From 92b42cb35d755f8cfe6c17d403711a536e0f0721 Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Sat, 3 Sep 2022 06:53:57 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-raspberrypi: b6a1645a97..c57b464b88: Lluis Campos (1): rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE` meta-openembedded: 2eb39477a7..a755af4fb5: Adrian Zaharia (1): lapack: add packageconfig for lapacke Akash Hadke (1): polkit: Add --shell /bin/nologin to polkitd user Alex Kiernan (3): ntpsec: Add UPSTREAM_CHECK_URI libgpiod: Detect ptest using PTEST_ENABLED ostree: Cleanup PACKAGECONFIGs Anuj Mittal (1): yasm: fix buildpaths warning Atanas Bunchev (1): python3-twitter: Upgrade 4.8.0 -> 4.10.1 Bartosz Golaszewski (4): imagemagick: add PACKAGECONFIG for C++ bindings python3-matplotlib: don't use PYTHON_PN python3-matplotlib: add packaging to RDEPENDS python3-matplotlib: bump to 3.5.2 Bruce Ashfield (3): vboxguestdrivers: fix build against 5.19 kernel / libc-headers zfs: update to v2.1.5 vboxguestdrivers: make kernel shared directory dependency explicit Carsten Bäcker (1): spdlog: Fix CMake flag Changqing Li (3): fuse3: support ptest redis: fix do_patch fuzz warning dlt-daemon: fix dlt-system.service failed since buffer overflow Clément Péron (1): python: add Pydantic data validation package Devendra Tewari (1): android-tools: sleep more in android-gadget-start Ed Tanous (1): Add python-requests-unixsocket recipe Enguerrand de Ribaucourt (1): mdio-tools: add recipes Etienne Cordonnier (1): uutils-coreutils: add recipe Jagadeesh Krishnanjanappa (4): python3-asgiref: add recipe python3-django: make 3.2.x as default version python3-django: Add python3-asgiref runtime dependency python3-django: remove 2.2.x recipe Jan Luebbe (2): chrony: add support for config and source snippet includes gensio: upgrade 2.3.1 -> 2.5.2 Jan Vermaete (1): makeself: added makeself as new recipe Jim Broadus (1): networkmanager: fix iptables and nft paths Jose Quaresma (2): wireguard-module: 1.0.20210219 -> 1.0.20220627 wireguard-tools: Add a new package for wg-quick Julian Haller (2): pcsc-lite: upgrade 1.9.0 -> 1.9.8 ccid: upgrade 1.4.33 -> 1.5.0 Justin Bronder (1): lmdb: only set SONAME on the shared library Khem Raj (61): mariadb: Inherit pkgconfig mariadb: Add packageconfig for lz4 and enable it ibus: Swith to use main branch instead of master kronosnet: Upgrade to 1.24 ostree: Upgrade to 2022.5 release sdbus-c++-libsystemd: Fix build with glibc 2.36 xfstests: Upgrade to v2022.07.10 autofs: Fix build with glibc 2.36 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ pcp: Add to USERADD_PACKAGES instead of override mozjs: Use RUST_HOST_SYS and RUST_TARGET_SYS fluentbit: Fix build with clang audit: Fix build with musl fluentbit: Fix build with musl klibc: Upgrade to 2.0.10 gnome-keyring,cunit,xfce4-panel: Do not inherit remove-libtool class here mpd: Update to 0.23.8 openipmi: Enable largefile cflags proftpd: Always enable largefile support netperf: Always enable largefile support openipmi: Always enable largefile support unbound: Always enable largefile support sysbench: Always enable largefile support libmtp: Always enable largefile support toybox: Fix build with glibc 2.36+ xfstests: Upgrade to 2022.07.31 release libmpd: Fix function returns and casts audit: Revert the tweak done in configure step in do_install mpd: Upgrade to 0.23.9 fluentbit: Use CMAKE_C_STANDARD_LIBRARIES cmake var to pass libatomic fluentbit: Upgrade to 1.9.7 and fix build on x86 klibc: Fix build with kernel 5.19 headers ntpsec: Add -D_GNU_SOURCE and fix building with devtool gd: Fix build with clang-15 cpulimit: Define -D_GNU_SOURCE safec: Remove unused variable 'len' ncftp: Enable autoreconf ncftp: Fix TMPDIR path embedding into ncftpget libb64: Switch to github fork and upgrade to 2.0.0.1+git dhrystone: Disable warnings as errors with clang dibbler: Fix build with musl fio: Fix additional warnings seen with musl ssmtp: Fix null pointer assignments gst-editing-services: Add recipe rygel: Upgrade to 0.40.4 libesmtp: Define _GNU_SOURCE python3-grpcio: Enable largefile support explicitly libteam: Include missing headers for strrchr and memcmp neon: Upgrade to 0.32.2 satyr: Fix build on musl/clang libmusicbrainz: Avoid -Wnonnull warning aom: Upgrade to 3.4.0 vorbis-tools: Fix build on musl dvb-apps: Use tarball for SRC_URI and fix build on musl python3-netifaces: Fix build with python3 and musl python3-pyephem: Fix build with python3 and musl samba: Fix warnings in configure tests for rpath checks lirc: Fix build on musl mongodb: Fix boost build with clang-15 crda: Fix build with clang-15 monkey: Fix build with musl Lei Maohui (2): dnf-plugin-tui: Fix somw issue in postinstall process. xrdp: Fix buildpaths warning. Leon Anavi (16): python3-nocasedict: Upgrade 1.0.3 -> 1.0.4 python3-frozenlist: Upgrade 1.3.0 -> 1.3.1 python3-networkx: Upgrade 2.8.4 -> 2.8.5 python3-pyhamcrest: Upgrade 2.0.3 -> 2.0.4 python3-aiohue: Upgrade 4.4.2 -> 4.5.0 python3-pyperf: Upgrade 2.3.0 -> 2.4.1 python3-eth-abi: Upgrade 3.0.0 -> 3.0.1 python3-cytoolz: Upgrade 0.11.2 -> 0.12.0 python3-yarl: Upgrade 1.7.2 -> 1.8.1 python3-term: Upgrade 2.3 -> 2.4 python3-coverage: Upgrade 6.4.1 -> 6.4.4 python3-regex: Upgrade 2022.7.25 -> 2022.8.17 python3-awesomeversion: Upgrade 22.6.0 -> 22.8.0 python3-typed-ast: Upgrade 1.5.2 -> 1.5.4 python3-prompt-toolkit: Upgrade 3.0.24 -> 3.0.30 python3-prettytable: Upgrade 3.1.1 -> 3.3.0 Markus Volk (6): libass: update to v1.16.0 spdlog: update to v1.10.0 waylandpp: add recipe wireplumber: update to v0.4.11 pipewire: update to v0.3.56 pipewire: improve runtime dependency settings Marta Rybczynska (1): polkit: update patches for musl compilation Matthias Klein (1): libftdi: update to 1.5 Mike Crowe (1): yasm: Only depend on xmlto when docs are enabled Mike Petersen (1): sshpass: add recipe Mingli Yu (10): net-snmp: set ac_cv_path_PSPROG postgresql: Fix the buildpaths issue freeradius: Fix buildpaths issue openipmi: Fix buildpaths issue apache2: Fix the buildpaths issue frr: fix buildpaths issue nspr: fix buildpaths issue liblockfile: fix buildpaths issue freediameter: fix buildpaths issue postgresql: make sure pam conf installed when pam enabled Ovidiu Panait (1): net-snmp: upgrade 5.9.1 -> 5.9.3 Paulo Neves (1): fluentbit Upgrade to 1.3.5 -> 1.9.6 Philip Balister (2): python3-pybind11: Update to Version 2.10.0. Remove dead link and old information from the README. Potin Lai (7): libplist: add libplist_git.bb libimobiledevice-glue: SRCREV bump bc6c44b..d2ff796 libimobiledevice: add libimobiledevice_git.bb libirecovery: SRCREV bump e190945..ab5b4d8 libusbmuxd: add libusbmuxd_git.bb usbmuxd: add usbmuxd_git.bb idevicerestore: SRCREV bump 280575b..7d622d9 Richard Purdie (1): lmdb: Don't inherit base Sam Van Den Berge (1): python3-jsonrpcserver: add patch to use importlib.resources instead of pkg_resources Saul Wold (10): libipc-signal-perl: Fix LICENSE string libdigest-hmac-perl: Fix LICENSE string libio-socket-ssl-perl: Fix LICENSE string libdigest-sha1-perl: Fix LICENSE string libmime-types-perl: Fix LICENSE string libauthen-sasl-perl: Fix LICENSE string libnet-ldap-perl: Fix LICENSE string libxml-libxml-perl: Fix LICENSE string libnet-telnet-perl: Fix LICENSE string libproc-waitstat-perl: Fix LICENSE string Sean Anderson (2): image_types_sparse: Pad source image to block size image_types_sparse: Generate "don't care" chunks Vyacheslav Yurkov (4): protobuf: correct ptest dependency protobuf: 3.19.4 -> 3.21.5 upgrade protobuf: change build system to cmake protobuf: disable protoc binary for target Wang Mingyu (60): cifs-utils: upgrade 6.15 -> 7.0 geocode-glib: upgrade 3.26.3 -> 3.26.4 