subtree updates openembedded poky
meta-openembedded: 491b7592f4..eff1b182c1:
Alejandro Hernandez Samaniego (1):
emacs: update to 29.1
Archana Polampalli (2):
python3-pyroute2: fix ptest failure
nodejs: upgrade 18.17.0 -> 18.17.1
Bartosz Golaszewski (1):
libgpiod: update to v2.0.2
Beniamin Sandu (3):
unbound: upgrade 1.17.1 -> 1.18.0
mbedtls: upgrade 3.4.0 -> 3.4.1
mbedtls: upgrade 2.28.3 -> 2.28.4
Benjamin Bara (3):
libvpx: fix VPXTARGET for non-neon armv7a
ne10: set incompatible for armv7 without neon
openh264: make neon optional and disable if not supported
Chaitanya Vadrevu (1):
bolt: Add recipe
Chen Qi (2):
spice-protocol: fix populate_sdk error when spice is installed
python3-blivetgui: switch from master to main
Christophe Vu-Brugier (1):
sg3-utils: upgrade 1.47 -> 1.48
Danik (2):
python3-gspread: interface for google spreadsheet
python3-piccata: piccata - a simple CoAP toolkit added
Denys Zagorui (1):
bpftool: add native and nativesdk support
Emil Kronborg Andersen (3):
lcms: add CVE_PRODUCT
snappy: add CVE_PRODUCT
libopus: add CVE_PRODUCT
Enrico Jorns (1):
microcom: add new recipe
Ewa Kujawska (1):
python3-oauth2client_4.1.2.bb: recipe added
Frieder Schrempf (1):
python3-can: Add missing runtime dependencies
Gianfranco Costamagna (1):
dlt-daemon: upgrade 2.18.9 -> 2.18.10 (commit: 0f2d4cfffada6f8448a2cb27995b38eb4271044f)
Joe Slater (1):
python3-inotify: fix tests
Justin Bronder (5):
python3-mypy-extensions: upgrade 0.4.3 -> 1.0.0
python3-types-setuptools: add 68.0.0.3
python3-typed-ast: remove EOL package
python3-types-psutil: add 5.9.5.16
python3-mypy: upgrade 0.971 -> 1.5.0
Kai Kang (1):
libmcrypt: fix multilib conflict
Khem Raj (31):
qad: Fix build with clang
python3-dominate: Fix get_thread_context ptest on musl
perfetto: Add SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
libsdl2-ttf: Define SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
sysdig: Add SRCREV_FORMAT
cockpit: Upgrade to 298 release
librelp: Fix function prototypes in tests
jemalloc: Unbolt clang workaroud
python3-protobuf: Fix build errors seen with clang
mariadb: Fix build with libfmt 10.1+
librelp: Add packageconfigs for TLS implementations
librelp: Fix ptests builds on musl
librelp: Fix ptest installs to work with dash
librelp: Add to meta-oe ptest image
liburing: Upgrade to 2.4 release
rsyslog: Enable openssl transport by default
libio-socket-ssl-perl: Upgrade to 2.083
libfaketime: Fix build with clang
libfaketime: Eanable LFS64 on musl
python3-lz4: Drop using PYTHON_PN
python3-lz4: Add missing rdeps needed for ptests
rsyslog: Skip failing omfile-outchannel test on musl
python3-m2crypto: Append architecture to SWIG_FEATURES instead of overriding
networkmanager: Fix build on musl
network-manager-applet: Fix build with musl/lld linker
networkmanager-openvpn: Fix build with lld on musl
openconnect: Upgrade to 9.12
openconnect: Fix build with GnuTLS v3.8.1
fontforge: Fix build with gettext 0.22
Kirk Hays (1):
jack: Drop dependency on readline
Leon Anavi (2):
aml: add new recipe
neatvnc: add new recipe
Marek Vasut (2):
libiio: Use tagged v0.25
libiio: Rename to versioned recipe filename
Marine Vovard (1):
python3-kivy: Require X11 or Wayland in DISTRO_FEATURES
Mark Hatle (1):
kconfig-frontends: Avoid using hard coded /usr/include paths
Markus Volk (28):
gvfs: update 1.51.1 -> 1.51.90
gnome-themes-extra: fix datadir path
libnice: add graphviz-native dependency
libcanberra: fix api-documentation build
libgweather4: fix api-documentation build
appstream: disable docs
gtksourceview5: fix api-documentation build
libpeas: fix api-documentation build
nautilus: fix api-documentation build
evince: fix api-documentation build
usbids: add recipe
libcacard: add recipe
usbredir: upgrade 0.9.0 -> 0.13.0
spice: upgrade 0.14.2 -> 0.15.2
gnome-remote-desktop: add recipe
libosinfo: add recipe
gnome-boxes: add recipe
pipewire: upgrade 0.3.77 -> 0.3.78
spice-gtk: fix api-documentation build
flatpak: fix api-documentation build
phodav: add recipe
libdecor: update to latest commit
spice-guest-vdagent: add recipe
pipewire: upgrade 0.3.78 -> 0.3.79
spice: add missing dependency on orc
spice-guest-vdagent: add missing dependencies
libosinfo: build vapi only if gobject-introspection is enabled
gnome-boxes: remove dependency on ovmf
Martin Jansa (12):
openh264: fix installed-vs-shared QA issue with multilib
libfaketime: simplify packaging
json-schema-validator: restore 0004-cmake-Use-GNUInstallDirs.patch
phodav: make sure systemd files are packaged correctly
sysbench: avoid -L/usr/lib32 and configure-unsafe QA issue
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
libiio: use main branch instead of master
webkitgtk: explicitly disable JIT for armv7* with softfp
layer.conf: update LAYERSERIES_COMPAT for nanbield
Ming Liu (1):
libusbgx: usbgx.service: use Type=oneshot
Mingli Yu (4):
mariadb: Upgrade to 10.11.5
dialog: Update the SRC_URI
gnulib: Update SRC_URI
thrift: Remove buildpaths
Nicolas Marguet (1):
librelp: add ptest
Parian Golchin (1):
json-schema-validator: Updrade to 2.2.0
Pawel Langowski (1):
qcbor: add recipe
Petr Chernikov (1):
Fix empty 0.0.0-0-g0 jemalloc version by adding --with-version
Petr Gotthard (1):
python3-sdbus: add recipe
Robert Yang (1):
frr: Fix CVE-2023-41358 and CVE-2023-41360
Roger Knecht (1):
python3-schedule: add recipe
Roland Hieber (1):
fbida: update Upstream-Status for submitted patches
Ross Burton (1):
Revert "protobuf: stage protoc binary to sysroot"
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Upgrade 1.20.1 -> 1.20.2
Sourav Kumar Pramanik (1):
meta-oe-components: Avoid usage of nobranch=1
Sourav Pramanik (2):
rapidjson: Avoid usage of nobranch=1
nlohmann-json: Avoid usage of nobranch=1
Stanislav Angelovic (1):
feat: bump sdbus-c++ up to v1.3.0
Sudip Mukherjee (1):
qad: Add initial recipe
Trevor Gamblin (1):
python3-kivy: fix filename
Tymoteusz Burak (2):
ttf-google-fira: add recipe
libfaketime: add recipe
Vincent Davis Jr (1):
