subtree updates july 21 2023 poky,openembedded
poky: 13b646c0e1..b398c7653e:
Adrian Freihofer (2):
runqemu-ifdown: catch up with ifup
runqemu: drop uid parameter for ifdown
Alejandro Hernandez Samaniego (3):
baremetal-helloworld: Fix race condition
runqemu: Stop using warn() since its been deprecated
runqemu: Fix automated call to runqemu-ifup
Alex Kiernan (3):
rootfs: Add debugfs package db file copy and cleanup
rpm: Pick debugfs package db files/dirs explicitly
eudev: Add group sgx to eudev package
Alexander Kanavin (27):
insane.bbclass: enable 32 bit time API check (as a warning) on affected architectures
libxcrypt: upgrade 4.4.34 -> 4.4.35
libxml2: update 2.10.4 -> 2.11.4
ovmf: update 202302 -> 202305
lua: update 5.4.4 -> 5.4.6
cargo.bbclass: set up cargo environment in common do_compile
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
python3-cryptography: update 39.0.2 -> 41.0.1
python3-cryptography-vectors: update 39.0.2 -> 41.0.1
python3: update 3.11.3 -> 3.11.4
diffutils: update 3.9 -> 3.10
shadow: remove dependency on pam-plugin-lastlog
libpam: update 1.5.2 -> 1.5.3
librsvg: update 2.56.0 -> 2.56.1
vulkan-validation-layers: update 1.3.243 -> 1.3.250
xcb-util-cursor: add a recipe from meta-oe
weston: update 11.0.1 -> 12.0.1
libdmx: update 1.1.4 -> 1.1.5
xtrans: update 1.4.0 -> 1.5.0
libproxy: fetch from git
libproxy: update 0.4.18 -> 0.5.2
libssh2: update 1.10.0 -> 1.11.0
gstreamer1.0-plugins-base: enable glx/opengl support
webkitgtk: update 2.38.5 -> 2.40.2
python3-cryptography: update a patch to upstream's better followup fix
time64.inc: annotate and clean up recipe-specific Y2038 exceptions
Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"
Andrej Valek (3):
cve-check: add option to add additional patched CVEs
oeqa/selftest/cve_check: rework test to new cve status handling
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
Anuj Mittal (7):
rpm: backport fix to prevent crashes with latest sqlite
sqlite3: upgrade 3.41.2 -> 3.42.0
vte: upgrade 0.72.1 -> 0.72.2
libpng: upgrade 1.6.39 -> 1.6.40
glib-networking: upgrade 2.76.0 -> 2.76.1
bluez5: upgrade 5.66 -> 5.68
selftest/cases/glibc.py: fix the override syntax
BELOUARGA Mohamed (9):
bitbake: fetch2/npmsw: Add support for the new format of the shrinkwrap file
bitbake: fetch2/npmsw: Don't fetch dev dependencies when they are not demanded
bitbake: fetch2/npm: Remove special caracters that causes recipe tool to fail
recipetool: create: npm: Remove duplicate function to not have future conflicts
classes: npm: Handle peer dependencies for npm packages
recipetool: create: npm: Add support for the new format of the shrinkwrap file
recipetool: create: npm: Add support to handle peer dependencies
classes: npm: Add support for the new format of the shrinkwrap file
classe-recipes: npm: Add support for dependencies and devDependencies
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Bruce Ashfield (19):
perf: fix buildpaths QA warning in 6.4+
linux-libc-headers: bump to 6.4
kernel: fix localversion in v6.3+
linux-yocto: introduce 6.4 reference kernel recipes
linux-yocto/6.4: update to latest
linux-yocto/6.4: aufs6 integration
linux-yocto/6.4: refresh configuration
linux-yocto-rt/6.4: integrate -rt6
linux-yocto/6.4: update to v6.4.2
linux-yocto-tiny/6.4: fix configuration warnings (HID)
linux-yocto-tiny/arm: fix configuration warnings (HID)
linux-yocto/ppc: add elfutils-native to DEPENDS
linux-yocto/6.1: update to v6.1.36
linux-yocto/6.1: update to v6.1.37
linux-yocto/6.1: update to v6.1.38
linux-yocto/6.x: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.4: update to v6.4.3
kernel: set HOSTPKG_CONFIG to use pkg-config-native
linux-yocto/6.4: fix menuconfig
Changqing Li (2):
dnf: only write the log lock to root for native dnf
rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
Denys Dmytriyenko (1):
bitbake: runqueue: convert deferral messages from bb.note to bb.debug
Enrico Scholz (1):
shadow-sysroot: add license information
Etienne Cordonnier (2):
libxcrypt: fix hard-coded ".so" extension
qemu: fix typo
Fabio Estevam (3):
u-boot: Update Upstream-Status
u-boot: Upgrade to 2023.07
u-boot: Upgrade to 2023.07.02
Frederic Martinsons (1):
ptest-cargo.bbclass: fix condition to detect test executable
Joe Slater (1):
ghostscript: advance to version 10.01.2
Jose Quaresma (12):
kernel: config modules directories are handled by kernel-module-split
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: use context manager to open files
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split add systemd modulesloaddir and modprobedir config
pybootchartgui: calcule elapsed_time when starting the loop
pybootchartgui: concatenate the elapsed time with the process
pybootchartgui: fix overlapping argument in render_processes_chart
pybootchartgui: fix width max usage in draw_label_in_box
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
go: update 1.20.5 -> 1.20.6
Julien Stephan (1):
automake: fix buildtest patch
Khem Raj (9):
ffmpeg: Fix build on riscv
libpam: Fix examples build on musl
webkitgtk: Enable JIT on RISCV64
musl: Guard fallocate64 with _LARGEFILE64_SOURCE
alsa-lib: Disable old API symbols
mesa: Fix build with upcoming LLVM 17
meson.bbclass: Point to llvm-config from native sysroot
webkitgtk: Unbreak build on platforms using pvr graphics drivers
python3-lxml: upgrade 4.9.2 -> 4.9.3
Martin Jansa (4):
selftest: multiconfig-image-packager: try to respect IMAGE_LINK_NAME
kernel-devicetree: install dtb files without -${KERNEL_DTB_NAME} suffix
image-artifact-names: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME}
cpio: respect MLPREFIX for PACKAGE_WRITE_DEPS
Michael Halstead (1):
resulttool/resultutils: allow index generation despite corrupt json
Mingli Yu (1):
qemu: Add qemu-user-* and qemu-system-* to PACKAGES_DYNAMIC
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-26965
Ovidiu Panait (5):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
mdadm: re-add mdadm-ptest to PTESTS_SLOW
Peter Hoyes (5):
bitbake: bitbake: tests/fetch: Mark TestTimeout as not a test suite
bitbake: bitbake: tests/fetch: Rename assertRaisesRegexp to assertRaisesRegex
bitbake: bitbake: tests/fetch: Set git config if not already set
bitbake: bitbake: tests: Use assertLogs to test logging output
bitbake: bitbake: Bootstrap pytest for self-tests
Peter Marko (4):
cve-update-nvd2-native: fix cvssV3 metrics
gcsections: apply section removal also in C++, not only in C
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: increase retry count
Piotr Łobacz (1):
bitbake.conf: Add acl distro native features support
Quentin Schulz (1):
uboot-extlinux-config.bbclass: fix old override syntax in comment
Richard Purdie (14):
defaultsetup: Enable largefile and 64bit time_t support systemwide for 32 bit platforms
time64: Disable CFLAGS for strace
bitbake: runqueue: Fix deferred task/multiconfig race issue
strace: Update patches/tests with upstream fixes
bitbake: fetch2/npmsw: Support old and new shrinkwrap formats