gjs: upgrade 1.72.1 -> 1.72.2 htpdate: upgrade 1.3.5 -> 1.3.6 icewm: upgrade 2.9.8 -> 2.9.9 ipc-run: upgrade 20200505.0 -> 20220807.0 iwd: upgrade 1.28 -> 1.29 ldns: upgrade 1.8.1 -> 1.8.2 libadwaita: upgrade 1.1.3 -> 1.1.4 libencode-perl: upgrade 3.18 -> 3.19 libmime-charset-perl: upgrade 1.012.2 -> 1.013.1 libtest-warn-perl: upgrade 0.36 -> 0.37 nano: upgrade 6.3 -> 6.4 nbdkit: upgrade 1.31.15 -> 1.32.1 netdata: upgrade 1.35.1 -> 1.36.0 fio: upgrade 3.30 -> 3.31 nlohmann-json: upgrade 3.10.5 -> 3.11.2 poco: upgrade 1.12.1 -> 1.12.2 postgresql: upgrade 14.4 -> 14.5 poppler: upgrade 22.07.0 -> 22.08.0 smarty: upgrade 4.1.1 -> 4.2.0 tracker: upgrade 3.3.2 -> 3.3.3 uftp: upgrade 5.0 -> 5.0.1 xdg-user-dirs: upgrade 0.17 -> 0.18 python3-pycodestyle: upgrade 2.9.0 -> 2.9.1 python3-pyzmq: upgrade 23.2.0 -> 23.2.1 python3-setuptools-declarative-requirements: upgrade 1.2.0 -> 1.3.0 python3-sqlalchemy: upgrade 1.4.39 -> 1.4.40 python3-werkzeug: upgrade 2.2.1 -> 2.2.2 python3-xmlschema: upgrade 2.0.1 -> 2.0.2 python3-yappi: upgrade 1.3.5 -> 1.3.6 ade: upgrade 0.1.1f -> 0.1.2 babl: upgrade 0.1.92 -> 0.1.94 ctags: upgrade 5.9.20220703.0 -> 5.9.20220821.0 grilo-plugins: upgrade 0.3.14 -> 0.3.15 ldns: upgrade 1.8.2 -> 1.8.3 libcurses-perl: upgrade 1.38 -> 1.41 mosquitto: upgrade 2.0.14 -> 2.0.15 nbdkit: upgrade 1.32.1 -> 1.33.1 netdata: upgrade 1.36.0 -> 1.36.1 libsdl2-ttf: upgrade 2.20.0 -> 2.20.1 xfstests: upgrade 2022.07.31 -> 2022.08.07 php: upgrade 8.1.8 -> 8.1.9 rdma-core: upgrade 41.0 -> 42.0 spitools: upgrade 1.0.1 -> 1.0.2 unbound: upgrade 1.16.1 -> 1.16.2 zlog: upgrade 1.2.15 -> 1.2.16 python3-hexbytes: upgrade 0.2.3 -> 0.3.0 python3-pythonping: upgrade 1.1.2 -> 1.1.3 python3-jsonrpcserver: Add dependence python3-typing-extensions feh: upgrade 3.9 -> 3.9.1 gnome-bluetooth: upgrade 42.2 -> 42.3 hunspell: upgrade 1.7.0 -> 1.7.1 gtk4: upgrade 4.6.6 -> 4.6.7 logwatch: upgrade 7.6 -> 7.7 bdwgc: upgrade 8.2.0 -> 8.2.2 tcpreplay: upgrade 4.4.1 -> 4.4.2 tree: upgrade 2.0.2 -> 2.0.3 xfsdump: upgrade 3.1.10 -> 3.1.11 babl: upgrade 0.1.94 -> 0.1.96 Wolfgang Meyer (1): libsdl2-ttf: upgrade 2.0.18 -> 2.20.0 Xu Huan (18): python3-protobuf: upgrade 4.21.3 -> 4.21.4 python3-pycodestyle: upgrade 2.8.0 -> 2.9.0 python3-pyflakes: upgrade 2.4.0 -> 2.5.0 python3-pythonping: upgrade 1.1.1 -> 1.1.2 python3-regex: upgrade 2022.7.24 -> 2022.7.25 python3-werkzeug: upgrade 2.2.0 -> 2.2.1 python3-google-auth: upgrade 2.9.1 -> 2.10.0 python3-humanize: upgrade 4.2.3 -> 4.3.0 python3-hexbytes: upgrade 0.2.2 -> 0.2.3 python3-imageio: upgrade 2.21.0 -> 2.21.1 python3-nocaselist: upgrade 1.0.5 -> 1.0.6 python3-protobuf: upgrade 4.21.4 -> 4.21.5 python3-pycares: upgrade 4.2.1 -> 4.2.2 python3-fastjsonschema: upgrade 2.16.1 -> 2.16.2 python3-google-api-python-client: upgrade 2.56.0 -> 2.57.0 python3-google-auth: upgrade 2.10.0 -> 2.11.0 python3-grpcio-tools: upgrade 1.47.0 -> 1.48.0 python3-grpcio: upgrade 1.47.0 -> 1.48.0 Yi Zhao (5): strongswan: upgrade 5.9.6 -> 5.9.7 libldb: upgrade 2.3.3 -> 2.3.4 samba: upgrade 4.14.13 -> 4.14.14 python3-jsonrpcserver: upgrade 5.0.7 -> 5.0.8 samba: fix buildpaths issue wangmy (16): gedit: upgrade 42.1 -> 42.2 libwacom: upgrade 2.3.0 -> 2.4.0 htpdate: upgrade 1.3.4 -> 1.3.5 nbdkit: upgrade 1.31.14 -> 1.31.15 pure-ftpd: upgrade 1.0.50 -> 1.0.51 avro-c: upgrade 1.11.0 -> 1.11.1 debootstrap: upgrade 1.0.126 -> 1.0.127 freerdp: upgrade 2.7.0 -> 2.8.0 icewm: upgrade 2.9.7 -> 2.9.8 libmxml: upgrade 3.3 -> 3.3.1 poco: upgrade 1.12.0 -> 1.12.1 xfontsel: upgrade 1.0.6 -> 1.1.0 xmessage: upgrade 1.0.5 -> 1.0.6 xrefresh: upgrade 1.0.6 -> 1.0.7 zabbix: upgrade 6.0.5 -> 6.2.1 xrdp: upgrade 0.9.18 -> 0.9.19 zhengrq.fnst (4): python3-asttokens: upgrade 2.0.7 -> 2.0.8 python3-charset-normalizer: upgrade 2.1.0 -> 2.1.1 python3-eth-account: 0.6.1 -> 0.7.0 python3-cantools: upgrade 37.1.0 -> 37.1.2 zhengruoqin (12): python3-dominate: upgrade 2.6.0 -> 2.7.0 python3-flask-login: upgrade 0.6.1 -> 0.6.2 python3-google-api-python-client: upgrade 2.54.0 -> 2.55.0 python3-haversine: upgrade 2.5.1 -> 2.6.0 python3-imageio: upgrade 2.19.5 -> 2.21.0 python3-autobahn: upgrade 22.6.1 -> 22.7.1 python3-engineio: upgrade 4.3.3 -> 4.3.4 python3-flask: upgrade 2.1.3 -> 2.2.2 python3-gcovr: upgrade 5.1 -> 5.2 python3-google-api-python-client: upgrade 2.55.0 -> 2.56.0 python3-asttokens: upgrade 2.0.5 -> 2.0.7 python3-zeroconf: upgrade 0.38.7 -> 0.39.0 meta-security: 2a2d650ee0..10fdc2b13a: Anton Antonov (2): Use CARGO_TARGET_SUBDIR in do_install parsec-service: Update oeqa tests Armin Kuster (8): python3-privacyidea: update to 3.7.3 lkrg-module: update to 0.9.5 apparmor: update to 3.0.6 packagegroup-core-security: add space for appends cryptmount: Add new pkg packagegroup-core-security: add pkg to grp cyptmount: Fix mount.h conflicts seen with glibc 2.36+ kas: update testimage inherit John Edward Broadbent (1): meta-security: Add recipe for Glome Mingli Yu (1): samhain-standalone: fix buildpaths issue poky: fc59c28724..9b1db65e7d: Alejandro Hernandez Samaniego (1): baremetal-image.bbclass: Emulate image.bbclass to handle new classes scope Alex Stewart (1): maintainers: update opkg maintainer Alexander Kanavin (113): kmscube: address linux 5.19 fails rpm: update 4.17.0 -> 4.17.1 go: update 1.18.4 -> 1.19 bluez5: update 5.64 -> 5.65 python3-pip: update 22.2.1 -> 22.2.2 ffmpeg: update 5.0.1 -> 5.1 iproute2: upgrade 5.18.0 -> 5.19.0 harfbuzz: upgrade 4.4.1 -> 5.1.0 libwpe: upgrade 1.12.0 -> 1.12.2 bind: upgrade 9.18.4 -> 9.18.5 diffoscope: upgrade 218 -> 220 ell: upgrade 0.51 -> 0.52 gnutls: upgrade 3.7.6 -> 3.7.7 iso-codes: upgrade 4.10.0 -> 4.11.0 kea: upgrade 2.0.2 -> 2.2.0 kexec-tools: upgrade 2.0.24 -> 2.0.25 libcap: upgrade 2.64 -> 2.65 libevdev: upgrade 1.12.1 -> 1.13.0 libnotify: upgrade 0.8.0 -> 0.8.1 libwebp: upgrade 1.2.2 -> 1.2.3 libxcvt: upgrade 0.1.1 -> 0.1.2 mesa: upgrade 22.1.3 -> 22.1.5 mobile-broadband-provider-info: upgrade 20220511 -> 20220725 nettle: upgrade 3.8 -> 3.8.1 piglit: upgrade to latest revision puzzles: upgrade to latest revision python3: upgrade 3.10.5 -> 3.10.6 python3-dtschema: upgrade 2022.7 -> 2022.8 python3-hypothesis: upgrade 6.50.1 -> 6.54.1 python3-jsonschema: upgrade 4.9.0 -> 4.9.1 python3-markdown: upgrade 3.3.7 -> 3.4.1 python3-setuptools: upgrade 63.3.0 -> 63.4.1 python3-sphinx: upgrade 5.0.2 -> 5.1.1 python3-urllib3: upgrade 1.26.10 -> 1.26.11 sqlite3: upgrade 3.39.1 -> 3.39.2 sysklogd: upgrade 2.4.0 -> 2.4.2 webkitgtk: upgrade 2.36.4 -> 2.36.5 kernel-dev: working with kernel using devtool does not require building and installing eSDK sdk-manual: describe how to use extensible SDK functionality directly in a Yocto build dropbear: merge .inc into .bb rust: update 1.62.0 -> 1.62.1 cmake: update 3.23.2 -> 3.24.0 weston: upgrade 10.0.1 -> 10.0.2 patchelf: update 0.14.5 -> 0.15.0 patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak weston: exclude pre-releases from version check tzdata: upgrade 2022a -> 2022b libcgroup: update 2.0.2 -> 3.0.0 python3-setuptools-rust: update 1.4.1 -> 1.5.1 shadow: update 4.11.1 -> 4.12.1 slang: update 2.3.2 -> 2.3.3 xz: update 5.2.5 -> 5.2.6 gdk-pixbuf: update 2.42.8 -> 2.42.9 xorgproto: update 2022.1 -> 2022.2 boost-build-native: update 4.4.1 -> 1.80.0 boost: update 1.79.0 -> 1.80.0 vulkan-samples: update to latest revision epiphany: upgrade 42.3 -> 42.4 git: upgrade 2.37.1 -> 2.37.2 glib-networking: upgrade 2.72.1 -> 2.72.2 gnu-efi: upgrade 3.0.14 -> 3.0.15 gpgme: upgrade 1.17.1 -> 1.18.0 libjpeg-turbo: upgrade 2.1.3 -> 2.1.4 libwebp: upgrade 1.2.3 -> 1.2.4 lighttpd: upgrade 1.4.65 -> 1.4.66 mesa: upgrade 22.1.5 -> 22.1.6 meson: upgrade 0.63.0 -> 0.63.1 mpg123: upgrade 1.30.1 -> 1.30.2 