cglm: upgrade v0.8.9 -> v0.9.1
Wang Mingyu (108):
libcloudproviders: upgrade 0.3.1 -> 0.3.2
chrony: upgrade 4.3 -> 4.4
networkmanager: upgrade 1.42.8 -> 1.44.0
weechat: upgrade 4.0.2 -> 4.0.3
ctags: upgrade 6.0.20230730.0 -> 6.0.20230813.0
fmt: upgrade 10.0.0 -> 10.1.0
gensio: upgrade 2.6.7 -> 2.7.2
googletest: upgrade 1.13.0 -> 1.14.0
lvgl: upgrade 8.3.8 -> 8.3.9
postgresql: upgrade 15.3 -> 15.4
smartmontools: upgrade 7.3 -> 7.4
xdg-dbus-proxy: upgrade 0.1.4 -> 0.1.5
yaml-cpp: upgrade 0.7.0 -> 0.8.0
libtest-harness-perl: upgrade 3.44 -> 3.47
python3-alembic: upgrade 1.11.1 -> 1.11.2
python3-async-timeout: upgrade 4.0.2 -> 4.0.3
python3-bitarray: upgrade 2.8.0 -> 2.8.1
python3-cmake: upgrade 3.27.0 -> 3.27.2
python3-coverage: upgrade 7.2.7 -> 7.3.0
python3-dnspython: upgrade 2.4.1 -> 2.4.2
python3-google-api-python-client: upgrade 2.95.0 -> 2.96.0
python3-googleapis-common-protos: upgrade 1.59.1 -> 1.60.0
python3-joblib: upgrade 1.3.1 -> 1.3.2
python3-luma-oled: upgrade 3.12.0 -> 3.13.0
python3-platformdirs: upgrade 3.9.1 -> 3.10.0
python3-pycodestyle: upgrade 2.10.0 -> 2.11.0
python3-pyflakes: upgrade 3.0.1 -> 3.1.0
python3-pymisp: upgrade 2.4.173 -> 2.4.174
python3-rdflib: upgrade 6.3.2 -> 7.0.0
python3-regex: upgrade 2023.6.3 -> 2023.8.8
python3-rich: upgrade 13.4.2 -> 13.5.2
python3-sh: upgrade 2.0.4 -> 2.0.6
python3-tox: upgrade 4.6.4 -> 4.8.0
python3-tqdm: upgrade 4.65.0 -> 4.66.1
python3-uefi-firmware: upgrade 1.10 -> 1.11
python3-virtualenv: upgrade 20.24.2 -> 20.24.3
python3-web3: upgrade 6.7.0 -> 6.8.0
python3-yamlloader: upgrade 1.2.2 -> 1.3.2
python3-zeroconf: upgrade 0.71.4 -> 0.76.0
python3-protobuf: upgrade 4.23.4 -> 4.24.0
ctags: upgrade 6.0.20230813.0 -> 6.0.20230820.0
debootstrap: upgrade 1.0.128 -> 1.0.131
gensio: upgrade 2.7.2 -> 2.7.4
gnome-bluetooth: upgrade 42.5 -> 42.6
nginx: upgrade 1.25.1 -> 1.25.2
geary: update 44.0 -> 44.1
php: upgrade 8.2.8 -> 8.2.9
python3-redis: upgrade 4.6.0 -> 5.0.0
python3-alembic: upgrade 1.11.2 -> 1.11.3
python3-awesomeversion: upgrade 23.5.0 -> 23.8.0
python3-bitstring: upgrade 4.0.2 -> 4.1.0
python3-click: upgrade 8.1.6 -> 8.1.7
python3-engineio: upgrade 4.5.1 -> 4.6.0
python3-google-api-python-client: upgrade 2.96.0 -> 2.97.0
python3-humanize: upgrade 4.7.0 -> 4.8.0
python3-mypy: upgrade 1.5.0 -> 1.5.1
python3-oauth2client: upgrade 4.1.2 -> 4.1.3
python3-protobuf: upgrade 4.24.0 -> 4.24.1
python3-pycocotools: upgrade 2.0.6 -> 2.0.7
python3-pymetno: upgrade 0.10.0 -> 0.11.0
python3-pymongo: upgrade 4.4.1 -> 4.5.0
python3-pywbem: upgrade 1.6.1 -> 1.6.2
python3-sqlalchemy: upgrade 2.0.19 -> 2.0.20
python3-tox: upgrade 4.8.0 -> 4.10.0
python3-typeguard: upgrade 4.1.0 -> 4.1.2
python3-types-setuptools: upgrade 68.0.0.3 -> 68.1.0.0
python3-zeroconf: upgrade 0.76.0 -> 0.82.1
redis: upgrade 7.0.12 -> 7.2.0
weechat: upgrade 4.0.3 -> 4.0.4
traceroute: upgrade 2.1.2 -> 2.1.3
wireshark: upgrade 4.0.7 -> 4.0.8
adw-gtk3: upgrade 4.8 -> 4.9
ctags: upgrade 6.0.20230820.0 -> 6.0.20230827.0
debootstrap: upgrade 1.0.131 -> 1.0.132
dialog: upgrade 1.3-20210509 -> 1.3-20230209
fmt: upgrade 10.1.0 -> 10.1.1
gensio: upgrade 2.7.4 -> 2.7.5
iwd: upgrade 2.7 -> 2.8
libgphoto2: upgrade 2.5.30 -> 2.5.31
libzip: upgrade 1.10.0 -> 1.10.1
logwatch: upgrade 7.8 -> 7.9
thrift: upgrade 0.18.1 -> 0.19.0
libnet-dns-perl: upgrade 1.39 -> 1.40
python3-alembic: upgrade 1.11.3 -> 1.12.0
python3-argh: upgrade 0.28.1 -> 0.29.3
python3-asttokens: upgrade 2.2.1 -> 2.4.0
python3-bitstring: upgrade 4.1.0 -> 4.1.1
python3-cmake: upgrade 3.27.2 -> 3.27.4.1
python3-diskcache: upgrade 5.6.1 -> 5.6.3
python3-engineio: upgrade 4.6.0 -> 4.7.0
python3-imageio: upgrade 2.31.1 -> 2.31.3
python3-ipython: upgrade 8.14.0 -> 8.15.0
python3-kiwisolver: upgrade 1.4.4 -> 1.4.5
python3-langtable: upgrade 0.0.62 -> 0.0.63
python3-luma-core: upgrade 2.4.0 -> 2.4.1
python3-protobuf: upgrade 4.24.1 -> 4.24.2
python3-pymisp: upgrade 2.4.174 -> 2.4.175
python3-pymodbus: upgrade 3.4.1 -> 3.5.0
python3-smbus2: upgrade 0.4.2 -> 0.4.3
python3-snagboot: upgrade 1.1 -> 1.2
python3-socketio: upgrade 5.8.0 -> 5.9.0
python3-soupsieve: upgrade 2.4.1 -> 2.5
python3-tox: upgrade 4.10.0 -> 4.11.1
python3-typeguard: upgrade 4.1.2 -> 4.1.3
python3-types-setuptools: upgrade 68.1.0.0 -> 68.1.0.1
python3-virtualenv: upgrade 20.24.3 -> 20.24.4
python3-web3: upgrade 6.8.0 -> 6.9.0
python3-zeroconf: upgrade 0.82.1 -> 0.97.0
Willy Tu (1):
abseil-cpp: upgrade 20230125.3 -> 20230802.0
Yi Zhao (7):
nftables: upgrade 1.0.7 -> 1.0.8
libssh: upgrade 0.10.4 -> 0.10.5
samba: upgrade 4.18.5 -> 4.18.6
libyang: upgrade 2.1.55 -> 2.1.111
frr: Security fix CVE-2023-3748
vsomeip: add recipe
ntp: add missing runtime dependencies
Yogita Urade (2):
poppler: fix CVE-2023-34872
hwloc: fix CVE-2022-47022
Βούλγαρη Αικατερίνη (1):
collectd: build with rrdcached plugin
poky: 71282bbc53..61531cd395:
Adrian Freihofer (2):
cmake.bbclass: cleanup spaces and tabs
cmake.bbclass: refactor cmake args
Alberto Planas (1):
bitbake.conf: add bunzip2 in HOSTTOOLS
Alexander Kanavin (18):
lib/oe/recipeutils.py: accommodate SRCPV being optional and deprecated in version check regex
python3-sphinx: correct version check
systemd-bootchart: musl fixes have been rejected upstream
openssl: build and install manpages only if they are enabled
gettext: upgrade 0.21.1 -> 0.22
connman: update 1.41 -> 1.42
libcgroup: update 3.0.0 -> 3.1.0
perlcross: update 1.4.1 -> 1.5
perl: update 5.36.1 -> 5.38.0
groff: update 1.22.4 -> 1.23.0
libglu: update 9.0.2 -> 9.0.3
libpthread-stubs: update 0.4 -> 0.5
gpgme: upgrade 1.20.0 -> 1.22.0
libgudev: upgrade 237 -> 238
gnupg: upgrade 2.4.2 -> 2.4.3
gnutls: update 3.8.0 -> 3.8.1
runqemu: check permissions of available render nodes as well as their presence
build-sysroots: target or native sysroot population need to be selected explicitly
Alexis Lothoré (7):
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest: introduce gitarchive tests
