From 89e2f5ce97de5668f541afea23027dc76b3157ac Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Mon, 13 Dec 2021 17:05:19 -0600 Subject: subtree updates meta-raspberrypi: 9eb4879cf4..1584bddcf3: Alexandru Costache (3): conf/machine: Add Pi Zero 2 Wifi 64bit yocto machine linux-firmware-rpidistro: Package bcm43436 and bcm43436s firmware linux-raspberrypi: Bump to 5.10.78 Andrei Gherzan (11): raspberrypi-firmware: Bump to 20211007 linux-raspberrypi: Bump 5.10 to 5.10.76 linux-raspberrypi: Drop 5.4 README.md: Fix docs and minor tweaks docs: Bump copyright year README.md: Fix sponsor table README.md: Fix sponsor table take two docs: Fix RtD build docs: Add module dependency/requirement for RtD docs: Advertise raspberrypi0-2w-64 supported machine Update references to Yocto mailing list Khem Raj (1): linux-firmware-rpidistro: Use bullseye branch Marcel Hamer (1): recipes: Update SRC_URI protocols for github Zygmunt Krynicki (1): rpi-config: warn on config.txt lines exceeding 80 bytes poky: 80f2b56ad8..f286eefb27: Ahmed Hossam (1): go.bbclass: Allow adding parameters to go ldflags Alejandro Hernandez Samaniego (1): baremetal-image: Fix do_image dependencies Alexander Kanavin (11): lttng-tools: replace ad hoc ptest fixup with upstream fixes ca-certificates: update 20210119 -> 20211016 ovmf: update 202105 -> 202108 linux-firmware: upgrade 20210818 -> 20210919 wireless-regdb: upgrade 2021.07.14 -> 2021.08.28 waffle: convert to git, website is down stress-ng: convert to git, website is down tzdata: upgrade 2021a -> 2021d tzdata: update 2021d -> 2021e linux-firmware: upgrade 20210919 -> 20211027 libpcre/libpcre2: correct SRC_URI Alexandre Belloni (1): oeqa/selftest/sstatetests: fix typo ware -> were Andrei Gherzan (1): qemu: Define libnfs PACKAGECONFIG Andrej Valek (1): busybox: 1.34.0 -> 1.34.1 Andres Beltran (3): buildhistory: Fix package output files for SDKs create-spdx: Set the Organization field via a variable create-spdx: Fix key errors in do_create_runtime_spdx Anuj Mittal (2): glibc-version.inc: remove branch= from GLIBC_GIT_URI poky.conf: bump version for 3.4.1 honister release Bruce Ashfield (23): linux-yocto/5.14: scripts/gcc-plugins: consistently use HOSTCC linux-yocto/5.14: update to v5.14.8 linux-yocto/5.14: bsp/qemuarm*-gfx: use virtio graphics linux-yocto/5.10: update to v5.10.69 linux-yocto/5.10: update to v5.10.70 linux-yocto/5.14: update to v5.14.9 kernel-yocto: don't apply config metadata patches twice linux-yocto/5.14: revert: scripts/gcc-plugins: consistently use HOSTCC linux-yocto/5.10: update to v5.10.73 linux-yocto/5.14: update to v5.14.12 linux-yocto/5.14: update to v5.14.13 linux-yocto/5.10: update to v5.10.74 linux-yocto/5.14: common-pc: enable CONFIG_ATA_PIIX as built-in linux-yocto/5.14: update to v5.14.14 linux-yocto/5.10: update to v5.10.75 linux-yocto/5.14: update to v5.14.15 linux-yocto/5.10: update to v5.10.76 linux-yocto-rt/5.10: update to -rt54 strace: fix build against 5.15 kernel/kernel-headers linux-yocto/5.14: update to v5.14.16 linux-yocto/5.10: update to v5.10.77 linux-yocto/5.14: update to v5.14.17 linux-yocto/5.10: update to v5.10.78 Changqing Li (1): lttng-ust: fix do_compile failure for arm32 with DEBUG_BUILD enabled Chen Qi (4): bitbake: tests/fetch.py: fix premirror test cases bitbake: tests/fetch.py: add test case to ensure downloadfilename is used for premirror bitbake: fetch2: fix downloadfilename issue with premirror avahi: update CVE id fixed by local-ping.patch Claus Stovgaard (1): cups: Fix missing installation of cups sysv init scripts Daiane Angolini (2): machine/qemuarm*: Fix UBOOT_MACHINE value ref-manual: Update how to set a useradd password Fred Liu (1): glibc: Drop libcidn package Hsia-Jun(Randy) Li (1): meson: install native file in sdk Jon Mason (9): oeqa/manual: Fix no longer valid URLs bitbake: bitbake:toaster:test: Update SSTATE URL yocto-bsp/poky: replace http with https for URLs bitbake: bitbake: replace http with https for URLs documentation: update sources mirror URL documentation: replace http with https for URLs documentation: use YOCTO_DL_URL dev-manual: remove errant / scripts/lib/wic/help.py: Update Fedora Kickstart URLs Jose Quaresma (16): gstreamer1.0-plugins-base: 1.18.4 -> 1.18.5 gstreamer1.0-plugins-good: 1.18.4 -> 1.18.5 gstreamer1.0-plugins-bad: 1.18.4 -> 1.18.5 gstreamer1.0-plugins-ugly: 1.18.4 -> 1.18.5 gstreamer1.0-rtsp-server: 1.18.4 -> 1.18.5 gstreamer1.0-libav: 1.18.4 -> 1.18.5 gstreamer1.0-vaapi: 1.18.4 -> 1.18.5 gstreamer1.0-omx: 1.18.4 -> 1.18.5 gstreamer1.0-python: 1.18.4 -> 1.18.5 gst-devtools: 1.18.4 -> 1.18.5 gst-examples: 1.18.4 -> 1.18.5 gstreamer1.0: 1.18.4 -> 1.18.5 patch.bbclass: when the patch fails show more info on the fatal error sstate: fix touching files inside pseudo bitbake: cooker: check if upstream hash equivalence server is available sstate: another fix for touching files inside pseudo Joshua Watt (4): bitbake: async: Close sync client event loop bitbake: hashserv: Add tests for diverging reports bitbake: hashserv: Fix diverging report race condition classes/populate_sdk_base: Add setscene tasks Kai Kang (3): squashfs-tools: fix CVE-2021-41072 squashfs-tools: follow-up fix for CVE-2021-41072 convert-srcuri.py: use regex to check space in SRC_URI Khem Raj (2): mesa: Enable svga for x86 only kernel-devsrc: Add vdso.lds and other build files for riscv64 as well Kiran Surendran (1): ffmpeg: fix CVE-2021-38114 Konrad Weihmann (1): libical: fix append in DEPENDS Manuel Leonhardt (2): sstate: Account for reserved characters when shortening sstate filenames dpkg: Install dkpg-perl scripts to versioned perl directory Michael Opdenacker (21): manuals: font fixes ref-manual: document DEBUG_PREFIX_MAP manuals: replace "apt-get" by "apt" Makefile: allow epub and latexpdf outputs to use diagrams from SVG sources conf.py: use PNG first in EPUB output overview-manual: SVG diagram for the git workflow docs: add "make all" to build old types of docs (html, epub, pdf) at once manuals: introduce 'yocto_sstate' extlink overview-manual: simplify expression dev-manual: correct NO_GENERIC_LICENSE section title dev-manual: warn about license compliance issues when static libraries are used ref-manual: document BUILD_REPRODUCIBLE_BINARIES ref-manual: document "reproducible_build" class and SOURCE_DATE_EPOCH test-manual: how to enable reproducible builds ref-manual: document TOOLCHAIN_HOST_TASK_ESDK releases.rst: fix release number for 3.3.3 docs: poky.yaml: updates for 3.4 ref-manual: update system requirements manuals: releases.rst: move gatesgarth to outdated releases section updates for release 3.3.4 documentation: conf.py: fix version of bitbake objects.inv Oleksandr Kravchuk (1): python3: update to 3.9.7 Pablo Saavedra Rodi?o (1): mesa: upgrade 21.2.1 -> 21.2.4 Paul Eggleton (7): migration-3.4: tweak overrides change section ref-manual: remove meta class poky.yaml: add lz4 and zstd to essential host packages migration-3.4: add additional migration info migration: tweak introduction section poky.yaml: fix lz4 package name for older Ubuntu versions migration-3.4: add some extra packaging notes Peter Kjellerstedt (5): meson.bblcass: Remove empty egg-info directories before running meson qemu.inc: Remove empty egg-info directories before running meson libx11: Update LICENSE to better reflect reality libx11-compose-data: Update LICENSE to better reflect reality insane.bbclass: Add a check for directories that are expected to be empty Quentin Schulz (1): conf: update for release 3.4 Ralph Siemsen (1): tar: filter CVEs using vendor name Randy Li (1): meson: move lang args to the right section Richard Purdie (54): sstatesig: Only apply group/other permissions to pseudo files rpm: Deterministically set vendor macro entry abi_version/sstate: Bump to fix rpm corruption issues multilib: Avoid sysroot race issues when multilib enabled bitbake: knotty/uihelper: Show setscene task progress in summary output bitbake: bitbake-worker: Handle pseudo shutdown in Ctrl+C case poky.conf: Update tested distros list with recent changes bitbake: hashserv: Improve behaviour for better determinism/sstate reuse poky.conf: Bump version for 3.4 honister release build-appliance-image: Update to honister head revision bitbake: bitbake: Bump to version 1.52.0 build-appliance-image: Update to honister head revision bitbake: test/fetch: Update urls to match upstream branch name changes bitbake: fetch2/perforce: Fix typo bitbake: tests/runqueue: Ensure hashserv exits before deleting files bitbake: bitbake-worker: Add debug when unpickle fails libxml2: Use python3targetconfig to fix reproducibility issue libnewt: Use python3targetconfig to fix reproducibility issue linux-yocto-dev: Ensure DEPENDS matches recent 5.14 kernel changes oeqa: Update cleanup code to wait for hashserv exit bootchart2: Don't compile python modules bitbake: fetch/git: Handle github dropping git:// support bitbake: parse/ast: Show errors for append/prepend/remove operators combined with +=/.= bitbake: Revert "parse/ast: Show errors for append/prepend/remove operators combined with +=/.