pango: upgrade 1.50.8 -> 1.50.9 piglit: upgrade to latest revision pkgconf: upgrade 1.8.0 -> 1.9.2 python3-dtschema: upgrade 2022.8 -> 2022.8.1 python3-more-itertools: upgrade 8.13.0 -> 8.14.0 python3-numpy: upgrade 1.23.1 -> 1.23.2 python3-pbr: upgrade 5.9.0 -> 5.10.0 python3-pyelftools: upgrade 0.28 -> 0.29 python3-pytz: upgrade 2022.1 -> 2022.2.1 strace: upgrade 5.18 -> 5.19 sysklogd: upgrade 2.4.2 -> 2.4.4 wireless-regdb: upgrade 2022.06.06 -> 2022.08.12 wpebackend-fdo: upgrade 1.12.0 -> 1.12.1 python3-hatchling: update 1.6.0 -> 1.8.0 python3-setuptools: update 63.4.1 -> 65.0.2 devtool: do not leave behind source trees in workspace/sources systemtap: add a patch to address a python 3.11 failure bitbake: bitbake-layers: initialize tinfoil before registering command line arguments scripts/oe-setup-builddir: add a check that TEMPLATECONF is valid bitbake-layers: add a command to save the active build configuration as a template into a layer bitbake-layers: add ability to save current layer repository configuration into a file scripts/oe-setup-layers: add a script that restores the layer configuration from a json file selftest/bblayers: add a test for creating a layer setup and using it to restore the layers selftest/bblayers: adjust the revision for the layer setup test perl: run builds from a pristine source tree meta-poky/conf: move default templates to conf/templates/default/ syslinux: mark all pending patches as Inactive-Upstream shadow: correct the pam patch status mtd-utils: remove patch that adds -I option gstreamer1.0-plugins-bad: remove an unneeded patch ghostscript: remove unneeded patch ovmf: drop the force no-stack-protector patch python: submit CC to cc_basename patch upstream mc: submit perl warnings patch upstream sysvinit: send install.patch upstream valgrind: (re)send ppc instructions patch upstream gdk-pixbuf: submit fatal-loader.patch upstream libsdl2: follow upstream version is even rule python3-pip: submit reproducible.patch upstream python3-pip: remove unneeded reproducible.patch llvm: remove 0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch scripts/oe-setup-builddir: migrate build/conf/templateconf.cfg to new template locations meta/files/layers.schema.json: drop the layers property scripts/oe-setup-builddir: write to conf/templateconf.cfg after the build is set up scripts/oe-setup-builddir: make environment variable the highest priority source for TEMPLATECONF Alexandre Belloni (1): ruby: drop capstone support Andrei Gherzan (7): shadow: Enable subid support rootfspostcommands.py: Restructure sort_passwd and related functions rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils selftest: Add module for testing rootfs postcommands rootfs-postcommands.bbclass: Follow function rename in rootfspostcommands.py shadow: Avoid nss warning/error with musl linux-yocto: Fix COMPATIBLE_MACHINE regex match Andrey Konovalov (2): mesa: add pipe-loader's libraries to libopencl-mesa package mesa: build clover with native LLVM codegen support for freedreno Anuj Mittal (1): poky.conf: add ubuntu-22.04 to tested distros Armin Kuster (1): system-requirements.rst: remove EOL and Centos7 hosts Aryaman Gupta (1): bitbake: runqueue: add memory pressure regulation Awais Belal (1): kernel-fitimage.bbclass: only package unique DTBs Beniamin Sandu (1): libpam: use /run instead of /var/run in systemd tmpfiles Bertrand Marquis (1): sysvinit-inittab/start_getty: Fix respawn too fast Bruce Ashfield (22): linux-yocto/5.15: update to v5.15.58 linux-yocto/5.10: update to v5.10.134 linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge) linux-libc-headers: update to v5.19 kernel-devsrc: support arm v5.19+ on target build kernel-devsrc: support powerpc on v5.19+ lttng-modules: fix build against mips and v5.19 kernel linux-yocto: introduce v5.19 reference kernel recipes meta/conf: update preferred linux-yocto version to v5.19 linux-yocto: drop v5.10 reference kernel recipes linux-yocto/5.15: update to v5.15.59 linux-yocto/5.15: fix reproducibility issues linux-yocto/5.19: cfg: update x32 configuration fragment linux-yocto/5.19: fix reproducibility issues poky: update preferred version to v5.19 poky: change preferred kernel version to 5.15 in poky-alt yocto-bsp: drop v5.10 bbappend and create 5.19 placeholder lttng-modules: replace mips compaction fix with upstream change linux-yocto/5.15: update to v5.15.60 linux-yocto/5.19: update to v5.19.1 linux-yocto/5.19: update to v5.19.3 linux-yocto/5.15: update to v5.15.62 Changqing Li (1): apt: fix nativesdk-apt build failure during the second time build Chen Qi (2): python3-hypothesis: revert back to 6.46.11 python3-requests: add python3-compression dependency Drew Moseley (1): rng-tools: Replace obsolete "wants systemd-udev-settle" Enrico Scholz (2): npm.bbclass: fix typo in 'fund' config option npm.bbclass: fix architecture mapping Ernst Sjöstrand (1): cve-check: Don't use f-strings Jacob Kroon (1): python3-cython: Remove debug lines Jan Luebbe (2): openssh: sync local ssh_config + sshd_config files with upstream 8.7p1 openssh: add support for config snippet includes to ssh and sshd JeongBong Seo (1): wic: add 'none' fstype for custom image Johannes Schneider (1): classes: rootfs-postcommands: autologin root on serial-getty Jon Mason (2): oeqa/parselogs: add qemuarmv5 arm-charlcd masking ref-manual: add numa to machine features Jose Quaresma (4): bitbake: build: prefix the tasks with a timestamp in the log task_order archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS shaderc: upgrade 2022.1 -> 2022.2 Joshua Watt (4): bitbake: siggen: Fix insufficent entropy in sigtask file names bitbake: utils: Pass lock argument in fileslocked classes: cve-check: Get shared database lock meta/files: add layer setup JSON schema and example Kai Kang (1): packagegroup-self-hosted: update for strace Kevin Hao (1): uboot-config.bbclass: Don't bail out early in multi configs Khem Raj (83): qemu: Fix build with glibc 2.36 mtd-utils: Fix build with glibc 2.36 stress-ng: Upgrade to 0.14.03 bootchart2: Fix build with glibc 2.36+ ltp: Fix sys/mount.h conflicts needed for glibc 2.36+ compile efivar: Fix build with glibc 2.36 cracklib: Drop using register keyword util-linux: Define pidfd_* function signatures util-linux: Upgrade to 2.38.1 tcp-wrappers: Fix implicit-function-declaration warnings perl-cross: Correct function signatures in configure_func.sh perl: Pass additional flags to enable lfs and gnu source sysvinit: Fix mount.h conflicts seen with glibc 2.36+ glibc: Bump to 2.36 glibc: Update patch status zip: Enable largefile support based on distro feature zip: Make configure checks to be more robust unzip: Fix configure tests to use modern C unzip: Enable largefile support when enabled in distro iproute2: Fix netns check during configure glibc: Bump to latest 2.36 branch gstreamer1.0-plugins-base: Include required system headers for isspace() and sscanf() musl: Upgrade to latest tip of trunk zip: Always enable LARGE_FILE_SUPPORT libmicrohttpd: Enable largefile support unconditionally unzip: Always enable largefile support default-distrovars: Remove largefile from defualt DISTRO_FEATURES zlib: Resolve CVE-2022-37434 json-c: Fix function prototypes rsync: Backport fix to address CVE-2022-29154 rsync: Upgrade to 3.2.5 libtirpc: Backport fix for CVE-2021-46828 libxml2: Ignore CVE-2016-3709 tiff: Backport a patch for CVE-2022-34526 libtirpc: Upgrade to 1.3.3 perf: Add packageconfig for libbfd support and use disabled as default connman: Backports for security fixes systemd: Upgrade to 251.4 and fix build with binutils 2.39 time: Add missing include for memset screen: Add missing include