ptest-runner: Pull in "runner: Remove threads and mutexes" fix
bitbake: server/process: Show command in timeout message
bitbake: cooker: Log when parsing starts in server log
gcc-testsuite: Fix ppc cpu specification
ptest-runner: Pull in parallel test fixes and output handling
oeqa/selftest/rust: Various fixes to work correctly
bitbake: runqueue: Add pressure change logging
build-appliance-image: Update to master head revision
glibc-testsuite: Fix network restrictions causing test failures
Ross Burton (26):
cve-update-db-native: remove
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: use exact times, don't truncate
ghostscript: remove CVE_CHECK_IGNORE for CVE-2013-6629
pkgconf: update SRC_URI
libjpeg-turbo: upgrade to 3.0.0
cups: upgrade to 2.4.6
tiff: upgrade to 4.5.1
linux-yocto/cve-exclusion: move entries from cve-extra-exclusions
linux-yocto/cve-exclusion: ignore more backported CVEs
python3: fix missing comma in get_module_deps3.py
python3-jsonpointer: upgrade to 2.4
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
cml1: add showconfig task to easily find the generated .config file
rootfs_rpm: don't depend on opkg-native for update-alternatives
poky: add Debian 12 to supported distribution list
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: actually use API keys
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
qemuarm: pin kernel to 6.1
libdmx: remove obsolete library
linux-yocto_6.1: ignore backported CVEs
python3: ignore CVE-2023-36632
ltp: add RDEPENDS on findutils
oeqa/ltp: rewrote LTP testcase and parser
Siddharth Doshi (2):
bind: Upgrade 9.18.15 -> 9.18.16
flac: Upgrade 1.4.2 -> 1.4.3
Soumya (1):
perl: Fix CVE-2023-31486
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Stéphane Veyret (1):
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
Sudip Mukherjee (1):
libssh2: disable rpath to fix curl-native build
Thomas Roos (1):
testimage/oeqa: Drop testimage_dump_host functionality
Tim Orling (10):
python3-pytest-subtests: upgrade 0.10.0 -> 0.11.0
python3-urllib3: upgrade 2.0.2 -> 2.0.3
python3-typing-extensions: upgrade 4.6.3 -> 4.7.0
python3-hypothesis: upgrade 6.79.2 -> 6.80.0
python3-pygments: upgrade 2.14.0 -> 2.15.1
python3-importlib-metadata: upgrade 6.7.0 -> 6.8.0
python3-typing-extensions: upgrade 4.7.0 -> 4.7.1
python3-cryptography{-vectors}: upgrade 41.0.1 -> 41.0.2
python3-zipp: upgrade 3.15.0 -> 3.16.2
python3-hypothesis: upgrade 6.80.0 -> 6.81.2
Trevor Gamblin (15):
python3: add cgitb, zipapp ptest dependencies
qemu: upgrade 8.0.0 -> 8.0.3
python3: parallelize ptests, add test_cppext dependencies
python3-setuptools: upgrade 67.6.1 -> 68.0.0
diffoscope: upgrade 242 -> 243
p11-kit: upgrade 0.24.1 -> 0.25.0
diffoscope: add missing RDEPENDS and alphabetize
linux-firmware: upgrade 20230515 -> 20230625
python3-trove-classifiers: upgrade 2023.5.24 -> 2023.7.6
python3-cython: upgrade 0.29.35 -> 0.29.36
icu: upgrade 72-1 -> 73-2
python3-editables: add python3-io to RDEPENDS
python3: ensure ptest regression capture
diffoscope: upgrade 243 -> 244
xeyes: upgrade 1.2.0 -> 1.3.0
Wang Mingyu (51):
freetype: upgrade 2.13.0 -> 2.13.1
gstreamer1.0: upgrade 1.22.3 -> 1.22.4
kbd: upgrade 2.5.1 -> 2.6.0
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
libmd: upgrade 1.0.4 -> 1.1.0
libsdl2: upgrade 2.26.5 -> 2.28.0
libtraceevent: upgrade 1.7.2 -> 1.7.3
libx11: upgrade 1.8.5 -> 1.8.6
lttng-ust: upgrade 2.13.5 -> 2.13.6
nettle: upgrade 3.9 -> 3.9.1
nghttp2: upgrade 1.53.0 -> 1.54.0
ccache: upgrade 4.8.1 -> 4.8.2
mesa: upgrade 23.1.1 -> 23.1.3
python3-numpy: upgrade 1.24.3 -> 1.25.0
python3-typing-extensions: upgrade 4.6.2 -> 4.6.3
xorgproto: upgrade 2022.2 -> 2023.2
python3-hatchling: upgrade 1.17.0 -> 1.18.0
python3-hypothesis: upgrade 6.75.7 -> 6.79.2
python3-importlib-metadata: upgrade 6.6.0 -> 6.7.0
python3-iso8601: upgrade 1.1.0 -> 2.0.0
python3-markupsafe: upgrade 2.1.2 -> 2.1.3
python3-pluggy: upgrade 1.0.0 -> 1.2.0
python3-pycairo: upgrade 1.23.0 -> 1.24.0
python3-pyparsing: upgrade 3.0.9 -> 3.1.0
python3-pytest: upgrade 7.3.1 -> 7.4.0
python3-ruamel-yaml: upgrade 0.17.31 -> 0.17.32
python3-sphinx-rtd-theme: upgrade 1.2.1 -> 1.2.2
xkeyboard-config: upgrade 2.38 -> 2.39
xwayland: upgrade 23.1.1 -> 23.1.2
wayland-protocols: upgrade 1.31 -> 1.32
taglib: upgrade 1.13 -> 1.13.1
libxcrypt: upgrade 4.4.35 -> 4.4.36
msmtp: upgrade 1.8.23 -> 1.8.24
libwebp: upgrade 1.3.0 -> 1.3.1
libuv: upgrade 1.45.0 -> 1.46.0
acpica: upgrade 20230331 -> 20230628
libnss-nis: upgrade 3.1 -> 3.2
harfbuzz: upgrade 7.3.0 -> 8.0.1
libproxy: upgrade 0.5.2 -> 0.5.3
nghttp2: upgrade 1.54.0 -> 1.55.1
debianutils: upgrade 5.7 -> 5.8
glib-2.0: upgrade 2.76.3 -> 2.76.4
python3-pip: upgrade 23.1.2 -> 23.2
opkg: upgrade 0.6.1 -> 0.6.2
opkg-utils: upgrade 0.5.0 -> 0.6.2
python3-editables: upgrade 0.3 -> 0.4
python3-git: upgrade 3.1.31 -> 3.1.32
python3-numpy: upgrade 1.25.0 -> 1.25.1
repo: upgrade 2.34.1 -> 2.35
libva: upgrade to 2.19.0
Yash Shinde (1):
oeqa/selftest: Add rust selftests
Yi Zhao (1):
ifupdown: install missing directories
Yoann Congal (2):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
meta-openembedded: 2638d458a5..0e3f5e5201:
Alex Kiernan (1):
ostree: Upgrade 2023.4 -> 2023.5
Archana Polampalli (1):
tcpreplay: upgrade 4.4.3 -> 4.4.4
Beniamin Sandu (1):
mbedtls: fix builds with crypto extensions
Bruce Ashfield (1):
vboxguestdrivers: fix compilation against 6.4 kernel / headers
Carlos Rafael Giani (3):
pipewire: Disable libmysofa since it is not available in OE
pipewire: Improve packageconfigs
pipewire: Add dedicated aes67 package and fix rlimits.d package assignment
Chee Yang Lee (1):
rabbitmq-c: Fix CVE-2023-35789
Jasper Orschulko (8):
python3-pytest-cov: Add initial recipe 4.1.0
python3-covdefaults: Add initial recipe 2.3.0
python3-platformdirs: Fix recipe version 3.6.0
python3-distlib: Add initial recipe 0.3.6
python3-filelock: Add initial recipe 3.12.0
python3-virtualenv: Add initial recipe 20.23.0
python3-pyproject-api: Add initial recipe 1.5.1
python3-tox: Add initial recipe 4.6.0
Joe Slater (1):
libgpiod: modify RDEPENDS for ptest
Justin Bronder (2):
python3-asyncinotify: upgrade 3.0.1 -> 4.0.2
python3-pytest-asyncio: upgrade 0.16.0 -> 0.21.1
Kai Kang (2):
libtimezonemap: rename downloaded file name
fltk-native: fix libdl link issue
Khem Raj (33):
gupnp-av: Fix build with libxml2-2.11 and newer
xcb-util-cursor: Delete recipe
pidgin-sipe: Add packageconfig to turn Werror on/off
fbida: Fix build on musl
pcp: Update to 6.0.5
geos: Upgrade to 3.12.0
ctags: Extend to build native package
libcoap: Build linker symbol file explicitly
geos: Use cmake directly
pcp: Fix build race
sblim-sfcc: Fix build with clang17
minifi-cpp: Fix build with clang 17
python3-grpcio-tools: Upgrade to 1.56.0
python3-grpcio: Upgrade to 1.56.0
python3-grpcio: Fix build on musl
python3-grpcio-tools: Fix build with musl
thin-provisioning-tools: Upgrade to 1.0.4
thin-provisioning-tools: Fix build on musl.