=" staging: Fix autoconf-native rebuild failure bitbake: fetch/wget: Add timeout for checkstatus calls (30s) bitbake: tests/fetch: Update github urls bitbake: fetch: Handle mirror user/password replacements correctly bitbake: tests/fetch: Update pcre.org address after github changes bitbake: runqueue: Fix runall option task deletion ordering issue bitbake: runqueue: Fix runall option handling opkg: Fix poor operator combination choice linunistring: Add missing gperf-native dependency pseudo: Add fcntl64 wrapper meta: Add explict branch to git SRC_URIs meta/scripts: Manual git url branch additions scripts/convert-srcuri: Update SRC_URI conversion script to handle github url changes recipes: Update github.com urls to use https go-helloworld/glide: Fix urls bitbake.conf: Fix corruption of GNOME mirror url bitbake: cooker: Handle parse threads disappearing to avoid hangs bitbake: cooker: Remove debug code, oops :( bitbake: cooker: Handle parsing results queue race bitbake: cooker: Fix task-depends.dot for multiconfig targets mirrors: Add uninative mirror on kernel.org scripts/oe-package-browser: Fix after overrides change scripts/oe-package-browser: Handle no packages being built wpa-supplicant: Match package override to PACKAGES for pkg_postinst uninative: Add version to uninative tarball name mirrors: Add kernel.org sources mirror for downloads.yoctoproject.org bitbake: utils: Handle lockfile filenames that are too long for filesystems bitbake: fetch2: Fix url remap issue and add testcase glibc: Backport fix for CVE-2021-43396 build-appliance-image: Update to honister head revision Robert Yang (1): bitbake: data_smart.py: Skip old override syntax checking for anonymous functions Ross Burton (11): bitbake: tests/utils: mark a regex as a raw string bitbake: tests/fetch: prefix the FetcherTest temporary directory bitbake: fetch2: clarify the command-no-found error message bitbake: fetch2/gitsm: remove the 'nugget' SRCREV caching linux-yocto: add libmpc-native to DEPENDS curl: fix CVE-2021-22945 through -22947 testimage: fix unclosed testdata file strace: show test suite log on failure meson: set objcopy in the cross and native toolchain files vim: fix CVE-2021-3796, CVE-2021-3872, and CVE-2021-3875 vim: add patch number to CVE-2021-3778 patch Sakib Sajal (1): go: upgrade 1.16.7 -> 1.16.8 Saul Wold (5): spdx.py: Add annotation to relationship create-spdx: add create_annotation function create-spdx: cross recipes are native also create_spdx: ensure is_work_shared() is unique create-spdx: Protect against None from LICENSE_PATH Stefan Herbrechtsmeier (3): bitbake: fetch2: npm: Support npm archives with missing search directory mode bitbake: fetch2: npm: Create config npmrc in environment instantiation bitbake: fetch2: npmsw: Add support for local tarball and link sources Teoh Jay Shen (1): oeqa/runtime/parselogs: modified drm error in common errors list Tim Orling (2): ptest-runner: install -collect-system-data script python3-setuptools: _distutils/sysconfig fix Tom Hochstein (3): wayland: Fix wayland-tools packaging nativesdk-packagegroup-sdk-host.bb: Update host tools for wayland bitbake.conf: Use wayland distro feature for native builds Yureka (1): systemd: add missing include for musl meta-openembedded: 23dc4f060f..f632403d18: Alexander Thoma (1): keyutils: fix install path Armin Kuster (4): README: updated Maintainers list for Honister Apache: Several CVE fixes recipes: Update SRC_URI branch and protocols recipes: remove tabs and spaces in SRC_URI Ivan Maidanski (1): bdwgc: upgrade 8.0.4 -> 8.0.6 Jeremy Puhlman (1): ifenslave: switch from master to main Khem Raj (5): gattlib: Upgrade to latest packagegroup-meta-oe: Add lv-drivers and lvgl python3-behave: Switch to using github src_uri mtr: Explicitly use branch= in SRC_URI python3-kivy: Use branch parameter in SRC_URI LiweiSong (1): Revert "chipsec: platform security assessment framework" Martin Jansa (2): pahole: use MACHINE_ARCH sdbus-c++: don't fetch googletest during do_configure Matthias Schiffer (1): byacc: switch to official HTTPS mirror Nandor Han (1): libiio: depend on avahi only when network backed is used Peter Bergin (3): pipewire: remove manpages class pipewire: also handle pipewire-media-session in systemd class pipewire: rework PACKAGECONFIG for systemd service files Philippe Coval (2): lvgl: Add recipe for Lightweight Graphics Library lv-drivers: Add recipe for lvgl lib Richard Purdie (1): gattlib: Place pkgconfig file in correct package Roland Hieber (1): rapidjson: override hard-coded lib install dir Trevor Gamblin (1): python3-posix-ipc: Add recipe for version 1.0.5 Vyacheslav Yurkov (2): grpc: fix cross-compilation of grpc applications grpc: fix cross-compilation of grpc applications Yi Zhao (3): samba: upgrade 4.14.7 -> 4.14.8 strongswan: upgrade 5.9.3 -> 5.9.4 libssh: use https instead of git in SRC_URI wangmy (3): openvpn: upgrade 2.5.3 -> 2.5.4 redis: upgrade 6.2.5 -> 6.2.6 span-lite: upgrade 0.10.1 -> 0.10.3 zangrc (6): python3-ipython: upgrade 7.27.0 -> 7.28.0 python3-jdatetime: upgrade 3.6.2 -> 3.6.4 python3-openpyxl: upgrade 3.0.8 -> 3.0.9 python3-transitions: upgrade 0.8.9 -> 0.8.10 networkmanager-openvpn: upgrade 1.8.14 -> 1.8.16 ser2net: upgrade 4.3.3 -> 4.3.4 meta-security: a85fbe980e..fb77606aef: Armin Kuster (3): python3-fail2ban: fix build failure and cleanup recipes: Update SRC_URI branch and protocols kas/kas-security-base.yml: update to honister Kai Kang (1): sssd: re-package to fix QA issues Kristian Klausen (1): swtpm: update to 0.6.1 Liwei Song (1): recipes-security/chipsec: platform security assessment framework Signed-off-by: Patrick Williams Change-Id: I1a7b65bb81dfafe55aac661a8d7006acafba8e98 --- .../bootchart2/bootchart2_0.14.9.bb | 8 +- .../btrfs-tools/btrfs-tools_5.13.1.bb | 2 +- .../createrepo-c/createrepo-c_0.17.4.bb | 2 +- poky/meta/recipes-devtools/distcc/distcc_3.4.bb | 2 +- poky/meta/recipes-devtools/dnf/dnf_4.8.0.bb | 2 +- poky/meta/recipes-devtools/dpkg/dpkg.inc | 4 +- poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- .../erofs-utils/erofs-utils_1.3.bb | 2 +- poky/meta/recipes-devtools/file/file_5.40.bb | 2 +- poky/meta/recipes-devtools/glide/glide_0.13.3.bb | 2 +- .../recipes-devtools/gnu-config/gnu-config_git.bb | 2 +- poky/meta/recipes-devtools/go/go-1.16.7.inc | 25 -- poky/meta/recipes-devtools/go/go-1.16.8.inc | 25 ++ .../recipes-devtools/go/go-binary-native_1.16.7.bb | 46 --- .../recipes-devtools/go/go-binary-native_1.16.8.bb | 46 +++ .../go/go-cross-canadian_1.16.7.bb | 2 - .../go/go-cross-canadian_1.16.8.bb | 2 + poky/meta/recipes-devtools/go/go-cross_1.16.7.bb | 2 - poky/meta/recipes-devtools/go/go-cross_1.16.8.bb | 2 + .../meta/recipes-devtools/go/go-crosssdk_1.16.7.bb | 2 - .../meta/recipes-devtools/go/go-crosssdk_1.16.8.bb | 2 + poky/meta/recipes-devtools/go/go-native_1.16.7.bb | 59 --- poky/meta/recipes-devtools/go/go-native_1.16.8.bb | 59 +++ poky/meta/recipes-devtools/go/go-runtime_1.16.7.bb | 3 - poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb | 3 + poky/meta/recipes-devtools/go/go_1.16.7.bb | 17 - poky/meta/recipes-devtools/go/go_1.16.8.bb | 17 + .../recipes-devtools/libcomps/libcomps_0.1.17.bb | 2 +- poky/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb | 2 +- .../recipes-devtools/librepo/librepo_1.14.1.bb | 2 +- poky/meta/recipes-devtools/llvm/llvm_git.bb | 2 +- .../recipes-devtools/meson/meson/meson-setup.py | 8 + .../recipes-devtools/meson/meson/meson-wrapper | 1 + .../meson/nativesdk-meson_0.58.1.bb | 52 ++- poky/meta/recipes-devtools/mtd/mtd-utils_git.bb | 2 +- poky/meta/recipes-devtools/ninja/ninja_1.10.2.bb | 2 +- poky/meta/recipes-devtools/opkg/opkg_0.4.5.bb | 2 +- .../recipes-devtools/patchelf/patchelf_0.13.bb | 2 +- poky/meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- ...sysconfig-append-STAGING_LIBDIR-python-sy.patch | 34 ++ .../python/python3-setuptools_57.4.0.bb | 5 +- poky/meta/recipes-devtools/python/python3_3.9.6.bb | 402 --------------------- poky/meta/recipes-devtools/python/python3_3.9.7.bb | 402 +++++++++++++++++++++ poky/meta/recipes-devtools/qemu/qemu.inc | 10 +- poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 5 +- .../CVE-2021-41072-requisite-1.patch | 135 +++++++ .../CVE-2021-41072-requisite-2.patch | 108 ++++++ .../CVE-2021-41072-requisite-3.patch | 326 +++++++++++++++++ .../squashfs-tools/CVE-2021-41072.patch | 329 +++++++++++++++++ .../squashfs-tools/squashfs-tools_git.bb | 6 +- .../0001-Avoid-relying-on-presence-of-ipx.h.patch | 151 ++++++++ poky/meta/recipes-devtools/strace/strace/run-ptest | 9 + poky/meta/recipes-devtools/strace/strace_5.14.bb | 1 + .../systemd-bootchart/systemd-bootchart_234.bb | 2 +- .../recipes-devtools/tcf-agent/tcf-agent_git.bb | 2 +- poky/meta/recipes-devtools/unfs3/unfs3_git.bb | 2 +- 56 files changed, 1759 insertions(+), 591 deletions(-) delete mode 100644 poky/meta/recipes-devtools/go/go-1.16.7.inc create mode 100644 poky/meta/recipes-devtools/go/go-1.16.8.inc delete mode 100644 poky/meta/recipes-devtools/go/go-binary-native_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-binary-native_1.16.8.bb delete mode 100644 poky/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb delete mode 100644 poky/meta/recipes-devtools/go/go-cross_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-cross_1.16.8.bb delete mode 100644 poky/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb delete mode 100644 poky/meta/recipes-devtools/go/go-native_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-native_1.16.8.bb delete mode 100644 poky/meta/recipes-devtools/go/go-runtime_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb delete mode 100644 poky/meta/recipes-devtools/go/go_1.16.7.bb create mode 100644 poky/meta/recipes-devtools/go/go_1.16.8.bb create mode 100644 poky/meta/recipes-devtools/python/python3-setuptools/0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch delete mode 100644 poky/meta/recipes-devtools/python/python3_3.9.6.bb create mode 100644 poky/meta/recipes-devtools/python/python3_3.9.7.bb create mode 100644 poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch create mode 100644 poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch create mode 100644 poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch create mode 100644 poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch create mode 100644 poky/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch (limited to 'poky/meta/recipes-devtools') diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb index 974faa3b3f..59fcd8c78a 100644 --- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb +++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb @@ -90,7 +90,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=44ac4678311254db62edf8fd39cb8124" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.