files in configure checks setserial: Fix build with clang expect: Fix implicit-function-declaration warnings spirv-tools: Remove default copy constructor in header boost: Compile out stdlib unary/binary_functions for c++11 and newer vulkan-samples: Qualify move as std::move apt: Do not use std::binary_function ltp: Fix sys/mount.h and linux/mount.h conflict rpm: Remove -Wimplicit-function-declaration warnings binutils: Upgrade to 2.39 release binutils-cross: Disable gprofng for when building cross binutils binutils: Package up gprofng binutils: Disable gprofng when using clang binutils-cross-canadian: Package up new gprofng.rc file autoconf: Fix strict prototype errors in generated tests rsync: Add missing prototypes to function declarations nfs-utils: Upgrade to 2.6.2 webkitgtk: Upgrade to 2.36.6 minor update musl: Update to tip binutils: Disable gprofng on musl systems binutils: Upgrade to latest on 2.39 release branch cargo_common.bbclass: Add missing space in shell conditional code rng-tools: Remove depndencies on hwrng ccache: Update the patch status ccache: Fix build with gcc12 on musl alsa-plugins: Include missing string.h xinetd: Pass missing -D_GNU_SOURCE watchdog: Include needed system header for function decls libcgroup: Use GNU strerror_r only when its available pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses apr: Use correct strerror_r implementation based on libc type gcr: Define _GNU_SOURCE ltp: Adjust types to match create_fifo_thread return gcc: Upgrade to 12.2.0 glibc: Update to latest on 2.36 ltp: Remove -mfpmath=sse on x86-64 too apr: Cache configure tests which use AC_TRY_RUN rust: Fix build failure on riscv32 ncurses: Fix configure tests for exit and mbstate_t rust-llvm: Update to matching LLVM_VERSION from rust-source librepo: Fix build on musl rsync: Turn on -pedantic-errors at the end of 'configure' ccache: Upgrade to 4.6.2 xmlto: Update to use upstream tip of trunk Konrad Weihmann (1): python3: disable user site-pkg for native target Lee Chee Yang (1): migration guides: add release notes for 4.0.3 Luca Ceresoli (1): libmnl: remove unneeded SRC_URI 'name' option Markus Volk (2): connman: add PACKAGECONFIG to support iwd packagegroup-base.bb: add a configure option to set the wireless-daemon Martin Jansa (5): glibc: revert one upstream change to work around broken DEBUG_BUILD build syslinux: Fix build with glibc-2.36 syslinux: refresh patches with devtool glibc: fix new upstream build issue with DEBUG_BUILD build glibc: apply proposed patch from upstream instead of revert Mateusz Marciniec (2): util-linux: Remove --enable-raw from EXTRA_OECONF util-linux: Improve check for magic in configure.ac Michael Halstead (1): uninative: Upgrade to 3.7 to work with glibc 2.36 Michael Opdenacker (1): dev-manual: use proper note directive Mingli Yu (1): bitbake: fetch: use BPN instead Neil Horman (1): bitbake: Fix npm to use https rather than http Paul Eggleton (1): relocate_sdk.py: ensure interpreter size error causes relocation to fail Pavel Zhukov (6): package_rpm: Do not replace square brackets in %files selftest: Add regression test for rpm filesnames parselogs: Ignore xf86OpenConsole error bitbake: gitsm: Error out if submodule refers to parent repo bitbake: tests: Add Timeout class bitbake: tests: Add test for possible gitsm deadlock Peter Bergin (3): rust-cross-canadian: rename shell variables for easier appends packagegroup-rust-cross-canadian: add native compiler environment oeqa/sdk: extend rust test to also use a build script Peter Marko (1): create-spdx: handle links to inaccessible locations Quentin Schulz (3): docs: conf.py: update yocto_git base URL docs: README: add TeX font package required for building PDF docs: ref-manual: system-requirements: add missing packages Randy MacLeod (1): rust: update from 1.62.1 to 1.63.0 Rasmus Villemoes (1): bitbake.conf: set BB_DEFAULT_UMASK using ??= Richard Purdie (85): oeqa/selftest/sstate: Ensure tests are deterministic nativesdk: Clear TUNE_FEATURES populate_sdk_base: Disable rust SDK for MIPS n32 selftest/reproducible: Exclude rust/rust-dbg for now until we can fix conf/distro/no-static-libs: Allow static musl for rust rust-target-config: Add mips n32 target information rust-common: Add CXXFLAGS rust-common: Drop export directive from wrappers rust-common: Rework wrappers to handle musl rust: Work around reproducibility issues rust: Switch to use RUST_XXX_SYS consistently rust.inc: Rename variables to make code clearer rust.inc: Fix cross build llvm-config handling rust/mesa: Drop obsolete YOCTO_ALTERNATE_MULTILIB_NAME rust-target-config: Show clear error when target isn't defined rust: Generate per recipe target configuration files rust-common/rust: Improve bootstrap BUILD_SYS handling cargo_common: Handle build SYS as well as HOST/TARGET rust-llvm: Enable nativesdk variant rust.inc: Fix for cross compilation configuration rust-common: Update to match cross targets rust-target-config: Make target workaround generic rust-common: Simplify libc handling cargo: Drop cross-canadian variant and fix/use nativesdk rust-common: Set rustlibdir to match target expectation rust-cross-canadian: Simplify and fix rust: Drop cross/crosssdk rust: Enable nativesdk and target builds + replace rust-tools-cross-canadian rust: Fix musl builds rust: Ensure buildpaths are handled in debug symbols correctly rust: Update README selftest/wic: Tweak test case to not depend on kernel size bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig bitbake: runqueue: Improve deadlock warning messages bitbake: runqueue: Drop deadlock breaking force fail rust-common: Remove conflict with utils create_wrapper kern-devsrc: Drop auto.conf creation cargo: Work around host system library conflicts rust-cross-canadian: Use shell from SDK, not the host buildhistory: Only use image-artifact-names as an image class rust: Remove unneeded RUST_TARGETGENS settings meta-skeleton/hello-mod: Switch to SPDX-License-Identifier perf: Fix reproducibility issues with 5.19 onwards selftest/runtime_test/incompatible_lic: Use IMAGE_CLASSES for testimage testexport: Fix to work as an image class testexport: Use IMAGE_CLASSES for testimage selftest/runtime_test: Use testexport in IMAGE_CLASSES, not globally bitbake: BBHandler: Allow earlier exit for classes not found bitbake: BBHandler: Make inherit calls more directly bitbake: bitbake: Add copyright headers where missing bitbake: BBHandler/cooker: Implement recipe and global classes classes: Add copyright statements to files without one scripts: Add copyright statements to files without one classes: Add SPDX license identifiers lib: Add copyright statements to files without one insane: Update to allow for class layout changes classes: Update classes to match new bitbake class scope functionality recipetool: Update for class changes package: Switch debug source handling to use prefix map libgcc/gcc-runtime: Improve source reference handling bitbake.conf: Handle S and B separately for debug mapping python3-cython: Update code to match debug path changes gcc-cross: Fix relative links gcc: Resolve relative prefix-map filenames gcc: Add a patch to avoid hardcoded paths in libgcc on powerpc gcc: Update patch status to submitted for two patches valgrind: Disable drd/tests/std_thread2 ptest valgrind: Update to match debug file layout changes skeleton/service: Ensure debug path handling works as intended distrooverrides: Move back to classes whilst it's usage is clarified vim: Upgrade 9.0.0115 -> 9.0.0242 icu: Drop binconfig support (icu-config) libtirpc: Mark CVE-2021-46828 as resolved bitbake: runqueue: Change pressure file warning to a note rust-target-config: Drop has-elf-tls option llvm: Add llvm-config wrapper to improve flags handling mesa: Rework llvm handling rust-target-config: Fix qemuppc target cpu option rust: Fix crossbeam-utils for arches without atomics pseudo: Update to include recent upstream minor fixes bitbake: Revert "fetch: use BPN instead" vim: Upgrade 9.0.0242 -> 9.0.0341 gcc-multilib-config: Fix i686 toolchain relocation issues kernel: Always set CC and LD for the kernel build kernel: Use consistent make flags for menuconfig Robert Joslyn (1): curl: Update to 7.85.0 Ross Burton (9): oeqa/qemurunner: add run_serial() comment oeqa/commands: add support for running cross tools to runCmd oeqa/selftest: rewrite gdbserver test libxml2: wrap xmllint to use the correct XML catalogues oeqa/selftest: add test for debuginfod libgcrypt: remove obsolete pkgconfig install libgcrypt: remove obsolete patch libgcrypt: rewrite ptest cve-check: close cursors as soon as possible Sakib Sajal (2): qemu: fix CVE-2021-3507 qemu: fix CVE-2022-0216 Shubham Kulkarni (1): sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct Simone Weiss (1): json-c: Add ptest for json-c Sundeep KOKKONDA (1): glibc : stable 2.35 branch updates Thomas Roos (1): oeqa devtool: Add tests to cover devtool handling of various git URL styles Tom Hochstein (1): piglit: Add PACKAGECONFIG for glx and opencl Tom Rini (1): qemux86-64: Allow higher tunes Ulrich Ölmann (1): scripts/runqemu.README: fix typos and trailing whitespaces William A. Kennington III (1): image_types: Set SOURCE_DATE_EPOCH for squashfs Yang Xu (1): insane.bbclass: Skip patches not in oe-core by full path Yogesh Tyagi (1): gdbserver : add selftest Yongxin Liu (1): grub2: fix several CVEs wangmy (19): msmtp: upgrade 1.8.20 -> 1.8.22 bind: upgrade 9.18.5 -> 9.18.6 btrfs-tools: upgrade 5.18.1 -> 5.19 libdnf: upgrade 0.67.0 -> 0.68.0 librepo: upgrade 1.14.3 -> 1.14.4 pkgconf: upgrade 1.9.2 -> 1.9.3 python3-pygments: upgrade 2.12.0 -> 2.13.0 ethtool: upgrade 5.18 -> 5.19 librsvg: upgrade 2.54.4 -> 2.54.5 libtasn1: upgrade 4.18.0 -> 4.19.0 liburcu: upgrade 0.13.1 -> 0.13.2 libwpe: upgrade 1.12.2 -> 1.12.3 lttng-tools: upgrade 2.13.7 -> 2.13.8 lttng-ust: upgrade 2.13.3 -> 2.13.4 libatomic-ops: upgrade 7.6.12 -> 7.6.14 lz4: upgrade 1.9.3 -> 1.9.4 python3-hatchling: upgrade 1.8.0 -> 1.8.1 python3-urllib3: upgrade 1.26.11 -> 1.26.12 repo: upgrade 2.28 -> 2.29.1 meta-arm: 20a629180c..52f07a4b0b: Anton Antonov (11): arm/optee-os: backport RWX permission error patch work around for too few arguments to function init_disassemble_info() error arm/optee-os: backport linker warning patches arm/tf-a-tests: work around RWX permission error on segment Recipes for Trusted Services dependencies. Recipes for Trusted Services Secure Partitions ARM-FFA kernel drivers and kernel configs for Trusted Services Trusted Services test/demo NWd tools psa-api-tests for Trusted Services Include Trusted Services SPs into optee-os image Define qemuarm64-secureboot-ts CI pipeline and include it into meta-arm Gowtham Suresh Kumar (2): arm-bsp/secure-partitions: fix SMM gateway bug for EFI GetVariable() arm-bsp/u-boot: drop EFI GetVariable() workarounds patches Jon Mason (11): arm-bsp/fvp-base-arm32: Update kernel patch for v5.19 arm/qemuarm64-secureboot: remove tfa memory patch arm/linux-yocto: remove optee num pages kernel config variable arm-bsp/juno: drop scmi patch arm/qemuarm-secureboot: remove vmalloc from QB_KERNEL_CMDLINE_APPEND arm/fvp: use image-artifact-names as an image class atp/atp: drop package inherits arm/optee: Update to 3.18 arm-bsp/fvp-base: set preferred kernel to 5.15 arm/arm-bsp: Add yocto-kernel-cache bluetooth support arm-bsp/corstone1000: use compressed kernel image Khem Raj (2): gator-daemon: Define _GNU_SOURCE feature test macro optee-os: Add section attribute parameters when clang is used Peter Hoyes (3): docs: Update FVP_CONSOLES in runfvp documentation docs: Introduce meta-arm OEQA documentation arm/oeqa: Make linuxboot test case timeout configurable Richard Purdie (1): gem5/gem5-m5ops: Drop uneeded package inherit Ross Burton (2): arm/trusted-firmware-a: remove redundant patches arm/trusted-firmware-a: work around RWX permission error on segment Rui Miguel Silva (2): arm-bsp:corstone500: rebase u-boot patches on v2022.07 arm-bsp/corstone1000: rebase u-boot patches on top v2022.07 Vishnu Banavath (3): arm-bsp/trusted-firmware-a: Bump TF-A version for N1SDP arm-bsp/optee: add optee-os support for N1SDP target arm/optee: update optee-client to v3.18 Signed-off-by: Patrick Williams Change-Id: I90aa0a94410dd208163af126566d22c77787abc2 --- .../rpm/files/0001-CVE-2021-3521.patch | 57 ---- ...code-lib-rpm-as-the-installation-path-for.patch | 14 +- ...installing-execute-package-scriptlets-wit.patch | 18 +- ...c-add-linux-gnux32-variant-to-triplet-han.patch | 31 ++ .../rpm/files/0002-CVE-2021-3521.patch | 64 ---- .../rpm/files/0003-CVE-2021-3521.patch | 329 --------------------- poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb | 208 ------------- poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb | 206 +++++++++++++ 8 files changed, 255 insertions(+), 672 deletions(-) delete mode 100644 poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch create mode 100644 poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch delete mode 100644 poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch delete mode 100644 poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch delete mode 100644 poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb create mode 100644 poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb (limited to 'poky/meta/recipes-devtools/rpm') diff --git a/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch deleted file mode 100644 index 044b4dd2a0..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:56:20 +0300 -Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function - -No functional changes, just to reduce code duplication and needed by -the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] - -Signed-off-by: Changqing Li ---- - rpmio/rpmpgp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9a..e472b5320f 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) - return algo; - } - -+static pgpDigParams pgpDigParamsNew(uint8_t tag) -+{ -+ pgpDigParams digp = xcalloc(1, sizeof(*digp)); -+ digp->tag = tag; -+ return digp; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { -@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - if (pkttype && pkt.tag != pkttype) { - break; - } else { -- digp = xcalloc(1, sizeof(*digp)); -- digp->tag = pkt.tag; -+ digp = pgpDigParamsNew(pkt.tag); - } - } - -@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - digps = xrealloc(digps, alloced * sizeof(*digps)); - } - -- digps[count] = xcalloc(1, sizeof(**digps)); -- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; -+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); - /* Copy UID from main key to subkey */ - digps[count]->userid = xstrdup(mainkey->userid); - --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 6d236ac400..c6cf9d4c88 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 +From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index eb7d6941b..10a889b5d 100644 +index 372875fc4..1b7add9ee 100644 --- a/configure.ac +++ b/configure.ac -@@ -871,7 +871,7 @@ else +@@ -884,7 +884,7 @@ else usrprefix=$prefix fi @@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644 AC_SUBST(OBJDUMP) diff --git a/macros.in b/macros.in -index a1f795e5f..689e784ef 100644 +index d53ab5ed5..9d10441c8 100644 --- a/macros.in +++ b/macros.in -@@ -933,7 +933,7 @@ package or when debugging this package.