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest/gitarchive: add tests about tags lisiting when no remote is configured
oeqa/utils/gitarchive: allow to pass a logger to get_tags
oeqa/utils/gitarchive: fall back to local tags when listing existing tags
oeqa/utils/gitarchive: replace warning with info when reading local tags
Angelo Ribeiro (1):
ccache.bbclass: Add allowed list for native recipes
Anuj Mittal (3):
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
harfbuzz: upgrade 8.0.1 -> 8.1.1
stress-ng: upgrade 0.15.08 -> 0.16.04
Archana Polampalli (1):
vim: upgrade 9.0.1592 -> 9.0.1664
Benjamin Bara (6):
rust-target-config: fix target_features for vfpv3d16
README: fix mail address in git example command
pixman: avoid neon on unsupported machines
nettle: avoid neon on unsupported machines
ffmpeg: avoid neon on unsupported machines
ghostscript: avoid neon on unsupported machines
Bruce Ashfield (19):
conf/machine: set preferred kernel to be 6.4
poky/poky-tiny: set preferred linux-yocto version to 6.4
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.4: update to v6.4.10
linux-yocto/6.1: update to v6.1.45
kern-tools: include utility to post process config diffs
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: update to v6.4.11
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
linux-yocto/6.4: fix IRQ-80 warnings
linux-yocto/6.4: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.1: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.4: update to v6.4.12
linux-yocto/6.1: update to v6.1.50
linux-yocto/6.4: update to v6.4.13
linux-yocto/6.4: update to v6.4.14
linux-yocto/6.1: update to v6.1.51
Changqing Li (1):
sqlite3: set CVE_STATUS for CVE-2023-36191
Chen Qi (6):
bitbake: runqueue.py: fix PSI check logic
cmake: drop OE specific environment variable support
cmake.bbclass: fix allarch override syntax
uninative.bbclass: sync to use UNINATIVE_STAGING_DIR
stress-ng: disable DEBUG_BUILD
oe-depends-dot: improve '-w' behavior
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
David Reyna (3):
bitbake: toaster: Update to Django 4.2
bitbake: toaster: import only used layers
bitbake: toaster: accommodate missing 'Image Name' value in buildinfohelper
Dmitry Baryshkov (4):
mdadm: disable strace on rv32 arch
linux-firmware: upgrade 20230625 -> 20230804
linux-firmware: package audio topology for Lenovo X13s
linux-firmware: package Dragonboard 845c sensors DSP firmware
Eilís 'pidge' Ní Fhlannagáin (1):
nativesdk-intercept: Fix bad intercept chgrp/chown logic
Emil Ekmečić (2):
bitbake: fetch2: add Google Cloud Platform (GCP) fetcher
Add GCP fetcher to list of supported protocols
Emil Kronborg Andersen (2):
dbus: add additional entries to CVE_PRODUCT
libxkbcommon: add CVE_PRODUCT
Etienne Cordonnier (2):
vim: update obsolete comment
migration-guides: system-conf -> systemd-conf
Frederic Martinsons (5):
rust: add cargo-c native recipe
classes-recipe: add cargo_c.bbclass
rust: provide examples for C library generation in rust
oeqa/runtime/rust: correct rust test
ref-manual: classes.rst: suppress rust-hello-world reference, add ptest-cargo class
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jasper Orschulko (1):
cve_check: Fix cpe_id generation
Joe Slater (1):
file: fix call to localtime_r()
Jon Mason (1):
linux-yocto-dev: correct qemuarmv5 device tree location
Jose Quaresma (3):
systemd: fix efi dependency
systemd-boot: remove old gummiboot TUNE_CCARGS
pybootchartgui: also match do_compile and do_configure subtasks
Joshua Watt (9):
bitbake: bblayers/query: Add multiconfig support to `show-appends`
bitbake: cooker: Fix error message
bitbake: lib/bb: Add xattr and acl libraries
buildtools-tarball: Add libacl
classes/image_types: Add vfat image type
bitbake: fetch2: git: Check if clone directory is a git repo
wic: Add gpt-hybrid partition layout
bitbake: fetch2: git: Remove useless try..else clause
Add libacl to required packages
Julien Stephan (4):
less: upgrade 633 -> 643
less: add ptest support
patch.py: use --absolute-git-dir instead of --show-toplevel to retrieve gitdir
vulkan-samples: convert debugfix.patch to git format patch
Kai Kang (1):
webkitgtk: fix build failure with DEBUG_BUILD enabled
Khem Raj (22):
gnu-efi: Fix build on musl
systemd-boot: Fix build on musl
glibc: Upgrade to 2.38 release
glibc: Enable fortify sources by defaults
glibc: Drop --enable-tunables
glibc: Fix SVE detection on aarch64
glibc-tests: Add missing libgcc runtime dependency
kernel.bbclass: Use KERNEL_STRIP instead of STRIP
build-sysroots: Add SUMMARY field
tunes: Add support for sve instructions on armv8/armv9
arch-armv8,arch-armv9: Add sve based tune options
python3: Increase default thread stack size on musl
inetutils: Fix CVE-2023-40303
inetutils: Apply devtool formatting suggestions
qemu: Fix CVE-2023-40360
core-image-ptest: Define a fallback for SUMMARY field
dos2unix: upgrade 7.5.0 -> 7.5.1
python3: Fix ptests on musl
tcl: Add a way to skip ptests
rust-target-config: Map rust target to OE target
libc-test: Depend on musl-staticdev
apr: Fix ptests on musl
Lee Chee Yang (2):
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
Lei Maohui (1):
glibc-package: Fix conflict error when enable multilib.
Luan Rafael Carneiro (2):
weston: Upgrade version 12.0.1 -> 12.0.2
weston: Add sysconfdir to FILES:${PN}
Luca Ceresoli (1):
Revert "oeqa/runtime/parselogs: Exclude preempt-rt error for now"
Markus Niebel (2):
wic: fix wrong attempt to create file system in upartitioned regions
oeqa: wic: Add test for --no-table option
Markus Volk (8):
gtk4: upgrade 4.10.4 -> 4.10.5
libadwaita: upgrade 1.3.3 -> 1.3.4
gtk4: upgrade 4.10.5 -> 4.12.0
qemu: fix libudev packageconfig for systemd images
qemu: build pulseaudio support depending on distro_feature
qemu: add packageconfigs for fuse and dbus-display
gtk4: upgrade 4.12.0 -> 4.12.1
mesa: add intel raytracing support to opencl build
Martin Jansa (6):
tcl: prevent installing another copy of tzdata
cross-localedef-native: fix build on hosts with older glibc