\d+)*)" -SRC_URI = "git://github.com/xrmx/bootchart.git \ +SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \ file://bootchartd_stop.sh \ file://0001-collector-Allocate-space-on-heap-for-chunks.patch \ file://0001-bootchart2-support-usrmerge.patch \ @@ -99,6 +99,10 @@ SRC_URI = "git://github.com/xrmx/bootchart.git \ S = "${WORKDIR}/git" SRCREV = "868a2afab9da34f32c007d773b77253c93104636" +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" + inherit systemd update-rc.d python3native update-alternatives ALTERNATIVE:${PN} = "bootchartd" @@ -131,7 +135,7 @@ do_install () { export PKGLIBDIR="${base_libdir}/bootchart" export SYSTEMD_UNIT_DIR="${systemd_system_unitdir}" - oe_runmake install + oe_runmake install NO_PYTHON_COMPILE=1 install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/bootchartd_stop.sh ${D}${sysconfdir}/init.d diff --git a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb index 5288978943..9b28528ad9 100644 --- a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb +++ b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb @@ -16,7 +16,7 @@ SECTION = "base" DEPENDS = "lzo util-linux zlib" DEPENDS:append:class-target = " udev" -SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git \ +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master \ file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \ file://0001-btrfs-tools-include-linux-const.h-to-fix-build-with-.patch \ " diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb index 500b508d72..7a9656bf86 100644 --- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb +++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/rpm-software-management/createrepo_c/wiki" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/rpm-software-management/createrepo_c \ +SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \ file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " diff --git a/poky/meta/recipes-devtools/distcc/distcc_3.4.bb b/poky/meta/recipes-devtools/distcc/distcc_3.4.bb index 7adf8a8ff6..93983f6aee 100644 --- a/poky/meta/recipes-devtools/distcc/distcc_3.4.bb +++ b/poky/meta/recipes-devtools/distcc/distcc_3.4.bb @@ -15,7 +15,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt" RRECOMMENDS:${PN}-server = "avahi-daemon" -SRC_URI = "git://github.com/distcc/distcc.git \ +SRC_URI = "git://github.com/distcc/distcc.git;branch=master;protocol=https \ file://default \ file://distcc \ file://distcc.service \ diff --git a/poky/meta/recipes-devtools/dnf/dnf_4.8.0.bb b/poky/meta/recipes-devtools/dnf/dnf_4.8.0.bb index f51d74797d..9070077270 100644 --- a/poky/meta/recipes-devtools/dnf/dnf_4.8.0.bb +++ b/poky/meta/recipes-devtools/dnf/dnf_4.8.0.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://PACKAGE-LICENSING;md5=4a0548e303dbc77f067335b4d688e745 \ " -SRC_URI = "git://github.com/rpm-software-management/dnf.git \ +SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protocol=https \ file://0001-Corretly-install-tmpfiles.d-configuration.patch \ file://0001-Do-not-hardcode-etc-and-systemd-unit-directories.patch \ file://0005-Do-not-prepend-installroot-to-logdir.patch \ diff --git a/poky/meta/recipes-devtools/dpkg/dpkg.inc b/poky/meta/recipes-devtools/dpkg/dpkg.inc index b6807b004f..74074cfdd7 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg.inc +++ b/poky/meta/recipes-devtools/dpkg/dpkg.inc @@ -15,7 +15,7 @@ inherit autotools gettext perlnative pkgconfig perl-version update-alternatives PERL:class-native = "${STAGING_BINDIR_NATIVE}/perl-native/perl" -export PERL_LIBDIR = "${libdir}/perl/${@get_perl_version(d)}" +export PERL_LIBDIR = "${libdir}/perl5/${@get_perl_version(d)}" PERL_LIBDIR:class-native = "${libdir}/perl-native/perl/${@get_perl_version(d)}" EXTRA_OECONF = "\ @@ -66,7 +66,7 @@ FILES:update-alternatives-dpkg = "${bindir}/update-alternatives ${localstatedir} RPROVIDES:update-alternatives-dpkg += "update-alternatives" PACKAGES += "${PN}-perl" -FILES:${PN}-perl = "${libdir}/perl/${@get_perl_version(d)}" +FILES:${PN}-perl = "${libdir}/perl5/${@get_perl_version(d)}" RDEPENDS:${PN}-perl += "perl-module-carp perl-module-constant \ perl-module-cwd perl-module-digest \ diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc index bcffa77db9..a030fa6fa8 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc @@ -19,7 +19,7 @@ LIC_FILES_CHKSUM = "file://NOTICE;md5=d50be0580c0b0a7fbc7a4830bbe6c12b \ SECTION = "base" DEPENDS = "util-linux attr autoconf-archive" -SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git" +SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git;branch=master" S = "${WORKDIR}/git" inherit autotools gettext texinfo pkgconfig multilib_header update-alternatives ptest diff --git a/poky/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb b/poky/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb index d07d5c4360..77cce2fdaf 100644 --- a/poky/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb +++ b/poky/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94fa01670a2a8f2d3ab2de15004e0848" HOMEPAGE = "https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/tree/README" SRCREV = "2cd522105ea771ec30b269cd4c57e2265a4d6349" -SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git" +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "v(?P(\d+(\.\d+)+))" diff --git a/poky/meta/recipes-devtools/file/file_5.40.bb b/poky/meta/recipes-devtools/file/file_5.40.bb index 32b61f4f39..0360eb5ec7 100644 --- a/poky/meta/recipes-devtools/file/file_5.40.bb +++ b/poky/meta/recipes-devtools/file/file_5.40.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd DEPENDS = "file-replacement-native" DEPENDS:class-native = "bzip2-replacement-native" -SRC_URI = "git://github.com/file/file.git" +SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https" SRCREV = "f49fda6f52a9477d817dbd9c06afab02daf025f8" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/glide/glide_0.13.3.bb b/poky/meta/recipes-devtools/glide/glide_0.13.3.bb index e943dc1762..db703c2d21 100644 --- a/poky/meta/recipes-devtools/glide/glide_0.13.3.bb +++ b/poky/meta/recipes-devtools/glide/glide_0.13.3.bb @@ -5,7 +5,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=54905cf894f8cc416a92f4fc350c35b2" GO_IMPORT = "github.com/Masterminds/glide" -SRC_URI = "git://${GO_IMPORT}" +SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https" SRCREV = "8ed5b9292379d86c39592a7e6a58eb9c903877cf" inherit go diff --git a/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb index 34b425031f..794e39546c 100644 --- a/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb +++ b/poky/meta/recipes-devtools/gnu-config/gnu-config_git.bb @@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1" SRCREV = "805517123cbfe33d17c989a18e78c5789fab0437" PV = "20210722+git${SRCPV}" -SRC_URI = "git://git.savannah.gnu.org/config.git \ +SRC_URI = "git://git.savannah.gnu.org/config.git;branch=master \ file://gnu-configize.in" S = "${WORKDIR}/git" UPSTREAM_CHECK_COMMITS = "1" diff --git a/poky/meta/recipes-devtools/go/go-1.16.7.inc b/poky/meta/recipes-devtools/go/go-1.16.7.inc deleted file mode 100644 index 02a9268779..0000000000 --- a/poky/meta/recipes-devtools/go/go-1.16.7.inc +++ /dev/null @@ -1,25 +0,0 @@ -require go-common.inc - -GO_BASEVERSION = "1.16" -PV = "1.16.7" -FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" - -SRC_URI += "\ - file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \ - file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \ - file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \ - file://0004-ld-add-soname-to-shareable-objects.patch \ - file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \ - file://0006-cmd-dist-separate-host-and-target-builds.patch \ - file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ - file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ - file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ -" -SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac" - -# Upstream don't believe it is a signifiant real world issue and will only -# fix in 1.17 onwards where we can drop this. -# https://github.com/golang/go/issues/30999#issuecomment-910470358 -CVE_CHECK_WHITELIST += "CVE-2021-29923" diff --git a/poky/meta/recipes-devtools/go/go-1.16.8.inc b/poky/meta/recipes-devtools/go/go-1.16.8.inc new file mode 100644 index 0000000000..925bf46965 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-1.16.8.inc @@ -0,0 +1,25 @@ +require go-common.inc + +GO_BASEVERSION = "1.16" +PV = "1.16.8" +FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" + +SRC_URI += "\ + file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \ + file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \ + file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \ + file://0004-ld-add-soname-to-shareable-objects.patch \ + file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \ + file://0006-cmd-dist-separate-host-and-target-builds.patch \ + file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ + file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ + file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ +" +SRC_URI[main.sha256sum] = "8f2a8c24b793375b3243df82fdb0c8387486dcc8a892ca1c991aa99ace086b98" + +# Upstream don't believe it is a signifiant real world issue and will only +# fix in 1.17 onwards where we can drop this. +# https://github.com/golang/go/issues/30999#issuecomment-910470358 +CVE_CHECK_WHITELIST += "CVE-2021-29923" diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.16.7.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.16.7.bb deleted file mode 100644 index cb54c2868e..0000000000 --- a/poky/meta/recipes-devtools/go/go-binary-native_1.16.7.bb +++ /dev/null @@ -1,46 +0,0 @@ -# This recipe is for bootstrapping our go-cross from a prebuilt binary of Go from golang.org. - -SUMMARY = "Go programming language compiler (upstream binary for bootstrap)" -HOMEPAGE = " http://golang.org/" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" - -PROVIDES = "go-native" - -SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "7fe7a73f55ba3e2285da36f8b085e5c0159e9564ef5f63ee0ed6b818ade8ef04" -SRC_URI[go_linux_arm64.sha256sum] = "63d6b53ecbd2b05c1f0e9903c92042663f2f68afdbb67f4d0d12700156869bac" - -UPSTREAM_CHECK_URI = "https://golang.org/dl/" -UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" - -S = "${WORKDIR}/go" - -inherit goarch native - -do_compile() { - : -} - -make_wrapper() { - rm -f ${D}${bindir}/$1 - cat <${D}${bindir}/$1 -#!/bin/bash -here=\`dirname \$0\` -export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" -\$here/../lib/go/bin/$1 "\$@" -END - chmod +x ${D}${bindir}/$1 -} - -do_install() { - find ${S} -depth -type d -name testdata -exec rm -rf {} + - - install -d ${D}${bindir} ${D}${libdir}/go - cp --preserve=mode,timestamps -R ${S}/ ${D}${libdir}/ - - for f in ${S}/bin/* - do - make_wrapper `basename $f` - done -} diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.16.8.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.16.8.bb new file mode 100644 index 0000000000..926222089d --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-binary-native_1.16.8.bb @@ -0,0 +1,46 @@ +# This recipe is for bootstrapping our go-cross from a prebuilt binary of Go from golang.org. + +SUMMARY = "Go programming language compiler (upstream binary for bootstrap)" +HOMEPAGE = " http://golang.org/" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" + +PROVIDES = "go-native" + +SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" +SRC_URI[go_linux_amd64.sha256sum] = "f32501aeb8b7b723bc7215f6c373abb6981bbc7e1c7b44e9f07317e1a300dce2" +SRC_URI[go_linux_arm64.sha256sum] = "430dbe185417204f6788913197ab3b189b6deae9c9b524f262858e53dab239c2" + +UPSTREAM_CHECK_URI = "https://golang.org/dl/" +UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" + +S = "${WORKDIR}/go" + +inherit goarch native + +do_compile() { + : +} + +make_wrapper() { + rm -f ${D}${bindir}/$1 + cat <${D}${bindir}/$1 +#!