\ +@@ -911,7 +911,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index 7b57f433b..9bbb9ee96 100644 +index ebe4e40d1..e6920e258 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 11:0:2 + rpm_version_info = 12:0:3 diff --git a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch index 4020a31092..2a0069cafe 100644 --- a/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch +++ b/poky/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch @@ -28,11 +28,18 @@ Signed-off-by: Alexander Kanavin lib/rpmscript.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) -diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index cc98c4885..f8bd3df04 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -394,8 +394,7 @@ exit: +@@ -17,7 +17,7 @@ + #include "rpmio/rpmio_internal.h" + + #include "lib/rpmplugins.h" /* rpm plugins hooks */ +- ++#include "lib/rpmchroot.h" /* rpmChrootOut */ + #include "debug.h" + + struct scriptNextFileFunc_s { +@@ -391,8 +391,7 @@ exit: Fclose(out); /* XXX dup'd STDOUT_FILENO */ if (fn) { @@ -42,7 +49,7 @@ index cc98c4885..f8bd3df04 100644 free(fn); } free(mline); -@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd, +@@ -426,7 +425,13 @@ rpmRC rpmScriptRun(rpmScript script, int if (rc != RPMRC_FAIL) { if (script_type & RPMSCRIPTLET_EXEC) { @@ -57,6 +64,3 @@ index cc98c4885..f8bd3df04 100644 } else { rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); } --- -2.11.0 - diff --git a/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch new file mode 100644 index 0000000000..2174a79e75 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch @@ -0,0 +1,31 @@ +From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Thu, 4 Aug 2022 12:15:08 +0200 +Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling + +x32 is a 64 bit x86 ABI with 32 bit pointers. + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143] +Signed-off-by: Alexander Kanavin +--- + configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 372875fc49..7d6a3d274e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'` + host_os_gnu=-gnuabi64 + fi ++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then ++ host_os=`echo "${host_os}" | sed 's/-gnux32$//'` ++ host_os_gnu=-gnux32 ++fi + if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnu$//'` + fi +-- +2.30.2 + diff --git a/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch deleted file mode 100644 index 683b57d455..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:51:10 +0300 -Subject: [PATCH 2/3] Process MPI's from all kinds of signatures - -No immediate effect but needed by the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 25f67048fd..509e777e6d 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) - return NULL; - } - --static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, -+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, - const uint8_t *p, const uint8_t *h, size_t hlen, - pgpDigParams sigp) - { -@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, - int mpil = pgpMpiLen(p); - if (pend - p < mpil) - break; -- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { -- if (sigalg->setmpi(sigalg, i, p)) -- break; -- } -+ if (sigalg->setmpi(sigalg, i, p)) -+ break; - p += mpil; - } - -@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - } - - p = ((uint8_t *)v) + sizeof(*v); -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - case 4: - { pgpPktSigV4 v = (pgpPktSigV4)h; -@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - p += 2; - if (p > hend) - return 1; -- -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - default: - rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch deleted file mode 100644 index a5ec802501..0000000000 --- a/poky/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:59:30 +0300 -Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP - public keys - -All subkeys must be followed by a binding signature by the primary key -as per the OpenPGP RFC, enforce the presence and validity in the parser. - -The implementation is as kludgey as they come to work around our -simple-minded parser structure without touching API, to maximise -backportability. Store all the raw packets internally as we decode them -to be able to access previous elements at will, needed to validate ordering -and access the actual data. Add testcases for manipulated keys whose -import previously would succeed. - -Depends on the two previous commits: -7b399fcb8f52566e6f3b4327197a85facd08db91 and -236b802a4aa48711823a191d1b7f753c82a89ec5 - -Fixes CVE-2021-3521. - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] -CVE:CVE-2021-3521 - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 99 +++++++++++++++++-- - tests/Makefile.am | 3 + - tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ - .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ - tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ - tests/rpmsigdig.at | 28 ++++++ - 6 files changed, 209 insertions(+), 8 deletions(-) - create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 509e777e6d..371ad4d9b6 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) - return digp; - } - -+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) -+{ -+ int rc = -1; -+ if (pkt->tag == exptag) { -+ uint8_t head[] = { -+ 0x99, -+ (pkt->blen >> 8), -+ (pkt->blen ), -+ }; -+ -+ rpmDigestUpdate(hash, head, 3); -+ rpmDigestUpdate(hash, pkt->body, pkt->blen); -+ rc = 0; -+ } -+ return rc; -+} -+ -+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, -+ const struct pgpPkt *all, int i) -+{ -+ int rc = -1; -+ DIGEST_CTX hash = NULL; -+ -+ switch (selfsig->sigtype) { -+ case PGPSIGTYPE_SUBKEY_BINDING: -+ hash = rpmDigestInit(selfsig->hash_algo, 0); -+ if (hash) { -+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); -+ if (!rc) -+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); -+ } -+ break; -+ default: -+ /* ignore types we can't handle */ -+ rc = 0; -+ break; -+ } -+ -+ if (hash && rc == 0) -+ rc = pgpVerifySignature(key, selfsig, hash); -+ -+ rpmDigestFinal(hash, NULL, NULL, 0); -+ -+ return rc; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { - const uint8_t *p = pkts; - const uint8_t *pend = pkts + pktlen; - pgpDigParams digp = NULL; -- struct pgpPkt pkt; -+ pgpDigParams selfsig = NULL; -+ int i = 0; -+ int alloced = 16; /* plenty for normal cases */ -+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); - int rc = -1; /* assume failure */ -+ int expect = 0; -+ int prevtag = 0; - - while (p < pend) { -- if (decodePkt(p, (pend - p), &pkt)) -+ struct pgpPkt *pkt = &all[i]; -+ if (decodePkt(p, (pend - p), pkt)) - break; - - if (digp == NULL) { -- if (pkttype && pkt.tag != pkttype) { -+ if (pkttype && pkt->tag != pkttype) { - break; - } else { -- digp = pgpDigParamsNew(pkt.tag); -+ digp = pgpDigParamsNew(pkt->tag); - } - } - -- if (pgpPrtPkt(&pkt, digp)) -+ if (expect) { -+ if (pkt->tag != expect) -+ break; -+ selfsig = pgpDigParamsNew(pkt->tag); -+ } -+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) - break; - -- p += (pkt.body - pkt.head) + pkt.blen; -- if (pkttype == PGPTAG_SIGNATURE) -- break; -+ if (selfsig) { -+ /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } -+ -+ int xx = pgpVerifySelf(digp, selfsig, all, i); -+ -+ selfsig = pgpDigParamsFree(selfsig); -+ if (xx) -+ break; -+ expect = 0; -+ } -+ -+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) -+ expect = PGPTAG_SIGNATURE; -+ prevtag = pkt->tag; -+ -+ i++; -+ p += (pkt->body - pkt->head) + pkt->blen; -+ if (pkttype == PGPTAG_SIGNATURE) -+ break; -+ -+ if (alloced <= i) { -+ alloced *= 2; -+ all = xrealloc(all, alloced * sizeof(*all)); -+ } -+ - } - - rc = (digp && (p == pend)) ? 