pcp: Disable parallel build
crash: Fix build with glibc 2.38+
breakpad: Update to latest trunk
python3-requests-toolbelt: Fix ptest failures seen with urllib3 2.0
ptest-packagelists-meta-oe: Limit mcelog to x86/x86_64
graphviz: Upgrade to 8.1.0 release
emlog: Update to latest to fix build with 6.4 kernel
dlm: Upgrade to 4.2.0
mdio-tools: Update to latest on trunk
dlm: Fix build with linux kernel 6.4+
dlm: Do not pass -fcf-protection=full via Makefile
dlm: Do not use -fcf-protection=full on arm platforms
zfs: Update to 2.2.0 rc1
zfs: Disable builds on aarch64 for now
dhcp-relay: Pass cross configure flags to bind build
Luke Schaefer (1):
nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com>
Marek Vasut (4):
lvgl: Factor out and unify lv-drivers configuration
lvgl: Add default input device configuration option
linux-serial-test: Update to latest git revision
libiio: enable c++ bindings
Markus Volk (10):
pipewire: upgrade 0.3.71 -> 0.3.72
pipewire: upgrade 0.3.72 -> 0.3.73
gnome-software: upgrade 44.2 -> 44.3
eog: upgrade 44.2 -> 44.3
spdlog: upgrade 1.11.0 -> 1.12.0
flatpak: update dependencies
gnome-control-center: upgrade 44.2 -> 44.3
gnome-shell: upgrade 44.2 -> 44.3
mutter: upgrade 44.2 -> 44.3
gnome-settings-daemon: upgrade 44.0 -> 44.1
Martin Jansa (4):
nodejs: use PIE for host binaries
gupnp: backport a fix not to use deprecated xmlReadMemory
pidgin-sipe: allow to build with libxml2-2.11
raptor2: backport a fix to build with libxml2-2.11
Michael Haener (1):
nginx: upgrade to 1.24.0 release
Michael Weiß (1):
pv: Show progress bar even if no terminal is set as in 1.6.6
Mingli Yu (1):
snort: Add systemd unit file
Peter Kjellerstedt (1):
cppzmq: Move the version to the recipe file name
Petr Gotthard (2):
python3-pyroute2: upgrade 0.5.19 -> 0.7.9
networkmanager: upgrade 1.42.6 -> 1.42.8
Ricardo Salveti (1):
lshw: bump to b4e0673
Ross Burton (5):
poppler: fix missing include
libpaper: remove redundant autoreconf --install
liblbxutil: remove obsolete library
xsetmode: remove obsolete utility
libxkbui: remove obsolete recipe
Tim Orling (1):
python3-argh: upgrade 0.26.2 -> 0.28.1
Trevor Gamblin (9):
python3-alembic: upgrade 1.10.4 -> 1.11.1
python3-sqlalchemy: upgrade 2.0.15 -> 2.0.19
python3-argcomplete: upgrade 3.1.0 -> 3.1.1
python3-arpeggio: upgrade 2.0.0 -> 2.0.2
python3-astroid: upgrade 2.15.5 -> 2.15.6
python3-autobahn: upgrade 23.6.1 -> 23.6.2
python3-bandit: upgrade 1.7.4 -> 1.7.5
python3-bandit: add python3-rich to RDEPENDS
python3-bitarray: upgrade 2.7.3 -> 2.7.6
Wang Mingyu (44):
cppzmq: upgrade 4.9.0 -> 4.10.0
iwd: upgrade 2.5 -> 2.6
libburn: upgrade 1.5.4 -> 1.5.6
libzip: upgrade 1.9.2 -> 1.10.0
openfortivpn: upgrade 1.20.3 -> 1.20.5
psqlodbc: upgrade 13.02.0000 -> 15.00.0000
python3-aenum: upgrade 3.1.12 -> 3.1.14
python3-can: upgrade 4.2.1 -> 4.2.2
python3-google-api-python-client: upgrade 2.89.0 -> 2.90.0
python3-h5py: upgrade 3.8.0 -> 3.9.0
python3-natsort: upgrade 8.3.1 -> 8.4.0
python3-pymodbus: upgrade 3.3.1 -> 3.3.2
python3-pymongo: upgrade 4.3.3 -> 4.4.0
python3-pyscaffold: upgrade 4.4.1 -> 4.5
python3-pyzstd: upgrade 0.15.7 -> 0.15.9
python3-requests-futures: upgrade 1.0.0 -> 1.0.1
python3-sentry-sdk: upgrade 1.25.1 -> 1.26.0
python3-zeroconf: upgrade 0.68.0 -> 0.69.0
weechat: upgrade 3.8 -> 4.0.0
python3-platformdirs: upgrade 3.6.0 -> 3.8.0
renderdoc: upgrade 1.13 -> 1.27
gegl: upgrade 0.4.44 -> 0.4.46
gvfs: upgrade 1.50.4 -> 1.51.1
weechat: upgrade 4.0.0 -> 4.0.1
avro-c: upgrade 1.11.1 -> 1.11.2
glfw: upgrade 3.3 -> 3.3.8
hwloc: upgrade 2.9.1 -> 2.9.2
minicoredumper: upgrade 2.0.3 -> 2.0.6
thingsboard-gateway: upgrade 3.2 -> 3.3
xterm: upgrade 382 -> 383
passwdqc: upgrade 2.0.2 -> 2.0.3
python3-aenum: upgrade 3.1.14 -> 3.1.15
python3-configargparse : upgrade 1.5.3 -> 1.5.5
python3-elementpath: upgrade 4.1.3 -> 4.1.4
python3-google-api-python-client: upgrade 2.90.0 -> 2.92.0
python3-google-auth: upgrade 2.20.0 -> 2.21.0
python3-joblib: upgrade 1.2.0 -> 1.3.1
python3-pillow: upgrade 9.5.0 -> 10.0.0
python3-redis: upgrade 4.5.5 -> 4.6.0
python3-tox: upgrade 4.6.0 -> 4.6.3
python3-virtualenv: upgrade 20.23.0 -> 20.23.1
python3-zeroconf: upgrade 0.69.0 -> 0.70.0
libyang: Fix install conflict when enable multilib.
php: Fix install conflict when enable multilib.
Wolfgang Meyer (4):
fbida: Switch to git fetcher
fbida: build with meson
fbida: SRC_REV bump ac9005b..eb769e3
fbida: make fbpdf build optional
Yi Zhao (6):
conntrack-tools: add systemd unit file
conntrack-tools: add required kernel modules to RRECOMMENDS
frr: upgrade 8.4.2 -> 8.4.4
mbedtls: upgrade 2.28.2 -> 2.28.3
open-vm-tools: Security fix CVE-2023-20867
samba: upgrade 4.18.3 -> 4.18.4
Zoltán Böszörményi (1):
opencv: 4.8.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I48c2ba4573ee81b637b1ba890c312f491004f666
diff --git a/poky/meta/recipes-extended/acpica/acpica_20230331.bb b/poky/meta/recipes-extended/acpica/acpica_20230628.bb
similarity index 94%
rename from poky/meta/recipes-extended/acpica/acpica_20230331.bb
rename to poky/meta/recipes-extended/acpica/acpica_20230628.bb
index 01b8833..06db99c 100644
--- a/poky/meta/recipes-extended/acpica/acpica_20230331.bb
+++ b/poky/meta/recipes-extended/acpica/acpica_20230628.bb
@@ -17,7 +17,7 @@
DEPENDS = "m4-native flex-native bison-native"
SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
-SRC_URI[sha256sum] = "0c5d695d605aaa61709f3c63f57a1a99b8902291723998446b0813b57ac310e2"
+SRC_URI[sha256sum] = "86876a745e3d224dcfd222ed3de465b47559e85811df2db9820ef09a9dff5cce"
UPSTREAM_CHECK_URI = "https://acpica.org/downloads"
diff --git a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
index 4182372..c5d3e04 100644
--- a/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
+++ b/poky/meta/recipes-extended/baremetal-example/baremetal-helloworld_git.bb
@@ -4,7 +4,7 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=39346640a23c701e4f459e05f56f4449"
-SRCREV = "ea7f59b02467ed1fb36c3b4c6d5cabe702df26ec"
+SRCREV = "fc7c43d138185028b6ac14c83f6492fce26eca95"
PV = "0.1+git${SRCPV}"
SRC_URI = "git://github.com/ahcbb6/baremetal-helloqemu.git;protocol=https;branch=master"
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.14.bb b/poky/meta/recipes-extended/cpio/cpio_2.14.bb
index e55fb70..560038d 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.14.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.14.bb
@@ -16,8 +16,7 @@
inherit autotools gettext texinfo ptest
-# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us
-CVE_CHECK_IGNORE += "CVE-2010-4226"
+CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS"
EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
@@ -66,7 +65,7 @@
# The tests need to run as a non-root user, so pull in the ptest user
DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' ptest-runner', '', d)}"
-PACKAGE_WRITE_DEPS += "ptest-runner"
+PACKAGE_WRITE_DEPS:append:class-target = " ${MLPREFIX}ptest-runner"
RDEPENDS:${PN}-ptest += "ptest-runner"
diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index d77758f..36feadd 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -15,19 +15,15 @@
file://0004-cups-fix-multilib-install-file-conflicts.patch \
file://volatiles.99_cups \
file://cups-volatiles.conf \
- file://CVE-2023-32324.patch \
"
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
-# Issue only applies to MacOS
-CVE_CHECK_IGNORE += "CVE-2008-1033"
-# Issue affects pdfdistiller plugin used with but not part of cups
-CVE_CHECK_IGNORE += "CVE-2009-0032"
-# This is an Ubuntu only issue.