/bin/bash +here=\`dirname \$0\` +export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" +\$here/../lib/go/bin/$1 "\$@" +END + chmod +x ${D}${bindir}/$1 +} + +do_install() { + find ${S} -depth -type d -name testdata -exec rm -rf {} + + + install -d ${D}${bindir} ${D}${libdir}/go + cp --preserve=mode,timestamps -R ${S}/ ${D}${libdir}/ + + for f in ${S}/bin/* + do + make_wrapper `basename $f` + done +} diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb deleted file mode 100644 index 7ac9449e47..0000000000 --- a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb +++ /dev/null @@ -1,2 +0,0 @@ -require go-cross-canadian.inc -require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb new file mode 100644 index 0000000000..7ac9449e47 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb @@ -0,0 +1,2 @@ +require go-cross-canadian.inc +require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-cross_1.16.7.bb b/poky/meta/recipes-devtools/go/go-cross_1.16.7.bb deleted file mode 100644 index 80b5a03f6c..0000000000 --- a/poky/meta/recipes-devtools/go/go-cross_1.16.7.bb +++ /dev/null @@ -1,2 +0,0 @@ -require go-cross.inc -require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-cross_1.16.8.bb b/poky/meta/recipes-devtools/go/go-cross_1.16.8.bb new file mode 100644 index 0000000000..80b5a03f6c --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-cross_1.16.8.bb @@ -0,0 +1,2 @@ +require go-cross.inc +require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb deleted file mode 100644 index 1857c8a577..0000000000 --- a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb +++ /dev/null @@ -1,2 +0,0 @@ -require go-crosssdk.inc -require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb new file mode 100644 index 0000000000..1857c8a577 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb @@ -0,0 +1,2 @@ +require go-crosssdk.inc +require go-${PV}.inc diff --git a/poky/meta/recipes-devtools/go/go-native_1.16.7.bb b/poky/meta/recipes-devtools/go/go-native_1.16.7.bb deleted file mode 100644 index ffe4ef3523..0000000000 --- a/poky/meta/recipes-devtools/go/go-native_1.16.7.bb +++ /dev/null @@ -1,59 +0,0 @@ -# This recipe builds a native Go (written in Go) by first building an old Go 1.4 -# (written in C). However this old Go does not support all hosts platforms. - -require go-${PV}.inc - -inherit native - -SRC_URI:append = " https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" -SRC_URI[bootstrap.sha256sum] = "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" - -export GOOS = "${BUILD_GOOS}" -export GOARCH = "${BUILD_GOARCH}" -CC = "${@d.getVar('BUILD_CC').strip()}" - -GOMAKEARGS ?= "--no-banner" - -do_configure() { - cd ${WORKDIR}/go1.4/go/src - CGO_ENABLED=0 GOROOT=${WORKDIR}/go1.4/go ./make.bash -} - -do_compile() { - export GOROOT_FINAL="${libdir_native}/go" - export GOROOT_BOOTSTRAP="${WORKDIR}/go1.4/go" - - cd src - ./make.bash ${GOMAKEARGS} - cd ${B} -} -do_compile[dirs] =+ "${GOTMPDIR} ${B}/bin" -do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin" - -make_wrapper() { - rm -f ${D}${bindir}/$2$3 - cat <${D}${bindir}/$2$3 -#!/bin/bash -here=\`dirname \$0\` -export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" -\$here/../lib/go/bin/$1 "\$@" -END - chmod +x ${D}${bindir}/$2 -} - -do_install() { - install -d ${D}${libdir}/go - cp --preserve=mode,timestamps -R ${B}/pkg ${D}${libdir}/go/ - install -d ${D}${libdir}/go/src - (cd ${S}/src; for d in *; do \ - [ -d $d ] && cp -a ${S}/src/$d ${D}${libdir}/go/src/; \ - done) - find ${D}${libdir}/go/src -depth -type d -name testdata -exec rm -rf {} \; - install -d ${D}${bindir} ${D}${libdir}/go/bin - for f in ${B}/bin/* - do - base=`basename $f` - install -m755 $f ${D}${libdir}/go/bin - make_wrapper $base $base - done -} diff --git a/poky/meta/recipes-devtools/go/go-native_1.16.8.bb b/poky/meta/recipes-devtools/go/go-native_1.16.8.bb new file mode 100644 index 0000000000..ffe4ef3523 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-native_1.16.8.bb @@ -0,0 +1,59 @@ +# This recipe builds a native Go (written in Go) by first building an old Go 1.4 +# (written in C). However this old Go does not support all hosts platforms. + +require go-${PV}.inc + +inherit native + +SRC_URI:append = " https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz;name=bootstrap;subdir=go1.4" +SRC_URI[bootstrap.sha256sum] = "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" + +export GOOS = "${BUILD_GOOS}" +export GOARCH = "${BUILD_GOARCH}" +CC = "${@d.getVar('BUILD_CC').strip()}" + +GOMAKEARGS ?= "--no-banner" + +do_configure() { + cd ${WORKDIR}/go1.4/go/src + CGO_ENABLED=0 GOROOT=${WORKDIR}/go1.4/go ./make.bash +} + +do_compile() { + export GOROOT_FINAL="${libdir_native}/go" + export GOROOT_BOOTSTRAP="${WORKDIR}/go1.4/go" + + cd src + ./make.bash ${GOMAKEARGS} + cd ${B} +} +do_compile[dirs] =+ "${GOTMPDIR} ${B}/bin" +do_compile[cleandirs] += "${GOTMPDIR} ${B}/bin" + +make_wrapper() { + rm -f ${D}${bindir}/$2$3 + cat <${D}${bindir}/$2$3 +#!/bin/bash +here=\`dirname \$0\` +export GOROOT="${GOROOT:-\`readlink -f \$here/../lib/go\`}" +\$here/../lib/go/bin/$1 "\$@" +END + chmod +x ${D}${bindir}/$2 +} + +do_install() { + install -d ${D}${libdir}/go + cp --preserve=mode,timestamps -R ${B}/pkg ${D}${libdir}/go/ + install -d ${D}${libdir}/go/src + (cd ${S}/src; for d in *; do \ + [ -d $d ] && cp -a ${S}/src/$d ${D}${libdir}/go/src/; \ + done) + find ${D}${libdir}/go/src -depth -type d -name testdata -exec rm -rf {} \; + install -d ${D}${bindir} ${D}${libdir}/go/bin + for f in ${B}/bin/* + do + base=`basename $f` + install -m755 $f ${D}${libdir}/go/bin + make_wrapper $base $base + done +} diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.16.7.bb b/poky/meta/recipes-devtools/go/go-runtime_1.16.7.bb deleted file mode 100644 index 63464a1501..0000000000 --- a/poky/meta/recipes-devtools/go/go-runtime_1.16.7.bb +++ /dev/null @@ -1,3 +0,0 @@ -require go-${PV}.inc -require go-runtime.inc - diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb b/poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb new file mode 100644 index 0000000000..63464a1501 --- /dev/null +++ b/poky/meta/recipes-devtools/go/go-runtime_1.16.8.bb @@ -0,0 +1,3 @@ +require go-${PV}.inc +require go-runtime.inc + diff --git a/poky/meta/recipes-devtools/go/go_1.16.7.bb b/poky/meta/recipes-devtools/go/go_1.16.7.bb deleted file mode 100644 index 34dc89bb0c..0000000000 --- a/poky/meta/recipes-devtools/go/go_1.16.7.bb +++ /dev/null @@ -1,17 +0,0 @@ -require go-${PV}.inc -require go-target.inc - -inherit linuxloader - -export GOBUILDMODE="" -export GO_LDSO = "${@get_linuxloader(d)}" -export CC_FOR_TARGET = "gcc" -export CXX_FOR_TARGET = "g++" - -# mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its -# variants. -python() { - if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True): - d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel") -} - diff --git a/poky/meta/recipes-devtools/go/go_1.16.8.bb b/poky/meta/recipes-devtools/go/go_1.16.8.bb new file mode 100644 index 0000000000..34dc89bb0c --- /dev/null +++ b/poky/meta/recipes-devtools/go/go_1.16.8.bb @@ -0,0 +1,17 @@ +require go-${PV}.inc +require go-target.inc + +inherit linuxloader + +export GOBUILDMODE="" +export GO_LDSO = "${@get_linuxloader(d)}" +export CC_FOR_TARGET = "gcc" +export CXX_FOR_TARGET = "g++" + +# mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its +# variants. +python() { + if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True): + d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel") +} + diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb index 502bc4688b..09861d9c26 100644 --- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb +++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb @@ -4,7 +4,7 @@ DESCRIPTION = "Libcomps is alternative for yum.comps library. It's written in pu LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "git://github.com/rpm-software-management/libcomps.git \ +SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \ file://0001-Add-crc32.c-to-sources-list.patch \ file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ " diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb index 282c28e2c4..6294509d2e 100644 --- a/poky/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb +++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb @@ -4,7 +4,7 @@ DESCRIPTION = "This library provides a high level package-manager. It's core lib LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master \ +SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;protocol=https \ file://0001-FindGtkDoc.cmake-drop-the-requirement-for-GTKDOC_SCA.patch \ file://0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch \ file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \ diff --git a/poky/meta/recipes-devtools/librepo/librepo_1.14.1.bb b/poky/meta/recipes-devtools/librepo/librepo_1.14.1.bb index 8676452587..cdb5946905 100644 --- a/poky/meta/recipes-devtools/librepo/librepo_1.14.1.bb +++ b/poky/meta/recipes-devtools/librepo/librepo_1.14.1.bb @@ -5,7 +5,7 @@ DESCRIPTION = "${SUMMARY}" LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/rpm-software-management/librepo.git \ +SRC_URI = "git://github.com/rpm-software-management/librepo.git;branch=master;protocol=https \ file://0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch \ file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \ " diff --git a/poky/meta/recipes-devtools/llvm/llvm_git.bb b/poky/meta/recipes-devtools/llvm/llvm_git.bb index 4167080653..d9efa53499 100644 --- a/poky/meta/recipes-devtools/llvm/llvm_git.bb +++ b/poky/meta/recipes-devtools/llvm/llvm_git.bb @@ -28,7 +28,7 @@ LLVM_DIR = "llvm${LLVM_RELEASE}" BRANCH = "release/${MAJOR_VERSION}.x" SRCREV = "fed41342a82f5a3a9201819a82bf7a48313e296b" -SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH} \ +SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \ file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2 \ file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ diff --git a/poky/meta/recipes-devtools/meson/meson/meson-setup.py b/poky/meta/recipes-devtools/meson/meson/meson-setup.py index 7ac4e3ad47..daaa551de2 100755 --- a/poky/meta/recipes-devtools/meson/meson/meson-setup.py +++ b/poky/meta/recipes-devtools/meson/meson/meson-setup.py @@ -27,9 +27,17 @@ except KeyError: template_file = os.path.join(sysroot, 'usr/share/meson/meson.cross.template') cross_file = os.path.join(sysroot, 'usr/share/meson/%smeson.cross' % os.environ["TARGET_PREFIX"]) +native_template_file = os.path.join(sysroot, 'usr/share/meson/meson.native.template') +native_file = os.path.join(sysroot, 'usr/share/meson/meson.native') with open(template_file) as in_file: template = in_file.read() output = Template(template).substitute(Environ()) with open(cross_file, "w") as out_file: out_file.write(output) + +with open(native_template_file) as in_file: + template = in_file.read() + output = Template(template).substitute({'OECORE_NATIVE_SYSROOT': os.environ['OECORE_NATIVE_SYSROOT']}) + with open(native_file, "w") as out_file: + out_file.write(output) diff --git a/poky/meta/recipes-devtools/meson/meson/meson-wrapper b/poky/meta/recipes-devtools/meson/meson/meson-wrapper index d4ffe60f9a..d4b5187f8d 100755 --- a/poky/meta/recipes-devtools/meson/meson/meson-wrapper +++ b/poky/meta/recipes-devtools/meson/meson/meson-wrapper @@ -11,4 +11,5 @@ unset CC CXX CPP LD AR NM STRIP exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \ --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \ + --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \ "$@" diff --git a/poky/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb b/poky/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb index 0e76cc78f8..7b77041c7e 100644 --- a/poky/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb +++ b/poky/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb @@ -13,8 +13,54 @@ SRC_URI += "file://meson-setup.py \ # real paths by meson-setup.sh when the SDK is extracted. # - Some overrides aren't needed, since the SDK injects paths that take care of # them. +def var_list2str(var, d): + items = d.getVar(var).split() + return items[0] if len(items) == 1 else ', '.join(repr(s) for s in items) + +def generate_native_link_template(d): + val = ['-L@{OECORE_NATIVE_SYSROOT}${libdir_native}', + '-L@{OECORE_NATIVE_SYSROOT}${base_libdir_native}', + '-Wl,-rpath-link,@{OECORE_NATIVE_SYSROOT}${libdir_native}', + '-Wl,-rpath-link,@{OECORE_NATIVE_SYSROOT}${base_libdir_native}', + '-Wl,--allow-shlib-undefined' + ] + build_arch = d.getVar('BUILD_ARCH') + if 'x86_64' in build_arch: + loader = 'ld-linux-x86-64.so.2' + elif 'i686' in build_arch: + loader = 'ld-linux.so.2' + elif 'aarch64' in build_arch: + loader = 'ld-linux-aarch64.so.1' + elif 'ppc64le' in build_arch: + loader = 'ld64.so.2' + + if loader: + val += ['-Wl,--dynamic-linker=@{OECORE_NATIVE_SYSROOT}${base_libdir_native}/' + loader] + + return repr(val) + do_install:append() { install -d ${D}${datadir}/meson + + cat >${D}${datadir}/meson/meson.native.template <${D}${datadir}/meson/meson.cross.template < +Date: Wed, 20 Oct 2021 17:38:10 +0000 +Subject: [PATCH] _distutils/sysconfig: append + STAGING_LIBDIR/python-sysconfigdata to sys.path + +When python modules set SETUPTOOLS_USE_DISTULS='local', this uses the +vendored _distutils in setuptools rather than distutils in the Standard +Library. This is needed so that target configuration can be used with +python3-setuptools-native. + +Based on python3/0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch +from Alex Kanavin + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Tim Orling +--- + setuptools/_distutils/sysconfig.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/setuptools/_distutils/sysconfig.py b/setuptools/_distutils/sysconfig.py +index 8832b3e..bbc7c08 100644 +--- a/setuptools/_distutils/sysconfig.py ++++ b/setuptools/_distutils/sysconfig.py +@@ -461,6 +461,8 @@ def _init_posix(): + platform=sys.platform, + multiarch=getattr(sys.implementation, '_multiarch', ''), + )) ++ if 'STAGING_LIBDIR' in os.environ: ++ sys.path.append(os.environ['STAGING_LIBDIR']+'/python-sysconfigdata') + try: + _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0) + except ImportError: diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb b/poky/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb index ae45936c39..fcf20e9efd 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb @@ -8,7 +8,10 @@ inherit pypi setuptools3 SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" -SRC_URI += "file://0001-change-shebang-to-python3.patch" +SRC_URI += "\ + file://0001-change-shebang-to-python3.patch \ + file://0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch \ +" SRC_URI[sha256sum] = "6bac238ffdf24e8806c61440e755192470352850f3419a52f26ffe0a1a64f465" diff --git a/poky/meta/recipes-devtools/python/python3_3.9.6.bb b/poky/meta/recipes-devtools/python/python3_3.9.6.bb deleted file mode 100644 index 8a638b142b..0000000000 --- a/poky/meta/recipes-devtools/python/python3_3.9.6.bb +++ /dev/null @@ -1,402 +0,0 @@ -SUMMARY = "The Python Programming Language" -HOMEPAGE = "http://www.python.org" -DESCRIPTION = "Python is a programming language that lets you work more quickly and integrate your systems more effectively." -LICENSE = "PSFv2" -SECTION = "devel/python" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=c22d2438294c784731bf9dd224a467b7" - -SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ - file://run-ptest \ - file://create_manifest3.py \ - file://get_module_deps3.py \ - file://python3-manifest.json \ - file://check_build_completeness.py \ - file://reformat_sysconfig.py \ - file://cgi_py.patch \ - file://0001-Do-not-add-usr-lib-termcap-to-linker-flags-to-avoid-.patch \ - ${@bb.utils.contains('PACKAGECONFIG', 'tk', '', 'file://avoid_warning_about_tkinter.patch', d)} \ - file://0001-Do-not-use-the-shell-version-of-python-config-that-w.patch \ - file://python-config.patch \ - file://0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch \ - file://0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch \ - file://0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch \ - file://crosspythonpath.patch \ - file://0001-Use-FLAG_REF-always-for-interned-strings.patch \ - file://0001-test_locale.py-correct-the-test-output-format.patch \ - file://0017-setup.py-do-not-report-missing-dependencies-for-disa.patch \ - file://0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch \ - file://0001-Makefile-do-not-compile-.pyc-in-parallel.patch \ - file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ - file://0001-Lib-sysconfig.py-use-libdir-values-from-configuratio.patch \ - file://0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch \ - file://0001-test_ctypes.test_find-skip-without-tools-sdk.patch \ - file://makerace.patch \ - " - -SRC_URI:append:class-native = " \ - file://0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch \ - file://12-distutils-prefix-is-inside-staging-area.patch \ - file://0001-Don-t-search-system-for-headers-libraries.patch \ - " -SRC_URI[sha256sum] = "397920af33efc5b97f2e0b57e91923512ef89fc5b3c1d21dbfc8c4828ce0108a" - -# exclude pre-releases for both python 2.x and 3.x -UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" -UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/" - -CVE_PRODUCT = "python" - -# Upstream consider this expected behaviour -CVE_CHECK_WHITELIST += "CVE-2007-4559" -# This is not exploitable when glibc has CVE-2016-10739 fixed. -CVE_CHECK_WHITELIST += "CVE-2019-18348" - -# This is windows only issue. -CVE_CHECK_WHITELIST += "CVE-2020-15523" - -PYTHON_MAJMIN = "3.9" - -S = "${WORKDIR}/Python-${PV}" - -BBCLASSEXTEND = "native nativesdk" - -inherit autotools pkgconfig qemu ptest multilib_header update-alternatives - -MULTILIB_SUFFIX = "${@d.getVar('base_libdir',1).split('/')[-1]}" - -ALTERNATIVE:${PN}-dev = "python3-config" -ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config" -ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}" - - -DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2 autoconf-archive-native" -DEPENDS:append:class-target = " python3-native" -DEPENDS:append:class-nativesdk = " python3-native" - -# force to use the mutex+cond implementation (https://bugs.python.org/issue41710) -CFLAGS += "-DHAVE_BROKEN_POSIX_SEMAPHORES" - -EXTRA_OECONF = " --without-ensurepip --enable-shared --with-platlibdir=${baselib}" -EXTRA_OECONF:append:class-native = " --bindir=${bindir}/${PN}" - -export CROSSPYTHONPATH="${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/" - -EXTRANATIVEPATH += "python3-native" - -# LTO will be enabled via packageconfig depending upong distro features -LTO:class-target = "" - -CACHED_CONFIGUREVARS = " \ - ac_cv_file__dev_ptmx=yes \ - ac_cv_file__dev_ptc=no \ - ac_cv_working_tzset=yes \ -" - -def possibly_include_pgo(d): - # PGO currently causes builds to not be reproducible, so disable it for - # now. See YOCTO #13407 - if bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) and d.getVar('BUILD_REPRODUCIBLE_BINARIES') != '1': - return 'pgo' - - return '' - -PACKAGECONFIG:class-target ??= "readline ${@possibly_include_pgo(d)} gdbm ${@bb.utils.filter('DISTRO_FEATURES', 'lto', d)}" -PACKAGECONFIG:class-native ??= "readline gdbm" -PACKAGECONFIG:class-nativesdk ??