subtree updates
meta-raspberrypi: fde68b24f0..4c033eb074:
Harunobu Kurokawa (1):
rpi-cmdline, rpi-u-boot-src: Support USB boot
meta-arm: 0b61cc659a..4d22f982bc:
Debbie Martin (2):
arm-systemready: Add parted dependency and inherit testimage
ci: Add Arm SystemReady firmware and IR ACS builds
Harsimran Singh Tungal (3):
arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions
corstone1000:arm-bsp/optee: Update optee to v4.0
corstone1000:arm-bsp/tftf: Fix tftf tests on mps3
Jon Mason (5):
arm/trusted-firmware-a: move patch file to bbappend
arm/trusted-firmware-a: update to 2.10
arm/hafnium: update to v2.10
CI: rename meta-secure-core directory
arm/edk2: update to 202311
Ross Burton (1):
CI: switch back to master
poky: 028b6f6226..4675bbb757:
Adrian Freihofer (4):
cmake-qemu.bbclass: make it more usable
oe-selftest: add a cpp-example recipe
oeqa/core/decorator: add skip if not qemu-usermode
oe-selftest: add tests for C and C++ build tools
Alassane Yattara (22):
bitbake: toaster/test: bug-fix on tests/browser/test_all_builds_page
bitbake: toaster/test: from test_no_builds_message.py wait for the empty state div to appear
bitbake: toaster/test: delay driver action until elements to appear
bitbake: toaster/tests: Ensure to kill toaster process create for tests functional
bitbake: toaster/tests: Added functional/utils, contains useful methods using by functional tests
bitbake: toaster/tests: Refactorize tests/functional
bitbake: toaster/tests: Bug fixes, functional tests dependent on each other
bitbake: toaster/tests: Fixes warnings in autobuilder
bitbake: toaster/tests: bug-fix tests writing files into /tmp on the autobuilders
bitbake: toaster/test: fix Copyright
bitbake: toaster/tests: logging warning in console, trying to kill unavailable Runbuilds process
bitbake: toaster/tests: Removed all time.sleep occurrence
bitbake: toaster/tests: Bug-Fix testcase functional/test_project_page_tab_config.py
bitbake: toaster/tests: bug-fix element click intercepted in browser/test_layerdetails_page.py
bitbake: toaster/tests: Update tests/functional/functional_helpers test_functional_basic
bitbake: toaster/tests: Fixes functional tests warning on autobuilder
bitbake: toaster/tests: Bug-fix test_functional_basic, delay driver actions
bitbake: toaster/tests: bug-fix An element matching "#projectstable" should be visible
bitbake: toaster/tests: bug-fix An element matching "#lastest_builds" should be on the page
bitbake: toaster/tests: Skip to show more then 100 item in ToasterTable
bitbake: toaster/tests: Bug-fix "#project-created-notification" should be visible
bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer
Alex Bennée (1):
qemurunner: more cleanups for output blocking
Alex Kiernan (17):
cargo: Rename MANIFEST_PATH -> CARGO_MANIFEST_PATH
cargo: Move CARGO_MANIFEST_PATH/CARGO_SRC_DIR to cargo_common
rust: cargo: Convert single-valued variables to weak defaults
cargo: Add CARGO_LOCK_PATH for path to Cargo.lock
rust: Upgrade 1.70.0 -> 1.71.0
rust: Upgrade 1.71.0 -> 1.71.1
sstate-cache-management: Rewrite in python
devtool: selftest: Fix test_devtool_modify_git_crates_subpath inequality
devtool: selftest: Fix test_devtool_modify_git_crates_subpath bbappend check
meta-selftest: hello-rs: Simple rust test recipe
devtool: selftest: Swap to hello-rs for crates testing
zvariant: Drop recipe
rust: Upgrade 1.71.1 -> 1.72.0
rust: Upgrade 1.72.0 -> 1.72.1
rust: Upgrade 1.72.1 -> 1.73.0
rust: Upgrade 1.73.0 -> 1.74.0
rust: Upgrade 1.74.0 -> 1.74.1
Alexander Kanavin (21):
selftest/sstatetest: print output from bitbake with actual newlines, not \n
selftest/sstatetests: do not delete custom $TMPDIRs under build-st when testing printdiff
sstatesig/find_siginfo: special-case gcc-source when looking in sstate caches
oeqa/selftest/sstatetests: re-work CDN tests, add local cache tests
gobject-introspection: depend on setuptools to obtain distutils module
libcap-ng-python: depend on setuptools to obtain distutils copy
dnf: remove obsolete python3-gpg dependency (provided by gpgme)
gpgme: disable python support (until upstream fixes 3.12 compatibility)
python3-setuptools-rust: remove distutils dependency
python3-babel: replace distutils with setuptools, as supported by upstream
python3-pip: remove distutils depedency
glib-2.0: replace distutils dependency with setuptools
python3-pytest-runner: remove distutils dependency
python3-numpy: distutils is no longer required
bitbake: bitbake/codeparser.py: address ast module deprecations in py 3.12
glibc-y2038-tests: do not run tests using 32 bit time APIs
bitbake: bitbake/runqueue: add debugging for find_siginfo() calls
bitbake: bitbake-diffsigs/runqueue: adapt to reworked find_siginfo()
bitbake: bitbake/runqueue: prioritize local stamps over sstate signatures in printdiff
sstatesig/find_siginfo: unify a disjointed API
lib/sstatesig/find_siginfo: raise an error instead of returning None when obtaining mtime
Alexander Lussier-Cullen (6):
bitbake: toaster: fix pytest build test execution and test discovery
bitbake: toaster: Add verbose printout for missing chrome(driver) dependencies
bitbake: bitbake: toaster: add functional testing toaster error details
bitbake: toaster/tests: Exit tests on chromedriver creation failure
bitbake: toaster/tests: fix functional tests setup and teardown
bitbake: toaster/tests: fix chrome argument syntax and wait for driver exit
Alexandre Belloni (1):
oeqa/selftest/recipetool: stop looking for md5sum
Anuj Mittal (9):
sqlite3: upgrade 3.44.0 -> 3.44.2
base-passwd: upgrade 3.6.2 -> 3.6.3
bluez5: upgrade 5.70 -> 5.71
glib-2.0: upgrade 2.78.1 -> 2.78.3
glib-networking: upgrade 2.76.1 -> 2.78.0
puzzles: upgrade to latest revision
stress-ng: upgrade 0.17.01 -> 0.17.03
libusb1: fix upstream version check
enchant2: upgrade 2.6.2 -> 2.6.4
Archana Polampalli (1):
bluez5: fix CVE-2023-45866
Bruce Ashfield (31):
linux-yocto/6.5: cfg: split runtime and symbol debug
linux-yocto/6.5: update to v6.5.11
linux-yocto/6.1: update to v6.1.62
linux-yocto-dev: bump to v6.7
linux-yocto/6.5: update to v6.5.12
linux-yocto/6.5: update to v6.5.13
linux-yocto/6.1: update to v6.1.65
linux-yocto/6.1: drop removed IMA option
linux-yocto/6.5: drop removed IMA option
linux-yocto-rt/6.1: update to -rt18
linux-yocto/6.1: update to v6.1.66
linux-yocto/6.1: update to v6.1.67
linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector
linux-yocto/6.1: update to v6.1.68
oeqa/runtime/parselogs: add qemux86 ACPI ignore for kernel v6.6+
linux-libc-headers: update to v6.6-lts
linux-yocto: introduce 6.6 reference kernel
linux-yocto/6.6: fix AB-INT: QEMU kernel panic: No irq handler for vector
linux-yocto-rt/6.6: fix CVE exclusion include
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.6: update to v6.6.8
linux-yocto/6.1: update to v6.1.69
linux-yocto/6.5: drop 6.5 recipes
linux-yocto-rt/6.6: correct meta data branch
linux-yocto/6.6: update to v6.6.9
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.1: update to v6.1.70
linux-yocto/6.1: update CVE exclusions
linux-yocto/6.6: ARM fix configuration audit warning
linux-yocto/6.6: arm: jitter entropy backport
poky/poky-tiny: make 6.6 the default kernel
Changqing Li (1):
man-pages: remove conflict pages
Chen Qi (1):
devtool: use straight print in check-upgrade-status output
Clay Chang (1):
devtool: deploy: provide max_process to strip_execs
Daniel Ammann (1):
base: Unpack .7z files with p7zip
Deepthi Hemraj (1):
autoconf: Add missing perl modules to RDEPENDS
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request failures
Eilís 'pidge' Ní Fhlannagáin (3):
useradd: Fix issues with useradd dependencies
useradd: Add testcase for bugzilla issue (currently disabled)
usergrouptests.py: Add test for switching between static-ids
Enrico Scholz (1):
tcp-wrappers: drop libnsl2 build dependency
Etienne Cordonnier (2):
gdb/systemd: enable minidebuginfo support conditionally
manuals: document minidebuginfo
Fabio Estevam (3):
libdrm: Upgrade to 2.4.119
kmscube: Upgrade to latest revision
bmap-tools: Upgrade to 3.7
Hongxu Jia (2):
socat: 1.7.4.4 -> 1.8.0.0
man-db: 2.11.2 -> 2.12.0
Jason Andryuk (3):
linux-firmware: Package iwlwifi .pnvm files
linux-firmware: Change bnx2 packaging
linux-firmware: Create bnx2x subpackage
Jeremy A. Puhlman (1):
create-spdx-2.2: combine spdx can try to write before dir creation
Jermain Horsman (2):
lib/bblayers/makesetup.py: Remove unused imports
lib/bblayers/buildconf.py: Remove unused imports/variables
Jose Quaresma (2):
go: update 1.20.10 -> 1.20.11
go: update 1.20.11 -> 1.20.12
Joshua Watt (11):
bitbake: bitbake-hashserv: Add description of permissions
bitbake.conf: Add runtimedir
rpcbind: Specify state directory under /run
libinput: Add packageconfig for tests
ipk: Switch to using zstd compression
lib/oe/path.py: Add relsymlink()
lib/packagedata.py: Fix broken symlinks for providers with a '/'
bitbake: contrib/vim: Syntax improvements
classes-global/sstate: Fix variable typo
lib/packagedata.py: Add API to iterate over rprovides
classes-global/insane: Look up all runtime providers for file-rdeps
Julien Stephan (19):
recipetool: create_buildsys_python.py: initialize metadata
recipetool: create: add trailing newlines
recipetool: create: add new optional process_url callback for plugins
recipetool: create_buildsys_python: add pypi support
oeqa/selftest/recipetool: remove spaces on empty lines
oeqa/selftest/recipetool/devtool: add test for pypi class
recipetool: appendsrcfile(s): add dry-run mode
recipeutils: bbappend_recipe: fix undefined variable
recipeutils: bbappend_recipe: fix docstring
recipeutils: bbappend_recipe: add a way to specify the name of the file to add
recipeutils: bbappend_recipe: remove old srcuri entry if parameters are different
recipetool: appendsrcfile(s): use params instead of extraline
recipeutils: bbappend_recipe: allow to patch the recipe itself
recipetool: appendsrcfile(s): add a mode to update the recipe itself
oeqa/selftest/recipetool: appendsrfile: add test for machine
oeqa/selftest/recipetool: appendsrc: add test for update mode
oeqa/selftest/recipetool: add back checksum checks on pypi tests
oeqa/selftest/recipetool: remove left over from development
oeqa/selftest/recipetool: fix metadata corruption on meta layer
Kevin Hao (2):
beaglebone-yocto: Remove the redundant kernel-devicetree
