '--with-arm-float-abi=softfp', d)} \ + ${@bb.utils.contains('TUNE_FEATURES', 'neon', '--with-arm-fpu=neon', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3d16', '--with-arm-fpu=vfpv3-d16', \ + bb.utils.contains('TUNE_FEATURES', 'vfpv3', '--with-arm-fpu=vfpv3', \ + '--with-arm-fpu=vfp', d), d), d)}" +ARCHFLAGS:append:mips = " --v8-lite-mode" +ARCHFLAGS:append:mipsel = " --v8-lite-mode" +ARCHFLAGS ?= "" + +PACKAGECONFIG ??= "ares brotli icu zlib" + +PACKAGECONFIG[ares] = "--shared-cares,,c-ares" +PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" +PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" +PACKAGECONFIG[libuv] = "--shared-libuv,,libuv" +PACKAGECONFIG[nghttp2] = "--shared-nghttp2,,nghttp2" +PACKAGECONFIG[shared] = "--shared" +PACKAGECONFIG[zlib] = "--shared-zlib,,zlib" + +# We don't want to cross-compile during target compile, +# and we need to use the right flags during host compile, +# too. +EXTRA_OEMAKE = "\ + CC.host='${CC}' \ + CFLAGS.host='${CPPFLAGS} ${CFLAGS}' \ + CXX.host='${CXX}' \ + CXXFLAGS.host='${CPPFLAGS} ${CXXFLAGS}' \ + LDFLAGS.host='${LDFLAGS}' \ + AR.host='${AR}' \ + \ + builddir_name=./ \ +" + +EXTRANATIVEPATH += "file-native" + +python prune_sources() { + import shutil + + shutil.rmtree(d.getVar('S') + '/deps/openssl') + if 'ares' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/cares') + if 'brotli' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/brotli') + if 'libuv' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/uv') + if 'nghttp2' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/nghttp2') + if 'zlib' in d.getVar('PACKAGECONFIG'): + shutil.rmtree(d.getVar('S') + '/deps/zlib') +} +do_unpack[postfuncs] += "prune_sources" + +# V8's JIT infrastructure requires binaries such as mksnapshot and +# mkpeephole to be run in the host during the build. However, these +# binaries must have the same bit-width as the target (e.g. a x86_64 +# host targeting ARMv6 needs to produce a 32-bit binary). Instead of +# depending on a third Yocto toolchain, we just build those binaries +# for the target and run them on the host with QEMU. +python do_create_v8_qemu_wrapper () { + """Creates a small wrapper that invokes QEMU to run some target V8 binaries + on the host.""" + qemu_libdirs = [d.expand('${STAGING_DIR_HOST}${libdir}'), + d.expand('${STAGING_DIR_HOST}${base_libdir}')] + qemu_cmd = qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), + qemu_libdirs) + wrapper_path = d.expand('${B}/v8-qemu-wrapper.sh') + with open(wrapper_path, 'w') as wrapper_file: + wrapper_file.write("""#!/bin/sh + +# This file has been generated automatically. +# It invokes QEMU to run binaries built for the target in the host during the +# build process. + +%s "$@" +""" % qemu_cmd) + os.chmod(wrapper_path, 0o755) +} + +do_create_v8_qemu_wrapper[dirs] = "${B}" +addtask create_v8_qemu_wrapper after do_configure before do_compile + +LDFLAGS:append:x86 = " -latomic" + +CROSS_FLAGS = "--cross-compiling" +CROSS_FLAGS:class-native = "--no-cross-compiling" + +# Node is way too cool to use proper autotools, so we install two wrappers to forcefully inject proper arch cflags to workaround gypi +do_configure () { + GYP_DEFINES="${GYP_DEFINES}" export GYP_DEFINES + # $TARGET_ARCH settings don't match --dest-cpu settings + python3 configure.py --verbose --prefix=${prefix} \ + --shared-openssl \ + --without-dtrace \ + --without-etw \ + --dest-cpu="${@map_nodejs_arch(d.getVar('TARGET_ARCH'), d)}" \ + --dest-os=linux \ + --libdir=${baselib} \ + ${CROSS_FLAGS} \ + ${ARCHFLAGS} \ + ${PACKAGECONFIG_CONFARGS} +} + +do_compile () { + install -D ${RECIPE_SYSROOT_NATIVE}/etc/ssl/openssl.cnf ${B}/deps/openssl/nodejs-openssl.cnf + install -D ${B}/v8-qemu-wrapper.sh ${B}/out/Release/v8-qemu-wrapper.sh + oe_runmake BUILDTYPE=Release +} + +do_install () { + oe_runmake install DESTDIR=${D} +} + +do_install_ptest () { + cp -r ${B}/out/Release/cctest ${D}${PTEST_PATH}/ + cp -r ${B}/test ${D}${PTEST_PATH} + chown -R root:root ${D}${PTEST_PATH} +} + +PACKAGES =+ "${PN}-npm" +FILES:${PN}-npm = "${nonarch_libdir}/node_modules ${bindir}/npm ${bindir}/npx ${bindir}/corepack" +RDEPENDS:${PN}-npm = "bash python3-core python3-shell python3-datetime \ + python3-misc python3-multiprocessing" + +PACKAGES =+ "${PN}-systemtap" +FILES:${PN}-systemtap = "${datadir}/systemtap" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.6.