= "readline gdbm" -PACKAGECONFIG[readline] = ",,readline" -# Use profile guided optimisation by running PyBench inside qemu-user -PACKAGECONFIG[pgo] = "--enable-optimizations,,qemu-native" -PACKAGECONFIG[tk] = ",,tk" -PACKAGECONFIG[gdbm] = ",,gdbm" -PACKAGECONFIG[lto] = "--with-lto,," - -do_configure:prepend () { - mkdir -p ${B}/Modules - cat > ${B}/Modules/Setup.local << EOF -*disabled* -${@bb.utils.contains('PACKAGECONFIG', 'gdbm', '', '_gdbm _dbm', d)} -${@bb.utils.contains('PACKAGECONFIG', 'readline', '', 'readline', d)} -EOF -} - -CPPFLAGS:append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid" - -EXTRA_OEMAKE = '\ - STAGING_LIBDIR=${STAGING_LIBDIR} \ - STAGING_INCDIR=${STAGING_INCDIR} \ - LIB=${baselib} \ -' - -do_compile:prepend:class-target() { - if ${@bb.utils.contains('PACKAGECONFIG', 'pgo', 'true', 'false', d)}; then - qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_TARGET}', ['${B}', '${STAGING_DIR_TARGET}/${base_libdir}'])}" - cat >pgo-wrapper < ${B}/Modules/Setup.local << EOF +*disabled* +${@bb.utils.contains('PACKAGECONFIG', 'gdbm', '', '_gdbm _dbm', d)} +${@bb.utils.contains('PACKAGECONFIG', 'readline', '', 'readline', d)} +EOF +} + +CPPFLAGS:append = " -I${STAGING_INCDIR}/ncursesw -I${STAGING_INCDIR}/uuid" + +EXTRA_OEMAKE = '\ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + LIB=${baselib} \ +' + +do_compile:prepend:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'pgo', 'true', 'false', d)}; then + qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_TARGET}', ['${B}', '${STAGING_DIR_TARGET}/${base_libdir}'])}" + cat >pgo-wrapper </dev/null || : + + ${S}/configure ${EXTRA_OECONF} } do_configure[cleandirs] += "${B}" @@ -203,6 +207,8 @@ PACKAGECONFIG[vhost] = "--enable-vhost-net,--disable-vhost-net,," PACKAGECONFIG[ust] = "--enable-trace-backend=ust,--enable-trace-backend=nop,lttng-ust," PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,," PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" +# libnfs is currently provided by meta-kodi +PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs" INSANE_SKIP:${PN} = "arch" diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb index 2ff9c2b112..cb15415d7f 100644 --- a/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb +++ b/poky/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb @@ -24,7 +24,7 @@ HOMEPAGE = "http://www.rpm.org" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x \ +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x;protocol=https \ file://environment.d-rpm.sh \ file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ file://0001-Do-not-read-config-files-from-HOME.patch \ @@ -59,7 +59,8 @@ AUTOTOOLS_AUXDIR = "${S}/build-aux" # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe EXTRA_AUTORECONF:append = " --exclude=gnu-configize" -EXTRA_OECONF:append = " --without-lua --enable-python --with-crypto=libgcrypt" +# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages +EXTRA_OECONF:append = " --without-lua --enable-python --with-crypto=libgcrypt --with-vendor=pc" EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch new file mode 100644 index 0000000000..d01b5c6871 --- /dev/null +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch @@ -0,0 +1,135 @@ +The commit is required by the fix for CVE-2021-41072. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/80b8441] + +Signed-off-by: Kai Kang + +From 80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 19:58:19 +0100 +Subject: [PATCH] unsquashfs: use squashfs_closedir() to delete directory + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/unsquash-1.c | 3 +-- + squashfs-tools/unsquash-1234.c | 11 +++++++++-- + squashfs-tools/unsquash-2.c | 3 +-- + squashfs-tools/unsquash-3.c | 3 +-- + squashfs-tools/unsquash-4.c | 3 +-- + squashfs-tools/unsquashfs.c | 7 ------- + squashfs-tools/unsquashfs.h | 1 + + 7 files changed, 14 insertions(+), 17 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index acba821..7598499 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -373,8 +373,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index c2d4f42..0c8dfbb 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -25,8 +25,8 @@ + * unsquash-4. + */ + +-#define TRUE 1 +-#define FALSE 0 ++#include "unsquashfs.h" ++ + /* + * Check name for validity, name should not + * - be ".", "./", or +@@ -56,3 +56,10 @@ int check_name(char *name, int size) + + return TRUE; + } ++ ++ ++void squashfs_closedir(struct dir *dir) ++{ ++ free(dir->dirs); ++ free(dir); ++} +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 0746b3d..86f62ba 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -465,8 +465,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index 094caaa..c04aa9e 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -499,8 +499,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 3a1b9e1..ff62dcc 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -436,8 +436,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + return dir; + + corrupted: +- free(dir->dirs); +- free(dir); ++ squashfs_closedir(dir); + return NULL; + } + +diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c +index 7b590bd..04be53c 100644 +--- a/squashfs-tools/unsquashfs.c ++++ b/squashfs-tools/unsquashfs.c +@@ -1350,13 +1350,6 @@ unsigned int *offset, unsigned int *type) + } + + +-void squashfs_closedir(struct dir *dir) +-{ +- free(dir->dirs); +- free(dir); +-} +- +- + char *get_component(char *target, char **targname) + { + char *start; +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 2e9201c..5ecb2ab 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -291,4 +291,5 @@ extern long long *alloc_index_table(int); + + /* unsquash-1234.c */ + extern int check_name(char *, int); ++extern void squashfs_closedir(struct dir *); + #endif +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch new file mode 100644 index 0000000000..6b230b35c6 --- /dev/null +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch @@ -0,0 +1,108 @@ +The commit is required by the fix for CVE-2021-41072. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e] + +Signed-off-by: Kai Kang + +From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 20:09:13 +0100 +Subject: [PATCH] unsquashfs: dynamically allocate name + +Dynamically allocate name rather than store it +directly in structure. + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/unsquash-1.c | 2 +- + squashfs-tools/unsquash-1234.c | 5 +++++ + squashfs-tools/unsquash-2.c | 2 +- + squashfs-tools/unsquash-3.c | 2 +- + squashfs-tools/unsquash-4.c | 2 +- + squashfs-tools/unsquashfs.h | 2 +- + 6 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index 7598499..d0121c6 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index 0c8dfbb..ac46d9d 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -60,6 +60,11 @@ int check_name(char *name, int size) + + void squashfs_closedir(struct dir *dir) + { ++ int i; ++ ++ for(i = 0; i < dir->dir_count; i++) ++ free(dir->dirs[i].name); ++ + free(dir->dirs); + free(dir); + } +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 86f62ba..e847980 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index c04aa9e..8223f27 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ff62dcc..1e199a7 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + dir->dirs = new_dir; + } + +- strcpy(dir->dirs[dir->dir_count].name, dire->name); ++ dir->dirs[dir->dir_count].name = strdup(dire->name); + dir->dirs[dir->dir_count].start_block = + dirh.start_block; + dir->dirs[dir->dir_count].offset = dire->offset; +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 5ecb2ab..583fbe4 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -164,7 +164,7 @@ struct queue { + #define DIR_ENT_SIZE 16 + + struct dir_ent { +- char name[SQUASHFS_NAME_LEN + 1]; ++ char *name; + unsigned int start_block; + unsigned int offset; + unsigned int type; +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch new file mode 100644 index 0000000000..5d5df6f15b --- /dev/null +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch @@ -0,0 +1,326 @@ +The commit is required by the fix for CVE-2021-41072. + +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/9938154] + +Signed-off-by: Kai Kang + +From 9938154174756ee48a94ea0b076397a2944b028d Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 22:58:11 +0100 +Subject: [PATCH] unsquashfs: use linked list to store directory names + +This should bring higher performance, and it allows sorting +if necessary (1.x and 2.0 filesystems). + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/unsquash-1.c | 30 +++++++++++++++--------------- + squashfs-tools/unsquash-1234.c | 12 ++++++++---- + squashfs-tools/unsquash-2.c | 29 +++++++++++++++-------------- + squashfs-tools/unsquash-3.c | 29 +++++++++++++++-------------- + squashfs-tools/unsquash-4.c | 29 +++++++++++++++-------------- + squashfs-tools/unsquashfs.c | 16 ++++++++++------ + squashfs-tools/unsquashfs.h | 3 ++- + 7 files changed, 80 insertions(+), 68 deletions(-) + +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index d0121c6..b604434 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -254,7 +254,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + long long start; + int bytes = 0; + int dir_count, size, res; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -267,7 +267,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + MEM_ERROR(); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -351,20 +351,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); + +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- MEM_ERROR(); +- +- dir->dirs = new_dir; +- } ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); + +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index ac46d9d..e389f8d 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -60,11 +60,15 @@ int check_name(char *name, int size) + + void squashfs_closedir(struct dir *dir) + { +- int i; ++ struct dir_ent *ent = dir->dirs; + +- for(i = 0; i < dir->dir_count; i++) +- free(dir->dirs[i].name); ++ while(ent) { ++ struct dir_ent *tmp = ent; ++ ++ ent = ent->next; ++ free(tmp->name); ++ free(tmp); ++ } + +- free(dir->dirs); + free(dir); + } +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index e847980..956f96f 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -347,7 +347,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + long long start; + int bytes = 0; + int dir_count, size, res; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + MEM_ERROR(); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -444,19 +444,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); + +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- MEM_ERROR(); +- dir->dirs = new_dir; +- } ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); + +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index 8223f27..835a574 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -381,7 +381,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + long long start; + int bytes = 0; + int dir_count, size, res; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -394,7 +394,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + MEM_ERROR(); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -478,19 +478,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); + +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- MEM_ERROR(); +- dir->dirs = new_dir; +- } ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); + +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 