0 : -1; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index a41ce10de8..7bb23247f1 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec - EXTRA_DIST += data/SPECS/hello-cd.spec - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret -+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc - EXTRA_DIST += data/macros.testfile - EXTRA_DIST += data/macros.debug - EXTRA_DIST += data/SOURCES/foo.c -diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-badbind.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc -new file mode 100644 -index 0000000000..3a2e7417f8 ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc -@@ -0,0 +1,37 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 -+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En -+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ -+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF -+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ -+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB -+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j -+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos -+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ -+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX -+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ -+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ -+E4XX4jtDmdZPreZALsiB -+=rRop -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 8e7c759b8f..e2d30a7f1b 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -2,6 +2,34 @@ - - AT_BANNER([RPM signatures and digests]) - -+AT_SETUP([rpmkeys --import invalid keys]) -+AT_KEYWORDS([rpmkeys import]) -+RPMDB_INIT -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] -+) -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] -+) -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] -+) -+AT_CLEANUP -+ - # ------------------------------ - # Test pre-built package verification - AT_SETUP([rpmkeys -Kv 1]) --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb deleted file mode 100644 index c392ac0db4..0000000000 --- a/poky/meta/recipes-devtools/rpm/rpm_4.17.0.bb +++ /dev/null @@ -1,208 +0,0 @@ -SUMMARY = "The RPM package management system" -DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ -package management system capable of installing, uninstalling, \ -verifying, querying, and updating software packages. Each software \ -package consists of an archive of files along with information about \ -the package like its version, a description, etc." - -SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" -DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ -development files will simplify the process of writing programs that \ -manipulate RPM packages and databases. These files are intended to \ -simplify the process of creating graphical package managers or any \ -other tools that need an intimate knowledge of RPM packages in order \ -to function." - -SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" -DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ -written in the Python programming language to use the interface \ -supplied by the RPM Package Manager libraries." - -HOMEPAGE = "http://www.rpm.org" - -# libraries are also LGPL - how to express this? -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" - -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ - file://environment.d-rpm.sh \ - file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ - file://0001-Do-not-read-config-files-from-HOME.patch \ - file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ - file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ - file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ - file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ - file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ - file://0001-perl-disable-auto-reqs.patch \ - file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ - file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ - file://0001-tools-Add-error.h-for-non-glibc-case.patch \ - file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ - file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ - file://0001-CVE-2021-3521.patch \ - file://0002-CVE-2021-3521.patch \ - file://0003-CVE-2021-3521.patch \ - " - -PE = "1" -SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" - -S = "${WORKDIR}/git" - -DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" -DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" - -inherit autotools gettext pkgconfig python3native -export PYTHON_ABI - -AUTOTOOLS_AUXDIR = "${S}/build-aux" - -# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe -EXTRA_AUTORECONF:append = " --exclude=gnu-configize" - -# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages -EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" -EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" - -# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs -# --localstatedir prevents rpm from writing its database to native sysroot when building images -# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset -# plugins both behave badly inside builds. -EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" -EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" - -BBCLASSEXTEND = "native nativesdk" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" -# The inhibit plugin serves no purpose outside of the target -PACKAGECONFIG:remove:class-native = "inhibit" -PACKAGECONFIG:remove:class-nativesdk = "inhibit" - -PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" -PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" -PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" -PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" -PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" -PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" -PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" - -ASNEEDED = "" - -# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in -# libmagic also has sysroot path contamination, so override it - -WRAPPER_TOOLS = " \ - ${bindir}/rpm \ - ${bindir}/rpm2archive \ - ${bindir}/rpm2cpio \ - ${bindir}/rpmbuild \ - ${bindir}/rpmdb \ - ${bindir}/rpmgraph \ - ${bindir}/rpmkeys \ - ${bindir}/rpmsign \ - ${bindir}/rpmspec \ - ${libdir}/rpm/rpmdeps \ -" - -do_configure:prepend() { - mkdir -p ${S}/build-aux -} - -do_install:append:class-native() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ - RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ - MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done -} - -do_install:append:class-nativesdk() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ - RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ - MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done - - rm -rf ${D}/var - - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh -} - -# Rpm's make install creates var/tmp which clashes with base-files packaging -do_install:append:class-target() { - rm -rf ${D}/var -} -do_install:append:class-nativesdk() { - rm -rf ${D}${SDKPATHNATIVE}/var -} - -do_install:append () { - sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ - ${D}/${libdir}/rpm/macros - -} - -FILES:${PN} += "${libdir}/rpm-plugins/*.so \ - " -FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" - -FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ - " -PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" - -RRECOMMENDS:${PN} += "rpm-sign rpm-archive" - -FILES:${PN}-build = "\ - ${bindir}/rpmbuild \ - ${bindir}/gendiff \ - ${bindir}/rpmspec \ - ${libdir}/librpmbuild.so.