-CVE_CHECK_IGNORE += "CVE-2018-6553"
-# This is fixed in 2.4.2 but the cve-check class still reports it
-CVE_CHECK_IGNORE += "CVE-2022-26691"
+CVE_STATUS[CVE-2008-1033] = "not-applicable-platform: Issue only applies to MacOS"
+CVE_STATUS[CVE-2009-0032] = "cpe-incorrect: Issue affects pdfdistiller plugin used with but not part of cups"
+CVE_STATUS[CVE-2018-6553] = "not-applicable-platform: This is an Ubuntu only issue"
+CVE_STATUS[CVE-2022-26691] = "fixed-version: This is fixed in 2.4.2 but the cve-check class still reports it"
+CVE_STATUS[CVE-2021-25317] = "not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply."
LEAD_SONAME = "libcupsdriver.so"
@@ -115,7 +111,3 @@
cups_sysroot_preprocess () {
sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
}
-
-# -25317 concerns /var/log/cups having lp ownership. Our /var/log/cups is
-# root:root, so this doesn't apply.
-CVE_CHECK_IGNORE += "CVE-2021-25317"
diff --git a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
deleted file mode 100644
index 40b89c9..0000000
--- a/poky/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Thu, 1 Jun 2023 12:04:00 +0200
-Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
-
-CVE: CVE-2023-32324
-Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589]
-
-(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e)
-Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
----
- cups/string.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/cups/string.c b/cups/string.c
-index 93cdad19..6ef58515 100644
---- a/cups/string.c
-+++ b/cups/string.c
-@@ -1,6 +1,7 @@
- /*
- * String functions for CUPS.
- *
-+ * Copyright © 2023 by OpenPrinting.
- * Copyright © 2007-2019 by Apple Inc.
- * Copyright © 1997-2007 by Easy Software Products.
- *
-@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
- size_t srclen; /* Length of source string */
-
-
-+ if (size == 0)
-+ return (0);
-+
- /*
- * Figure out how much room is needed...
- */
diff --git a/poky/meta/recipes-extended/cups/cups_2.4.2.bb b/poky/meta/recipes-extended/cups/cups_2.4.2.bb
deleted file mode 100644
index f5ca749..0000000
--- a/poky/meta/recipes-extended/cups/cups_2.4.2.bb
+++ /dev/null
@@ -1,5 +0,0 @@
-require cups.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-
-SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908"
diff --git a/poky/meta/recipes-extended/cups/cups_2.4.6.bb b/poky/meta/recipes-extended/cups/cups_2.4.6.bb
new file mode 100644
index 0000000..58029fd
--- /dev/null
+++ b/poky/meta/recipes-extended/cups/cups_2.4.6.bb
@@ -0,0 +1,5 @@
+require cups.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262"
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index 8b88c30..3279323 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
+From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -12,23 +12,18 @@
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
---
- tests/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ tests/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d98df82..757ea52 100644
+index 79bacfb..4adb4d7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,9 +21,11 @@ TESTS = \
+@@ -22,7 +22,6 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
timezone \
- colors
-+# Skipping this test since it requires valgrind
-+# and thus is too heavy for diffutils package
-+# strip-trailing-cr
-
- XFAIL_TESTS = large-subopt
-
+ colors \
+ y2038-vs-32bit
diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
similarity index 93%
rename from poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
rename to poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
index 2bb9e6f..08e8305 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
+++ b/poky/meta/recipes-extended/diffutils/diffutils_3.10.bb
@@ -8,7 +8,7 @@
file://0001-Skip-strip-trailing-cr-test-case.patch \
"
-SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
+SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
similarity index 93%
rename from poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
rename to poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index f03ebf4..fdbdfb6 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -18,9 +18,6 @@
UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
-# We use a system libjpeg-turbo which has this fix
-CVE_CHECK_IGNORE += "CVE-2013-6629"
-
def gs_verdir(v):
return "".join(v.split("."))
@@ -30,7 +27,7 @@
file://avoid-host-contamination.patch \
"
-SRC_URI[sha256sum] = "4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
+SRC_URI[sha256sum] = "a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661"
PACKAGECONFIG ??= ""
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
diff --git a/poky/meta/recipes-extended/iputils/iputils_20221126.bb b/poky/meta/recipes-extended/iputils/iputils_20221126.bb
index cd5fe9b..7d94271 100644
--- a/poky/meta/recipes-extended/iputils/iputils_20221126.bb
+++ b/poky/meta/recipes-extended/iputils/iputils_20221126.bb
@@ -17,9 +17,8 @@
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)"
-# Fixed in 2000-10-10, but the versioning of iputils
-# breaks the version order.
-CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
+CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
+CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
PACKAGECONFIG ??= "libcap"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
diff --git a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
index d0afb3c..f0e687c 100644
--- a/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
+++ b/poky/meta/recipes-extended/libnss-nis/libnss-nis.bb
@@ -13,9 +13,9 @@
SECTION = "libs"
DEPENDS += "libtirpc libnsl2"
-PV = "3.1+git${SRCPV}"
+PV = "3.2"
-SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad"
+SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59"
SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \
"
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
index f55e0b0..d466905 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
@@ -14,8 +14,7 @@
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/"
SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3"
-# Was fixed in 1.3.3rc1 so not present in 1.3.3
-CVE_CHECK_IGNORE += "CVE-2021-46828"
+CVE_STATUS[CVE-2021-46828] = "fixed-version: fixed in 1.3.3rc1 so not present in 1.3.3"
inherit autotools pkgconfig
diff --git a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
index f0755e3..10a6149 100644
--- a/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
+++ b/poky/meta/recipes-extended/logrotate/logrotate_3.21.0.bb
@@ -16,8 +16,9 @@
SRC_URI[sha256sum] = "8fa12015e3b8415c121fc9c0ca53aa872f7b0702f543afda7e32b6c4900f6516"
-# These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used
-CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE"
+CVE_STATUS_RECIPE = "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
+CVE_STATUS_RECIPE[status] = "not-applicable-platform: CVE is debian, gentoo or SUSE specific on the way logrotate was installed/used"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)}"
diff --git a/poky/meta/recipes-extended/ltp/ltp_20230516.bb b/poky/meta/recipes-extended/ltp/ltp_20230516.bb
index ddc6523..e9407d3 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20230516.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20230516.bb
@@ -93,6 +93,7 @@
e2fsprogs-mke2fs \
expect \
file \
+ findutils \
gawk \
gdb \
gzip \
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 0000000..cea435f
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 88 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose);
+
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks,
+ return 1;
+ }
+
++static int
++validate_geometry_ddf_container(struct supertype *st,
++ int level, int raiddisks,
++ unsigned long long data_offset,
++ char *dev, unsigned long long *freesize,
++ int verbose)
++{
++ int fd;
++ unsigned long long ldsize;
++
++ if (level != LEVEL_CONTAINER)
++ return 0;
++ if (!dev)
++ return 1;
++
++ fd = dev_open(dev, O_RDONLY|O_EXCL);
++ if (fd < 0) {
++ if (verbose)
++ pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++ return 0;
++ }
++ if (!get_dev_size(fd, dev, &ldsize)) {
++ close(fd);
++ return 0;
++ }
++ close(fd);
++ if (freesize) {
++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++ if (*freesize == 0)
++ return 0;
++ }
++
++ return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+ /* Must be a fresh device to add to a container */
+- return validate_geometry_ddf_container(st, level, layout,
+- raiddisks, *chunk,
+- size, data_offset, dev,
+- freesize,
+- verbose);
++ return validate_geometry_ddf_container(st, level, raiddisks,
++ data_offset, dev,
++ freesize, verbose);
+ }
+
+ if (!dev) {
+@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ return 1;
+ }
+
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose)
+-{
+- int fd;
+- unsigned long long ldsize;
+-
+- if (level != LEVEL_CONTAINER)
+- return 0;
+- if (!dev)
+- return 1;
+-
+- fd = dev_open(dev, O_RDONLY|O_EXCL);
+- if (fd < 0) {
+- if (verbose)
+- pr_err("ddf: Cannot open %s: %s\n",
+- dev, strerror(errno));
+- return 0;
+- }
+- if (!get_dev_size(fd, dev, &ldsize)) {
+- close(fd);
+- return 0;
+- }
+- close(fd);
+- if (freesize) {
+- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
+- if (*freesize == 0)
+- return 0;
+- }
+-
+- return 1;
+-}
+-
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
new file mode 100644
index 0000000..fafe88b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
@@ -0,0 +1,56 @@
+From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:08 -0600
+Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in
+ validate_geometry_ddf()
+
+A relatively recent patch added a call to validate_geometry() in
+Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL.