1e199a7..694783d 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -331,7 +331,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + struct squashfs_dir_entry *dire = (struct squashfs_dir_entry *) buffer; + long long start; + int bytes = 0, dir_count, size, res; +- struct dir_ent *new_dir; ++ struct dir_ent *ent, *cur_ent = NULL; + struct dir *dir; + + TRACE("squashfs_opendir: inode start block %d, offset %d\n", +@@ -344,7 +344,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + MEM_ERROR(); + + dir->dir_count = 0; +- dir->cur_entry = 0; ++ dir->cur_entry = NULL; + dir->mode = (*i)->mode; + dir->uid = (*i)->uid; + dir->guid = (*i)->gid; +@@ -415,19 +415,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + "%d:%d, type %d\n", dire->name, + dirh.start_block, dire->offset, dire->type); + +- if((dir->dir_count % DIR_ENT_SIZE) == 0) { +- new_dir = realloc(dir->dirs, (dir->dir_count + +- DIR_ENT_SIZE) * sizeof(struct dir_ent)); +- if(new_dir == NULL) +- MEM_ERROR(); +- dir->dirs = new_dir; +- } ++ ent = malloc(sizeof(struct dir_ent)); ++ if(ent == NULL) ++ MEM_ERROR(); + +- dir->dirs[dir->dir_count].name = strdup(dire->name); +- dir->dirs[dir->dir_count].start_block = +- dirh.start_block; +- dir->dirs[dir->dir_count].offset = dire->offset; +- dir->dirs[dir->dir_count].type = dire->type; ++ ent->name = strdup(dire->name); ++ ent->start_block = dirh.start_block; ++ ent->offset = dire->offset; ++ ent->type = dire->type; ++ ent->next = NULL; ++ if(cur_ent == NULL) ++ dir->dirs = ent; ++ else ++ cur_ent->next = ent; ++ cur_ent = ent; + dir->dir_count ++; + bytes += dire->size + 1; + } +diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c +index 04be53c..fee28ec 100644 +--- a/squashfs-tools/unsquashfs.c ++++ b/squashfs-tools/unsquashfs.c +@@ -1337,14 +1337,18 @@ failed: + int squashfs_readdir(struct dir *dir, char **name, unsigned int *start_block, + unsigned int *offset, unsigned int *type) + { +- if(dir->cur_entry == dir->dir_count) ++ if(dir->cur_entry == NULL) ++ dir->cur_entry = dir->dirs; ++ else ++ dir->cur_entry = dir->cur_entry->next; ++ ++ if(dir->cur_entry == NULL) + return FALSE; + +- *name = dir->dirs[dir->cur_entry].name; +- *start_block = dir->dirs[dir->cur_entry].start_block; +- *offset = dir->dirs[dir->cur_entry].offset; +- *type = dir->dirs[dir->cur_entry].type; +- dir->cur_entry ++; ++ *name = dir->cur_entry->name; ++ *start_block = dir->cur_entry->start_block; ++ *offset = dir->cur_entry->offset; ++ *type = dir->cur_entry->type; + + return TRUE; + } +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index 583fbe4..f8cf78c 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -168,17 +168,18 @@ struct dir_ent { + unsigned int start_block; + unsigned int offset; + unsigned int type; ++ struct dir_ent *next; + }; + + struct dir { + int dir_count; +- int cur_entry; + unsigned int mode; + uid_t uid; + gid_t guid; + unsigned int mtime; + unsigned int xattr; + struct dir_ent *dirs; ++ struct dir_ent *cur_entry; + }; + + struct file_entry { +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch new file mode 100644 index 0000000000..f807af60bc --- /dev/null +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch @@ -0,0 +1,329 @@ +CVE: CVE-2021-41072 +Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/e048580] + +Update on 20211109: +Squash a follow-up fix for CVE-2021-41072 from upstream: +https://github.com/plougher/squashfs-tools/commit/19fcc93 + +Signed-off-by: Kai Kang + +From e0485802ec72996c20026da320650d8362f555bd Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Sun, 12 Sep 2021 23:50:06 +0100 +Subject: [PATCH] Unsquashfs: additional write outside destination directory + exploit fix + +An issue on github (https://github.com/plougher/squashfs-tools/issues/72) +showed how some specially crafted Squashfs filesystems containing +invalid file names (with '/' and '..') can cause Unsquashfs to write +files outside of the destination directory. + +Since then it has been shown that specially crafted Squashfs filesystems +that contain a symbolic link pointing outside of the destination directory, +coupled with an identically named file within the same directory, can +cause Unsquashfs to write files outside of the destination directory. + +Specifically the symbolic link produces a pathname pointing outside +of the destination directory, which is then followed when writing the +duplicate identically named file within the directory. + +This commit fixes this exploit by explictly checking for duplicate +filenames within a directory. As directories in v2.1, v3.x, and v4.0 +filesystems are sorted, this is achieved by checking for consecutively +identical filenames. Additionally directories are checked to +ensure they are sorted, to avoid attempts to evade the duplicate +check. + +Version 1.x and 2.0 filesystems (where the directories were unsorted) +are sorted and then the above duplicate filename check is applied. + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/Makefile | 6 +- + squashfs-tools/unsquash-1.c | 6 ++ + squashfs-tools/unsquash-12.c | 110 +++++++++++++++++++++++++++++++++ + squashfs-tools/unsquash-1234.c | 21 +++++++ + squashfs-tools/unsquash-2.c | 16 +++++ + squashfs-tools/unsquash-3.c | 6 ++ + squashfs-tools/unsquash-4.c | 6 ++ + squashfs-tools/unsquashfs.h | 4 ++ + 8 files changed, 173 insertions(+), 2 deletions(-) + create mode 100644 squashfs-tools/unsquash-12.c + +diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile +index 7262a2e..1b544ed 100755 +--- a/squashfs-tools/Makefile ++++ b/squashfs-tools/Makefile +@@ -160,8 +160,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o action.o swap.o pseudo.o compressor.o \ + caches-queues-lists.o reader.o tar.o + + UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \ +- unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \ +- compressor.o unsquashfs_info.o ++ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o unsquash-12.o \ ++ swap.o compressor.o unsquashfs_info.o + + CFLAGS ?= -O2 + CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \ +@@ -393,6 +393,8 @@ unsquash-34.o: unsquashfs.h unsquash-34.c unsquashfs_error.h + + unsquash-1234.o: unsquash-1234.c unsquashfs_error.h + ++unsquash-12.o: unsquash-12.c unsquashfs.h ++ + unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h unsquashfs_error.h + + unsquashfs_info.o: unsquashfs.h squashfs_fs.h unsquashfs_error.h +diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c +index b604434..88866fc 100644 +--- a/squashfs-tools/unsquash-1.c ++++ b/squashfs-tools/unsquash-1.c +@@ -370,6 +370,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + } + } + ++ /* check directory for duplicate names. Need to sort directory first */ ++ sort_directory(dir); ++ if(check_directory(dir) == FALSE) { ++ ERROR("File system corrupted: directory has duplicate names\n"); ++ goto corrupted; ++ } + return dir; + + corrupted: +diff --git a/squashfs-tools/unsquash-12.c b/squashfs-tools/unsquash-12.c +new file mode 100644 +index 0000000..61bf128 +--- /dev/null ++++ b/squashfs-tools/unsquash-12.c +@@ -0,0 +1,110 @@ ++/* ++ * Unsquash a squashfs filesystem. This is a highly compressed read only ++ * filesystem. ++ * ++ * Copyright (c) 2021 ++ * Phillip Lougher ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * unsquash-12.c ++ * ++ * Helper functions used by unsquash-1 and unsquash-2. ++ */ ++ ++#include "unsquashfs.h" ++ ++/* ++ * Bottom up linked list merge sort. ++ * ++ */ ++void sort_directory(struct dir *dir) ++{ ++ struct dir_ent *cur, *l1, *l2, *next; ++ int len1, len2, stride = 1; ++ ++ if(dir->dir_count < 2) ++ return; ++ ++ /* ++ * We can consider our linked-list to be made up of stride length ++ * sublists. Eacn iteration around this loop merges adjacent ++ * stride length sublists into larger 2*stride sublists. We stop ++ * when stride becomes equal to the entire list. ++ * ++ * Initially stride = 1 (by definition a sublist of 1 is sorted), and ++ * these 1 element sublists are merged into 2 element sublists, which ++ * are then merged into 4 element sublists and so on. ++ */ ++ do { ++ l2 = dir->dirs; /* head of current linked list */ ++ cur = NULL; /* empty output list */ ++ ++ /* ++ * Iterate through the linked list, merging adjacent sublists. ++ * On each interation l2 points to the next sublist pair to be ++ * merged (if there's only one sublist left this is simply added ++ * to the output list) ++ */ ++ while(l2) { ++ l1 = l2; ++ for(len1 = 0; l2 && len1 < stride; len1 ++, l2 = l2->next); ++ len2 = stride; ++ ++ /* ++ * l1 points to first sublist. ++ * l2 points to second sublist. ++ * Merge them onto the output list ++ */ ++ while(len1 && l2 && len2) { ++ if(strcmp(l1->name, l2->name) <= 0) { ++ next = l1; ++ l1 = l1->next; ++ len1 --; ++ } else { ++ next = l2; ++ l2 = l2->next; ++ len2 --; ++ } ++ ++ if(cur) { ++ cur->next = next; ++ cur = next; ++ } else ++ dir->dirs = cur = next; ++ } ++ /* ++ * One sublist is now empty, copy the other one onto the ++ * output list ++ */ ++ for(; len1; len1 --, l1 = l1->next) { ++ if(cur) { ++ cur->next = l1; ++ cur = l1; ++ } else ++ dir->dirs = cur = l1; ++ } ++ for(; l2 && len2; len2 --, l2 = l2->next) { ++ if(cur) { ++ cur->next = l2; ++ cur = l2; ++ } else ++ dir->dirs = cur = l2; ++ } ++ } ++ cur->next = NULL; ++ stride = stride << 1; ++ } while(stride < dir->dir_count); ++} +diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c +index e389f8d..98a81ed 100644 +--- a/squashfs-tools/unsquash-1234.c ++++ b/squashfs-tools/unsquash-1234.c +@@ -72,3 +72,24 @@ void squashfs_closedir(struct dir *dir) + + free(dir); + } ++ ++ ++/* ++ * Check directory for duplicate names. As the directory should be sorted, ++ * duplicates will be consecutive. Obviously we also need to check if the ++ * directory has been deliberately unsorted, to evade this check. ++ */ ++int check_directory(struct dir *dir) ++{ ++ int i; ++ struct dir_ent *ent; ++ ++ if(dir->dir_count < 2) ++ return TRUE; ++ ++ for(ent = dir->dirs, i = 0; i < dir->dir_count - 1; ent = ent->next, i++) ++ if(strcmp(ent->name, ent->next->name) >= 0) ++ return FALSE; ++ ++ return TRUE; ++} +diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c +index 956f96f..0e36f7d 100644 +--- a/squashfs-tools/unsquash-2.c ++++ b/squashfs-tools/unsquash-2.c +@@ -29,6 +29,7 @@ + static squashfs_fragment_entry_2 *fragment_table; + static unsigned int *uid_table, *guid_table; + static squashfs_operations ops; ++static int