* \ - ${libdir}/rpm/brp-* \ - ${libdir}/rpm/check-* \ - ${libdir}/rpm/debugedit \ - ${libdir}/rpm/sepdebugcrcfix \ - ${libdir}/rpm/find-debuginfo.sh \ - ${libdir}/rpm/find-lang.sh \ - ${libdir}/rpm/*provides* \ - ${libdir}/rpm/*requires* \ - ${libdir}/rpm/*deps* \ - ${libdir}/rpm/*.prov \ - ${libdir}/rpm/*.req \ - ${libdir}/rpm/config.* \ - ${libdir}/rpm/mkinstalldirs \ - ${libdir}/rpm/macros.p* \ - ${libdir}/rpm/fileattrs/* \ -" - -FILES:${PN}-sign = "\ - ${bindir}/rpmsign \ - ${libdir}/librpmsign.so.* \ -" - -FILES:${PN}-archive = "\ - ${bindir}/rpm2archive \ -" - -PACKAGES += "python3-rpm" -PROVIDES += "python3-rpm" -FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" - -RDEPENDS:${PN}-build = "bash perl python3-core" - -PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" - -# Do not specify a sysroot when compiling on a target. -rpm_package_preprocess () { - sed -i -e 's:--sysroot[^ ]*::g' \ - ${PKGD}/${libdir}/rpm/macros -} - -SSTATE_HASHEQUIV_FILEMAP = " \ - populate_sysroot:*/rpm/macros:${TMPDIR} \ - populate_sysroot:*/rpm/macros:${COREBASE} \ - " diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb b/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb new file mode 100644 index 0000000000..9b6446f265 --- /dev/null +++ b/poky/meta/recipes-devtools/rpm/rpm_4.17.1.bb @@ -0,0 +1,206 @@ +SUMMARY = "The RPM package management system" +DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ +package management system capable of installing, uninstalling, \ +verifying, querying, and updating software packages. Each software \ +package consists of an archive of files along with information about \ +the package like its version, a description, etc." + +SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" +DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ +development files will simplify the process of writing programs that \ +manipulate RPM packages and databases. These files are intended to \ +simplify the process of creating graphical package managers or any \ +other tools that need an intimate knowledge of RPM packages in order \ +to function." + +SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" +DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ +written in the Python programming language to use the interface \ +supplied by the RPM Package Manager libraries." + +HOMEPAGE = "http://www.rpm.org" + +# libraries are also LGPL - how to express this? +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" + +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ + file://environment.d-rpm.sh \ + file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ + file://0001-Do-not-read-config-files-from-HOME.patch \ + file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ + file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ + file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ + file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ + file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ + file://0001-perl-disable-auto-reqs.patch \ + file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ + file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ + file://0001-tools-Add-error.h-for-non-glibc-case.patch \ + file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ + file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ + file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ + " + +PE = "1" +SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11" + +S = "${WORKDIR}/git" + +DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" +DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" + +inherit autotools gettext pkgconfig python3native +export PYTHON_ABI + +AUTOTOOLS_AUXDIR = "${S}/build-aux" + +# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe +EXTRA_AUTORECONF:append = " --exclude=gnu-configize" + +# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages +EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" +EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" + +# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs +# --localstatedir prevents rpm from writing its database to native sysroot when building images +# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset +# plugins both behave badly inside builds. +EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" +EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" + +BBCLASSEXTEND = "native nativesdk" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" +# The inhibit plugin serves no purpose outside of the target +PACKAGECONFIG:remove:class-native = "inhibit" +PACKAGECONFIG:remove:class-nativesdk = "inhibit" + +PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" +PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" +PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" +PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" +PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" +PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" +PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" + +ASNEEDED = "" + +# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in +# libmagic also has sysroot path contamination, so override it + +WRAPPER_TOOLS = " \ + ${bindir}/rpm \ + ${bindir}/rpm2archive \ + ${bindir}/rpm2cpio \ + ${bindir}/rpmbuild \ + ${bindir}/rpmdb \ + ${bindir}/rpmgraph \ + ${bindir}/rpmkeys \ + ${bindir}/rpmsign \ + ${bindir}/rpmspec \ + ${libdir}/rpm/rpmdeps \ +" + +do_configure:prepend() { + mkdir -p ${S}/build-aux +} + +do_install:append:class-native() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ + RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ + MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done +} + +do_install:append:class-nativesdk() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ + RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ + MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done + + rm -rf ${D}/var + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh +} + +# Rpm's make install creates var/tmp which clashes with base-files packaging +do_install:append:class-target() { + rm -rf ${D}/var +} +do_install:append:class-nativesdk() { + rm -rf ${D}${SDKPATHNATIVE}/var +} + +do_install:append () { + sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ + ${D}/${libdir}/rpm/macros + +} + +FILES:${PN} += "${libdir}/rpm-plugins/*.so \ + " +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" + +FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ + " +PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" + +RRECOMMENDS:${PN} += "rpm-sign rpm-archive" + +FILES:${PN}-build = "\ + ${bindir}/rpmbuild \ + ${bindir}/gendiff \ + ${bindir}/rpmspec \ + ${libdir}/librpmbuild.so.* \ + ${libdir}/rpm/brp-* \ + ${libdir}/rpm/check-* \ + ${libdir}/rpm/debugedit \ + ${libdir}/rpm/sepdebugcrcfix \ + ${libdir}/rpm/find-debuginfo.sh \ + ${libdir}/rpm/find-lang.sh \ + ${libdir}/rpm/*provides* \ + ${libdir}/rpm/*requires* \ + ${libdir}/rpm/*deps* \ + ${libdir}/rpm/*.prov \ + ${libdir}/rpm/*.req \ + ${libdir}/rpm/config.* \ + ${libdir}/rpm/mkinstalldirs \ + ${libdir}/rpm/macros.p* \ + ${libdir}/rpm/fileattrs/* \ +" + +FILES:${PN}-sign = "\ + ${bindir}/rpmsign \ + ${libdir}/librpmsign.so.* \ +" + +FILES:${PN}-archive = "\ + ${bindir}/rpm2archive \ +" + +PACKAGES += "python3-rpm" +PROVIDES += "python3-rpm" +FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" + +RDEPENDS:${PN}-build = "bash perl python3-core" + +PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" + +# Do not specify a sysroot when compiling on a target. +rpm_package_preprocess () { + sed -i -e 's:--sysroot[^ ]*::g' \ + ${PKGD}/${libdir}/rpm/macros +} + +SSTATE_HASHEQUIV_FILEMAP = " \ + populate_sysroot:*/rpm/macros:${TMPDIR} \ + populate_sysroot:*/rpm/macros:${COREBASE} \ + " -- cgit v1.2.3