beaglebone-yocto: Remove the obsolete variables for uImage
Khem Raj (13):
tiff: Backport fixes for CVE-2023-6277
kmod: Fix build with latest musl
elfutils: Use own basename API implementation
util-linux: Fix build with latest musl
sysvinit: Include libgen.h for basename API
attr: Fix build with latest musl
opkg: Use own version of portable basename function
util-linux: Delete md-raid tests
gdb: Update to gdb 14.1 release
systemd: Fix build with latest musl
qemu: Fix build with latest musl
qemu: Add packageconfig knob to enable pipewire support
weston: Include libgen.h for basename
Lee Chee Yang (5):
migration-guides: reword fix in release-notes-4.3.1
migration-guides: add release notes for 4.0.15
perlcross: update to 1.5.2
perl: 5.38.0 -> 5.38.2
curl: update to 8.5.0
Lucas Stach (1):
mesa: upgrade 23.2.1 -> 23.3.1
Ludovic Jozeau (1):
image-live.bbclass: LIVE_ROOTFS_TYPE support compression
Lukas Funke (1):
selftest: wic: add test for zerorize option of empty plugin
Malte Schmidt (1):
wic: extend empty plugin with options to write zeros to partiton
Markus Volk (3):
gtk4: upgrade 4.12.3 -> 4.12.4
libadwaita: update 1.4.0 -> 1.4.2
appstream: Upgrade 0.16.3 -> 1.0.0
Marlon Rodriguez Garcia (5):
bitbake: toaster/tests: Update build test
bitbake: toaster: Added new feature to import eventlogs from command line into toaster using replay functionality
bitbake: toaster: remove test and update setup to avoid rebuilding image
bitbake: toaster: Commandline build import table improvements
bitbake: toaster: Added validation to stop import if there is a build in progress
Marta Rybczynska (1):
bitbake: toastergui: verify that an existing layer path is given
Massimiliano Minella (1):
zstd: fix LICENSE statement
Michael Opdenacker (8):
test-manual: text and formatting fixes
test-manual: resource updates
test-manual: use working example
test-manual: add links to python unittest
test-manual: explicit or fix file paths
test-manual: add or improve hyperlinks
dev-manual: runtime-testing: fix test module name
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
Mikko Rapeli (1):
runqemu: match .rootfs. in addition to -image- for rootfs
Ming Liu (1):
grub: fs/fat: Don't error when mtime is 0
Mingli Yu (2):
python3-license-expression: Fix the ptest failure
ptest-packagelists.inc: Add python3-license-expression
Pavel Zhukov (2):
bitbake: utils: Do not create directories with ${ in the name
oeqa/selftest/bbtests: Add test for unexpanded variables in the dirname
Peter Kjellerstedt (11):
oeqa/selftest/devtool: Correct git clone of local repository
oeqa/selftest/devtool: Avoid global Git hooks when amending a patch
oeqa/selftest/devtool: Make test_devtool_load_plugin more resilient
oeqa/selftest/recipetool: Make test_recipetool_load_plugin more resilient
lib/oe/recipeutils: Avoid wrapping any SRC_URI[sha*sum] variables
recipetool: create: Improve identification of licenses
recipetool: create: Only include the expected SRC_URI checksums
devtool: upgrade: Update all existing checksums for the SRC_URI
devtool: modify: Make --no-extract work again
devtool: modify: Handle recipes with a menuconfig task correctly
dev-manual: Discourage the use of SRC_URI[md5sum]
Peter Marko (1):
dtc: preserve version also from shallow git clones
Philip Balister (1):
sanity.bbclass: Check for additional native perl modules.
Renat Khalikov (1):
python3-maturin: Add missing space appending to CFLAGS
Richard Purdie (41):
bitbake: runqueue: Improve inter setscene task dependency handling
bitbake: bb/toaster: Fix assertEquals deprecation warnings
bitbake: toaster: Fix assertRegexpMatches deprecation warnings
bitbake: toastermain/settings: Avoid python filehandle closure warnings
bitbake: toastergui: Fix regex markup issues
bitbake: bitbake: Move to version 2.6.1 to mark runqueue changes
bitbake: toaster-eventreplay: Remove ordering assumptions
sanity.conf: Require bitbake 2.6.1 for recent runqueue change
sstate: Remove unneeded code from setscene_depvalid() related to useradd
oeqa/runtime/systemd: Ensure test runs only on systemd images
bitbake: toaster: Update to use qemux86-64 machine by default
bitbake: toaster/tests/builds: Add BB_HASHSERVE passthrough
pseudo: Update to pull in syncfs probe fix
useradd: Fix useradd do_populate_sysroot dependency bug
sstate: Fix dir ownership issues in SSTATE_DIR
oeqa/sstatetests: Disable gcc source printdiff test for now
build-appliance-image: Update to master head revision
bitbake: utils: Fix mkdir with PosixPath
bitbake: runqueue: Remove tie between rqexe and starts_worker
build-appliance-image: Update to master head revision
testimage: Exclude wtmp from target-dumper commands
qemurunner: Improve stdout logging handling
qemurunner: Improve handling of serial port output blocking
oeqa/selftest/overlayfs: Don't overwrite DISTRO_FEATURES
testimage: Drop target_dumper and most of monitor_dumper
oeqa/selftest/overlayfs: Fix whitespace
qemu: Clean up DEPENDS
qemu: Ensure pip and the python venv aren't used for meson
curl: Disable two intermittently failing tests
linux/cve-exclusion6.1: Update to latest kernel point release
lib/prservice: Improve lock handling robustness
oeqa/selftest/prservice: Improve test robustness
scripts: Drop shell sstate-cache-management
oeqa/selftest/sstatetests: Update sstate management script tests to python script
curl: Disable test 1091 due to intermittent failures
bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
bitbake: bitbake: Post release version bump to 2.7.0
bitbake: siggen: Ensure version of siggen is verified
bitbake: bitbake: Version bump for find_siginfo chanages
sstatesig: Add version information for find_sigingfo
sanity: Require bitbake 2.7.1
Robert Berger (1):
uninative-tarball.xz - reproducibility fix
Robert Yang (5):
gettext: Upgrade 0.22.3 -> 0.22.4
nfs-utils: Upgrade 2.6.3 -> 2.6.4
archiver.bbclass: Improve work-shared checking
nfs-utils: Update Upstream-Status
archiver.bbclass: Drop tarfile module to improve performance
Ross Burton (23):
avahi: update URL for new project location
oeqa/runtime/parselogs: load ignores from disk
oeqa/runtime/parselogs: migrate ignores
meta-yocto-bsp/oeqa/parselogs: add BSP-specific ignores
linux-yocto: update CVE exclusions
genericx86: remove redundant assignments
images: remove redundant IMAGE_BASENAME assignments
insane: ensure more paths have the workdir removed
tcl: skip timing-dependent tests in run-ptest
qemurunner: remove unused import
go: set vendor in CVE_PRODUCT
runqemu: add qmp socket support
linux-yocto: update CVE exclusions
tcl: skip async and event tests in run-ptest
images: add core-image-initramfs-boot
machine/arch-armv9: remove crc and sve tunes, they are mandatory
python3: re-enable profile guided optimisation
openssl: mark assembler sections as call targets for PAC/BTI support on aarch64
nativesdk: ensure features don't get backfilled
nativesdk: don't unset MACHINE_FEATURES, let machine-sdk/ set it
conf/machine-sdk: declare qemu-usermode SDK_MACHINE_FEATURE
libseccomp: remove redundant PV assignment
oeqa/parselogs-ignores-qemuarmv5: add comments and organise
Saul Wold (1):
package.py: OEHasPackage: Add MLPREFIX to packagename
Shubham Kulkarni (1):
tzdata: Upgrade to 2023d
Simone Weiß (2):
manuals: brief-yoctoprojectqs: align variable order with default local.conf
patchtest: Add test for deprecated CVE_CHECK_IGNORE
Soumya Sambu (1):
ncurses: Fix - tty is hung after reset
Sundeep KOKKONDA (1):
rust: rustdoc reproducibility issue fix - disable PGO
Tim Orling (12):
python3-bcrypt: upgrade 4.0.1 -> 4.1.1
python3-pygments: upgrade 2.16.1 -> 2.17.2
recipetool: pypi: do not clobber SRC_URI checksums
python3-setuptools-rust: BBCLASSEXTEND + nativesdk
python3-maturin: add v1.4.0
python3-maturin: bzip2-sys reproduciblility
classes-recipe: add python_maturin.bbclass
recipetool: add python_maturin support
oe-selfest: add maturn runtime (testimage) test
oeqa: add simple 'maturin' SDK (testsdk) test case
oeqa: add "maturin develop" SDK test case
oeqa: add runtime 'maturin develop' test case
Tom Rini (1):
inetutils: Update to the 2.5 release
Trevor Gamblin (1):
scripts/runqemu: fix regex escape sequences
Victor Kamensky (5):
systemtap: upgrade 4.9 -> 5.0
systemtap: do not install uprobes and uprobes sources
systemtap-uprobes: removed as obsolete
systemtap: explicit handling debuginfod library dependency
systemtap: fix libdebuginfod auto detection logic
Vijay Anusuri (1):
avahi: backport CVE-2023-1981 & CVE's follow-up patches
Viswanath Kraleti (2):
image-uefi.conf: Add EFI_UKI_PATH variable
systemd-boot: Add recipe to compile native
Wang Mingyu (38):
kbd: upgrade 2.6.3 -> 2.6.4
libatomic-ops: upgrade 7.8.0 -> 7.8.2
libnl: upgrade 3.8.0 -> 3.9.0
libseccomp: upgrade 2.5.4 -> 2.5.5
libva-utils: upgrade 2.20.0 -> 2.20.1
dnf: upgrade 4.18.1 -> 4.18.2
gpgme: upgrade 1.23.1 -> 1.23.2
kea: upgrade 2.4.0 -> 2.4.1
opkg-utils: upgrade 0.6.2 -> 0.6.3
repo: upgrade 2.39 -> 2.40
sysstat: upgrade 12.7.4 -> 12.7.5
p11-kit: upgrade 0.25.2 -> 0.25.3
python3-babel: upgrade 2.13.1 -> 2.14.0
python3-dbusmock: upgrade 0.29.1 -> 0.30.0
python3-hatchling: upgrade 1.18.0 -> 1.20.0
python3-hypothesis: upgrade 6.90.0 -> 6.92.1
python3-importlib-metadata: upgrade 6.8.0 -> 7.0.0
python3-license-expression: upgrade 30.1.1 -> 30.2.0
python3-pathspec: upgrade 0.11.2 -> 0.12.1
python3-pip: upgrade 23.3.1 -> 23.3.2
python3-psutil: upgrade 5.9.6 -> 5.9.7
python3-pytest-runner: upgrade 6.0.0 -> 6.0.1
python3-trove-classifiers: upgrade 2023.11.22 -> 2023.11.29
python3-typing-extensions: upgrade 4.8.0 -> 4.9.0
python3-wcwidth: upgrade 0.2.11 -> 0.2.12
ttyrun: upgrade 2.29.0 -> 2.30.0
xwayland: upgrade 23.2.2 -> 23.2.3
diffoscope: upgrade 252 -> 253
iputils: upgrade 20221126 -> 20231222
gstreamer1.0: upgrade 1.22.7 -> 1.22.8
dhcpcd: upgrade 10.0.5 -> 10.0.6
fontconfig: upgrade 2.14.2 -> 2.15.0
python3-setuptools: upgrade 69.0.2 -> 69.0.3
python3-dbusmock: upgrade 0.30.0 -> 0.30.1
python3-hatchling: upgrade 1.20.0 -> 1.21.0
python3-importlib-metadata: upgrade 7.0.0 -> 7.0.1
python3-lxml: upgrade 4.9.3 -> 4.9.4
aspell: upgrade 0.60.8 -> 0.60.8.1
Yash Shinde (1):
rust: Disable rust oe-selftest
Yi Zhao (3):
json-glib: upgrade 1.6.6 -> 1.8.0
psplash: upgrade to latest revision
debianutils: upgrade 5.14 -> 5.15
Yoann Congal (2):
lib/oe/patch: handle creating patches for CRLF sources