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.6.bb deleted file mode 100644 index 54c40392db..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.6.bb +++ /dev/null @@ -1,294 +0,0 @@ -SUMMARY = "A server-side, HTML-embedded scripting language" -HOMEPAGE = "http://www.php.net" -SECTION = "console/network" - -LICENSE = "PHP-3.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5ebd5be8e2a89f634486445bd164bef0" - -BBCLASSEXTEND = "native" -DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" -DEPENDS:append:libc-musl = " libucontext" -DEPENDS:class-native = "zlib-native libxml2-native" - -PHP_MAJOR_VERSION = "${@d.getVar('PV').split('.')[0]}" - -SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ - file://0002-build-php.m4-don-t-unset-cache-variables.patch \ - file://0003-php-remove-host-specific-info-from-header-file.patch \ - file://0004-configure.ac-don-t-include-build-libtool.m4.patch \ - file://0006-ext-phar-Makefile.frag-Fix-phar-packaging.patch \ - file://0009-php-don-t-use-broken-wrapper-for-mkdir.patch \ - file://0010-iconv-fix-detection.patch \ - " - -SRC_URI:append:class-target = " \ - file://0001-ext-opcache-config.m4-enable-opcache.patch \ - file://0005-pear-fix-Makefile.frag-for-Yocto.patch \ - file://0007-sapi-cli-config.m4-fix-build-directory.patch \ - file://0008-ext-imap-config.m4-fix-include-paths.patch \ - file://php-fpm.conf \ - file://php-fpm-apache.conf \ - file://70_mod_php${PHP_MAJOR_VERSION}.conf \ - file://php-fpm.service \ - " - -S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "44a70c52f537662c10d91eedbf51fd765c9961be6ba2508ed63bf7a26cdd3100" - -CVE_CHECK_IGNORE += "\ - CVE-2007-2728 \ - CVE-2007-3205 \ - CVE-2007-4596 \ -" - -inherit autotools pkgconfig python3native gettext - -# phpize is not scanned for absolute paths by default (but php-config is). -# -SSTATE_SCAN_FILES += "phpize" -SSTATE_SCAN_FILES += "build-defs.h" - -PHP_LIBDIR = "${libdir}/php${PHP_MAJOR_VERSION}" - -# Common EXTRA_OECONF -COMMON_EXTRA_OECONF = "--enable-sockets \ - --enable-pcntl \ - --enable-shared \ - --disable-rpath \ - --with-pic \ - --libdir=${PHP_LIBDIR} \ -" -EXTRA_OECONF = "--enable-mbstring \ - --enable-fpm \ - --with-libdir=${baselib} \ - --with-gettext=${STAGING_LIBDIR}/.. \ - --with-zlib=${STAGING_LIBDIR}/.. \ - --with-iconv=${STAGING_LIBDIR}/.. \ - --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ - --with-config-file-path=${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} \ - ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'pam', '', 'ac_cv_lib_pam_pam_start=no', d)} \ - ${COMMON_EXTRA_OECONF} \ -" - -EXTRA_OECONF:append:riscv64 = " --with-pcre-jit=no" -EXTRA_OECONF:append:riscv32 = " --with-pcre-jit=no" -# Needs fibers assembly implemented for rv32 -# for example rv64 implementation is below -# see https://github.com/php/php-src/commit/70b02d75f2abe3a292d49c4a4e9e4f850c2fee68 -EXTRA_OECONF:append:riscv32:libc-musl = " --disable-fiber-asm" - -CACHED_CONFIGUREVARS += "ac_cv_func_dlopen=no ac_cv_lib_dl_dlopen=yes" - -EXTRA_OECONF:class-native = " \ - --with-zlib=${STAGING_LIBDIR_NATIVE}/.. \ - --without-iconv \ - ${COMMON_EXTRA_OECONF} \ -" - -PACKAGECONFIG ??= "mysql sqlite3 imap opcache openssl \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ -" -PACKAGECONFIG:class-native = "" - -PACKAGECONFIG[zip] = "--with-zip --with-zlib-dir=${STAGING_EXECPREFIXDIR},,libzip" - -PACKAGECONFIG[mysql] = "--with-mysqli=mysqlnd \ - --with-pdo-mysql=mysqlnd \ - ,--without-mysqli --without-pdo-mysql \ - ,mysql5" - -PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_LIBDIR}/.. \ - --with-pdo-sqlite=${STAGING_LIBDIR}/.. \ - ,--without-sqlite3 --without-pdo-sqlite \ - ,sqlite3" -PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,postgresql" -PACKAGECONFIG[soap] = "--enable-soap, --disable-soap, libxml2" -PACKAGECONFIG[apache2] = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs,,apache2-native apache2" -PACKAGECONFIG[pam] = ",,libpam" -PACKAGECONFIG[imap] = "--with-imap=${STAGING_DIR_HOST} \ - --with-imap-ssl=${STAGING_DIR_HOST} \ - ,--without-imap --without-imap-ssl \ - ,uw-imap" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[opcache] = "--enable-opcache,--disable-opcache" -PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" -PACKAGECONFIG[valgrind] = "--with-valgrind=${STAGING_DIR_TARGET}/usr,--with-valgrind=no,valgrind" -PACKAGECONFIG[mbregex] = "--enable-mbregex, --disable-mbregex, oniguruma" -PACKAGECONFIG[mbstring] = "--enable-mbstring,," - -export HOSTCC = "${BUILD_CC}" -export PHP_NATIVE_DIR = "${STAGING_BINDIR_NATIVE}" -export PHP_PEAR_PHP_BIN = "${STAGING_BINDIR_NATIVE}/php" -CFLAGS += " -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" - -# Adding these flags enables dynamic library support, which is disabled by -# default when cross compiling -# See https://bugs.php.net/bug.php?id=60109 -CFLAGS += " -DHAVE_LIBDL " -LDFLAGS += " -ldl " -LDFLAGS:append:libc-musl = " -lucontext " -LDFLAGS:append:riscv64 = " -latomic" - -EXTRA_OEMAKE = "INSTALL_ROOT=${D}" - -acpaths = "" - -do_configure:prepend () { - rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 - find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_SBINDIR_NATIVE}/httpd!' -} - -do_configure:append() { - # No, libtool, we really don't want rpath set... - sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool - sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool - sed -i -e's@${RECIPE_SYSROOT}@@g' \ - -e's@-ffile-prefix-map=[^ ]*[ ]*@@g' \ - -e's@-fdebug-prefix-map=[^ ]*[ ]*@@g' \ - -e's@-ffile-prefix-map=[^ ]*[ ]*@@g' \ - -e's@-fmacro-prefix-map=[^ ]*[ ]*@@g' \ - ${B}/main/build-defs.h \ - ${B}/scripts/php-config -} - -do_install:append:class-native() { - rm -rf ${D}/${PHP_LIBDIR}/php/.registry - rm -rf ${D}/${PHP_LIBDIR}/php/.channels - rm -rf ${D}/${PHP_LIBDIR}/php/.[a-z]* -} - -do_install:prepend() { - cat ${ACLOCALDIR}/libtool.m4 ${ACLOCALDIR}/lt~obsolete.m4 ${ACLOCALDIR}/ltoptions.m4 \ - ${ACLOCALDIR}/ltsugar.m4 ${ACLOCALDIR}/ltversion.m4 > ${S}/build/libtool.m4 -} - -do_install:prepend:class-target() { - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then - # Install dummy config file so apxs doesn't fail - install -d ${D}${sysconfdir}/apache2 - printf "\nLoadModule dummy_module modules/mod_dummy.so\n" > ${D}${sysconfdir}/apache2/httpd.conf - fi -} - -# fixme -do_install:append:class-target() { - install -d ${D}${sysconfdir}/ - rm -rf ${D}/.registry - rm -rf ${D}/.channels - rm -rf ${D}/.[a-z]* - rm -rf ${D}/var - rm -f ${D}/${sysconfdir}/php-fpm.conf.default - install -m 0644 ${WORKDIR}/php-fpm.conf ${D}/${sysconfdir}/php-fpm.conf - install -d ${D}/${sysconfdir}/apache2/conf.d - install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf - install -d ${D}${sysconfdir}/init.d - sed -i 's:=/usr/sbin:=${sbindir}:g' ${B}/sapi/fpm/init.d.php-fpm - sed -i 's:=/etc:=${sysconfdir}:g' ${B}/sapi/fpm/init.d.php-fpm - sed -i 's:=/var:=${localstatedir}:g' ${B}/sapi/fpm/init.d.php-fpm - install -m 0755 ${B}/sapi/fpm/init.d.php-fpm ${D}${sysconfdir}/init.d/php-fpm - install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/php-fpm.service ${D}${systemd_unitdir}/system/ - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ - ${D}${systemd_unitdir}/system/php-fpm.service - fi - - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/apache2/modules.d - install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} - install -m 644 ${WORKDIR}/70_mod_php${PHP_MAJOR_VERSION}.conf ${D}${sysconfdir}/apache2/modules.d - sed -i s,lib/,${libexecdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php${PHP_MAJOR_VERSION}.conf - cat ${S}/php.ini-production | \ - sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ - > ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION}/php.ini - rm -f ${D}${sysconfdir}/apache2/httpd.conf* - fi -} - -SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" - -php_sysroot_preprocess () { - install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ - - sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize - sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config -} - -MODPHP_PACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', '${PN}-modphp', '', d)}" - -PACKAGES = "${PN}-dbg ${PN}-cli ${PN}-phpdbg ${PN}-cgi ${PN}-fpm ${PN}-fpm-apache2 ${PN}-pear ${PN}-phar ${MODPHP_PACKAGE} ${PN}-dev ${PN}-staticdev ${PN}-doc ${PN}-opcache ${PN}" - -RDEPENDS:${PN} += "libgcc" -RDEPENDS:${PN}-pear = "${PN}" -RDEPENDS:${PN}-phar = "${PN}-cli" -RDEPENDS:${PN}-cli = "${PN}" -RDEPENDS:${PN}-modphp = "${PN} apache2" -RDEPENDS:${PN}-opcache = "${PN}" - -ALLOW_EMPTY:${PN} = "1" - -INITSCRIPT_PACKAGES = "${PN}-fpm" -inherit update-rc.d - -# WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php: ELF binary /usr/libexec/apache2/modules/libphp.so has relocations in .text [textrel] -#WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php-opcache: ELF binary /usr/lib/php8/extensions/no-debug-zts-20200930/opcache.so has relocations in .text [textrel] -INSANE_SKIP:${PN}:append:x86 = " textrel" -INSANE_SKIP:${PN}-opcache:append:x86 = " textrel" - -FILES:${PN}-dbg =+ "${bindir}/.debug \ - ${libexecdir}/apache2/modules/.debug" -FILES:${PN}-doc += "${PHP_LIBDIR}/php/doc" -FILES:${PN}-cli = "${bindir}/php" -FILES:${PN}-phpdbg = "${bindir}/phpdbg" -FILES:${PN}-phar = "${bindir}/phar*" -FILES:${PN}-cgi = "${bindir}/php-cgi" -FILES:${PN}-fpm = "${sbindir}/php-fpm ${sysconfdir}/php-fpm.conf ${datadir}/fpm ${sysconfdir}/init.d/php-fpm ${systemd_unitdir}/system/php-fpm.service ${sysconfdir}/php-fpm.d/www.conf.default" -FILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" -CONFFILES:${PN}-fpm = "${sysconfdir}/php-fpm.conf" -CONFFILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" -INITSCRIPT_NAME:${PN}-fpm = "php-fpm" -INITSCRIPT_PARAMS:${PN}-fpm = "defaults 60" -FILES:${PN}-pear = "${bindir}/pear* ${bindir}/pecl ${PHP_LIBDIR}/php/PEAR \ - ${PHP_LIBDIR}/php/PEAR*.php ${PHP_LIBDIR}/php/System.php \ - ${PHP_LIBDIR}/php/peclcmd.php ${PHP_LIBDIR}/php/pearcmd.php \ - ${PHP_LIBDIR}/php/.channels ${PHP_LIBDIR}/php/.channels/.alias \ - ${PHP_LIBDIR}/php/.registry ${PHP_LIBDIR}/php/Archive/Tar.php \ - ${PHP_LIBDIR}/php/Console/Getopt.php ${PHP_LIBDIR}/php/OS/Guess.php \ - ${PHP_LIBDIR}/php/data/PEAR \ - ${sysconfdir}/pear.conf" -FILES:${PN}-dev = "${includedir}/php ${PHP_LIBDIR}/build ${bindir}/phpize \ - ${bindir}/php-config ${PHP_LIBDIR}/php/.depdb \ - ${PHP_LIBDIR}/php/.depdblock ${PHP_LIBDIR}/php/.filemap \ - ${PHP_LIBDIR}/php/.lock ${PHP_LIBDIR}/php/test" -FILES:${PN}-staticdev += "${PHP_LIBDIR}/extensions/*/*.a" -FILES:${PN}-opcache = "${PHP_LIBDIR}/extensions/*/opcache${SOLIBSDEV}" -FILES:${PN} = "${PHP_LIBDIR}/php" -FILES:${PN} += "${bindir} ${libexecdir}/apache2" - -SUMMARY:${PN}-modphp = "PHP module for the Apache HTTP server" -FILES:${PN}-modphp = "${libdir}/apache2 ${sysconfdir}" - -MODPHP_OLDPACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'modphp', '', d)}" -RPROVIDES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" -RREPLACES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" -RCONFLICTS:${PN}-modphp = "${MODPHP_OLDPACKAGE}" - -do_install:append:class-native() { - create_wrapper ${D}${bindir}/php \ - PHP_PEAR_SYSCONF_DIR=${sysconfdir}/ -} - -# Fails to build with thumb-1 (qemuarm) -# | {standard input}: Assembler messages: -# | {standard input}:3719: Error: selected processor does not support Thumb mode `smull r0,r2,r9,r3' -# | {standard input}:3720: Error: unshifted register required -- `sub r2,r2,r0,asr#31' -# | {standard input}:3796: Error: selected processor does not support Thumb mode `smull r0,r2,r3,r3' -# | {standard input}:3797: Error: unshifted register required -- `sub r2,r2,r0,asr#31' -# | make: *** [ext/standard/math.lo] Error 1 -ARM_INSTRUCTION_SET = "arm" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb new file mode 100644 index 0000000000..233ded25d4 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.2.8.bb @@ -0,0 +1,294 @@ +SUMMARY = "A server-side, HTML-embedded scripting language" +HOMEPAGE = "http://www.php.net" +SECTION = "console/network" + +LICENSE = "PHP-3.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5ebd5be8e2a89f634486445bd164bef0" + +BBCLASSEXTEND = "native" +DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" +DEPENDS:append:libc-musl = " libucontext" +DEPENDS:class-native = "zlib-native libxml2-native" + +PHP_MAJOR_VERSION = "${@d.getVar('PV').split('.')