bitbake: runqueue: show more pressure data
Makefile: remove from top-level directory
bitbake: runqueue: show number of currently running bitbake threads when pressure changes
webkitgtk: explicitly disable JIT for armv7* with softfp
Michael Halstead (2):
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (26):
scripts/create-pull-request: update URLs to git repositories
manuals: create a dedicated "Contributor Guide" document
ref-manual: classes.rst: fix location of _ref-classes-ccache
ref-manual: update supported distro versions
contributor-guide: add missing links to mailing lists
contributor-guide: add section about why we use mailing lists
contributor-guide: add recipe style guide
ref-manual: remove AUTHOR variable
contributor guide: call section "Reporting a defect"
contributor-guide: remove obsolete pkg-config guidelines
contributor guide: remove unnecessary information about mailing lists
contributor-guide: clarification about patchtest
contributor guide: update instructions for making and sharing changes
dev-manual: disk-space: mention faster "find" command to trim sstate cache
contributor-guide: move to 2nd place in top menu
contributor-guide: submit-changes: simplify note
contributor-guide: identify component: provide link to repositories
contributor-guide: submit-changes: detail commit and patch creation
contributor-guide: submit-changes: develop sending patches section
manuals: README: update list of manuals
contributor-guide: submit-changes: reorganize and develop sections
contributor-guide: submit-changes: improvements to mailing lists section
contributor-guide: submit-changes: commit guidelines for recipes
contributor-guide: submit-changes: how to request push access to repositories
README: update/fix contribution guidelines
bitbake: doc: bitbake-user-manual: remove reference to SSTATE_MIRRORS variable
Mikko Rapeli (4):
openssh: capture ptest regression test failure logs
oeqa selftest context.py: whitespace fix
oeqa selftest context.py: remove warning from missing meta-selftest
oeqa selftest context.py: fix git commands and set branch name
Mingli Yu (2):
qemu: Add qemu-common package
webkitgtk: Add opengl to REQUIRED_DISTRO_FEATURES
Narpat Mali (1):
ffmpeg: add CVE_STATUS for CVE-2023-39018
Otavio Salvador (2):
weston-init: remove misleading comment about udev rule
weston-init: fix init code indentation
Ovidiu Panait (1):
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Paulo Neves (1):
bitbake: siggen.py: Improve taskhash reproducibility
Peter Kjellerstedt (3):
bin_package.bbclass: Inhibit the default dependencies
insane.bbclass: Remove an unused variable
poky.conf: Switch to post release name/version
Peter Marko (2):
openssl: Upgrade 3.1.1 -> 3.1.2
gcc-runtime: remove bashism
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Randolph Sapp (1):
bitbake: gitsm: tolerate git-lfs in submodules
Richard Purdie (39):
bitbake: siggen: Fix indentation
bitbake: siggen: Update debug
resulttool/report: Avoid divide by zero
gcc-testsuite: Fix qemu binary filtering code logic error
gcc-testsuite: Set qemu options for mips correctly
mips/tune-mips64r2: Set qemu cpu option correctly
binutils-cross-testsuite: Pass TUNE_LDARGS to tests
arch-mips: Ensure TUNE_LDARGS is set correctly
gcc: Add patch to improve testsuite failures, particularly mips
oeqa/runtime/parselogs: Exclude preempt-rt error for now
qemu: Upgrade 8.0.3 -> 8.0.4
lib/package_manager: Improve repo artefact filtering
Revert "oeqa/utils/gitarchive: fix tag computation when creating archive"
lttng-modules: Upgrade 2.13.9 -> 2.13.10
lttng-tools: Upgrade 2.13.9 -> 2.13.10
pseudo: Fix to work with glibc 2.38
binutils: Add missing DEPENDS on pod2man
build-sysroots: Ensure dependency chains are minimal
bitbake: fetch2: Add new srcrev fetcher API
base/package: Move source revision information from PV to PKGV
recipes/classes/scripts: Drop SRCPV usage in OE-Core
glibc: Add glibc 2.38 stable updates
README: Update to point to new contributor guide
bitbake: README: Update to point to new contributor guide
bitbake: command: Avoid time intensive distractions for ping
README: Clarify/standardise contributions process
python3-numpy: Attempt to fix reproducibility issue
bitbake: doc: Document challenges of tags with git fetcher
bitbake: server/process: Add more timing debug
qemu: Upgrade 8.0.4 -> 8.1.0
qemu: Add patches to resolve x86 and then mips boot issues
mdadm: Disable further tests due to intermittent failures
Revert "oeqa selftest context.py: fix git commands and set branch name"
classes: Drop ';' delimiter from ROOTFS/IMAGE*COMMAND variables
build-appliance-image: Update to master head revision
layer.conf: Update to nanbield release series
bitbake: bitbake: Update to 2.6.0 release series/version
layer.conf: Update to nanbield release series
build-appliance-image: Update to master head revision
Ross Burton (47):
connman-conf: don't take over any ethernet devices, not just eth0
meson.bbclass: add MESON_TARGET
meson.bbclass:: update do_write_config vardeps
systemd-boot: use MESON_TARGET
systemd-boot: improve cross file generation
p11-kit: fix build without qemu-usermode
gi-docgen: depend on qemu-usermode MACHINE_FEATURES
python3-pygobject: add explicit check for qemu-usermode MACHINE_FEATURE
graphene: fix runtime detection of IEEE754 behaviour
python3: ignore disputed CVE-2023-36632
procps: backport fix for CVE-2023-4016
linux/generate-cve-exclusions.py: fix comparison
linux/cve-exclusions: update CVE_STATUS exclusions
perf: enable verbose feature detection
perf: add more PACKAGECONFIGs
perf: fix perl binding support
perf: split scripting PACKAGECONFIG into perl and python
perf: disable perl support
libtraceevent: build with Meson
linux/generate-cve-exclusions: add version check warning
linux-yocto: update CVE exclusions files
site: remove at-spi2-core values
inetutils: don't guess target paths
inetutils: remove obsolete patches
inetutils: remove obsolete cruft from do_configure