strace: Disable bluetooth support by default
Zang Ruochen (2):
ell: upgrade 0.60 -> 0.61
musl: add typedefs for Elf64_Relr and Elf32_Relr
Zoltan Boszormenyi (1):
update_gtk_icon_cache: Fix for GTK4-only builds
venkata pyla (1):
wic: use E2FSPROGS_FAKE_TIME and hash_seed to generate reproducible ext4 images
meta-openembedded: 5ad7203f68..7d8115d550:
Alex Kiernan (7):
mdns: Fix HOMEPAGE URL
mbedtls: Upgrade 3.5.0 -> 3.5.1
c-ares: Upgrade 1.22.1 -> 1.24.0
mdns: Upgrade 2200.40.37.0.1 -> 2200.60.25.0.4
c-ares: Move to tarballs, add ptest and static support
thin-provisioning-tools: Upgrade 1.0.4 -> 1.0.9
bearssl: Upgrade to latest
Alexander Kanavin (29):
python3-pyinotify: remove as unmaintained
python3-supervisor: do not rely on smtpd module
python3-meld3: do not rely on smtpd module
python3-m2crypto: do not rely on smtpd module
python3-uinput: remove as unmaintained
python3-mcrypto: rely on setuptools for distutils copy
python3-joblib: do not rely in distutils
python3-web3: remove distutils dependency
python3-cppy: remove unused distutils dependency
python3-pyroute2: remove unused distutils dependency
python3-eventlet: backport a patch to remove distutils dependency
python3-unoconv: rely on setuptools to obtain distutils copy
python3-astroid: remove unneeded distutils dependency
python3-django: remove unneeded distutils dependency
python3-pillow: remove unneeded distutils dependency
python3-grpcio: update 1.56.2 -> 1.59.3
gstd: correctly delete files in do_install
libplist: fix python 3.12 compatibility
libcamera: skip until upstream resolves python 3.12 compatibility
nodejs: backport (partially) python 3.12 support
nodejs: backport (partially) python 3.12 support
polkit: remove long obsolete 0.119 version
mozjs-115: split the way-too-long PYTHONPATH line
polkit: update mozjs dependency 102 -> 115
mozjs-115: backport py 3.12 compatibility
mozjs-102: remove the recipe
gthumb: update 3.12.2 -> 3.12.4
flatpak: do not rely on executables from the host
bolt: package systemd units
Archana Polampalli (1):
cjson: upgrade 1.7.16 -> 1.7.17
Bruce Ashfield (1):
zfs: update to 2.2.2
Changqing Li (2):
postgresql: upgrade 15.4 -> 15.5
redis: upgrade 6.2.13 -> 6.2.14
Derek Straka (70):
python3-greenlet: update to version 3.0.2
python3-ujson: update to version 5.9.0
python3-termcolor: update to version 2.4.0
python3-cmake: update to version 3.28.0
python3-pint: upgrade to 0.23
python3-gnupg: update to 0.5.2
python3-pyzmq: update to 25.1.2
python3-tox: update to version 4.11.4
python3-olefile: update to version 0.47
python3-distlib: update to version 0.3.8
python3-colorlog: update to version 6.8.0
python3-pymongo: update version to 4.6.1
python3-bandit: update to version 1.7.6
python3-gmqtt: update to version 0.6.13
python3-portion: update to version 2.4.2
python3-prompt-toolkit: update to version 3.0.43
python3-asyncinotify: update to version 4.0.4
python3-bitstring: update to version 4.1.4
python3-ipython: update to version 8.18.1
nginx: update versions for both the stable branch and mainline
python3-portalocker: update to version 2.8.2
python3-astroid: update to version 3.0.2
python3-alembic: update to version 1.13.1
python3-pymisp: update to verion 2.4.182
python3-ninja: update to version 1.11.1.1
python3-coverage: update to version 7.3.4
python3-pdm: update to version 2.11.1
python3-paramiko: update to version 3.4.0
python3-zeroconf: update to version 0.131.0
python3-wtforms: update to version 3.1.1
python3-isort: update to version 5.13.2
python3-protobuf: update to version 4.25.1
python3-lazy-object-proxy: update to version 1.10.0
python3-cantools: update to version 39.4.0
python3-sentry-sdk: update to version 1.39.1
python3-xmlschema: update to version 2.5.1
python3-apiflask: update to version 2.1.0
python3-rapidjson: update to version 1.14
python3-bitarray: update to version 2.9.0
python3-pyfanotify: update to version 0.2.2
python3-eventlet: update to version 0.34.1
python3-flask-wtf: update to version 1.2.1
python3-grpcio: update to version 1.60.0
python3-grpcio-tools: update to version 1.60.0
python3-cmake: update to version 3.28.1
python3-flask-sqlalchemy: fix upstream uri check
python3-wtforms: fix upstream uri and version check
gyp: update to the latest commit
python3-ipython-genutils: fix upstream uri and version check
python3-flask: fix upstream uri and version check
python3-wpa-supplicant: fix upstream uri and version check
python3-uswid: update to version 0.4.7
python3-flask-wtf: fix upstream uri and version check
python3-gspread: update to version 5.12.3
python3-pytest-html: update to version 4.1.1
python3-setuptools-scm-git-archive: remove obsolete package
python3-pyroute2: update to version 0.7.10
python3-constantly: update to version 23.10.4
python3-mypy: update to version 1.8.0
python3-flask-jwt-extended: update to version 4.6.0
python3-greenlet: update to version 3.0.3
python3-web3: update to version 6.13.0
python3-parse: update to version 1.20.0
python3-kmod: add comment about update to version 0.9.2
python3-engineio: update to version 4.8.1
python3-sqlalchemy: update to version 2.0.24
python3-pdm-backend: update to version 2.1.8
python3-cantools: update to version 39.4.1
python3-argh: update to version 0.30.5
python3-dominate: update to version 2.9.1
Dmitry Baryshkov (2):
android-tools: remove two Debianisms
networkmanager: drop libnewt dependency
Frederic Martinsons (3):
crash: factorize recipe with inc file to prepare cross-canadian version
crash: add cross canadian version
crash: update to 8.0.4
Jan Vermaete (1):
netdata: added Python as rdepends
Jean-Marc BOUCHE (1):
terminus-font: build compressed archives with -n
Jose Quaresma (1):
ostree: Upgrade 2023.7 -> 2023.8
Joshua Watt (1):
redis: Create state directory in systemd service
Jörg Sommer (1):
i2cdev: New recipe with i2c tools
Kai Kang (1):
lvm2: 2.03.16 -> 2.03.22
Khem Raj (3):
Revert "nodejs: backport (partially) python 3.12 support"
Revert "libcamera: skip until upstream resolves python 3.12 compatibility"
libcamera: Fix build with python 3.12
Leon Anavi (11):
sip: Upgrade 6.7.12 -> 6.8.0
python3-expandvars: add recipe
python3-frozenlist: upgrade 1.4.0 -> 1.4.1
python3-yarl: upgrade 1.9.2 -> 1.9.4
python3-coverage: upgrade 7.3.2 -> 7.3.3
python3-cycler: upgrade 0.11.0 -> 0.12.1
python3-aiohue: upgrade 4.6.2 -> 4.7.0
python3-sdbus: upgrade 0.11.0 -> 0.11.1
python3-zeroconf: upgrade 0.128.4 -> 0.130.0
python3-dominate: upgrade 2.8.0 -> 2.9.0
python3-rlp: upgrade 3.0.0 -> 4.0.0
Marek Vasut (1):
faad2: Upgrade 2.10.0 -> 2.11.1
Markus Volk (3):
wireplumber: update 0.4.15 -> 0.4.17
tracker: dont inherit gsettings
gnome-software: update 45.1 -> 45.2
Martin Jansa (4):
monocypher: pass LIBDIR to fix installed-vs-shipped QA issue with multilib
rygel: fix build with gtk+3 PACKAGECONFIG disabled
rygel: add x11 to DISTRO_FEATURES
driverctl: fix installed-vs-shipped
Meenali Gupta (1):
nginx: upgrade 1.25.2 -> 1.25.3
Mingli Yu (2):
mariadb: Upgrade to 10.11.6
tk: Remove buildpath issue
Nathan BRIENT (1):
cyaml: new recipe
Niko Mauno (1):
pkcs11-provider: Add recipe
Ny Antra Ranaivoarison (1):
python3-click-spinner: backport patch that fixes deprecated methods
Patrick Wicki (1):
poco: upgrade 1.12.4 -> 1.12.5p2
Petr Chernikov (1):
abseil-cpp: remove -Dcmake_cxx_standard=14 flag from extra_oecmake
Robert Yang (1):
minifi-cpp: Fix do_configure error builder aarch64
Ross Burton (13):
Remove unused SRC_DISTRIBUTE_LICENSES
gspell: inherit gtk-doc
gspell: update DEPENDS, switch iso-codes for icu
librest: remove spurious build dependencies
librest: inherit gtk-doc
keybinder: use autotools-brokensep instead of setting B
keybinder: disable gtk-doc documentation
gtksourceview3: remove obsolete DEPENDS
libgsf: remove obsolete DEPENDS
evolution-data-server: remove obsolete intltool DEPENDS
php: remove lemon-native build dependency
lemon: upgrade to 3.44.2
renderdoc: no need to depend on vim-native
Samuli Piippo (1):
jasper: enable opengl only wih x11
Theodore A. Roth (1):
python3-flask-sqlalchemy: upgrade 2.5.1 -> 3.1.1
Thomas Perrot (2):
networkmanager: add missing modemmanager rdepends
networkmanager: fix some missing pkgconfig
Tim Orling (8):
python3-pydantic-core: add v2.14.5
python3-annotated-types: add v0.6.0
python3-pydantic: fix RDEPENDS
python3-dirty-equals: add v0.7.1
python3-pydantic-core: enable ptest
python3-cloudpickle: add v3.0.0
python3-pydantic: enable ptest
python3-yappi: upgrade 1.4.0 -> 1.6.0; fix ptests
Wang Mingyu (61):
python3-alembic: upgrade 1.12.1 -> 1.13.0
python3-ansi2html: upgrade 1.8.0 -> 1.9.1
python3-argcomplete: upgrade 3.1.6 -> 3.2.1
python3-dbus-fast: upgrade 2.15.0 -> 2.21.0
python3-django: upgrade 4.2.7 -> 5.0
python3-flask-restx: upgrade 1.2.0 -> 1.3.0
python3-google-api-core: upgrade 2.14.0 -> 2.15.0
python3-google-api-python-client: upgrade 2.108.0 -> 2.111.0
python3-googleapis-common-protos: upgrade 1.61.0 -> 1.62.0
python3-google-auth: upgrade 2.23.4 -> 2.25.2
python3-imageio: upgrade 2.33.0 -> 2.33.1
python3-isort: upgrade 5.12.0 -> 5.13.1
python3-path: upgrade 16.7.1 -> 16.9.0
python3-platformdirs: upgrade 4.0.0 -> 4.1.0
python3-pytest-asyncio: upgrade 0.22.0 -> 0.23.2
python3-sentry-sdk: upgrade 1.37.1 -> 1.39.0
python3-bitarray: upgrade 2.8.3 -> 2.8.5
python3-eth-keyfile: upgrade 0.6.1 -> 0.7.0
python3-eth-rlp: upgrade 0.3.0 -> 1.0.0
python3-fastnumbers: upgrade 5.0.1 -> 5.1.0
python3-pylint: upgrade 3.0.2 -> 3.0.3
python3-tornado: upgrade 6.3.3 -> 6.4
python3-traitlets: upgrade 5.13.0 -> 5.14.0
python3-types-setuptools: upgrade 68.2.0.2 -> 69.0.0.0
python3-virtualenv: upgrade 20.24.7 -> 20.25.0
python3-web3: upgrade 6.11.3 -> 6.12.0
python3-websocket-client: upgrade 1.6.4 -> 1.7.0
python3-zeroconf: upgrade 0.127.0 -> 0.128.4
ctags: upgrade 6.0.20231126.0 -> 6.0.20231210.0
gensio: upgrade 2.8.0 -> 2.8.2
hwdata: upgrade 0.376 -> 0.377
lvgl: upgrade 8.3.10 -> 8.3.11
gjs: upgrade 1.78.0 -> 1.78.1
ifenslave: upgrade 2.13 -> 2.14
libei: upgrade 1.1.0 -> 1.2.0
pkcs11-helper: upgrade 1.29.0 -> 1.30.0
strongswan: upgrade 5.9.12 -> 5.9.13
webkitgtk3: upgrade 2.42.2 -> 2.42.3
sip: upgrade 6.8.0 -> 6.8.1
paho-mqtt-cpp: upgrade 1.3.1 -> 1.3.2
dbus-cxx: upgrade 2.4.0 -> 2.5.0
exiftool: upgrade 12.70 -> 12.71
uftp: upgrade 5.0.2 -> 5.0.3
ctags: upgrade 6.0.20231210.0 -> 6.0.20231224.0
jasper: Fix install conflict when enable multilib.