[0]}" + +SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ + file://0002-build-php.m4-don-t-unset-cache-variables.patch \ + file://0003-php-remove-host-specific-info-from-header-file.patch \ + file://0004-configure.ac-don-t-include-build-libtool.m4.patch \ + file://0006-ext-phar-Makefile.frag-Fix-phar-packaging.patch \ + file://0009-php-don-t-use-broken-wrapper-for-mkdir.patch \ + file://0010-iconv-fix-detection.patch \ + " + +SRC_URI:append:class-target = " \ + file://0001-ext-opcache-config.m4-enable-opcache.patch \ + file://0005-pear-fix-Makefile.frag-for-Yocto.patch \ + file://0007-sapi-cli-config.m4-fix-build-directory.patch \ + file://0008-ext-imap-config.m4-fix-include-paths.patch \ + file://php-fpm.conf \ + file://php-fpm-apache.conf \ + file://70_mod_php${PHP_MAJOR_VERSION}.conf \ + file://php-fpm.service \ + " + +S = "${WORKDIR}/php-${PV}" +SRC_URI[sha256sum] = "995ed4009c7917c962d31837a1a3658f36d4af4f357b673c97ffdbe6403f8517" + +CVE_CHECK_IGNORE += "\ + CVE-2007-2728 \ + CVE-2007-3205 \ + CVE-2007-4596 \ +" + +inherit autotools pkgconfig python3native gettext + +# phpize is not scanned for absolute paths by default (but php-config is). +# +SSTATE_SCAN_FILES += "phpize" +SSTATE_SCAN_FILES += "build-defs.h" + +PHP_LIBDIR = "${libdir}/php${PHP_MAJOR_VERSION}" + +# Common EXTRA_OECONF +COMMON_EXTRA_OECONF = "--enable-sockets \ + --enable-pcntl \ + --enable-shared \ + --disable-rpath \ + --with-pic \ + --libdir=${PHP_LIBDIR} \ +" +EXTRA_OECONF = "--enable-mbstring \ + --enable-fpm \ + --with-libdir=${baselib} \ + --with-gettext=${STAGING_LIBDIR}/.. \ + --with-zlib=${STAGING_LIBDIR}/.. \ + --with-iconv=${STAGING_LIBDIR}/.. \ + --with-bz2=${STAGING_DIR_TARGET}${exec_prefix} \ + --with-config-file-path=${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} \ + ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'ac_cv_c_bigendian_php=no', 'ac_cv_c_bigendian_php=yes', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '', 'ac_cv_lib_pam_pam_start=no', d)} \ + ${COMMON_EXTRA_OECONF} \ +" + +EXTRA_OECONF:append:riscv64 = " --with-pcre-jit=no" +EXTRA_OECONF:append:riscv32 = " --with-pcre-jit=no" +# Needs fibers assembly implemented for rv32 +# for example rv64 implementation is below +# see https://github.com/php/php-src/commit/70b02d75f2abe3a292d49c4a4e9e4f850c2fee68 +EXTRA_OECONF:append:riscv32:libc-musl = " --disable-fiber-asm" + +CACHED_CONFIGUREVARS += "ac_cv_func_dlopen=no ac_cv_lib_dl_dlopen=yes" + +EXTRA_OECONF:class-native = " \ + --with-zlib=${STAGING_LIBDIR_NATIVE}/.. \ + --without-iconv \ + ${COMMON_EXTRA_OECONF} \ +" + +PACKAGECONFIG ??= "mysql sqlite3 imap opcache openssl \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ +" +PACKAGECONFIG:class-native = "" + +PACKAGECONFIG[zip] = "--with-zip --with-zlib-dir=${STAGING_EXECPREFIXDIR},,libzip" + +PACKAGECONFIG[mysql] = "--with-mysqli=mysqlnd \ + --with-pdo-mysql=mysqlnd \ + ,--without-mysqli --without-pdo-mysql \ + ,mysql5" + +PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_LIBDIR}/.. \ + --with-pdo-sqlite=${STAGING_LIBDIR}/.. \ + ,--without-sqlite3 --without-pdo-sqlite \ + ,sqlite3" +PACKAGECONFIG[pgsql] = "--with-pgsql=${STAGING_DIR_TARGET}${exec_prefix},--without-pgsql,postgresql" +PACKAGECONFIG[soap] = "--enable-soap, --disable-soap, libxml2" +PACKAGECONFIG[apache2] = "--with-apxs2=${STAGING_BINDIR_CROSS}/apxs,,apache2-native apache2" +PACKAGECONFIG[pam] = ",,libpam" +PACKAGECONFIG[imap] = "--with-imap=${STAGING_DIR_HOST} \ + --with-imap-ssl=${STAGING_DIR_HOST} \ + ,--without-imap --without-imap-ssl \ + ,uw-imap" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[opcache] = "--enable-opcache,--disable-opcache" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[valgrind] = "--with-valgrind=${STAGING_DIR_TARGET}/usr,--with-valgrind=no,valgrind" +PACKAGECONFIG[mbregex] = "--enable-mbregex, --disable-mbregex, oniguruma" +PACKAGECONFIG[mbstring] = "--enable-mbstring,," + +export HOSTCC = "${BUILD_CC}" +export PHP_NATIVE_DIR = "${STAGING_BINDIR_NATIVE}" +export PHP_PEAR_PHP_BIN = "${STAGING_BINDIR_NATIVE}/php" +CFLAGS += " -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED -I${STAGING_INCDIR}/apache2" + +# Adding these flags enables dynamic library support, which is disabled by +# default when cross compiling +# See https://bugs.php.net/bug.php?id=60109 +CFLAGS += " -DHAVE_LIBDL " +LDFLAGS += " -ldl " +LDFLAGS:append:libc-musl = " -lucontext " +LDFLAGS:append:riscv64 = " -latomic" + +EXTRA_OEMAKE = "INSTALL_ROOT=${D}" + +acpaths = "" + +do_configure:prepend () { + rm -f ${S}/build/libtool.m4 ${S}/ltmain.sh ${S}/aclocal.m4 + find ${S} -name config.m4 | xargs -n1 sed -i 's!APXS_HTTPD=.