+
+This causes some ddf tests to segfault which aborts the test suite.
+
+To fix this, avoid dereferencing chunk when the level is
+LEVEL_CONTAINER or LEVEL_NONE.
+
+Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container")
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 65cf727..3ef1293 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ * If given BVDs, we make an SVD, changing all the GUIDs in the process.
+ */
+
+- if (*chunk == UnSet)
+- *chunk = DEFAULT_CHUNK;
+-
+ if (level == LEVEL_NONE)
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ freesize, verbose);
+ }
+
++ if (*chunk == UnSet)
++ *chunk = DEFAULT_CHUNK;
++
+ if (!dev) {
+ mdu_array_info_t array = {
+ .level = level,
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
new file mode 100644
index 0000000..a954ab0
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
@@ -0,0 +1,91 @@
+From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:09 -0600
+Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork
+
+The test 07reshape-grow fails most of the time. But it succeeds around
+1 in 5 times. When it does succeed, it causes the tests to die because
+mdadm has segfaulted.
+
+The segfault was caused by mdadm attempting to repoen a file
+descriptor that was already closed. The backtrace of the segfault
+was:
+
+ #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
+ #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956
+ #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0)
+ at util.c:1072
+ #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079
+ #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244
+ #5 0x000056146e329f36 in start_array (mdfd=4,
+ mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860,
+ st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0,
+ bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5,
+ sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90,
+ clean=1, avail=0x56146fc78720 "\001\001\001\001\001",
+ start_partial_ok=0, err_ok=0, was_forced=0)
+ at Assemble.c:1206
+ #6 0x000056146e32c36e in Assemble (st=0x56146fc78660,
+ mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70,
+ devlist=0x56146fc6e2d0, c=0x7ffc55342e90)
+ at Assemble.c:1914
+ #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238)
+ at mdadm.c:1510
+
+The file descriptor was closed early in Grow_continue(). The noted commit
+moved the close() call to close the fd above the fork which caused the
+parent process to return with a closed fd.
+
+This meant reshape_array() and Grow_continue() would return in the parent
+with the fd forked. The fd would eventually be passed to reopen_mddev()
+which returned an unhandled NULL from fd2devnm() which would then be
+dereferenced in devnm2devid.
+
+Fix this by moving the close() call below the fork. This appears to
+fix the 07revert-grow test. While we're at it, switch to using
+close_fd() to invalidate the file descriptor.
+
+Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time")
+Cc: Alex Wu <alexwu@synology.com>
+Cc: BingJing Chang <bingjingc@synology.com>
+Cc: Danny Shih <dannyshih@synology.com>
+Cc: ChangSyun Peng <allenpeng@synology.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Grow.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Grow.c b/Grow.c
+index 9c6fc95..a8e4e83 100644
+--- a/Grow.c
++++ b/Grow.c
+@@ -3501,7 +3501,6 @@ started:
+ return 0;
+ }
+
+- close(fd);
+ /* Now we just need to kick off the reshape and watch, while
+ * handling backups of the data...
+ * This is all done by a forked background process.
+@@ -3522,6 +3521,9 @@ started:
+ break;
+ }
+
++ /* Close unused file descriptor in the forked process */
++ close_fd(&fd);
++
+ /* If another array on the same devices is busy, the
+ * reshape will wait for them. This would mean that
+ * the first section that we suspend will stay suspended
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
new file mode 100644
index 0000000..72cb40f
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
@@ -0,0 +1,42 @@
+From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:10 -0600
+Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks
+
+Not all struct superswitch implement a get_bad_blocks() function,
+yet mdmon seems to call it without checking for NULL and thus
+occasionally segfaults in the test 10ddf-geometry.
+
+Fix this by checking for NULL before calling it.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ monitor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/monitor.c b/monitor.c
+index afc3e50..8e43c0d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi)
+ struct md_bb *bb;
+ int i;
+
++ if (!ss->get_bad_blocks)
++ return -1;
++
+ /*
+ * Get a list of bad blocks for an array, then read list of
+ * acknowledged bad blocks from kernel and compare it against metadata
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 0000000..c55bfb1
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ test | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
++++ b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f $targetdir/log $logdir/$_basename.log
+- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++ [ "$ctrl_c_error" == "1" ] && exit 1
++ [ "$_fail" == "1" -a "$exitonerror" == "1" \
++ -a "$_broken" == "0" ] && exit 1
+ fi
+ }
+
+@@ -117,6 +138,8 @@ do_help() {
+ --logdir=directory Directory to save all logfiles in
+ --save-logs Usually use with --logdir together
+ --keep-going | --no-error Don't stop on error, ie. run all tests
++ --skip-broken Skip tests that are known to be broken
++ --skip-always-broken Skip tests that are known to always fail
+ --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk
+ --disks= Provide a bunch of physical devices for test
+ --volgroup=name LVM volume group for LVM test
+@@ -211,6 +234,12 @@ parse_args() {
+ --keep-going | --no-error )
+ exitonerror=0
+ ;;
++ --skip-broken )
++ skipbroken=all
++ ;;
++ --skip-always-broken )
++ skipbroken=always
++ ;;
+ --disable-multipath )
+ unset MULTIPATH
+ ;;
+@@ -275,7 +304,11 @@ main() {
+ if [ $script == "$testdir/11spare-migration" ];then
+ continue
+ fi
+- do_test $script
++ case $script in
++ *.broken) ;;
++ *)
++ do_test $script
++ esac
+ done
+ fi
+
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
new file mode 100644
index 0000000..115b23b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
@@ -0,0 +1,454 @@
+From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:19 -0600
+Subject: [PATCH 6/6] tests: Add broken files for all broken tests
+
+Each broken file contains the rough frequency of brokeness as well
+as a brief explanation of what happens when it breaks. Estimates
+of failure rates are not statistically significant and can vary
+run to run.
+
+This is really just a view from my window. Tests were done on a
+small VM with the default loop devices, not real hardware. We've
+seen different kernel configurations can cause bugs to appear as well
+(ie. different block schedulers). It may also be that different race
+conditions will be seen on machines with different performance
+characteristics.