jq: upgrade 1.7 -> 1.7.1
libmbim: upgrade 1.31.1 -> 1.31.2
libqmi: upgrade 1.34.0 -> 1.35.1
opencl-headers: upgrade 2023.04.17 -> 2023.12.14
valijson: upgrade 1.0.1 -> 1.0.2
python3-apispec: upgrade 6.3.0 -> 6.3.1
python3-asyncinotify: upgrade 4.0.4 -> 4.0.5
python3-bitarray: upgrade 2.9.0 -> 2.9.1
python3-cassandra-driver: upgrade 3.28.0 -> 3.29.0
python3-ipython: upgrade 8.18.1 -> 8.19.0
python3-pydantic: upgrade 2.5.2 -> 2.5.3
python3-regex: upgrade 2023.10.3 -> 2023.12.25
opencl-icd-loader: upgrade 2023.04.17 -> 2023.12.14
python3-distro: upgrade 1.8.0 -> 1.9.0
zchunk: upgrade 1.3.2 -> 1.4.0
python3-eventlet: upgrade 0.34.1 -> 0.34.2
William Lyu (1):
networkmanager: Improved SUMMARY and added DESCRIPTION
Xiangyu Chen (1):
layer.conf: add libbpf to NON_MULTILIB_RECIPES
Yi Zhao (2):
open-vm-tools: upgrade 12.1.5 -> 12.3.5
samba: upgrade 4.18.8 -> 4.18.9
Zoltán Böszörményi (2):
mutter: Make gnome-desktop and libcanberra dependencies optional
zenity: Upgrade to 4.0.0
alperak (29):
jasper: upgrade 2.0.33 -> 4.1.1
xcursorgen: upgrade 1.0.7 -> 1.0.8
xstdcmap: upgrade 1.0.4 -> 1.0.5
xlsclients: upgrade 1.1.4 -> 1.1.5
xlsatoms: upgrade 1.1.3 -> 1.1.4
xkbevd: upgrade 1.1.4 -> 1.1.5
xgamma: upgrade 1.0.6 -> 1.0.7
sessreg: upgrade 1.1.2 -> 1.1.3
xbitmaps: upgrade 1.1.2 -> 1.1.3
xcursor-themes: add recipe
xorg-docs: add recipe
xorg-sgml-doctools: update summary depends and inc file
xf86-video-ati: upgrade 19.1.0 -> 22.0.0
xf86-input-void: upgrade 1.4.1 -> 1.4.2
libxaw: upgrade 1.0.14 -> 1.0.15
xf86-video-mga: upgrade 2.0.0 -> 2.0.1
snappy: upgrade 1.1.9 -> 1.1.10
xsetroot: upgrade 1.1.2 -> 1.1.3
libbytesize: Removed unnecessary setting of B
libmxml: use autotools-brokensep instead of setting B
libsombok3: use autotools-brokensep instead of setting B
pgpool2: use autotools-brokensep instead of setting B
qpdf: upgrade 11.6.3 -> 11.6.4
cpprest: upgrade 2.10.18 -> 2.10.19
avro-c: upgrade 1.11.2 -> 1.11.3
dool: upgrade 1.1.0 -> 1.3.1
driverctl: upgrade 0.111 -> 0.115
hstr: upgrade 2.5.0 -> 3.1.0
libharu: upgrade 2.3.0 -> 2.4.4
meta-security: 070a1e82cc..b2e1511338:
Armin Kuster (6):
libgssglue: update to 0.8
python3-privacyidea: Update to 3.9.1
lynis: Update SRC_URI to improve updater
layers: Move READMEs to markdown format
arpwatch: adjust CONFIGURE params to allow to build again.
python3-pyinotify: fail2ban needs this module
Dawid Dabrowski (1):
libhoth recipe update
Erik Schilling (2):
dm-verity-img.bbclass: use bc-native
dm-verity-img.bbclass: remove IMAGE_NAME_SUFFIX
Mikko Rapeli (2):
tpm2-tss: support native builds
dm-verity-img.bbclass: add DM_VERITY_DEPLOY_DIR
Change-Id: I94d7f1ee5ff2da4555c05fbf63a1293ec8f249c2
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 910da3c..1f18d44 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -6,7 +6,7 @@
configuration from the link-local 169.254.0.0/16 range without the need for a central \
server.'
HOMEPAGE = "http://avahi.org"
-BUGTRACKER = "https://github.com/lathiat/avahi/issues"
+BUGTRACKER = "https://github.com/avahi/avahi/issues"
SECTION = "network"
# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and
@@ -26,15 +26,18 @@
file://handle-hup.patch \
file://local-ping.patch \
file://invalid-service.patch \
- file://CVE-2023-38469.patch \
- file://CVE-2023-38470.patch \
- file://CVE-2023-38471.patch \
+ file://CVE-2023-1981.patch \
+ file://CVE-2023-38469-1.patch \
+ file://CVE-2023-38469-2.patch \
+ file://CVE-2023-38470-1.patch \
+ file://CVE-2023-38470-2.patch \
+ file://CVE-2023-38471-1.patch \
+ file://CVE-2023-38471-2.patch \
file://CVE-2023-38472.patch \
file://CVE-2023-38473.patch \
"
-GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
-SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
+GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"
SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE"
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
new file mode 100644
index 0000000..4d7924d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,58 @@
+From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 17 Nov 2022 01:51:53 +0100
+Subject: [PATCH] Emit error if requested service is not found
+
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+
+Fixes #375
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
+CVE: CVE-2023-1981
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
+index 70d7687bc..406d0b441 100644
+--- a/avahi-daemon/dbus-protocol.c
++++ b/avahi-daemon/dbus-protocol.c
+@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
+ }
+
+ t = avahi_alternative_host_name(n);
+- avahi_dbus_respond_string(c, m, t);
+- avahi_free(t);
++ if (t) {
++ avahi_dbus_respond_string(c, m, t);
++ avahi_free(t);
+
+- return DBUS_HANDLER_RESULT_HANDLED;
++ return DBUS_HANDLER_RESULT_HANDLED;
++ } else {
++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
++ }
+ }
+
+ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
+@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
+ }
+
+ t = avahi_alternative_service_name(n);
+- avahi_dbus_respond_string(c, m, t);
+- avahi_free(t);
++ if (t) {
++ avahi_dbus_respond_string(c, m, t);
++ avahi_free(t);
+
+- return DBUS_HANDLER_RESULT_HANDLED;
++ return DBUS_HANDLER_RESULT_HANDLED;
++ } else {
++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
++ }
+ }
+
+ static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
rename to poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
new file mode 100644
index 0000000..f8f60dd
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
@@ -0,0 +1,65 @@
+From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 25 Oct 2023 18:15:42 +0000
+Subject: [PATCH] tests: pass overly long TXT resource records
+
+to make sure they don't crash avahi any more.
+It reproduces https://github.com/lathiat/avahi/issues/455
+
+Canonical notes:
+nickgalanis> removed first hunk since there is no .github dir in this release
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237]
+CVE: CVE-2023-38469
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ avahi-client/client-test.c | 14 ++++++++++++++
+ 1 files changed, 14 insertions(+)
+
+Index: avahi-0.8/avahi-client/client-test.c
+===================================================================
+--- avahi-0.8.orig/avahi-client/client-test.c
++++ avahi-0.8/avahi-client/client-test.c
+@@ -22,6 +22,7 @@
+ #endif
+
+ #include <stdio.h>
++#include <string.h>
+ #include <assert.h>
+
+ #include <avahi-client/client.h>
+@@ -33,6 +34,8 @@
+ #include <avahi-common/malloc.h>
+ #include <avahi-common/timeval.h>
+
++#include <avahi-core/dns.h>
++
+ static const AvahiPoll *poll_api = NULL;
+ static AvahiSimplePoll *simple_poll = NULL;
+
+@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
+ uint32_t cookie;
+ struct timeval tv;
+ AvahiAddress a;
++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1];
++ AvahiStringList *txt = NULL;
++ int r;
+
+ simple_poll = avahi_simple_poll_new();
+ poll_api = avahi_simple_poll_get(simple_poll);
+@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
+ printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
+ printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
+
++ memset(rdata, 1, sizeof(rdata));
++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt);
++ assert(r >= 0);
++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata));
++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt);
++ assert(error == AVAHI_ERR_INVALID_RECORD);
++ avahi_string_list_free(txt);
++
+ avahi_entry_group_commit (group);
+
+ domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
rename to poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
new file mode 100644
index 0000000..e0736bf
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
@@ -0,0 +1,52 @@
+From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 19 Sep 2023 03:21:25 +0000
+Subject: [PATCH] [common] bail out when escaped labels can't fit into ret
+
+Fixes:
+```
+==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8
+READ of size 1110 at 0x7f9e76f14c16 thread T0
+ #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba)
+ #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12
+ #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12
+```
+and
+```
+fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed.