*!APXS_HTTPD=${STAGING_SBINDIR_NATIVE}/httpd!' +} + +do_configure:append() { + # No, libtool, we really don't want rpath set... + sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool + sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + sed -i -e's@${RECIPE_SYSROOT}@@g' \ + -e's@-ffile-prefix-map=[^ ]*[ ]*@@g' \ + -e's@-fdebug-prefix-map=[^ ]*[ ]*@@g' \ + -e's@-ffile-prefix-map=[^ ]*[ ]*@@g' \ + -e's@-fmacro-prefix-map=[^ ]*[ ]*@@g' \ + ${B}/main/build-defs.h \ + ${B}/scripts/php-config +} + +do_install:append:class-native() { + rm -rf ${D}/${PHP_LIBDIR}/php/.registry + rm -rf ${D}/${PHP_LIBDIR}/php/.channels + rm -rf ${D}/${PHP_LIBDIR}/php/.[a-z]* +} + +do_install:prepend() { + cat ${ACLOCALDIR}/libtool.m4 ${ACLOCALDIR}/lt~obsolete.m4 ${ACLOCALDIR}/ltoptions.m4 \ + ${ACLOCALDIR}/ltsugar.m4 ${ACLOCALDIR}/ltversion.m4 > ${S}/build/libtool.m4 +} + +do_install:prepend:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then + # Install dummy config file so apxs doesn't fail + install -d ${D}${sysconfdir}/apache2 + printf "\nLoadModule dummy_module modules/mod_dummy.so\n" > ${D}${sysconfdir}/apache2/httpd.conf + fi +} + +# fixme +do_install:append:class-target() { + install -d ${D}${sysconfdir}/ + rm -rf ${D}/.registry + rm -rf ${D}/.channels + rm -rf ${D}/.[a-z]* + rm -rf ${D}/var + rm -f ${D}/${sysconfdir}/php-fpm.conf.default + install -m 0644 ${WORKDIR}/php-fpm.conf ${D}/${sysconfdir}/php-fpm.conf + install -d ${D}/${sysconfdir}/apache2/conf.d + install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf + install -d ${D}${sysconfdir}/init.d + sed -i 's:=/usr/sbin:=${sbindir}:g' ${B}/sapi/fpm/init.d.php-fpm + sed -i 's:=/etc:=${sysconfdir}:g' ${B}/sapi/fpm/init.d.php-fpm + sed -i 's:=/var:=${localstatedir}:g' ${B}/sapi/fpm/init.d.php-fpm + install -m 0755 ${B}/sapi/fpm/init.d.php-fpm ${D}${sysconfdir}/init.d/php-fpm + install -m 0644 ${WORKDIR}/php-fpm-apache.conf ${D}/${sysconfdir}/apache2/conf.d/php-fpm.conf + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/php-fpm.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ + ${D}${systemd_unitdir}/system/php-fpm.service + fi + + if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/apache2/modules.d + install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} + install -m 644 ${WORKDIR}/70_mod_php${PHP_MAJOR_VERSION}.conf ${D}${sysconfdir}/apache2/modules.d + sed -i s,lib/,${libexecdir}/, ${D}${sysconfdir}/apache2/modules.d/70_mod_php${PHP_MAJOR_VERSION}.conf + cat ${S}/php.ini-production | \ + sed -e 's,extension_dir = \"\./\",extension_dir = \"/usr/lib/extensions\",' \ + > ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION}/php.ini + rm -f ${D}${sysconfdir}/apache2/httpd.conf* + fi +} + +SYSROOT_PREPROCESS_FUNCS += "php_sysroot_preprocess" + +php_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/phpize ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/php-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + + sed -i 's!eval echo /!eval echo ${STAGING_DIR_HOST}/!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/phpize + sed -i 's!^include_dir=.