needs_sorting = FALSE; + + + static void read_block_list(unsigned int *block_list, long long start, +@@ -463,6 +464,17 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + } + } + ++ if(needs_sorting) ++ sort_directory(dir); ++ ++ /* check directory for duplicate names and sorting */ ++ if(check_directory(dir) == FALSE) { ++ if(needs_sorting) ++ ERROR("File system corrupted: directory has duplicate names\n"); ++ else ++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n"); ++ goto corrupted; ++ } + return dir; + + corrupted: +@@ -596,6 +608,10 @@ int read_super_2(squashfs_operations **s_ops, void *s) + * 2.x filesystems use gzip compression. + */ + comp = lookup_compressor("gzip"); ++ ++ if(sBlk_3->s_minor == 0) ++ needs_sorting = TRUE; ++ + return TRUE; + } + +diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c +index 835a574..0123562 100644 +--- a/squashfs-tools/unsquash-3.c ++++ b/squashfs-tools/unsquash-3.c +@@ -497,6 +497,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + } + } + ++ /* check directory for duplicate names and sorting */ ++ if(check_directory(dir) == FALSE) { ++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n"); ++ goto corrupted; ++ } ++ + return dir; + + corrupted: +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index 694783d..c615bb8 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -434,6 +434,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse + } + } + ++ /* check directory for duplicate names and sorting */ ++ if(check_directory(dir) == FALSE) { ++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n"); ++ goto corrupted; ++ } ++ + return dir; + + corrupted: +diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h +index f8cf78c..bf2a80d 100644 +--- a/squashfs-tools/unsquashfs.h ++++ b/squashfs-tools/unsquashfs.h +@@ -293,4 +293,8 @@ extern long long *alloc_index_table(int); + /* unsquash-1234.c */ + extern int check_name(char *, int); + extern void squashfs_closedir(struct dir *); ++extern int check_directory(struct dir *); ++ ++/* unsquash-12.c */ ++extern void sort_directory(struct dir *); + #endif +-- +2.17.1 + diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb index c78f446711..6a19cba8f7 100644 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb @@ -9,8 +9,12 @@ LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" PV = "4.5" SRCREV = "0496d7c3de3e09da37ba492081c86159806ebb07" -SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \ +SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \ file://0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch \ + file://CVE-2021-41072-requisite-1.patch;striplevel=2 \ + file://CVE-2021-41072-requisite-2.patch;striplevel=2 \ + file://CVE-2021-41072-requisite-3.patch;striplevel=2 \ + file://CVE-2021-41072.patch;striplevel=2 \ " S = "${WORKDIR}/git/squashfs-tools" diff --git a/poky/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch b/poky/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch new file mode 100644 index 0000000000..6df673fa95 --- /dev/null +++ b/poky/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch @@ -0,0 +1,151 @@ +From 197f712ea96c12dcabc9fe98889a425d61ad6a60 Mon Sep 17 00:00:00 2001 +From: Eugene Syromyatnikov +Date: Wed, 3 Nov 2021 00:48:59 +0100 +Subject: [PATCH] Avoid relying on presence of ipx.h + +After Linux has broken UAPI in commit v5.15-rc1~157^2~207, it is well +possible that neither kernel nor libc (such as musl, for example) +provide IPX-related header. Avoid relying on its presence +in the strace's code and conditionalise the relevant checks in the tests. + +* configure.ac (AC_CHECK_HEADERS): Add linux/ipx.h. +* src/net.c: Remove / includes. +* src/sockaddr.c: Likewise. +(IPX_NODE_LEN): New macro constant. +(struct sockaddr_ipx): New type definition. +* src/xlat/sock_ipx_options.in (IPX_TYPE): Provide a fallback value. +* tests/net-sockaddr.c [!HAVE_LINUX_IPX_H]: Do not include +. +[!HAVE_LINUX_IPX_H && HAVE_NETIPX_IPX_H]: Include . +[!(HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H)]: Do not define +check_ipx. +[!(HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H)] (main): Do not call +check_ipx. + +Closes: https://github.com/strace/strace/issues/201 + +Upstream-Status: backport [commit cca828197c0e1 branch esyr/5.15] + +[bva: changed context to apply to a released strace 5.14 tarball] +Signed-off-by: Bruce Ashfield + +--- + configure.ac | 1 + + src/net.c | 5 ----- + src/sockaddr.c | 16 ++++++++++------ + src/xlat/sock_ipx_options.in | 2 +- + tests/net-sockaddr.c | 10 +++++++++- + 5 files changed, 21 insertions(+), 13 deletions(-) + +Index: strace-5.14/configure.ac +=================================================================== +--- strace-5.14.orig/configure.ac ++++ strace-5.14/configure.ac +@@ -423,6 +423,7 @@ + elf.h + gcov.h + iconv.h ++ linux/ipx.h + mqueue.h + netinet/sctp.h + netipx/ipx.h +Index: strace-5.14/src/net.c +=================================================================== +--- strace-5.14.orig/src/net.c ++++ strace-5.14/src/net.c +@@ -28,11 +28,6 @@ + #include + #include + #include +-#ifdef HAVE_NETIPX_IPX_H +-# include +-#else +-# include +-#endif + + #include + #include "netlink.h" +Index: strace-5.14/src/sockaddr.c +=================================================================== +--- strace-5.14.orig/src/sockaddr.c ++++ strace-5.14/src/sockaddr.c +@@ -24,12 +24,6 @@ + #include + #include + +-#ifdef HAVE_NETIPX_IPX_H +-# include +-#else +-# include +-#endif +- + #include "xlat/addrfams.h" + #include "xlat/arp_hardware_types.h" + #include "xlat/ethernet_protocols.h" +@@ -45,6 +39,16 @@ + const size_t arp_hardware_types_size = ARRAY_SIZE(arp_hardware_types) - 1; + const size_t ethernet_protocols_size = ARRAY_SIZE(ethernet_protocols) - 1; + ++#define IPX_NODE_LEN 6 ++struct sockaddr_ipx { ++ uint16_t sipx_family; ++ uint16_t sipx_port; ++ uint32_t sipx_network; ++ unsigned char sipx_node[IPX_NODE_LEN]; ++ uint8_t sipx_type; ++ unsigned char sipx_zero; ++}; ++ + static void + print_sockaddr_data_un(struct tcb *tcp, const void *const buf, const int addrlen) + { +Index: strace-5.14/src/xlat/sock_ipx_options.in +=================================================================== +--- strace-5.14.orig/src/xlat/sock_ipx_options.in ++++ strace-5.14/src/xlat/sock_ipx_options.in +@@ -1 +1 @@ +-IPX_TYPE ++IPX_TYPE 1 +Index: strace-5.14/tests/net-sockaddr.c +=================================================================== +--- strace-5.14.orig/tests/net-sockaddr.c ++++ strace-5.14/tests/net-sockaddr.c +@@ -24,7 +24,11 @@ + #include + #include + #include +-#include ++#if defined HAVE_LINUX_IPX_H ++# include ++#elif defined HAVE_NETIPX_IPX_H ++# include ++#endif + #ifdef HAVE_BLUETOOTH_BLUETOOTH_H + # include + # include +@@ -269,6 +273,7 @@ + printf("connect(-1, %p, %u) = %d EBADF (%m)\n", in6, len, ret); + } + ++#if defined HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H + static void + check_ipx(void) + { +@@ -295,6 +300,7 @@ + c_ipx.sipx_node[4], c_ipx.sipx_node[5], + c_ipx.sipx_type, len, ret); + } ++#endif /* HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H */ + + /* for a bit more compact AX.25 address definitions */ + #define AX25_ADDR(c_, s_) \ +@@ -773,7 +779,9 @@ + check_un(); + check_in(); + check_in6(); ++#if defined HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H + check_ipx(); ++#endif + check_ax25(); + check_x25(); + check_nl(); diff --git a/poky/meta/recipes-devtools/strace/strace/run-ptest b/poky/meta/recipes-devtools/strace/strace/run-ptest index 3a51fb0be9..02bb91e07f 100755 --- a/poky/meta/recipes-devtools/strace/strace/run-ptest +++ b/poky/meta/recipes-devtools/strace/strace/run-ptest @@ -1,6 +1,15 @@ #!/bin/sh + +set -u + export TIMEOUT_DURATION=240 chown nobody tests chown nobody tests/* chown nobody ../ptest + su nobody -c "make -B -C tests -k test-suite.log" +res=$? +if [ $res -ne 0 ]; then + cat tests/test-suite.log +fi +exit $res diff --git a/poky/meta/recipes-devtools/strace/strace_5.14.bb b/poky/meta/recipes-devtools/strace/strace_5.14.bb index 02a4843edf..3229954b3f 100644 --- a/poky/meta/recipes-devtools/strace/strace_5.14.bb +++ b/poky/meta/recipes-devtools/strace/strace_5.14.bb @@ -14,6 +14,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \ file://ptest-spacesave.patch \ file://uintptr_t.patch \ file://0001-strace-fix-reproducibilty-issues.patch \ + file://0001-Avoid-relying-on-presence-of-ipx.h.patch \ " SRC_URI[sha256sum] = "901bee6db5e17debad4530dd9ffb4dc9a96c4a656edbe1c3141b7cb307b11e73" diff --git a/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb b/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb index 30dbbcc05c..71c2ba6d7c 100644 --- a/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb +++ b/poky/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb @@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1 & GPLv2" LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c \ file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe" -SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https \ +SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https;branch=master \ file://0001-architecture-Recognise-RISCV-32-RISCV-64.patch \ file://mips64.patch \ file://no_lto.patch \ diff --git a/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb index e67eccc75c..d6d563d8e7 100644 --- a/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb +++ b/poky/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb @@ -10,7 +10,7 @@ SRCREV = "2735e3d6b7eccb05ab232825c618c837d27a5010" PV = "1.7.0+git${SRCPV}" UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+))" -SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https \ +SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \ file://fix_ranlib.patch \ file://ldflags.patch \ file://tcf-agent.init \ diff --git a/poky/meta/recipes-devtools/unfs3/unfs3_git.bb b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb index 2bc7a9230b..7a5d273851 100644 --- a/poky/meta/recipes-devtools/unfs3/unfs3_git.bb +++ b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb @@ -14,7 +14,7 @@ DEPENDS:append:class-nativesdk = " flex-nativesdk" ASNEEDED = "" S = "${WORKDIR}/git" -SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https \ +SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https;branch=master \ file://unfs3_parallel_build.patch \ file://alternate_rpc_ports.patch \ file://fix_pid_race_parent_writes_child_pid.patch \ -- cgit v1.2.3