+==101571== ERROR: libFuzzer: deadly signal
+ #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
+ #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
+ #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
+ #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
+ #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
+ #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
+ #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
+ #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
+ #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
+ #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9
+```
+
+It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security
+CVE: CVE-2023-38470 #Follow-up patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ avahi-common/domain.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: avahi-0.8/avahi-common/domain.c
+===================================================================
+--- avahi-0.8.orig/avahi-common/domain.c
++++ avahi-0.8/avahi-common/domain.c
+@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s
+ } else
+ empty = 0;
+
+- avahi_escape_label(label, strlen(label), &r, &size);
++ if (!(avahi_escape_label(label, strlen(label), &r, &size)))
++ return NULL;
+ }
+
+ return ret_s;
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
rename to poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
new file mode 100644
index 0000000..44737bf
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
@@ -0,0 +1,52 @@
+From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 24 Oct 2023 22:04:51 +0000
+Subject: [PATCH] core: return errors from avahi_server_set_host_name properly
+
+It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]
+CVE: CVE-2023-38471 #Follow-up Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ avahi-core/server.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+Index: avahi-0.8/avahi-core/server.c
+===================================================================
+--- avahi-0.8.orig/avahi-core/server.c
++++ avahi-0.8/avahi-core/server.c
+@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ
+ else
+ hn = avahi_normalize_name_strdup(host_name);
+
++ if (!hn)
++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
++
+ h = hn;
+ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
+ avahi_free(h);
+- return AVAHI_ERR_INVALID_HOST_NAME;
++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
+ }
+
+ avahi_free(h);
+@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ
+ h = label_escaped;
+ len = sizeof(label_escaped);
+ if (!avahi_escape_label(label, strlen(label), &h, &len))
+- return AVAHI_ERR_INVALID_HOST_NAME;
++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
+
+ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
+@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ
+ avahi_free(s->host_name);
+ s->host_name = avahi_strdup(label_escaped);
+ if (!s->host_name)
+- return AVAHI_ERR_NO_MEMORY;
++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
+
+ update_fqdn(s);
+
diff --git a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
index a1de8e2..85dbded 100644
--- a/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
+++ b/poky/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
@@ -1,46 +1,46 @@
-From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
+From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 19 Oct 2023 17:36:44 +0200
-Subject: [PATCH] avahi: core: make sure there is rdata to process before
- parsing it
+Subject: [PATCH] core: make sure there is rdata to process before parsing it
Fixes #452
-Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
-CVE: CVE-2023-38472
+CVE-2023-38472
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
+CVE: CVE-2023-38472
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
avahi-client/client-test.c | 3 +++
avahi-daemon/dbus-entry-group.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
-diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
-index 7d04a6a..57750a4 100644
---- a/avahi-client/client-test.c
-+++ b/avahi-client/client-test.c
-@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
- printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
- printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
-
+Index: avahi-0.8/avahi-client/client-test.c
+===================================================================
+--- avahi-0.8.orig/avahi-client/client-test.c
++++ avahi-0.8/avahi-client/client-test.c
+@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
+ assert(error == AVAHI_ERR_INVALID_RECORD);
+ avahi_string_list_free(txt);
+
+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
+ assert(error != AVAHI_OK);
+
avahi_entry_group_commit (group);
-
+
domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
-diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
-index 4e879a5..aa23d4b 100644
---- a/avahi-daemon/dbus-entry-group.c
-+++ b/avahi-daemon/dbus-entry-group.c
-@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
+Index: avahi-0.8/avahi-daemon/dbus-entry-group.c
+===================================================================
+--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c
++++ avahi-0.8/avahi-daemon/dbus-entry-group.c
+@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
-
+
- if (avahi_rdata_parse (r, rdata, size) < 0) {
+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
avahi_record_unref (r);
return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
}
---
-2.40.0
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index a23e4e5..e10158a 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -55,7 +55,6 @@
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://0004-src-shared-util.c-include-linux-limits.h.patch \
- file://0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
index 06ebf1c..3546c7c 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
@@ -1,4 +1,4 @@
-From 7dcc5f46a31ac4eaa67c0ab3aaae38005db7458f Mon Sep 17 00:00:00 2001
+From e8808a2f5e17d375411c7409eaffb17e72f65022 Mon Sep 17 00:00:00 2001
From: Mingli Yu <Mingli.Yu@windriver.com>
Date: Fri, 24 Aug 2018 12:04:03 +0800
Subject: [PATCH] test-gatt: Fix hung issue
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
index 7c47cc1..be05093 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
@@ -1,4 +1,4 @@
-From a657fddd13a2e756b0af315301f1c44081e2f668 Mon Sep 17 00:00:00 2001
+From 3724958858b0ee430f37fb83388c3737d2039a3a Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Fri, 1 Apr 2016 17:07:34 +0300
Subject: [PATCH] tests: add a target for building tests without running them
@@ -11,10 +11,10 @@
1 file changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am
-index 7041f8e..25966cd 100644
+index e7221bd..9595fd1 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -594,6 +594,9 @@ endif
+@@ -710,6 +710,9 @@ endif
TESTS = $(unit_tests)
AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch
deleted file mode 100644
index d088433..0000000
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch
+++ /dev/null
@@ -1,313 +0,0 @@
-From 3a9c637010f8dc1ba3e8382abe01065761d4f5bb Mon Sep 17 00:00:00 2001
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date: Tue, 10 Oct 2023 12:38:29 -0700
-Subject: [PATCH 02/40] input: Fix .device_probe failing if SDP record is not
- found
-
-Due to changes introduced by 67a26abe53bf
-("profile: Add probe_on_discover flag") profiles may get probed when
-their profile UUID are discovered, rather than resolved, which means
-the SDP record may not be available.
-
-Fixes: https://github.com/bluez/bluez/issues/614
-
-Upstream-Status: Backport [https://github.com/bluez/bluez/commit/3a9c637010f8dc1ba3e8382abe01065761d4f5bb]
----
- profiles/input/device.c | 182 +++++++++++++++++++---------------------
- 1 file changed, 84 insertions(+), 98 deletions(-)
-
-diff --git a/profiles/input/device.c b/profiles/input/device.c
-index e2ac6ea60..4a50ea992 100644
---- a/profiles/input/device.c
-+++ b/profiles/input/device.c
-@@ -60,7 +60,7 @@ struct input_device {
- char *path;
- bdaddr_t src;
- bdaddr_t dst;
-- uint32_t handle;
-+ const sdp_record_t *rec;
- GIOChannel *ctrl_io;
- GIOChannel *intr_io;
- guint ctrl_watch;
-@@ -754,7 +754,8 @@ static void epox_endian_quirk(unsigned char *data, int size)
- }
- }
-
--static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
-+static int create_hid_dev_name(const sdp_record_t *rec,
-+ struct hidp_connadd_req *req)
- {
- char sdesc[sizeof(req->name) / 2];
-
-@@ -776,7 +777,7 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
-
- /* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details
- * on the attribute format. */
--static int extract_hid_desc_data(sdp_record_t *rec,
-+static int extract_hid_desc_data(const sdp_record_t *rec,
- struct hidp_connadd_req *req)
- {
- sdp_data_t *d;
-@@ -817,36 +818,40 @@ invalid_desc:
- return -EINVAL;
- }
-
--static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
-+static int extract_hid_record(struct input_device *idev,
-+ struct hidp_connadd_req *req)
- {
- sdp_data_t *pdlist;
- uint8_t attr_val;
- int err;
-
-- err = create_hid_dev_name(rec, req);
-+ if (!idev->rec)
-+ return -ENOENT;
-+
-+ err = create_hid_dev_name(idev->rec, req);
- if (err < 0)
- DBG("No valid Service Name or Service Description found");
-
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION);
-+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_PARSER_VERSION);
- req->parser = pdlist ? pdlist->val.uint16 : 0x0100;
-
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
-+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
- req->subclass = pdlist ? pdlist->val.uint8 : 0;
-
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE);
-+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_COUNTRY_CODE);
- req->country = pdlist ? pdlist->val.uint8 : 0;
-
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_VIRTUAL_CABLE);
-+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_VIRTUAL_CABLE);
- attr_val = pdlist ? pdlist->val.uint8 : 0;
- if (attr_val)
- req->flags |= (1 << HIDP_VIRTUAL_CABLE_UNPLUG);
-
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE);
-+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_BOOT_DEVICE);
- attr_val = pdlist ? pdlist->val.uint8 : 0;
- if (attr_val)
- req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
-
-- err = extract_hid_desc_data(rec, req);
-+ err = extract_hid_desc_data(idev->rec, req);
- if (err < 0)
- return err;
-
-@@ -1035,11 +1040,6 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition,
- static int hidp_add_connection(struct input_device *idev)
- {
- struct hidp_connadd_req *req;
-- sdp_record_t *rec;
-- char src_addr[18], dst_addr[18];
-- char filename[PATH_MAX];
-- GKeyFile *key_file;
-- char handle[11], *str;
- GError *gerr = NULL;
- int err;
-
-@@ -1049,33 +1049,7 @@ static int hidp_add_connection(struct input_device *idev)
- req->flags = 0;
- req->idle_to = idle_timeout;
-
-- ba2str(&idev->src, src_addr);
-- ba2str(&idev->dst, dst_addr);
--
-- snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr,
-- dst_addr);
-- sprintf(handle, "0x%8.8X", idev->handle);
--
-- key_file = g_key_file_new();
-- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
-- error("Unable to load key file from %s: (%s)", filename,
-- gerr->message);
-- g_clear_error(&gerr);
-- }
-- str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL);
-- g_key_file_free(key_file);
--
-- if (!str) {
-- error("Rejected connection from unknown device %s", dst_addr);
-- err = -EPERM;
-- goto cleanup;
-- }
--
-- rec = record_from_string(str);
-- g_free(str);
--
-- err = extract_hid_record(rec, req);
-- sdp_record_free(rec);
-+ err = extract_hid_record(idev, req);
- if (err < 0) {
- error("Could not parse HID SDP record: %s (%d)", strerror(-err),
- -err);
-@@ -1091,7 +1065,7 @@ static int hidp_add_connection(struct input_device *idev)
-
- /* Make sure the device is bonded if required */
- if (classic_bonded_only && !input_device_bonded(idev)) {
-- error("Rejected connection from !bonded device %s", dst_addr);
-+ error("Rejected connection from !bonded device %s", idev->path);
- goto cleanup;
- }
-
-@@ -1161,6 +1135,68 @@ static int connection_disconnect(struct input_device *idev, uint32_t flags)
- return ioctl_disconnect(idev, flags);
- }
-
-+static bool is_device_sdp_disable(const sdp_record_t *rec)
-+{
-+ sdp_data_t *data;
-+
-+ data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE);
-+
-+ return data && data->val.uint8;
-+}
-+
-+static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate,
-+ bool normally_connectable)
-+{
-+ if (!reconnect_initiate && !normally_connectable)
-+ return RECONNECT_NONE;
-+ else if (!reconnect_initiate && normally_connectable)
-+ return RECONNECT_HOST;
-+ else if (reconnect_initiate && !normally_connectable)
-+ return RECONNECT_DEVICE;
-+ else /* (reconnect_initiate && normally_connectable) */
-+ return RECONNECT_ANY;
-+}
-+
-+static void extract_hid_props(struct input_device *idev,
-+ const sdp_record_t *rec)
-+{
-+ /* Extract HID connectability */
-+ bool reconnect_initiate, normally_connectable;
-+ sdp_data_t *pdlist;
-+
-+ /* HIDNormallyConnectable is optional and assumed FALSE if not
-+ * present.