*!include_dir=${STAGING_INCDIR}/php!' ${SYSROOT_DESTDIR}${bindir_crossscripts}/php-config +} + +MODPHP_PACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', '${PN}-modphp', '', d)}" + +PACKAGES = "${PN}-dbg ${PN}-cli ${PN}-phpdbg ${PN}-cgi ${PN}-fpm ${PN}-fpm-apache2 ${PN}-pear ${PN}-phar ${MODPHP_PACKAGE} ${PN}-dev ${PN}-staticdev ${PN}-doc ${PN}-opcache ${PN}" + +RDEPENDS:${PN} += "libgcc" +RDEPENDS:${PN}-pear = "${PN}" +RDEPENDS:${PN}-phar = "${PN}-cli" +RDEPENDS:${PN}-cli = "${PN}" +RDEPENDS:${PN}-modphp = "${PN} apache2" +RDEPENDS:${PN}-opcache = "${PN}" + +ALLOW_EMPTY:${PN} = "1" + +INITSCRIPT_PACKAGES = "${PN}-fpm" +inherit update-rc.d + +# WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php: ELF binary /usr/libexec/apache2/modules/libphp.so has relocations in .text [textrel] +#WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php-opcache: ELF binary /usr/lib/php8/extensions/no-debug-zts-20200930/opcache.so has relocations in .text [textrel] +INSANE_SKIP:${PN}:append:x86 = " textrel" +INSANE_SKIP:${PN}-opcache:append:x86 = " textrel" + +FILES:${PN}-dbg =+ "${bindir}/.debug \ + ${libexecdir}/apache2/modules/.debug" +FILES:${PN}-doc += "${PHP_LIBDIR}/php/doc" +FILES:${PN}-cli = "${bindir}/php" +FILES:${PN}-phpdbg = "${bindir}/phpdbg" +FILES:${PN}-phar = "${bindir}/phar*" +FILES:${PN}-cgi = "${bindir}/php-cgi" +FILES:${PN}-fpm = "${sbindir}/php-fpm ${sysconfdir}/php-fpm.conf ${datadir}/fpm ${sysconfdir}/init.d/php-fpm ${systemd_unitdir}/system/php-fpm.service ${sysconfdir}/php-fpm.d/www.conf.default" +FILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" +CONFFILES:${PN}-fpm = "${sysconfdir}/php-fpm.conf" +CONFFILES:${PN}-fpm-apache2 = "${sysconfdir}/apache2/conf.d/php-fpm.conf" +INITSCRIPT_NAME:${PN}-fpm = "php-fpm" +INITSCRIPT_PARAMS:${PN}-fpm = "defaults 60" +FILES:${PN}-pear = "${bindir}/pear* ${bindir}/pecl ${PHP_LIBDIR}/php/PEAR \ + ${PHP_LIBDIR}/php/PEAR*.php ${PHP_LIBDIR}/php/System.php \ + ${PHP_LIBDIR}/php/peclcmd.php ${PHP_LIBDIR}/php/pearcmd.php \ + ${PHP_LIBDIR}/php/.channels ${PHP_LIBDIR}/php/.channels/.alias \ + ${PHP_LIBDIR}/php/.registry ${PHP_LIBDIR}/php/Archive/Tar.php \ + ${PHP_LIBDIR}/php/Console/Getopt.php ${PHP_LIBDIR}/php/OS/Guess.php \ + ${PHP_LIBDIR}/php/data/PEAR \ + ${sysconfdir}/pear.conf" +FILES:${PN}-dev = "${includedir}/php ${PHP_LIBDIR}/build ${bindir}/phpize \ + ${bindir}/php-config ${PHP_LIBDIR}/php/.depdb \ + ${PHP_LIBDIR}/php/.depdblock ${PHP_LIBDIR}/php/.filemap \ + ${PHP_LIBDIR}/php/.lock ${PHP_LIBDIR}/php/test" +FILES:${PN}-staticdev += "${PHP_LIBDIR}/extensions/*/*.a" +FILES:${PN}-opcache = "${PHP_LIBDIR}/extensions/*/opcache${SOLIBSDEV}" +FILES:${PN} = "${PHP_LIBDIR}/php" +FILES:${PN} += "${bindir} ${libexecdir}/apache2" + +SUMMARY:${PN}-modphp = "PHP module for the Apache HTTP server" +FILES:${PN}-modphp = "${libdir}/apache2 ${sysconfdir}" + +MODPHP_OLDPACKAGE = "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'modphp', '', d)}" +RPROVIDES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" +RREPLACES:${PN}-modphp = "${MODPHP_OLDPACKAGE}" +RCONFLICTS:${PN}-modphp = "${MODPHP_OLDPACKAGE}" + +do_install:append:class-native() { + create_wrapper ${D}${bindir}/php \ + PHP_PEAR_SYSCONF_DIR=${sysconfdir}/ +} + +# Fails to build with thumb-1 (qemuarm) +# | {standard input}: Assembler messages: +# | {standard input}:3719: Error: selected processor does not support Thumb mode `smull r0,r2,r9,r3' +# | {standard input}:3720: Error: unshifted register required -- `sub r2,r2,r0,asr#31' +# | {standard input}:3796: Error: selected processor does not support Thumb mode `smull r0,r2,r3,r3' +# | {standard input}:3797: Error: unshifted register required -- `sub r2,r2,r0,asr#31' +# | make: *** [ext/standard/math.lo] Error 1 +ARM_INSTRUCTION_SET = "arm" diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch new file mode 100644 index 0000000000..c538991125 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_1.patch @@ -0,0 +1,43 @@ +From 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf Mon Sep 17 00:00:00 2001 +From: wujing +Date: Thu, 14 Feb 2019 03:12:30 +0800 +Subject: [PATCH] yajl: fix memory leak problem + +reason: fix memory leak problem + +CVE: CVE-2023-33460 + +Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf] + +Signed-off-by: Mingli Yu +--- + src/yajl_tree.