+
+These annotations were done with the kernel currently in md/md-next:
+
+ facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()")
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ tests/01r5integ.broken | 7 ++++
+ tests/01raid6integ.broken | 7 ++++
+ tests/04r5swap.broken | 7 ++++
+ tests/07autoassemble.broken | 8 ++++
+ tests/07autodetect.broken | 5 +++
+ tests/07changelevelintr.broken | 9 +++++
+ tests/07changelevels.broken | 9 +++++
+ tests/07reshape5intr.broken | 45 ++++++++++++++++++++++
+ tests/07revert-grow.broken | 31 +++++++++++++++
+ tests/07revert-shrink.broken | 9 +++++
+ tests/07testreshape5.broken | 12 ++++++
+ tests/09imsm-assemble.broken | 6 +++
+ tests/09imsm-create-fail-rebuild.broken | 5 +++
+ tests/09imsm-overlap.broken | 7 ++++
+ tests/10ddf-assemble-missing.broken | 6 +++
+ tests/10ddf-fail-create-race.broken | 7 ++++
+ tests/10ddf-fail-two-spares.broken | 5 +++
+ tests/10ddf-incremental-wrong-order.broken | 9 +++++
+ tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++
+ tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++
+ tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++
+ tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++
+ tests/19raid6auto-repair.broken | 5 +++
+ tests/19raid6repair.broken | 5 +++
+ 24 files changed, 226 insertions(+)
+ create mode 100644 tests/01r5integ.broken
+ create mode 100644 tests/01raid6integ.broken
+ create mode 100644 tests/04r5swap.broken
+ create mode 100644 tests/07autoassemble.broken
+ create mode 100644 tests/07autodetect.broken
+ create mode 100644 tests/07changelevelintr.broken
+ create mode 100644 tests/07changelevels.broken
+ create mode 100644 tests/07reshape5intr.broken
+ create mode 100644 tests/07revert-grow.broken
+ create mode 100644 tests/07revert-shrink.broken
+ create mode 100644 tests/07testreshape5.broken
+ create mode 100644 tests/09imsm-assemble.broken
+ create mode 100644 tests/09imsm-create-fail-rebuild.broken
+ create mode 100644 tests/09imsm-overlap.broken
+ create mode 100644 tests/10ddf-assemble-missing.broken
+ create mode 100644 tests/10ddf-fail-create-race.broken
+ create mode 100644 tests/10ddf-fail-two-spares.broken
+ create mode 100644 tests/10ddf-incremental-wrong-order.broken
+ create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken
+ create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken
+ create mode 100644 tests/19raid6auto-repair.broken
+ create mode 100644 tests/19raid6repair.broken
+
+diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken
+new file mode 100644
+index 0000000..2073763
+--- /dev/null
++++ b/tests/01r5integ.broken
+@@ -0,0 +1,7 @@
++fails rarely
++
++Fails about 1 in every 30 runs with a sha mismatch error:
++
++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match
++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3
++ missing
+diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken
+new file mode 100644
+index 0000000..1df735f
+--- /dev/null
++++ b/tests/01raid6integ.broken
+@@ -0,0 +1,7 @@
++fails infrequently
++
++Fails about 1 in 5 with a sha mismatch:
++
++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match
++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and
++ /dev/loop3 missing
+diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken
+new file mode 100644
+index 0000000..e38987d
+--- /dev/null
++++ b/tests/04r5swap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 has no superblock - assembly aborted
++
++ ERROR: no recovery happening
+diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken
+new file mode 100644
+index 0000000..8be0940
+--- /dev/null
++++ b/tests/07autoassemble.broken
+@@ -0,0 +1,8 @@
++always fails
++
++Prints lots of messages, but the array doesn't assemble. Error
++possibly related to:
++
++ mdadm: /dev/md/1 is busy - skipping
++ mdadm: no recogniseable superblock on /dev/md/testing:0
++ mdadm: /dev/md/2 is busy - skipping
+diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken
+new file mode 100644
+index 0000000..294954a
+--- /dev/null
++++ b/tests/07autodetect.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ ERROR: no resync happening
+diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken
+new file mode 100644
+index 0000000..284b490
+--- /dev/null
++++ b/tests/07changelevelintr.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 56832
++
++ ERROR: no reshape happening
+diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken
+new file mode 100644
+index 0000000..9b930d9
+--- /dev/null
++++ b/tests/07changelevels.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata
++
++ ERROR: /dev/md0 isn't a block device.
+diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken
+new file mode 100644
+index 0000000..efe52a6
+--- /dev/null
++++ b/tests/07reshape5intr.broken
+@@ -0,0 +1,45 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex
++held")
++
++The new error is simply:
++
++ ERROR: no reshape happening
++
++Before the patch, the error seen is below.
++
++--
++
++fails infrequently
++
++Fails roughly 1 in 4 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: cannot re-read metadata from /dev/loop6 - aborting
++
++ ERROR: no reshape happening
++
++Also have seen a random deadlock:
++
++ INFO: task mdadm:109702 blocked for more than 30 seconds.
++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040
++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000
++ Call Trace:
++ <TASK>
++ __schedule+0x67e/0x13b0
++ schedule+0x82/0x110
++ mddev_suspend+0x2e1/0x330
++ suspend_lo_store+0xbd/0x140
++ md_attr_store+0xcb/0x130
++ sysfs_kf_write+0x89/0xb0
++ kernfs_fop_write_iter+0x202/0x2c0
++ new_sync_write+0x222/0x330
++ vfs_write+0x3bc/0x4d0
++ ksys_write+0xd9/0x180
++ __x64_sys_write+0x43/0x50
++ do_syscall_64+0x3b/0x90
++ entry_SYSCALL_64_after_hwframe+0x44/0xae
+diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken
+new file mode 100644
+index 0000000..9b6db86
+--- /dev/null
++++ b/tests/07revert-grow.broken
+@@ -0,0 +1,31 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held")
++
++The errors are:
++
++ mdadm: No active reshape to revert on /dev/loop0
++ ERROR: active raid5 not found
++
++Before the patch, the error seen is below.
++
++--
++
++fails rarely
++
++Fails about 1 in every 30 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory
++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument
++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it
++ (use --run to insist).
++
++ grep: /sys/block/md*/md/sync_action: No such file or directory
++
++ ERROR: active raid5 not found
+diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken
+new file mode 100644
+index 0000000..c33c39e
+--- /dev/null
++++ b/tests/07revert-shrink.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 53760
++
++ ERROR: active raid5 not found
+diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken
+new file mode 100644
+index 0000000..a8ce03e
+--- /dev/null
++++ b/tests/07testreshape5.broken
+@@ -0,0 +1,12 @@
++always fails
++
++Test seems to run 'test_stripe' at $dir directory, but $dir is never
++set. If $dir is adjusted to $PWD, the test still fails with:
++
++ mdadm: /dev/loop2 is not suitable for this array.
++ mdadm: create aborted
++ ++ return 1
++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile
++ ++ echo cmp failed
++ cmp failed
++ ++ exit 2
+diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken
+new file mode 100644
+index 0000000..a6d4d5c
+--- /dev/null
++++ b/tests/09imsm-assemble.broken
+@@ -0,0 +1,6 @@
++fails infrequently
++
++Fails roughly 1 in 10 runs with errors:
++
++ mdadm: /dev/loop2 is still in use, cannot remove.
++ /dev/loop2 removal from /dev/md/container should have succeeded
+diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken
+new file mode 100644
+index 0000000..40c4b29
+--- /dev/null
++++ b/tests/09imsm-create-fail-rebuild.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ **Error**: Array size mismatch - expected 3072, actual 16384
+diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken
+new file mode 100644
+index 0000000..e7ccab7
+--- /dev/null
++++ b/tests/09imsm-overlap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ **Error**: Offset mismatch - expected 15360, actual 0
++ **Error**: Offset mismatch - expected 15360, actual 0
++ /dev/md/vol3 failed check
+diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken
+new file mode 100644
+index 0000000..bfd8d10
+--- /dev/null
++++ b/tests/10ddf-assemble-missing.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with errors:
++
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
+diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken
+new file mode 100644
+index 0000000..6c0df02
+--- /dev/null
++++ b/tests/10ddf-fail-create-race.broken
+@@ -0,0 +1,7 @@
++usually fails
++
++Fails about 9 out of 10 times with many errors:
++
++ mdadm: cannot open MISSING: No such file or directory
++ ERROR: non-degraded array found
++ ERROR: disk 0 not marked as failed in meta data
+diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken
+new file mode 100644
+index 0000000..eeea56d
+--- /dev/null
++++ b/tests/10ddf-fail-two-spares.broken
+@@ -0,0 +1,5 @@
++fails infrequently
++
++Fails roughly 1 in 3 with error:
++
++ ERROR: /dev/md/vol1 should be optimal in meta data
+diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken
+new file mode 100644
+index 0000000..a5af3ba
+--- /dev/null
++++ b/tests/10ddf-incremental-wrong-order.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++ ERROR: sha1sum of /dev/md/vol0 has changed
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8
++ ERROR: unexpected number of online disks on /dev/loop8
++ ERROR: sha1sum of /dev/md/vol0 has changed
+diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken
+new file mode 100644
+index 0000000..4ef1d40
+--- /dev/null
++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk")
+diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..89cd4e5
+--- /dev/null
++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..a27399f
+--- /dev/null
++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+@@ -0,0 +1,5 @@
++fails rarely
++
++Fails about 1 run in 100 with message:
++
++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0
+diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+new file mode 100644
+index 0000000..aa1982e
+--- /dev/null
++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6auto-repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+--
+2.39.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/run-ptest b/poky/meta/recipes-extended/mdadm/files/run-ptest
index fae8071..2380c32 100644
--- a/poky/meta/recipes-extended/mdadm/files/run-ptest
+++ b/poky/meta/recipes-extended/mdadm/files/run-ptest
@@ -2,6 +2,6 @@
mkdir -p /mdadm-testing-dir
# make the test continue to execute even one fail
-dir=. ./test --keep-going --disable-integrity
+dir=. ./test --keep-going --disable-integrity --skip-broken
rm -rf /mdadm-testing-dir/*
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 14de9d8..50d9548 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -32,6 +32,12 @@
file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
+ file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \
+ file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
+ file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
+ file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
+ file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \
+ file://0006-tests-Add-broken-files-for-all-broken-tests.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
@@ -101,10 +107,9 @@
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
- util-linux \
kernel-module-loop \
kernel-module-linear \
kernel-module-raid0 \
diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
similarity index 91%
rename from poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb
rename to poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
index 5e68a7e..b8c8671 100644
--- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.23.bb
+++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.24.bb
@@ -11,7 +11,7 @@
UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/"
SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz"
-SRC_URI[sha256sum] = "cf04c16b099b3d414db4b5b93fc5ed9d46aad564c81a352aa107a33964c356b8"
+SRC_URI[sha256sum] = "bd6644b1aaab17d61b86647993e3efad860b23c54283b00ddc579c1f5110aa59"
inherit gettext autotools update-alternatives pkgconfig
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
new file mode 100644
index 0000000..95c437d
--- /dev/null
+++ b/poky/meta/recipes-extended/pam/libpam/0001-examples-Replace-use-of-termio.h-with-termios.h.patch
@@ -0,0 +1,39 @@
+From 9b96fcfa5748934b8b6a4db4ee25a5e3165905c0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Jul 2023 07:48:17 -0700
+Subject: [PATCH] examples: Replace use of termio.h with termios.h
+
+Fixes build with musl and makes it portable
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/5374f677e4cae669eb9accf2449178b602e8a40a]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ examples/tty_conv.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/examples/tty_conv.c b/examples/tty_conv.c
+index 23f0684..db22500 100644
+--- a/examples/tty_conv.c
++++ b/examples/tty_conv.c
+@@ -6,7 +6,8 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <unistd.h>
+-#include <termio.h>
++#include <termios.h>
++#include <sys/ioctl.h>
+ #include <security/pam_appl.h>
+
+ /***************************************
+@@ -16,7 +17,7 @@
+ ***************************************/
+ static void echoOff(int fd, int off)
+ {
+- struct termio tty;
++ struct termios tty;
+ if (ioctl(fd, TCGETA, &tty) < 0)
+ {
+ fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
+--
+2.41.0
+
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
deleted file mode 100644
index 94dcb04..0000000
--- a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
-From: Per Jessen <per@jessen.ch>
-Date: Fri, 22 Apr 2022 18:15:36 +0200
-Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
-
-When using scandir() to look for MOTD files to display, we wrongly
-relied on all filesystems providing a filetype. This is a fix to divert
-to lstat() when we have no filetype. To maintain MT safety, it isn't
-possible to use lstat() in the scandir() filter function, so all of the
-filtering has been moved to an additional loop after scanning all the
-motd dirs.