-+ */
-+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE);
-+ reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE;
-+
-+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE);
-+ normally_connectable = pdlist ? pdlist->val.uint8 : FALSE;
-+
-+ /* Update local values */
-+ idev->reconnect_mode =
-+ hid_reconnection_mode(reconnect_initiate, normally_connectable);
-+}
-+
-+static void input_device_update_rec(struct input_device *idev)
-+{
-+ struct btd_profile *p = btd_service_get_profile(idev->service);
-+ const sdp_record_t *rec;
-+
-+ rec = btd_device_get_record(idev->device, p->remote_uuid);
-+ if (!rec || idev->rec == rec)
-+ return;
-+
-+ idev->rec = rec;
-+ idev->disable_sdp = is_device_sdp_disable(rec);
-+
-+ /* Initialize device properties */
-+ extract_hid_props(idev, rec);
-+
-+ if (idev->disable_sdp)
-+ device_set_refresh_discovery(idev->device, false);
-+}
-+
- static int input_device_connected(struct input_device *idev)
- {
- int err;
-@@ -1168,6 +1204,9 @@ static int input_device_connected(struct input_device *idev)
- if (idev->intr_io == NULL || idev->ctrl_io == NULL)
- return -ENOTCONN;
-
-+ /* Attempt to update SDP record if it had changed */
-+ input_device_update_rec(idev);
-+
- err = hidp_add_connection(idev);
- if (err < 0)
- return err;
-@@ -1411,74 +1450,21 @@ int input_device_disconnect(struct btd_service *service)
- return 0;
- }
-
--static bool is_device_sdp_disable(const sdp_record_t *rec)
--{
-- sdp_data_t *data;
--
-- data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE);
--
-- return data && data->val.uint8;
--}
--
--static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate,
-- bool normally_connectable)
--{
-- if (!reconnect_initiate && !normally_connectable)
-- return RECONNECT_NONE;
-- else if (!reconnect_initiate && normally_connectable)
-- return RECONNECT_HOST;
-- else if (reconnect_initiate && !normally_connectable)
-- return RECONNECT_DEVICE;
-- else /* (reconnect_initiate && normally_connectable) */
-- return RECONNECT_ANY;
--}
--
--static void extract_hid_props(struct input_device *idev,
-- const sdp_record_t *rec)
--{
-- /* Extract HID connectability */
-- bool reconnect_initiate, normally_connectable;
-- sdp_data_t *pdlist;
--
-- /* HIDNormallyConnectable is optional and assumed FALSE
-- * if not present. */
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE);
-- reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE;
--
-- pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE);
-- normally_connectable = pdlist ? pdlist->val.uint8 : FALSE;
--
-- /* Update local values */
-- idev->reconnect_mode =
-- hid_reconnection_mode(reconnect_initiate, normally_connectable);
--}
--
- static struct input_device *input_device_new(struct btd_service *service)
- {
- struct btd_device *device = btd_service_get_device(service);
-- struct btd_profile *p = btd_service_get_profile(service);
- const char *path = device_get_path(device);
-- const sdp_record_t *rec = btd_device_get_record(device, p->remote_uuid);
- struct btd_adapter *adapter = device_get_adapter(device);
- struct input_device *idev;
-
-- if (!rec)
-- return NULL;
--
- idev = g_new0(struct input_device, 1);
- bacpy(&idev->src, btd_adapter_get_address(adapter));
- bacpy(&idev->dst, device_get_address(device));
- idev->service = btd_service_ref(service);
- idev->device = btd_device_ref(device);
- idev->path = g_strdup(path);
-- idev->handle = rec->handle;
-- idev->disable_sdp = is_device_sdp_disable(rec);
--
-- /* Initialize device properties */
-- extract_hid_props(idev, rec);
-
-- if (idev->disable_sdp)
-- device_set_refresh_discovery(device, false);
-+ input_device_update_rec(idev);
-
- return idev;
- }
---
-2.42.0
-
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
index f954f6d..6ef1353 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
@@ -1,4 +1,4 @@
-From 51584158b9a2e58f3790f8a7387b5cf167eca88b Mon Sep 17 00:00:00 2001
+From ad069fadfcce2cf70f45b1c4a42665448675297e Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Mon, 12 Dec 2022 13:10:19 +0100
Subject: [PATCH] src/shared/util.c: include linux/limits.h
@@ -8,15 +8,16 @@
Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+
---
src/shared/util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/util.c b/src/shared/util.c
-index 0a0308c..1f61314 100644
+index 34491f4..412f3ad 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
-@@ -22,6 +22,7 @@
+@@ -23,6 +23,7 @@
#include <unistd.h>
#include <dirent.h>
#include <limits.h>
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.70.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb
similarity index 94%
rename from poky/meta/recipes-connectivity/bluez5/bluez5_5.70.bb
rename to poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb
index 2e3b782..b9bc3dd 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.70.bb
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.71.bb
@@ -1,6 +1,6 @@
require bluez5.inc
-SRC_URI[sha256sum] = "37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278"
+SRC_URI[sha256sum] = "b828d418c93ced1f55b616fb5482cf01537440bfb34fbda1a564f3ece94735d8"
CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.5.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.5.bb
rename to poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
index c2dee26..6bde9b1 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.5.bb
+++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
@@ -17,7 +17,7 @@
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
"
-SRCREV = "6baf4df467aaae89b026a089122d155c6eec3f19"
+SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862"
S = "${WORKDIR}/git"
inherit pkgconfig autotools-brokensep systemd useradd
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
index 12998aa..461d04b 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
@@ -1,4 +1,4 @@
-From 4915a7e52fcea8fe283a842890a1e726b1e26b10 Mon Sep 17 00:00:00 2001
+From 5d5ba8a2b8010db6bee68bd712f829cb737c9ac1 Mon Sep 17 00:00:00 2001
From: Lei Maohui <leimaohui@fujitsu.com>
Date: Fri, 10 Mar 2023 03:48:46 +0000
Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib.
@@ -24,15 +24,16 @@
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
+
---
src/dhcpcd.8.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in
-index bc6b3b5..791f2ba 100644
+index 93232840..09930a31 100644
--- a/src/dhcpcd.8.in
+++ b/src/dhcpcd.8.in
-@@ -821,7 +821,7 @@ Configuration file for dhcpcd.
+@@ -824,7 +824,7 @@ Configuration file for dhcpcd.
If you always use the same options, put them here.
.It Pa @SCRIPT@
Bourne shell script that is run to configure or de-configure an interface.
@@ -41,6 +42,3 @@
Linux
.Pa /dev
management modules.
---
-2.34.1
-
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
index 37d2344..c54942b 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
@@ -1,4 +1,4 @@
-From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001
+From ec9fc4e6086e1dbe0ac2f94a8a088a571596a581 Mon Sep 17 00:00:00 2001
From: Stefano Cappa <stefano.cappa.ks89@gmail.com>
Date: Sun, 13 Jan 2019 01:50:52 +0100
Subject: [PATCH] remove INCLUDEDIR to prevent build issues
@@ -6,15 +6,16 @@
Upstream-Status: Pending
Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com>
+
---
configure | 5 -----
1 file changed, 5 deletions(-)
diff --git a/configure b/configure
-index 6c81e0db..32dea2b4 100755
+index 5237b0e2..7220718b 100755
--- a/configure
+++ b/configure
-@@ -20,7 +20,6 @@ BUILD=
+@@ -26,7 +26,6 @@ BUILD=
HOST=
HOSTCC=
TARGET=
@@ -22,7 +23,7 @@
DEBUG=
FORK=
STATIC=
-@@ -72,7 +71,6 @@ for x do
+@@ -86,7 +85,6 @@ for x do
--mandir) MANDIR=$var;;
--datadir) DATADIR=$var;;
--with-ccopts|CFLAGS) CFLAGS=$var;;
@@ -30,7 +31,7 @@
CC) CC=$var;;
CPPFLAGS) CPPFLAGS=$var;;
PKG_CONFIG) PKG_CONFIG=$var;;
-@@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then
+@@ -343,9 +341,6 @@ if [ -n "$CPPFLAGS" ]; then
echo "CPPFLAGS=" >>$CONFIG_MK
echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK
fi
@@ -40,6 +41,3 @@
if [ -n "$LDFLAGS" ]; then
echo "LDFLAGS=" >>$CONFIG_MK
echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK
---
-2.17.2 (Apple Git-113)
-
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
deleted file mode 100644
index 70bd988..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
-From: Jeffrey Bencteux <jeffbencteux@gmail.com>
-Date: Fri, 30 Jun 2023 19:02:45 +0200
-Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
- set*id() return values
-
-Several setuid(), setgid(), seteuid() and setguid() return values
-were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
-leading to potential security issues.