glib-networking: enable build with GnuTLS if PKCS#11 was disabled
glib-networking: use gnutls backend for TLS sockets
cve-extra-exclusions: remove historic kernel CVEs which are handled now
cve-extra-exclusions: remove BlueZ issues
linux-yocto: update kernel CVE status
linux: review some historic CVE_STATUS
glib-2.0: explicitly enable strlcpy()
scripts/oe-find-native-sysroot: use bitbake-getvar
qemu-system-native: enable PNG support
python3-build: upgrade to 1.0.0
glib-2.0: libelf has a configure option now, specify it
harfbuzz: update PACKAGECONFIG
pango: explictly enable/disable libthai
libsoup-2.4: update PACKAGECONFIG
libsoup: update PACKAGECONFIG
wayland-utils: add libdrm PACKAGECONFIG
cve-exclusion: review the last of the historical kernel CVEs
busybox: remove coreutils dependency in busybox-ptest
libgudev: explicitly disable tests and vapi
linux: update CVE exclusions
python3-build: upgrade to 1.0.3
avahi: handle invalid service types gracefully
Ryan Eatmon (1):
kernel.bbclass: Add force flag to rm calls
Samantha Jalabert (1):
bitbake: Fix disk space monitoring on cephfs
Stéphane Veyret (1):
nfs-utils: Add needed library to client
Sudip Mukherjee (4):
kea: upgrade to v2.4.0
cmake: upgrade to v3.27.4
dpkg: upgrade to v1.22.0
openssh: upgrade to v9.4p1
Tom Hochstein (1):
linux-firmware: add firmware files for NXP BT chipsets
Trevor Gamblin (16):
python3-hypothesis: upgrade 6.82.0 -> 6.82.5
python3-more-itertools: upgrade 10.0.0 -> 10.1.0
python3-pygments: upgrade 2.15.1 -> 2.16.1
python3-wheel: upgrade 0.41.0 -> 0.41.1
maintainers.inc: Add self for unmaintained Python recipes
oe-buildenv-internal: update required Python version
python3-dbusmock: upgrade 0.29.0 -> 0.29.1
python3-numpy: upgrade 1.25.1 -> 1.25.2
python3-trove-classfiers: upgrade 2023.7.6 -> 2023.8.7
python3-setuptools: upgrade 68.0.0 -> 68.1.0
python3-dtc: upgrade 1.6.1 -> 1.7.0
python3-poetry: upgrade 1.6.1 -> 1.7.0
python3-git: upgrade 3.1.32 -> 3.1.34
python3-hypothesis: upgrade 6.82.7 -> 6.84.0
python3-pytest: upgrade 7.4.0 -> 7.4.1
python3-sphinx: upgrade 7.1.1 -> 7.2.5
Ulrich Ölmann (1):
weston: fix comment
Wang Mingyu (47):
btrfs-tools: upgrade 6.3.1 -> 6.3.3
curl: upgrade 8.2.0 -> 8.2.1
file: upgrade 5.44 -> 5.45
gmp: upgrade 6.2.1 -> 6.3.0
xxhash: upgrade 0.8.1 -> 0.8.2
python3-editables: upgrade 0.4 -> 0.5
python3-markdown: upgrade 3.4.3 -> 3.4.4
python3-pathspec: upgrade 0.11.1 -> 0.11.2
python3-pip: upgrade 23.2 -> 23.2.1
python3-pyparsing: upgrade 3.1.0 -> 3.1.1
re2c: upgrade 3.0 -> 3.1
shaderc: upgrade 2023.4 -> 2023.5
sudo: upgrade 1.9.14p2 -> 1.9.14p3
libarchive: upgrade 3.6.2 -> 3.7.1
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
bluez5: upgrade 5.68 -> 5.69
ell: upgrade 0.57 -> 0.58
git: upgrade 2.41.0 -> 2.42.0
kbd: upgrade 2.6.1 -> 2.6.2
libconvert-asn1-perl: upgrade 0.33 -> 0.34
libdrm: upgrade 2.4.115 -> 2.4.116
libedit: upgrade 20221030-3.1 -> 20230828-3.1
libgit2: upgrade 1.7.0 -> 1.7.1
librepo: upgrade 1.15.1 -> 1.15.2
libsecret: upgrade 0.20.5 -> 0.21.0
libsndfile1: upgrade 1.2.0 -> 1.2.2
libxml2: upgrade 2.11.4 -> 2.11.5
mc: upgrade 4.8.29 -> 4.8.30
mpfr: upgrade 4.2.0 -> 4.2.1
neard: upgrade 0.18 -> 0.19
python3: upgrade 3.11.4 -> 3.11.5
pango: upgrade 1.50.14 -> 1.51.0
pigz: upgrade 2.7 -> 2.8
pkgconf: upgrade 1.9.5 -> 2.0.2
python3-setuptools: upgrade 68.1.0 -> 68.1.2
repo: upgrade 2.35 -> 2.36.1
shaderc: upgrade 2023.5 -> 2023.6
sqlite3: upgrade 3.42.0 -> 3.43.0
sysklogd: upgrade 2.5.0 -> 2.5.2
xz: upgrade 5.4.3 -> 5.4.4
zlib: upgrade 1.2.13 -> 1.3
python3-hypothesis: upgrade 6.82.5 -> 6.82.7
python3-pluggy: upgrade 1.2.0 -> 1.3.0
python3-sphinx-rtd-theme: upgrade 1.2.2 -> 1.3.0
python3-wheel: upgrade 0.41.1 -> 0.41.2
librepo: upgrade 1.15.2 -> 1.16.0
Yang Xu (1):
meson: don't fail if no .pyc exists
Yi Zhao (2):
dhcpcd: upgrade 10.0.1 -> 10.0.2
dhcpcd: fix buffer overflow
Yoann Congal (1):
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (1):
dropbear: fix CVE-2023-36328
Yuta Hayama (3):
linux/generate-cve-exclusions: print the generated time in UTC
linux/generate-cve-exclusions: fix mishandling of boundary values
linux-yocto: correct the wording in CVE_STATUS
Zang Ruochen (6):
tcf-agent: Disable non-building features on loongarch64
gcc-sanitizers: Add loongarch as a compatible architecture.
goarch.bbclass: Add loongarch64 to go_map_arch
qemuloongarch.inc:Change to use virtio-serial-pci
kernel-devsrc: Fixed missing loongarch64 kernel source code when test_kernelmodules
gcc: Fresh 0003-64-bit-multilib-hack.patch to add loongarch64 support
Change-Id: I4d4752539711b34471002dd1817bb7c14a590675
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 0000000..70bd988
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,279 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ftpd/ftpd.c | 10 +++++++---
+ src/rcp.c | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c | 25 +++++++++++++++++++++----
+ src/rshd.c | 20 +++++++++++++++++---
+ src/uucpd.c | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
++++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+ char *remotehost = pcred->remotehost;
+ int atype = pcred->auth_type;
+
+- seteuid ((uid_t) 0);
++ if (seteuid ((uid_t) 0) == -1)
++ _exit (EXIT_FAILURE);
++
+ if (pcred->logged_in)
+ {
+ logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+
+ if (data >= 0)
+ return fdopen (data, mode);
+- seteuid ((uid_t) 0);
++ if (seteuid ((uid_t) 0) == -1)
++ _exit (EXIT_FAILURE);
+ s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+ if (s < 0)
+ goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+ else /* !AF_INET6 */
+ ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+
+- seteuid ((uid_t) 0);
++ if (seteuid ((uid_t) 0) == -1)
++ _exit (EXIT_FAILURE);
+ if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+ {
+ if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+ if (from_option)
+ { /* Follow "protocol", send data. */
+ response ();
+- setuid (userid);
++