-Also, remove superfluous alphasort from scandir(), we are doing
-a qsort() later.
-
-Resolves: https://github.com/linux-pam/linux-pam/issues/455
-
-Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
-
-Signed-off-by: Per Jessen <per@jessen.ch>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++-------
- 1 file changed, 40 insertions(+), 9 deletions(-)
-
-diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
-index 6ac8cba2..5ca486e4 100644
---- a/modules/pam_motd/pam_motd.c
-+++ b/modules/pam_motd/pam_motd.c
-@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
- }
- }
-
--static int filter_dirents(const struct dirent *d)
--{
-- return (d->d_type == DT_REG || d->d_type == DT_LNK);
--}
--
- static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
- {
-@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
-
- for (i = 0; i < num_motd_dirs; i++) {
- int rv;
-- rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
-- filter_dirents, alphasort);
-+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
- if (rv < 0) {
- if (errno != ENOENT || report_missing) {
- pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
-@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- if (dirscans_size_total == 0)
- goto out;
-
-+ /* filter out unwanted names, directories, and complement data with lstat() */
-+ for (i = 0; i < num_motd_dirs; i++) {
-+ struct dirent **d = dirscans[i];
-+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
-+ int rc;
-+ char *fullpath;
-+ struct stat s;
-+
-+ switch(d[j]->d_type) { /* the filetype determines how to proceed */
-+ case DT_REG: /* regular files and */
-+ case DT_LNK: /* symlinks */
-+ continue; /* are good. */
-+ case DT_UNKNOWN: /* for file systems that do not provide */
-+ /* a filetype, we use lstat() */
-+ if (join_dir_strings(&fullpath, motd_dir_path_split[i],
-+ d[j]->d_name) <= 0)
-+ break;
-+ rc = lstat(fullpath, &s);
-+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */
-+ if (rc != 0) /* if the lstat() somehow failed */
-+ break;
-+
-+ if (S_ISREG(s.st_mode) || /* regular files and */
-+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */
-+ break;
-+ case DT_DIR: /* We don't want directories */
-+ default: /* nor anything else */
-+ break;
-+ }
-+ _pam_drop(d[j]); /* free memory */
-+ d[j] = NULL; /* indicate this one was dropped */
-+ dirscans_size_total--;
-+ }
-+ }
-+
- /* Allocate space for all file names found in the directories, including duplicates. */
- if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
- pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
-@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
- unsigned int j;
-
- for (j = 0; j < dirscans_sizes[i]; j++) {
-- dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
-- i_dirnames++;
-+ if (NULL != dirscans[i][j]) {
-+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
-+ i_dirnames++;
-+ }
- }
- }
-
---
-2.39.0
-
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch b/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
deleted file mode 100644
index 40040a8..0000000
--- a/poky/meta/recipes-extended/pam/libpam/0001-run-xtests.sh-check-whether-files-exist.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e8e8ccfd57e0274b431bc5717bf37c488285b07b Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 27 Oct 2021 10:30:46 +0800
-Subject: [PATCH] run-xtests.sh: check whether files exist
-
-Fixes:
- # ./run-xtests.sh . tst-pam_access1
- mv: cannot stat '/etc/security/opasswd': No such file or directory
- PASS: tst-pam_access1
- mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory
- ==================
- 1 tests passed
- 0 tests not run
- ==================
-
-Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/e8e8ccfd57e0274b431bc5717bf37c488285b07b]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- xtests/run-xtests.sh | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh
-index 14f585d9..ff9a4dc1 100755
---- a/xtests/run-xtests.sh
-+++ b/xtests/run-xtests.sh
-@@ -18,10 +18,12 @@ all=0
-
- mkdir -p /etc/security
- for config in access.conf group.conf time.conf limits.conf ; do
-- cp /etc/security/$config /etc/security/$config-pam-xtests
-+ [ -f "/etc/security/$config" ] &&
-+ mv /etc/security/$config /etc/security/$config-pam-xtests
- install -m 644 "${SRCDIR}"/$config /etc/security/$config
- done
--mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
-+[ -f /etc/security/opasswd ] &&
-+ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
-
- for testname in $XTESTS ; do
- for cfg in "${SRCDIR}"/$testname*.pamd ; do
-@@ -47,11 +49,15 @@ for testname in $XTESTS ; do
- all=`expr $all + 1`
- rm -f /etc/pam.d/$testname*
- done
--mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
--mv /etc/security/group.conf-pam-xtests /etc/security/group.conf
--mv /etc/security/time.conf-pam-xtests /etc/security/time.conf
--mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
--mv /etc/security/opasswd-pam-xtests /etc/security/opasswd
-+
-+for config in access.conf group.conf time.conf limits.conf opasswd ; do
-+ if [ -f "/etc/security/$config-pam-xtests" ]; then
-+ mv /etc/security/$config-pam-xtests /etc/security/$config
-+ else
-+ rm -f /etc/security/$config
-+ fi
-+done
-+
- if test "$failed" -ne 0; then
- echo "==================="
- echo "$failed of $all tests failed"
---
-2.32.0
-
diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
deleted file mode 100644
index e7bf03f..0000000
--- a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001
-From: Thorsten Kukuk <kukuk@suse.com>
-Date: Thu, 24 Feb 2022 10:37:32 +0100
-Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf
-
-According to the manual page, the following entry is valid but does not
-work:
--:root:ALL EXCEPT localhost
-
-See https://bugzilla.suse.com/show_bug.cgi?id=1019866
-
-Patched is based on PR#226 from Josef Moellers
-
-Upstream-Status: Backport
-CVE: CVE-2022-28321
-
-Reference to upstream patch:
-[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f]
-
-Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
----
- modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++-------
- 1 file changed, 76 insertions(+), 19 deletions(-)
-
-diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
-index 277192b..bca424f 100644
---- a/modules/pam_access/pam_access.c
-+++ b/modules/pam_access/pam_access.c
-@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
- if ((str_len = strlen(string)) > tok_len
- && strcasecmp(tok, string + str_len - tok_len) == 0)
- return YES;
-- } else if (tok[tok_len - 1] == '.') {
-+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */
- struct addrinfo hint;
-
- memset (&hint, '\0', sizeof (hint));
-@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
- return NO;
- }
-
-- /* Assume network/netmask with an IP of a host. */
-+ /* Assume network/netmask, IP address or hostname. */
- return network_netmask_match(pamh, tok, string, item);
- }
-
-@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
- /*
- * If the token has the magic value "ALL" the match always succeeds.
- * Otherwise, return YES if the token fully matches the string.
-- * "NONE" token matches NULL string.
-+ * "NONE" token matches NULL string.