-
-CVE: CVE-2023-40303
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
-Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
-Signed-off-by: Simon Josefsson <simon@josefsson.org>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- ftpd/ftpd.c | 10 +++++++---
- src/rcp.c | 39 +++++++++++++++++++++++++++++++++------
- src/rlogin.c | 11 +++++++++--
- src/rsh.c | 25 +++++++++++++++++++++----
- src/rshd.c | 20 +++++++++++++++++---
- src/uucpd.c | 15 +++++++++++++--
- 6 files changed, 100 insertions(+), 20 deletions(-)
-
-diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
-index 92b2cca5..28dd523f 100644
---- a/ftpd/ftpd.c
-+++ b/ftpd/ftpd.c
-@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
- char *remotehost = pcred->remotehost;
- int atype = pcred->auth_type;
-
-- seteuid ((uid_t) 0);
-+ if (seteuid ((uid_t) 0) == -1)
-+ _exit (EXIT_FAILURE);
-+
- if (pcred->logged_in)
- {
- logwtmp_keep_open (ttyline, "", "");
-@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
-
- if (data >= 0)
- return fdopen (data, mode);
-- seteuid ((uid_t) 0);
-+ if (seteuid ((uid_t) 0) == -1)
-+ _exit (EXIT_FAILURE);
- s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
- if (s < 0)
- goto bad;
-@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
- else /* !AF_INET6 */
- ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
-
-- seteuid ((uid_t) 0);
-+ if (seteuid ((uid_t) 0) == -1)
-+ _exit (EXIT_FAILURE);
- if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
- {
- if (seteuid ((uid_t) cred.uid))
-diff --git a/src/rcp.c b/src/rcp.c
-index 75adb253..cdcf8500 100644
---- a/src/rcp.c
-+++ b/src/rcp.c
-@@ -345,14 +345,23 @@ main (int argc, char *argv[])
- if (from_option)
- { /* Follow "protocol", send data. */
- response ();
-- setuid (userid);
-+
-+ if (setuid (userid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-+ }
-+
- source (argc, argv);
- exit (errs);
- }
-
- if (to_option)
- { /* Receive data. */
-- setuid (userid);
-+ if (setuid (userid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-+ }
-+
- sink (argc, argv);
- exit (errs);
- }
-@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
- if (response () < 0)
- exit (EXIT_FAILURE);
- free (bp);
-- setuid (userid);
-+
-+ if (setuid (userid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-+ }
- }
- source (1, argv + i);
- close (rem);
-@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
- ++errs;
- continue;
- }
-- seteuid (userid);
-+
-+ if (seteuid (userid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-+ }
-+
- #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
- sslen = sizeof (ss);
- (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
-@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
- #endif
- vect[0] = target;
- sink (1, vect);
-- seteuid (effuid);
-+
-+ if (seteuid (effuid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-+ }
-+
- close (rem);
- rem = -1;
- #ifdef SHISHI
-@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
- return (127);
-
- case 0:
-- setuid (userid);
-+ if (setuid (userid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-+ }
-+
- execl (PATH_BSHELL, "sh", "-c", s, NULL);
- _exit (127);
- }
-diff --git a/src/rlogin.c b/src/rlogin.c
-index aa6426fb..c543de0c 100644
---- a/src/rlogin.c
-+++ b/src/rlogin.c
-@@ -647,8 +647,15 @@ try_connect:
- /* Now change to the real user ID. We have to be set-user-ID root
- to get the privileged port that rcmd () uses. We now want, however,
- to run as the real user who invoked us. */
-- seteuid (uid);
-- setuid (uid);
-+ if (seteuid (uid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-+ }
-+
-+ if (setuid (uid) == -1)
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-+ }
-
- doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
-
-diff --git a/src/rsh.c b/src/rsh.c
-index 2d622ca4..6f60667d 100644
---- a/src/rsh.c
-+++ b/src/rsh.c
-@@ -276,8 +276,17 @@ main (int argc, char **argv)
- {
- if (asrsh)
- *argv = (char *) "rlogin";
-- seteuid (getuid ());
-- setuid (getuid ());
-+
-+ if (seteuid (getuid ()) == -1)
-+ {
-+ error (EXIT_FAILURE, errno, "seteuid() failed");
-+ }
-+
-+ if (setuid (getuid ()) == -1)
-+ {
-+ error (EXIT_FAILURE, errno, "setuid() failed");
-+ }
-+
- execv (PATH_RLOGIN, argv);
- error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
- }
-@@ -541,8 +550,16 @@ try_connect:
- error (0, errno, "setsockopt DEBUG (ignored)");
- }
-
-- seteuid (uid);
-- setuid (uid);
-+ if (seteuid (uid) == -1)
-+ {
-+ error (EXIT_FAILURE, errno, "seteuid() failed");
-+ }
-+
-+ if (setuid (uid) == -1)
-+ {
-+ error (EXIT_FAILURE, errno, "setuid() failed");
-+ }
-+
- #ifdef HAVE_SIGACTION
- sigemptyset (&sigs);
- sigaddset (&sigs, SIGINT);
-diff --git a/src/rshd.c b/src/rshd.c
-index d1c0d0cd..707790e7 100644
---- a/src/rshd.c
-+++ b/src/rshd.c
-@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
- pwd->pw_shell = PATH_BSHELL;
-
- /* Set the gid, then uid to become the user specified by "locuser" */
-- setegid ((gid_t) pwd->pw_gid);
-- setgid ((gid_t) pwd->pw_gid);
-+ if (setegid ((gid_t) pwd->pw_gid) == -1)
-+ {
-+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
-+ exit (EXIT_FAILURE);
-+ }
-+
-+ if (setgid ((gid_t) pwd->pw_gid) == -1)
-+ {
-+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
-+ exit (EXIT_FAILURE);
-+ }
-+
- #ifdef HAVE_INITGROUPS
- initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
- #endif
-@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
- }
- #endif /* WITH_PAM */
-
-- setuid ((uid_t) pwd->pw_uid);
-+ if (setuid ((uid_t) pwd->pw_uid) == -1)
-+ {
-+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
-+ exit (EXIT_FAILURE);
-+ }
-
- /* We'll execute the client's command in the home directory
- * of locuser. Note, that the chdir must be executed after
-diff --git a/src/uucpd.c b/src/uucpd.c
-index 107589e1..29cfce35 100644
---- a/src/uucpd.c
-+++ b/src/uucpd.c
-@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
- snprintf (Username, sizeof (Username), "USER=%s", user);
- snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
- dologin (pw, sap, salen);
-- setgid (pw->pw_gid);
-+
-+ if (setgid (pw->pw_gid) == -1)
-+ {
-+ fprintf (stderr, "setgid() failed");
-+ return;
-+ }
- #ifdef HAVE_INITGROUPS
- initgroups (pw->pw_name, pw->pw_gid);
- #endif
-@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
- fprintf (stderr, "Login incorrect.");
- return;
- }
-- setuid (pw->pw_uid);
-+
-+ if (setuid (pw->pw_uid) == -1)
-+ {
-+ fprintf (stderr, "setuid() failed");
-+ return;
-+ }
-+
- execl (uucico_location, "uucico", NULL);
- perror ("uucico server: execl");
- }
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
deleted file mode 100644
index 1b972aa..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
+++ /dev/null
@@ -1,253 +0,0 @@
-From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
-From: Simon Josefsson <simon@josefsson.org>
-Date: Mon, 31 Jul 2023 13:59:05 +0200
-Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
-
-CVE: CVE-2023-40303
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/rcp.c | 42 ++++++++++++++++++++++++------------------
- src/rlogin.c | 12 ++++++------
- src/rsh.c | 24 ++++++++++++------------
- src/rshd.c | 24 ++++++++++++------------
- src/uucpd.c | 16 ++++++++--------
- 5 files changed, 62 insertions(+), 56 deletions(-)
-
-diff --git a/src/rcp.c b/src/rcp.c
-index cdcf8500..652f22e6 100644
---- a/src/rcp.c
-+++ b/src/rcp.c
-@@ -347,9 +347,10 @@ main (int argc, char *argv[])
- response ();
-
- if (setuid (userid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0,
-+ "Could not drop privileges (setuid() failed)");
-+ }
-
- source (argc, argv);
- exit (errs);
-@@ -358,9 +359,10 @@ main (int argc, char *argv[])
- if (to_option)
- { /* Receive data. */
- if (setuid (userid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0,
-+ "Could not drop privileges (setuid() failed)");
-+ }
-
- sink (argc, argv);
- exit (errs);
-@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[])
- free (bp);
-
- if (setuid (userid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0,
-+ "Could not drop privileges (setuid() failed)");
-+ }
- }
- source (1, argv + i);
- close (rem);
-@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
- }
-
- if (seteuid (userid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0,
-+ "Could not drop privileges (seteuid() failed)");
-+ }
-
- #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
- sslen = sizeof (ss);
-@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
- sink (1, vect);
-
- if (seteuid (effuid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0,
-+ "Could not drop privileges (seteuid() failed)");
-+ }
-
- close (rem);
- rem = -1;
-@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
-
- case 0:
- if (setuid (userid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0,
-+ "Could not drop privileges (setuid() failed)");
-+ }
-
- execl (PATH_BSHELL, "sh", "-c", s, NULL);
- _exit (127);
-diff --git a/src/rlogin.c b/src/rlogin.c
-index c543de0c..4360202f 100644
---- a/src/rlogin.c
-+++ b/src/rlogin.c
-@@ -648,14 +648,14 @@ try_connect:
- to get the privileged port that rcmd () uses. We now want, however,
- to run as the real user who invoked us. */
- if (seteuid (uid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
-+ }
-
- if (setuid (uid) == -1)
-- {
-- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-- }
-+ {
-+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
-+ }
-
- doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
-
-diff --git a/src/rsh.c b/src/rsh.c
-index 6f60667d..179b47cd 100644
---- a/src/rsh.c
-+++ b/src/rsh.c
-@@ -278,14 +278,14 @@ main (int argc, char **argv)
- *argv = (char *) "rlogin";
-
- if (seteuid (getuid ()) == -1)
-- {
-- error (EXIT_FAILURE, errno, "seteuid() failed");
-- }
-+ {
-+ error (EXIT_FAILURE, errno, "seteuid() failed");
-+ }
-
- if (setuid (getuid ()) == -1)
-- {
-- error (EXIT_FAILURE, errno, "setuid() failed");
-- }
-+ {
-+ error (EXIT_FAILURE, errno, "setuid() failed");
-+ }
-
- execv (PATH_RLOGIN, argv);
- error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
-@@ -551,14 +551,14 @@ try_connect:
- }
-
- if (seteuid (uid) == -1)
-- {
-- error (EXIT_FAILURE, errno, "seteuid() failed");
-- }
-+ {
-+ error (EXIT_FAILURE, errno, "seteuid() failed");
-+ }
-
- if (setuid (uid) == -1)
-- {
-- error (EXIT_FAILURE, errno, "setuid() failed");
-- }
-+ {
-+ error (EXIT_FAILURE, errno, "setuid() failed");
-+ }
-
- #ifdef HAVE_SIGACTION
- sigemptyset (&sigs);
-diff --git a/src/rshd.c b/src/rshd.c
-index 707790e7..3a153a18 100644
---- a/src/rshd.c
-+++ b/src/rshd.c
-@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
-
- /* Set the gid, then uid to become the user specified by "locuser" */
- if (setegid ((gid_t) pwd->pw_gid) == -1)
-- {
-- rshd_error ("Cannot drop privileges (setegid() failed)\n");
-- exit (EXIT_FAILURE);
-- }
-+ {
-+ rshd_error ("Cannot drop privileges (setegid() failed)\n");
-+ exit (EXIT_FAILURE);
-+ }
-
- if (setgid ((gid_t) pwd->pw_gid) == -1)
-- {
-- rshd_error ("Cannot drop privileges (setgid() failed)\n");
-- exit (EXIT_FAILURE);
-- }
-+ {
-+ rshd_error ("Cannot drop privileges (setgid() failed)\n");
-+ exit (EXIT_FAILURE);
-+ }
-
- #ifdef HAVE_INITGROUPS
- initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
-@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
- #endif /* WITH_PAM */
-
- if (setuid ((uid_t) pwd->pw_uid) == -1)
-- {
-- rshd_error ("Cannot drop privileges (setuid() failed)\n");
-- exit (EXIT_FAILURE);
-- }
-+ {
-+ rshd_error ("Cannot drop privileges (setuid() failed)\n");
-+ exit (EXIT_FAILURE);
-+ }
-
- /* We'll execute the client's command in the home directory
- * of locuser. Note, that the chdir must be executed after
-diff --git a/src/uucpd.c b/src/uucpd.c
-index 29cfce35..fde7b9c9 100644
---- a/src/uucpd.c
-+++ b/src/uucpd.c
-@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
- dologin (pw, sap, salen);
-
- if (setgid (pw->pw_gid) == -1)
-- {
-- fprintf (stderr, "setgid() failed");
-- return;
-- }
-+ {
-+ fprintf (stderr, "setgid() failed");
-+ return;
-+ }
- #ifdef HAVE_INITGROUPS
- initgroups (pw->pw_name, pw->pw_gid);
- #endif
-@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
- }
-
- if (setuid (pw->pw_uid) == -1)
-- {
-- fprintf (stderr, "setuid() failed");
-- return;
-- }
-+ {
-+ fprintf (stderr, "setuid() failed");
-+ return;
-+ }
-
- execl (uucico_location, "uucico", NULL);
- perror ("uucico server: execl");
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.5.bb
similarity index 96%
rename from poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
rename to poky/meta/recipes-connectivity/inetutils/inetutils_2.5.bb
index 957f1fe..0f1a073 100644
--- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.5.bb
@@ -11,15 +11,13 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
-SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2"
+SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6"
SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
file://rexec.xinetd.inetutils \
file://rlogin.xinetd.inetutils \
file://rsh.xinetd.inetutils \
file://telnet.xinetd.inetutils \
file://tftpd.xinetd.inetutils \
- file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
- file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
"
inherit autotools gettext update-alternatives texinfo
diff --git a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
index 451b409..5b135b3 100644
--- a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
+++ b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
@@ -1,4 +1,4 @@
-From d027b1d85a8c1a0193b6e4a00083d3038d699a59 Mon Sep 17 00:00:00 2001
+From 06ebd1b2ced426c420ed162980eca194f9f918ae Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Tue, 22 Sep 2020 15:02:33 +0800
Subject: [PATCH] There are conflict of config files between kea and lib32-kea:
@@ -35,10 +35,10 @@
// "param1": "foo"
// }
diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre
-index 26bf163..49ddb0a 100644
+index 6edb8a1..b2a7385 100644
--- a/src/bin/keactrl/kea-dhcp4.conf.pre
+++ b/src/bin/keactrl/kea-dhcp4.conf.pre
-@@ -252,7 +252,7 @@
+@@ -255,7 +255,7 @@
// // of all devices serviced by Kea, including their identifiers
// // (like MAC address), their location in the network, times
// // when they were active etc.
