reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch b/poky/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
deleted file mode 100644
index bc10f33..0000000
--- a/poky/meta/recipes-support/nss/nss/0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 6f7d7be9997ba6727a5ad7c3800df9051160dc12 Mon Sep 17 00:00:00 2001
-From: Martin Thomson <martin.thomson@gmail.com>
-Date: Tue, 13 Feb 2018 12:30:58 +1100
-Subject: [PATCH] Bug 1437734 - Use snprintf in sign.c, r=ttaubert
-
---HG--
-extra : rebase_source : 97921ece71ff86b18d32b891591608290eed4d83
----
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/0a9078b3cde97add7c825c9d13467a8401ad0c88#diff-b42512151dc137537091f823f7701804.patch]
-
- nss/cmd/signtool/sign.c | 58 ++++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 48 insertions(+), 10 deletions(-)
-
-diff --git a/nss/cmd/signtool/sign.c b/nss/cmd/signtool/sign.c
-index 6e776069a..6f8e43946 100644
---- a/nss/cmd/signtool/sign.c
-+++ b/nss/cmd/signtool/sign.c
-@@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- int status;
- char tempfn[FNSIZE], fullfn[FNSIZE];
- int keyType = rsaKey;
-+ int count;
-
- metafile = meta_file;
- optimize = _optimize;
-@@ -81,9 +82,18 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- }
-
- /* rsa/dsa to zip */
-- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
-- : "rsa"));
-- sprintf(fullfn, "%s/%s", tree, tempfn);
-+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
-+ if (count >= sizeof(tempfn)) {
-+ PR_fprintf(errorFD, "unable to write key metadata\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
-+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+ if (count >= sizeof(fullfn)) {
-+ PR_fprintf(errorFD, "unable to write key metadata\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* Loop through all files & subdirectories, add to archive */
-@@ -93,20 +103,44 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- }
- /* mf to zip */
- strcpy(tempfn, "META-INF/manifest.mf");
-- sprintf(fullfn, "%s/%s", tree, tempfn);
-+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+ if (count >= sizeof(fullfn)) {
-+ PR_fprintf(errorFD, "unable to write manifest\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* sf to zip */
-- sprintf(tempfn, "META-INF/%s.sf", base);
-- sprintf(fullfn, "%s/%s", tree, tempfn);
-+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base);
-+ if (count >= sizeof(tempfn)) {
-+ PR_fprintf(errorFD, "unable to write sf metadata\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
-+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+ if (count >= sizeof(fullfn)) {
-+ PR_fprintf(errorFD, "unable to write sf metadata\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* Add the rsa/dsa file to the zip archive normally */
- if (!xpi_arc) {
- /* rsa/dsa to zip */
-- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
-- : "rsa"));
-- sprintf(fullfn, "%s/%s", tree, tempfn);
-+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
-+ if (count >= sizeof(tempfn)) {
-+ PR_fprintf(errorFD, "unable to write key metadata\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
-+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
-+ if (count >= sizeof(fullfn)) {
-+ PR_fprintf(errorFD, "unable to write key metadata\n");
-+ errorCount++;
-+ exit(ERRX);
-+ }
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
- }
-
-@@ -408,6 +442,7 @@ static int
- manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
- {
- char fullname[FNSIZE];
-+ int count;
-
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "--> %s\n", relpath);
-@@ -421,7 +456,10 @@ manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, voi
- if (!PL_HashTableLookup(extensions, ext))
- return 0;
- }
-- sprintf(fullname, "%s/%s", basedir, relpath);
-+ count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath);
-+ if (count >= sizeof(fullname)) {
-+ return 1;
-+ }
- JzipAdd(fullname, relpath, zipfile, compression_level);
-
- return 0;
diff --git a/poky/meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch b/poky/meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch
deleted file mode 100644
index 80b8690..0000000
--- a/poky/meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From c8eadfcdfbc1d5a4799e9a264b0f859cb5954c05 Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Tue, 13 Dec 2016 11:40:47 -0700
-Subject: [PATCH 7/7] Fix compilation for X32
-
-X32 uses 32-bit pointers, not 64-bit.