- */
-
- if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
-@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
-
- /* network_netmask_match - match a string against one token
- * where string is a hostname or ip (v4,v6) address and tok
-- * represents either a single ip (v4,v6) address or a network/netmask
-+ * represents either a hostname, a single ip (v4,v6) address
-+ * or a network/netmask
- */
- static int
- network_netmask_match (pam_handle_t *pamh,
-@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh,
- char *netmask_ptr;
- char netmask_string[MAXHOSTNAMELEN + 1];
- int addr_type;
-+ struct addrinfo *ai = NULL;
-
- if (item->debug)
-- pam_syslog (pamh, LOG_DEBUG,
-+ pam_syslog (pamh, LOG_DEBUG,
- "network_netmask_match: tok=%s, item=%s", tok, string);
-+
- /* OK, check if tok is of type addr/mask */
- if ((netmask_ptr = strchr(tok, '/')) != NULL)
- {
-@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh,
- netmask_ptr = number_to_netmask(netmask, addr_type,
- netmask_string, MAXHOSTNAMELEN);
- }
-- }
-+
-+ /*
-+ * Construct an addrinfo list from the IP address.
-+ * This should not fail as the input is a correct IP address...
-+ */
-+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
-+ {
-+ return NO;
-+ }
-+ }
- else
-- /* NO, then check if it is only an addr */
-- if (isipaddr(tok, NULL, NULL) != YES)
-+ {
-+ /*
-+ * It is either an IP address or a hostname.
-+ * Let getaddrinfo sort everything out
-+ */
-+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
- {
-+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
-+
- return NO;
- }
-+ netmask_ptr = NULL;
-+ }
-
- if (isipaddr(string, NULL, NULL) != YES)
- {
-- /* Assume network/netmask with a name of a host. */
- struct addrinfo hint;
-
-+ /* Assume network/netmask with a name of a host. */
- memset (&hint, '\0', sizeof (hint));
- hint.ai_flags = AI_CANONNAME;
- hint.ai_family = AF_UNSPEC;
-
- if (item->gai_rv != 0)
-+ {
-+ freeaddrinfo(ai);
- return NO;
-+ }
- else if (!item->res &&
- (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0)
-+ {
-+ freeaddrinfo(ai);
- return NO;
-+ }
- else
- {
- struct addrinfo *runp = item->res;
-+ struct addrinfo *runp1;
-
- while (runp != NULL)
- {
- char buf[INET6_ADDRSTRLEN];
-
-- DIAG_PUSH_IGNORE_CAST_ALIGN;
-- inet_ntop (runp->ai_family,
-- runp->ai_family == AF_INET
-- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
-- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
-- buf, sizeof (buf));
-- DIAG_POP_IGNORE_CAST_ALIGN;
-+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0)
-+ {
-+ freeaddrinfo(ai);
-+ return NO;
-+ }
-
-- if (are_addresses_equal(buf, tok, netmask_ptr))
-+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
- {
-- return YES;
-+ char buf1[INET6_ADDRSTRLEN];
-+
-+ if (runp->ai_family != runp1->ai_family)
-+ continue;
-+
-+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0)
-+ {
-+ freeaddrinfo(ai);
-+ return NO;
-+ }
-+
-+ if (are_addresses_equal (buf, buf1, netmask_ptr))
-+ {
-+ freeaddrinfo(ai);
-+ return YES;
-+ }
- }
- runp = runp->ai_next;
- }
- }
- }
- else
-- return (are_addresses_equal(string, tok, netmask_ptr));
-+ {
-+ struct addrinfo *runp1;
-+
-+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
-+ {
-+ char buf1[INET6_ADDRSTRLEN];
-+
-+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
-+
-+ if (are_addresses_equal(string, buf1, netmask_ptr))
-+ {
-+ freeaddrinfo(ai);
-+ return YES;
-+ }
-+ }
-+ }
-+
-+ freeaddrinfo(ai);
-
- return NO;
- }
---
-2.37.3
-
diff --git a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb
similarity index 95%
rename from poky/meta/recipes-extended/pam/libpam_1.5.2.bb
rename to poky/meta/recipes-extended/pam/libpam_1.5.3.bb
index bec47ab..eafb5aa 100644
--- a/poky/meta/recipes-extended/pam/libpam_1.5.2.bb
+++ b/poky/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -21,14 +21,12 @@
file://pam.d/common-session-noninteractive \
file://pam.d/other \
file://libpam-xtests.patch \
- file://0001-run-xtests.sh-check-whether-files-exist.patch \
+ file://0001-examples-Replace-use-of-termio.h-with-termios.h.patch \
file://run-ptest \
file://pam-volatiles.conf \
- file://CVE-2022-28321-0002.patch \
- file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \
"
-SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"
+SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt"
diff --git a/poky/meta/recipes-extended/procps/procps_4.0.3.bb b/poky/meta/recipes-extended/procps/procps_4.0.3.bb
index cc3420d..dc0e957 100644
--- a/poky/meta/recipes-extended/procps/procps_4.0.3.bb
+++ b/poky/meta/recipes-extended/procps/procps_4.0.3.bb
@@ -72,10 +72,6 @@
d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
}
-# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
-CVE_CHECK_IGNORE += "CVE-2018-1121"
-
PROCPS_PACKAGES = "${PN}-lib \
${PN}-ps \
${PN}-sysctl"
diff --git a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
index 8a68dd3..09df77d 100644
--- a/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
+++ b/poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0
#
# /etc/login.defs - Configuration control definitions for the shadow package.
#
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/login b/poky/meta/recipes-extended/shadow/files/pam.d/login
index b340058..d39e09b 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/login
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/login
@@ -57,10 +57,6 @@
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session optional pam_lastlog.so
-
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
diff --git a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
index e05fa23..6580bd9 100644
--- a/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
+++ b/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
@@ -3,7 +3,7 @@
BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
SECTION = "base utils"
LICENSE = "BSD-3-Clause | Artistic-1.0"
-LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5"
+LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed"
DEPENDS = "base-passwd"
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index cf05a3a..83e1a84 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -65,14 +65,11 @@
pam-plugin-env \
pam-plugin-group \
pam-plugin-limits \
- pam-plugin-lastlog \
pam-plugin-motd \
pam-plugin-mail \
pam-plugin-shells \
pam-plugin-rootok"
-PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog"
-
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
diff --git a/poky/meta/recipes-extended/shadow/shadow_4.13.bb b/poky/meta/recipes-extended/shadow/shadow_4.13.bb
index d1a3fd5..4e55446 100644
--- a/poky/meta/recipes-extended/shadow/shadow_4.13.bb
+++ b/poky/meta/recipes-extended/shadow/shadow_4.13.bb
@@ -6,9 +6,6 @@
BBCLASSEXTEND = "native nativesdk"
-# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
-CVE_CHECK_IGNORE += "CVE-2013-4235"
-
-# This is an issue for a different shadow
-CVE_CHECK_IGNORE += "CVE-2016-15024"
+CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
+CVE_STATUS[CVE-2016-15024] = "cpe-incorrect: This is an issue for a different shadow"
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index 3051e9b..a53663d 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -39,8 +39,7 @@
SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
-# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
-CVE_CHECK_IGNORE += "CVE-2008-0888"
+CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source"
# exclude version 5.5.2 which triggers a false positive
UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz"
diff --git a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
index c390fcf..72eb1ae 100644
--- a/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/poky/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@@ -18,7 +18,7 @@
S = "${WORKDIR}/git"
# https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision
-CVE_CHECK_IGNORE += "CVE-2013-4342"
+CVE_STATUS[CVE-2013-4342] = "fixed-version: Fixed directly in git tree revision"
inherit autotools update-rc.d systemd pkgconfig
diff --git a/poky/meta/recipes-extended/zip/zip_3.0.bb b/poky/meta/recipes-extended/zip/zip_3.0.bb
index 8215313..3425e8e 100644
--- a/poky/meta/recipes-extended/zip/zip_3.0.bb
+++ b/poky/meta/recipes-extended/zip/zip_3.0.bb
@@ -26,11 +26,8 @@
SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"
-# Disputed and also Debian doesn't consider a vulnerability
-CVE_CHECK_IGNORE += "CVE-2018-13410"
-
-# Not for zip but for smart contract implementation for it
-CVE_CHECK_IGNORE += "CVE-2018-13684"
+CVE_STATUS[CVE-2018-13410] = "disputed: Disputed and also Debian doesn't consider a vulnerability"
+CVE_STATUS[CVE-2018-13684] = "cpe-incorrect: Not for zip but for smart contract implementation for it"
# zip.inc sets CFLAGS, but what Makefile actually uses is
# CFLAGS_NOOPT. It will also force -O3 optimization, overriding