@@ -47,7 +47,7 @@
// "parameters": {
// "path": "/var/lib/kea",
// "base-name": "kea-forensic4"
-@@ -269,7 +269,7 @@
+@@ -272,7 +272,7 @@
// // of specific options or perhaps even a combination of several
// // options and fields to uniquely identify a client. Those scenarios
// // are addressed by the Flexible Identifiers hook application.
diff --git a/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
index b7c2fd4..63a6a28 100644
--- a/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
+++ b/poky/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
@@ -1,4 +1,4 @@
-From 18f4f6206c248d6169aa67b3ecf16bf54e9292e8 Mon Sep 17 00:00:00 2001
+From c878a356712606549f7f188b62f7d1cae08a176e Mon Sep 17 00:00:00 2001
From: Armin kuster <akuster808@gmail.com>
Date: Wed, 14 Oct 2020 22:48:31 -0700
Subject: [PATCH] Busybox does not support ps -p so use pgrep
@@ -13,10 +13,10 @@
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in
-index ae5bd8e..e9f9b73 100644
+index 450e997..c353ca9 100644
--- a/src/bin/keactrl/keactrl.in
+++ b/src/bin/keactrl/keactrl.in
-@@ -151,8 +151,8 @@ check_running() {
+@@ -149,8 +149,8 @@ check_running() {
# Get the PID from the PID file (if it exists)
get_pid_from_file "${proc_name}"
if [ ${_pid} -gt 0 ]; then
diff --git a/poky/meta/recipes-connectivity/kea/kea_2.4.0.bb b/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb
similarity index 96%
rename from poky/meta/recipes-connectivity/kea/kea_2.4.0.bb
rename to poky/meta/recipes-connectivity/kea/kea_2.4.1.bb
index 3164687..c3aa4dc 100644
--- a/poky/meta/recipes-connectivity/kea/kea_2.4.0.bb
+++ b/poky/meta/recipes-connectivity/kea/kea_2.4.1.bb
@@ -19,7 +19,7 @@
file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
file://0001-kea-fix-reproducible-build-failure.patch \
"
-SRC_URI[sha256sum] = "3a33cd08dc3319ff544e6bbf2c0429042106f4051ebe115dc1bb2625c95003f7"
+SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a"
inherit autotools systemd update-rc.d upstream-version-is-even
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch
deleted file mode 100644
index 5afc714..0000000
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From b62a3fe424026b73ec6b1934483b16863c7dff23 Mon Sep 17 00:00:00 2001
-From: Wiktor Jaskulski <wjaskulski@adva.com>
-Date: Thu, 11 May 2023 15:28:23 -0400
-Subject: [PATCH] configure.ac: libevent and libsqlite3 checked when nfsv4 is
- disabled
-
-Upstream-Status: Backport
-(http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=bc4a5deef9f820c55fdac3c0070364c17cd91cca)
-
-Signed-off-by: Steve Dickson <steved@redhat.com>
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- configure.ac | 38 +++++++++++++++-----------------------
- 1 file changed, 15 insertions(+), 23 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 4ade528d..519cacbf 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -335,42 +335,34 @@ AC_CHECK_HEADER(rpc/rpc.h, ,
- AC_MSG_ERROR([Header file rpc/rpc.h not found - maybe try building with --enable-tirpc]))
- CPPFLAGS="${nfsutils_save_CPPFLAGS}"
-
-+dnl check for libevent libraries and headers
-+AC_LIBEVENT
-+
-+dnl Check for sqlite3
-+AC_SQLITE3_VERS
-+
-+case $libsqlite3_cv_is_recent in
-+yes) ;;
-+unknown)
-+ dnl do not fail when cross-compiling
-+ AC_MSG_WARN([assuming sqlite is at least v3.3]) ;;
-+*)
-+ AC_MSG_ERROR([nfsdcld requires sqlite-devel]) ;;
-+esac
-+
- if test "$enable_nfsv4" = yes; then
-- dnl check for libevent libraries and headers
-- AC_LIBEVENT
-
- dnl check for the keyutils libraries and headers
- AC_KEYUTILS
-
-- dnl Check for sqlite3
-- AC_SQLITE3_VERS
--
- if test "$enable_nfsdcld" = "yes"; then
- AC_CHECK_HEADERS([libgen.h sys/inotify.h], ,
- AC_MSG_ERROR([Cannot find header needed for nfsdcld]))
--
-- case $libsqlite3_cv_is_recent in
-- yes) ;;
-- unknown)
-- dnl do not fail when cross-compiling
-- AC_MSG_WARN([assuming sqlite is at least v3.3]) ;;
-- *)
-- AC_MSG_ERROR([nfsdcld requires sqlite-devel]) ;;
-- esac
- fi
-
- if test "$enable_nfsdcltrack" = "yes"; then
- AC_CHECK_HEADERS([libgen.h sys/inotify.h], ,
- AC_MSG_ERROR([Cannot find header needed for nfsdcltrack]))
--
-- case $libsqlite3_cv_is_recent in
-- yes) ;;
-- unknown)
-- dnl do not fail when cross-compiling
-- AC_MSG_WARN([assuming sqlite is at least v3.3]) ;;
-- *)
-- AC_MSG_ERROR([nfsdcltrack requires sqlite-devel]) ;;
-- esac
- fi
-
- else
---
-2.41.0
-
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
new file mode 100644
index 0000000..57d4660
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
@@ -0,0 +1,34 @@
+From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Sat, 9 Dec 2023 23:34:08 -0800
+Subject: [PATCH] reexport.h: Include unistd.h to compile with musl
+
+Fixed error when compile with musl
+reexport.c: In function 'reexpdb_init':
+reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration]
+ 62 | sleep(1);
+
+
+Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=170254661824522&w=2]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ support/reexport/reexport.h | 1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h
+index 85fd59c..02f8684 100644
+--- a/support/reexport/reexport.h
++++ b/support/reexport/reexport.h
+@@ -1,6 +1,8 @@
+ #ifndef REEXPORT_H
+ #define REEXPORT_H
+
++#include <unistd.h>
++
+ #include "nfslib.h"
+
+ enum {
+--
+2.42.0
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
similarity index 94%
rename from poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
rename to poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
index 35cf6af..2f2644f 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
@@ -30,11 +30,11 @@
file://bugfix-adjust-statd-service-name.patch \
file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
file://clang-warnings.patch \
- file://0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch \
- file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
- file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \
+ file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
+ file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \
+ file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \
"
-SRC_URI[sha256sum] = "38d89e853a71d3c560ff026af3d969d75e24f782ff68324e76261fe0344459e1"
+SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d"
# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
# pull in the remainder of the dependencies.
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/poky/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
new file mode 100644
index 0000000..2a16deb
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
@@ -0,0 +1,35 @@
+From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001
+From: "fangming.fang" <fangming.fang@arm.com>
+Date: Thu, 7 Dec 2023 06:17:51 +0000
+Subject: [PATCH] Enable BTI feature for md5 on aarch64
+
+Fixes: #22959
+
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/22971)
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ crypto/md5/asm/md5-aarch64.pl | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl
+index 3200a0fa9bff0..5a8608069691d 100755
+--- a/crypto/md5/asm/md5-aarch64.pl
++++ b/crypto/md5/asm/md5-aarch64.pl
+@@ -28,10 +28,13 @@
+ *STDOUT=*OUT;
+
+ $code .= <<EOF;
++#include "arm_arch.h"
++
+ .text
+ .globl ossl_md5_block_asm_data_order
+ .type ossl_md5_block_asm_data_order,\@function
+ ossl_md5_block_asm_data_order:
++ AARCH64_VALID_CALL_TARGET
+ // Save all callee-saved registers
+ stp x19,x20,[sp,#-80]!
+ stp x21,x22,[sp,#16]
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
index ab0562b..d041d2d 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -12,6 +12,7 @@
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+ file://aarch64-bti.patch \
"
SRC_URI:append:class-nativesdk = " \
diff --git a/poky/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/poky/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch
new file mode 100644
index 0000000..9051ae1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch
@@ -0,0 +1,62 @@
+From 4f887cc665c9a48b83e20ef4abe57afa7e365e0e Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@eng.windriver.com>
+Date: Tue, 5 Dec 2023 23:02:22 -0800
+Subject: [PATCH v2] fix compile procan.c failed
+
+1. Compile socat failed if out of tree build (build dir != source dir)
+...
+gcc -c -D CC="gcc" -o procan.o procan.c
+cc1: fatal error: procan.c: No such file or directory
+...
+Explicitly add $srcdir to makefile rule
+
+2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64"
+...
+from ../socat-1.8.0.0/procan.c:10:
+../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory
+ 18 | #include <inttypes.h> /* uint16_t */
+...
+
+In commit [Procan: print umask, CC, and couple more new infos][1],
+it defeines marcro CC in C source, the space in CC will break
+C source compile. Use first word of $(CC) to defeine marco CC
+
+[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185
+
+Upstream-Status: Submitted [socat@dest-unreach.org]
+Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com>
+---
+ Makefile.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index c01b1a4..48dad69 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -109,8 +109,8 @@ depend: $(CFILES) $(HFILES)
+ socat: socat.o libxio.a
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS)
+
+-procan.o: procan.c
+- $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c
++procan.o: $(srcdir)/procan.c
++ $(CC) $(CFLAGS) -c -D CC=\"$(firstword $(CC))\" -o $@ $(srcdir)/procan.c
+
+ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
+ procan: $(PROCAN_OBJS)
+@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1
+ mkdir -p $(DESTDIR)$(BINDEST)
+ $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1
+ ln -sf socat1 $(DESTDIR)$(BINDEST)/socat
+- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST)
+- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST)
+- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST)
++ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST)
++ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST)
++ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST)
+ $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST)
+ $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST)
+ mkdir -p $(DESTDIR)$(MANDEST)/man1
+--
+2.42.0
+
diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb b/poky/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
similarity index 85%
rename from poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
rename to poky/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
index 5a37938..912605c 100644
--- a/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
+++ b/poky/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
@@ -7,11 +7,13 @@
LICENSE = "GPL-2.0-with-OpenSSL-exception"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
+ file://README;beginline=241;endline=271;md5=338c05eadd013872abb1d6e198e10a3f"
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2"
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+ file://0001-fix-compile-procan.c-failed.patch \
+"
-SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac"
+SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"
inherit autotools