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
++
+ source (argc, argv);
+ exit (errs);
+ }
+
+ if (to_option)
+ { /* Receive data. */
+- setuid (userid);
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
++
+ sink (argc, argv);
+ exit (errs);
+ }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+ if (response () < 0)
+ exit (EXIT_FAILURE);
+ free (bp);
+- setuid (userid);
++
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
+ }
+ source (1, argv + i);
+ close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+ ++errs;
+ continue;
+ }
+- seteuid (userid);
++
++ if (seteuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ sslen = sizeof (ss);
+ (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+ vect[0] = target;
+ sink (1, vect);
+- seteuid (effuid);
++
++ if (seteuid (effuid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
++
+ close (rem);
+ rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+ return (127);
+
+ case 0:
+- setuid (userid);
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
++
+ execl (PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit (127);
+ }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index aa6426fb..c543de0c 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+ /* Now change to the real user ID. We have to be set-user-ID root
+ to get the privileged port that rcmd () uses. We now want, however,
+ to run as the real user who invoked us. */
+- seteuid (uid);
+- setuid (uid);
++ if (seteuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
++
++ if (setuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
+
+ doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
+
+diff --git a/src/rsh.c b/src/rsh.c
+index 2d622ca4..6f60667d 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+ {
+ if (asrsh)
+ *argv = (char *) "rlogin";
+- seteuid (getuid ());
+- setuid (getuid ());
++
++ if (seteuid (getuid ()) == -1)
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
++
++ if (setuid (getuid ()) == -1)
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
++
+ execv (PATH_RLOGIN, argv);
+ error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+ }
+@@ -541,8 +550,16 @@ try_connect:
+ error (0, errno, "setsockopt DEBUG (ignored)");
+ }
+
+- seteuid (uid);
+- setuid (uid);
++ if (seteuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
++
++ if (setuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
++
+ #ifdef HAVE_SIGACTION
+ sigemptyset (&sigs);
+ sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index d1c0d0cd..707790e7 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ pwd->pw_shell = PATH_BSHELL;
+
+ /* Set the gid, then uid to become the user specified by "locuser" */
+- setegid ((gid_t) pwd->pw_gid);
+- setgid ((gid_t) pwd->pw_gid);
++ if (setegid ((gid_t) pwd->pw_gid) == -1)
++ {
++ rshd_error ("Cannot drop privileges (setegid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
++
++ if (setgid ((gid_t) pwd->pw_gid) == -1)
++ {
++ rshd_error ("Cannot drop privileges (setgid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
++
+ #ifdef HAVE_INITGROUPS
+ initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ }
+ #endif /* WITH_PAM */
+
+- setuid ((uid_t) pwd->pw_uid);
++ if (setuid ((uid_t) pwd->pw_uid) == -1)
++ {
++ rshd_error ("Cannot drop privileges (setuid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ /* We'll execute the client's command in the home directory
+ * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 107589e1..29cfce35 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+ snprintf (Username, sizeof (Username), "USER=%s", user);
+ snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+ dologin (pw, sap, salen);
+- setgid (pw->pw_gid);
++
++ if (setgid (pw->pw_gid) == -1)
++ {
++ fprintf (stderr, "setgid() failed");
++ return;
++ }
+ #ifdef HAVE_INITGROUPS
+ initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+ fprintf (stderr, "Login incorrect.");
+ return;
+ }
+- setuid (pw->pw_uid);
++
++ if (setuid (pw->pw_uid) == -1)
++ {
++ fprintf (stderr, "setuid() failed");
++ return;
++ }
++
+ execl (uucico_location, "uucico", NULL);
+ perror ("uucico server: execl");
+ }
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
new file mode 100644
index 0000000..1b972aa
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,253 @@
+From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Mon, 31 Jul 2023 13:59:05 +0200
+Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/rcp.c | 42 ++++++++++++++++++++++++------------------
+ src/rlogin.c | 12 ++++++------
+ src/rsh.c | 24 ++++++++++++------------
+ src/rshd.c | 24 ++++++++++++------------
+ src/uucpd.c | 16 ++++++++--------
+ 5 files changed, 62 insertions(+), 56 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index cdcf8500..652f22e6 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -347,9 +347,10 @@ main (int argc, char *argv[])
+ response ();
+
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+
+ source (argc, argv);
+ exit (errs);
+@@ -358,9 +359,10 @@ main (int argc, char *argv[])
+ if (to_option)
+ { /* Receive data. */
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+
+ sink (argc, argv);
+ exit (errs);
+@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[])
+ free (bp);
+
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+ }
+ source (1, argv + i);
+ close (rem);
+@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
+ }
+
+ if (seteuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (seteuid() failed)");
++ }
+
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ sslen = sizeof (ss);
+@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
+ sink (1, vect);
+
+ if (seteuid (effuid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (seteuid() failed)");
++ }
+
+ close (rem);
+ rem = -1;
+@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
+
+ case 0:
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+
+ execl (PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit (127);