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-
-Upstream-Status: Pending
----
- nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c b/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
-index 2a3301e..d4ade41 100644
---- a/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
-+++ b/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
-@@ -87,7 +87,11 @@ static poly1305_state_internal INLINE
- *
- poly1305_aligned_state(poly1305_state *state)
- {
-+#ifdef __ILP32__
-+ return (poly1305_state_internal *)(((uint32_t)state + 63) & ~63);
-+#else
- return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63);
-+#endif
- }
-
- /* copy 0-63 bytes */
---
-2.8.0
-
diff --git a/poky/meta/recipes-support/nss/nss/blank-cert9.db b/poky/meta/recipes-support/nss/nss/blank-cert9.db
new file mode 100644
index 0000000..7d4bcf2
--- /dev/null
+++ b/poky/meta/recipes-support/nss/nss/blank-cert9.db
Binary files differ
diff --git a/poky/meta/recipes-support/nss/nss/blank-key4.db b/poky/meta/recipes-support/nss/nss/blank-key4.db
new file mode 100644
index 0000000..d47f08d
--- /dev/null
+++ b/poky/meta/recipes-support/nss/nss/blank-key4.db
Binary files differ
diff --git a/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch b/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch
index 86b1b60..de812d2 100644
--- a/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch
+++ b/poky/meta/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch
@@ -18,11 +18,11 @@
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Pending
-Index: nss-3.24/nss/coreconf/Werror.mk
+Index: nss-3.37.1/nss/coreconf/Werror.mk
===================================================================
---- nss-3.24.orig/nss/coreconf/Werror.mk
-+++ nss-3.24/nss/coreconf/Werror.mk
-@@ -54,7 +54,7 @@ ifndef WARNING_CFLAGS
+--- nss-3.37.1.orig/nss/coreconf/Werror.mk
++++ nss-3.37.1/nss/coreconf/Werror.mk
+@@ -56,7 +56,7 @@ ifndef WARNING_CFLAGS
ifdef CC_IS_CLANG
# -Qunused-arguments : clang objects to arguments that it doesn't understand
# and fixing this would require rearchitecture
diff --git a/poky/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch b/poky/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
deleted file mode 100644
index 8276f89..0000000
--- a/poky/meta/recipes-support/nss/nss/nss-build-hacl-poly1305-aarch64.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1516710574 -3600
-# Tue Jan 23 13:29:34 2018 +0100
-# Node ID 27f27ce21c2c6ff5a47fa9e17c438b000366c9c9
-# Parent be1dca5ac80541d3b81a8da9d42854d8b1cceefb
-Build Hacl_Poly1305_64.o on aarch64 even with make
-
-Upstream-Status: Backport
-https://bug1432455.bmoattachments.org/attachment.cgi?id=8944691
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: nss-3.35/nss/lib/freebl/Makefile
-===================================================================
---- nss-3.35.orig/nss/lib/freebl/Makefile
-+++ nss-3.35/nss/lib/freebl/Makefile
-@@ -533,7 +533,12 @@ ifndef NSS_DISABLE_CHACHAPOLY
- EXTRA_SRCS += chacha20_vec.c
- endif
- else
-- EXTRA_SRCS += poly1305.c
-+ ifeq ($(CPU_ARCH),aarch64)
-+ EXTRA_SRCS += Hacl_Poly1305_64.c
-+ else
-+ EXTRA_SRCS += poly1305.c
-+ endif
-+
- EXTRA_SRCS += chacha20.c
- VERIFIED_SRCS += Hacl_Chacha20.c
- endif # x86_64
diff --git a/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch b/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch
index 9942bf1..3a817fa 100644
--- a/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch
+++ b/poky/meta/recipes-support/nss/nss/pqg.c-ULL_addend.patch
@@ -6,11 +6,11 @@
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Pending
-Index: nss-3.24/nss/lib/freebl/pqg.c
+Index: nss-3.37.1/nss/lib/freebl/pqg.c
===================================================================
---- nss-3.24.orig/nss/lib/freebl/pqg.c
-+++ nss-3.24/nss/lib/freebl/pqg.c
-@@ -322,8 +322,8 @@ generate_h_candidate(SECItem *hit, mp_in
+--- nss-3.37.1.orig/nss/lib/freebl/pqg.c
++++ nss-3.37.1/nss/lib/freebl/pqg.c
+@@ -326,8 +326,8 @@ generate_h_candidate(SECItem *hit, mp_in
static SECStatus
addToSeed(const SECItem *seed,
diff --git a/poky/meta/recipes-support/nss/nss/system-pkcs11.txt b/poky/meta/recipes-support/nss/nss/system-pkcs11.txt
new file mode 100644
index 0000000..1a264e9
--- /dev/null
+++ b/poky/meta/recipes-support/nss/nss/system-pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/poky/meta/recipes-support/nss/nss_3.35.bb b/poky/meta/recipes-support/nss/nss_3.39.bb
similarity index 86%
rename from poky/meta/recipes-support/nss/nss_3.35.bb
rename to poky/meta/recipes-support/nss/nss_3.39.bb
index 84f1916..cdc95c6 100644
--- a/poky/meta/recipes-support/nss/nss_3.35.bb
+++ b/poky/meta/recipes-support/nss/nss_3.39.bb
@@ -25,13 +25,13 @@
file://nss-fix-nsinstall-build.patch \
file://disable-Wvarargs-with-clang.patch \
file://pqg.c-ULL_addend.patch \
- file://Fix-compilation-for-X32.patch \
- file://nss-build-hacl-poly1305-aarch64.patch \
- file://0001-Bug-1437734-Use-snprintf-in-sign.c-r-ttaubert.patch \
+ file://blank-cert9.db \
+ file://blank-key4.db \
+ file://system-pkcs11.txt \
"
-SRC_URI[md5sum] = "9467ec9e65c5aeb3254a50250490f5f7"
-SRC_URI[sha256sum] = "f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa"
+SRC_URI[md5sum] = "10720fc70fd483de1b085402fb10ed59"
+SRC_URI[sha256sum] = "6be64dd76f212415cc8bc34343ac1e7389048db4db9a023a84873c411dc5864b"
UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
@@ -91,6 +91,8 @@
OS_TEST=ppc64
elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
OS_TEST=mips
+ elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
+ OS_TEST="aarch64"
else
OS_TEST="${TARGET_ARCH}"
fi
@@ -146,6 +148,9 @@
OS_TEST=ppc64
elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
OS_TEST=mips
+ elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
+ CPU_ARCH=aarch64
+ OS_TEST="aarch64"
else
OS_TEST="${TARGET_ARCH}"
fi
@@ -210,12 +215,16 @@
}
do_install_append_class-target() {
- # Create a blank certificate
- mkdir -p ${D}${sysconfdir}/pki/nssdb/
- touch ./empty_password
- certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
- chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
- rm ./empty_password
+ # It used to call certutil to create a blank certificate with empty password at
+ # build time, but the checksum of key4.db changes every time when certutil is called.
+ # It causes non-determinism issue, so provide databases with a blank certificate
+ # which are originally from output of nss in qemux86-64 build. You can get these
+ # databases by:
+ # certutil -N -d sql:/database/path/ --empty-password
+ install -d ${D}${sysconfdir}/pki/nssdb/
+ install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
+ install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
+ install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
}
PACKAGE_WRITE_DEPS += "nss-native"