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/yajl_tree.c b/src/yajl_tree.c +index 3d357a3..4b3cf2b 100644 +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx) + ctx->stack = stack->next; + + v = stack->value; +- ++ free (stack->key); + free (stack); + + return (v); +@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input, + snprintf(error_buffer, error_buffer_size, "%s", internal_err_str); + YA_FREE(&(handle->alloc), internal_err_str); + } ++ while(ctx.stack != NULL) { ++ yajl_val v = context_pop(&ctx); ++ yajl_tree_free(v); ++ } + yajl_free (handle); + return NULL; + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch new file mode 100644 index 0000000000..6e9b119b56 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460_2.patch @@ -0,0 +1,31 @@ +From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001 +From: "zhang.jiujiu" <282627424@qq.com> +Date: Tue, 7 Dec 2021 22:37:02 +0800 +Subject: [PATCH] fix memory leaks + +CVE: CVE-2023-33460 + +Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698] + +Signed-off-by: Mingli Yu +--- + src/yajl_tree.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/yajl_tree.c b/src/yajl_tree.c +index b9e6604..0e7bde9 100644 +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input, + yajl_tree_free(v); + } + yajl_free (handle); ++ //If the requested memory is not released in time, it will cause memory leakage ++ if(ctx.root) ++ yajl_tree_free(ctx.root); + return NULL; + } + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb index cf8dbb183e..aae3c6f3a1 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb @@ -8,7 +8,10 @@ HOMEPAGE = "http://lloyd.github.com/yajl/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d" -SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https" +SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https \ + file://CVE-2023-33460_1.patch \ + file://CVE-2023-33460_2.patch \ +" SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch new file mode 100644 index 0000000000..ae10e99c2f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch @@ -0,0 +1,29 @@ +From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001 +From: Katsuhiko Gondow +Date: Tue, 13 Jun 2023 05:00:47 +0900 +Subject: [PATCH] Fix memory leak in bin-objfmt (#231) + +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441] + +CVE: CVE-2023-31975 +--- + modules/objfmts/bin/bin-objfmt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c +index 18026750..a38c3422 100644 +--- a/modules/objfmts/bin/bin-objfmt.c ++++ b/modules/objfmts/bin/bin-objfmt.c +@@ -1680,6 +1680,10 @@ static void + bin_section_data_destroy(void *data) + { + bin_section_data *bsd = (bin_section_data *)data; ++ if (bsd->align) ++ yasm_xfree(bsd->align); ++ if (bsd->valign) ++ yasm_xfree(bsd->valign); + if (bsd->start) + yasm_expr_destroy(bsd->start); + if (bsd->vstart) +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch new file mode 100644 index 0000000000..1ca33f0a92 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch @@ -0,0 +1,41 @@ +From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001 +From: Peter Johnson +Date: Fri, 11 Aug 2023 10:49:51 +0000 +Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234) + +CVE: CVE-2023-37732 + +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3] + +Signed-off-by: Soumya +--- + modules/objfmts/elf/elf.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c +index 2486bba8..bab4c9ca 100644 +--- a/modules/objfmts/elf/elf.c ++++ b/modules/objfmts/elf/elf.c +@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab, + + /* get size (if specified); expr overrides stored integer */ + if (entry->xsize) { +- size_intn = yasm_intnum_copy( +- yasm_expr_get_intnum(&entry->xsize, 1)); +- if (!size_intn) { ++ yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1); ++ if (!intn) { + yasm_error_set(YASM_ERROR_VALUE, + N_("size specifier not an integer expression")); + yasm_errwarn_propagate(errwarns, entry->xsize->line); +- } ++ } else ++ size_intn = yasm_intnum_copy(intn); + } +- else ++ if (!size_intn) + size_intn = yasm_intnum_create_uint(entry->size); + + /* get EQU value for constants */ +-- +2.40.0 diff --git a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb index 3dd382be1f..26540b4295 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -12,6 +12,8 @@ PV = "1.3.0+git${SRCPV}" SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://0001-Do-not-use-AC_HEADER_STDC.patch \ + file://CVE-2023-31975.patch \ + file://CVE-2023-37732.patch \ " S = "${WORKDIR}/git" -- cgit v1.2.3