+diff --git a/src/rlogin.c b/src/rlogin.c
+index c543de0c..4360202f 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -648,14 +648,14 @@ try_connect:
+ to get the privileged port that rcmd () uses. We now want, however,
+ to run as the real user who invoked us. */
+ if (seteuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
+
+ if (setuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
+
+ doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
+
+diff --git a/src/rsh.c b/src/rsh.c
+index 6f60667d..179b47cd 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -278,14 +278,14 @@ main (int argc, char **argv)
+ *argv = (char *) "rlogin";
+
+ if (seteuid (getuid ()) == -1)
+- {
+- error (EXIT_FAILURE, errno, "seteuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
+
+ if (setuid (getuid ()) == -1)
+- {
+- error (EXIT_FAILURE, errno, "setuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
+
+ execv (PATH_RLOGIN, argv);
+ error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+@@ -551,14 +551,14 @@ try_connect:
+ }
+
+ if (seteuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, errno, "seteuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
+
+ if (setuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, errno, "setuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
+
+ #ifdef HAVE_SIGACTION
+ sigemptyset (&sigs);
+diff --git a/src/rshd.c b/src/rshd.c
+index 707790e7..3a153a18 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+
+ /* Set the gid, then uid to become the user specified by "locuser" */
+ if (setegid ((gid_t) pwd->pw_gid) == -1)
+- {
+- rshd_error ("Cannot drop privileges (setegid() failed)\n");
+- exit (EXIT_FAILURE);
+- }
++ {
++ rshd_error ("Cannot drop privileges (setegid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ if (setgid ((gid_t) pwd->pw_gid) == -1)
+- {
+- rshd_error ("Cannot drop privileges (setgid() failed)\n");
+- exit (EXIT_FAILURE);
+- }
++ {
++ rshd_error ("Cannot drop privileges (setgid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ #ifdef HAVE_INITGROUPS
+ initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
+@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ #endif /* WITH_PAM */
+
+ if (setuid ((uid_t) pwd->pw_uid) == -1)
+- {
+- rshd_error ("Cannot drop privileges (setuid() failed)\n");
+- exit (EXIT_FAILURE);
+- }
++ {
++ rshd_error ("Cannot drop privileges (setuid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ /* We'll execute the client's command in the home directory
+ * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 29cfce35..fde7b9c9 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+ dologin (pw, sap, salen);
+
+ if (setgid (pw->pw_gid) == -1)
+- {
+- fprintf (stderr, "setgid() failed");
+- return;
+- }
++ {
++ fprintf (stderr, "setgid() failed");
++ return;
++ }
+ #ifdef HAVE_INITGROUPS
+ initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+ }
+
+ if (setuid (pw->pw_uid) == -1)
+- {
+- fprintf (stderr, "setuid() failed");
+- return;
+- }
++ {
++ fprintf (stderr, "setuid() failed");
++ return;
++ }
+
+ execl (uucico_location, "uucico", NULL);
+ perror ("uucico server: execl");
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
deleted file mode 100644
index 603d2ba..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From c7c27ba763c613f83c1561e56448b49315c271c5 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] Upstream:
- http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
-
-Upstream-Status: Pending
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- ping/ping_common.h | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/ping/ping_common.h b/ping/ping_common.h
-index 65e3e60..3e84db0 100644
---- a/ping/ping_common.h
-+++ b/ping/ping_common.h
-@@ -18,10 +18,14 @@
- You should have received a copy of the GNU General Public License
- along with this program. If not, see `http://www.gnu.org/licenses/'. */
-
-+#include <config.h>
-+
- #include <netinet/in_systm.h>
- #include <netinet/in.h>
- #include <netinet/ip.h>
-+#ifdef HAVE_IPV6
- #include <netinet/icmp6.h>
-+#endif
- #include <icmp.h>
- #include <error.h>
- #include <progname.h>
-@@ -63,7 +67,12 @@ struct ping_stat
- want to follow the traditional behaviour of ping. */
- #define DEFAULT_PING_COUNT 0
-
-+#ifdef HAVE_IPV6
- #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
-+#else
-+#define PING_HEADER_LEN (ICMP_MINLEN)
-+#endif
-+
- #define PING_TIMING(s) ((s) >= sizeof (struct timeval))
- #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */
-
-@@ -78,13 +87,20 @@ struct ping_stat
-
- #define PING_MIN_USER_INTERVAL (200000/PING_PRECISION)
-
-+#ifdef HAVE_IPV6
- /* FIXME: Adjust IPv6 case for options and their consumption. */
- #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
- (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
-
-+#else
-+#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
-+#endif
-+
-+#ifdef HAVE_IPV6
- typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
- struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
- int datalen);
-+#endif
-
- typedef int (*ping_efp) (int code,
- void *closure,
-@@ -93,13 +109,17 @@ typedef int (*ping_efp) (int code,
- struct ip * ip, icmphdr_t * icmp, int datalen);
-
- union event {
-+#ifdef HAVE_IPV6
- ping_efp6 handler6;
-+#endif
- ping_efp handler;
- };
-
- union ping_address {
- struct sockaddr_in ping_sockaddr;
-+#ifdef HAVE_IPV6
- struct sockaddr_in6 ping_sockaddr6;
-+#endif
- };
-
- typedef struct ping_data PING;
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
deleted file mode 100644
index 2974bd4..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f7f785c21306010b2367572250b2822df5bc7728 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier at gentoo.org>
-Date: Thu, 18 Nov 2010 16:59:14 -0500
-Subject: [PATCH] printf-parse: pull in features.h for __GLIBC__
-
-Upstream-Status: Pending
-
-Signed-off-by: Mike Frysinger <vapier at gentoo.org>
-
----
- lib/printf-parse.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/printf-parse.h b/lib/printf-parse.h
-index e7d0f82..d7b4534 100644
---- a/lib/printf-parse.h
-+++ b/lib/printf-parse.h
-@@ -28,6 +28,9 @@
-
- #include "printf-args.h"
-
-+#ifdef HAVE_FEATURES_H
-+# include <features.h> /* for __GLIBC__ */
-+#endif
-
- /* Flags */
- #define FLAG_GROUP 1 /* ' flag */
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
deleted file mode 100644
index 1ef7e21..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 9089c6eafbf5903174dce87b68476e35db80beb9 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: Import version 1.9.4
-
-Upstream-Status: Pending
-
----
- lib/wchar.in.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/wchar.in.h b/lib/wchar.in.h
-index cdda680..043866a 100644
---- a/lib/wchar.in.h
-+++ b/lib/wchar.in.h
-@@ -77,6 +77,9 @@
- /* The include_next requires a split double-inclusion guard. */
- #if @HAVE_WCHAR_H@
- # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
-+#else
-+# include <stddef.h>
-+# define MB_CUR_MAX 1
- #endif
-
- #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
deleted file mode 100644
index 460ddf9..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 101130f422dd5c01a1459645d7b2a5b8d19720ab Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: define PATH_PROCNET_DEV if not already defined
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-this prevents the following compilation error :
-system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
-
-this patch comes from :
- http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
-
-Upstream-Status: Inappropriate [not author]
-
-Signed-of-by: Eric Bénard <eric@eukrea.com>
-
----
- ifconfig/system/linux.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/ifconfig/system/linux.c b/ifconfig/system/linux.c
-index e453b46..4268ca9 100644
---- a/ifconfig/system/linux.c
-+++ b/ifconfig/system/linux.c
-@@ -53,6 +53,10 @@
- #include "../ifconfig.h"
- �
-
-+#ifndef PATH_PROCNET_DEV
-+ #define PATH_PROCNET_DEV "/proc/net/dev"
-+#endif
-+
- /* ARPHRD stuff. */
-
- static void
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
deleted file mode 100644
index 2343c03..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001
-From: Kai Kang <kai.kang@windriver.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: Import version 1.9.4
-
-Only check security/pam_appl.h which is provided by package libpam when pam is
-enabled.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
----
- configure.ac | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5e16c3a..18510a8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL)
-
- # See if we have libpam.a. Investigate PAM versus Linux-PAM.
- if test "$with_pam" = yes ; then
-+ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
-+#include <sys/types.h>
-+#ifdef HAVE_NETINET_IN_SYSTM_H
-+# include <netinet/in_systm.h>
-+#endif
-+#include <netinet/in.h>
-+#ifdef HAVE_NETINET_IP_H
-+# include <netinet/ip.h>
-+#endif
-+#ifdef HAVE_SYS_PARAM_H
-+# include <sys/param.h>
-+#endif
-+])
- AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
- AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
- if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
-@@ -617,7 +630,7 @@ AC_HEADER_DIRENT
- AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \
- glob.h memory.h netinet/ether.h netinet/in_systm.h \
- netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
-- security/pam_appl.h shadow.h \
-+ shadow.h \
- stropts.h sys/tty.h \
- sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
- sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index bcc3a02..957f1fe 100644
--- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -13,23 +13,19 @@
SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2"
SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
- file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
- file://inetutils-1.8-0003-wchar.patch \
- file://rexec.xinetd.inetutils \
+ file://rexec.xinetd.inetutils \
file://rlogin.xinetd.inetutils \
file://rsh.xinetd.inetutils \
file://telnet.xinetd.inetutils \
file://tftpd.xinetd.inetutils \
- file://inetutils-1.9-PATH_PROCNET_DEV.patch \
- file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
-"
+ file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
+ file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
+ "
inherit autotools gettext update-alternatives texinfo
acpaths = "-I ./m4"
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
-
PACKAGECONFIG ??= "ftp uucpd \
${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
@@ -41,21 +37,33 @@
PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
- inetutils_cv_path_login=${base_bindir}/login \
--with-libreadline-prefix=${STAGING_LIBDIR} \
--enable-rpath=no \
-"
+ --with-path-login=${base_bindir}/login \
+ --with-path-cp=${base_bindir}/cp \
+ --with-path-uucico=${libexecdir}/uuico \
+ --with-path-procnet-dev=/proc/net/dev \
+ "
+
+EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx"
# These are horrible for security, disable them
EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \
--disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+# The configure script guesses many paths in cross builds, check for this happening
+do_configure_cross_check() {
+ if grep "may be incorrect because of cross-compilation" ${B}/config.log; then
+ bberror Default path values used, these must be set explicitly
+ fi
+}
+do_configure[postfuncs] += "do_configure_cross_check"
+
+# The --with-path options are not actually options, so this check needs to be silenced
+ERROR_QA:remove = "unknown-configure-option"
+
do_configure:prepend () {
export HELP2MAN='true'
- cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
- install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
- install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
- rm -f ${S}/glob/configure*
}
do_install:append () {