subtree updates
meta-openembedded: c5668905a6..cbbaa82238:
Alex Kiernan (1):
lldpd: Upgrade 1.0.14 -> 1.0.15
Alexander Stein (1):
dool: Add patch to fix rebuild
Archana Polampalli (1):
Nodejs - Upgrade to 16.18.1
Armin Kuster (2):
meta-oe][PATCH] gst-editing-services: fix typo in LICENSE field.
Revert "waf-samba.bbclass: point PYTHON_CONFIG to target python3-config"
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Changqing Li (3):
redis: 7.0.5 -> 7.0.7
redis: 6.2.7 -> 6.2.8
redis: upgrade 7.0.9 -> 7.0.10
Chee Yang Lee (5):
zsh: Fix CVE-2021-45444
fwupd: Fix CVE-2022-3287
redis: Upgrade to 7.0.8
redis: Upgrade to 6.2.9
tinyproxy: fix CVE-2022-40468
Chen Pei (1):
botan: upgrade 2.19.2 -> 2.19.3
Chen Qi (4):
xfce4-verve-plugin: fix do_configure faiure about missing libpcre
networkmanager: fix dhcpcd PACKAGECONFIG
networkmanager: install config files into correct place
networkmanager: fix /etc/resolv.conf handling
Dmitry Baryshkov (1):
nss: fix cross-compilation error
Geoff Parker (1):
python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES
Hermes Zhang (1):
kernel_add_regdb: Change the task order
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Joe Slater (1):
phoronix-test-suite: fix CVE-2022-40704
Kai Kang (2):
freeradius: fix multilib systemd service start failure
postfix: fix multilib conflict of sample-main.cf
Khem Raj (15):
gnome-text-editor: Add missing libpcre build time depenedency
ettercap: Add missing dependency on libpcre
imapfilter: Upgrade to 2.7.6
aufs-util: Fix build with large file support enabled systems
volume-key: Inherit python3targetconfig
audit: Inherit python3targetconfig
waf-samba.bbclass: point PYTHON_CONFIG to target python3-config
fontforge: Inherit python3targetconfig
sshpass: Use SPDX identified string for GPLv2
perfetto: Do not pass TUNE_CCARGS to native/host compiler
net-snmp: Fix build with clang16
ncmpc: Upgrade to 0.47
mpd: Upgrade to 0.23.12 release
redis: Upgrade 6.x recipe to 6.2.11
redis: Upgrade 7.x to 7.0.9
Leon Anavi (1):
python3-pythonping: Upgrade 1.1.3 -> 1.1.4
Markus Volk (3):
libcamera: upgrade -> 0.0.1
blueman: add RDEPEND on python3-fcntl
perfetto: pass TUNE_CCARGS to use machine tune
Martin Jansa (11):
monkey: use git fetcher
nss: fix SRC_URI
exiv2: fix SRC_URI
mdns: use git fetcher
zsh: fix installed-vs-shipped with multilib
restinio: fix S variable in multilib builds
mongodb: fix chown user for multilib builds
pahole: respect libdir
lvgl,lv-lib-png,lv-drivers: fix installed-vs-shipped QA issue with multilib
lirc: fix do_install with multilib
dleyna-{server,renderer}: fix dev-so QA issue with multilib
Mathieu Dubois-Briand (2):
nss: Add missing CVE product
nss: Whitelist CVEs related to libnssdbm
Mingli Yu (1):
php: Upgrade to 8.1.16
Narpat Mali (1):
net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception
Omkar Patil (1):
ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3
Peter Kjellerstedt (2):
chrony: Make it possible to enable editline support again
chrony: Remove the libcap and nss PACKAGECONFIGs
Peter Marko (4):
cpputest: remove dev package dependency
ntp: whitelist CVE-2019-11331
c-ares: fix CVE-2022-4904
dnsmasq: fix CVE-2023-28450
Polampalli, Archana (1):
nodejs: Upgrade 16.19.0 -> 16.19.1
Preeti Sachan (1):
fluidsynth: update SRC_URI to remove non-existing 2.2.x branch
Randy MacLeod (2):
python3-pillow: add ptest support
python3-pillow: Add distutils, unixadmin for ptest
Robert Joslyn (1):
fwupd: Fix plugin_gpio PACKAGECONFIG
Samuli Piippo (1):
protobuf: stage protoc binary to sysroot
Stefan Ghinea (1):
mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393
Tim Orling (1):
nodejs: upgrade 16.18.1 -> 16.19.0
Tom Hochstein (1):
nlohmann-json: Allow empty main package for SDK
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Wang Mingyu (34):
bats: upgrade 1.8.0 -> 1.8.2
ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0
fvwm: upgrade 2.6.9 -> 2.7.0
makedumpfile: upgrade 1.7.1 -> 1.7.2
sanlock: upgrade 3.8.4 -> 3.8.5
python3-astroid: upgrade 2.12.11 -> 2.12.12
python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0
python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0
python3-google-auth: upgrade 2.12.0 -> 2.13.0
python3-huey: upgrade 2.4.3 -> 2.4.4
python3-oauthlib: upgrade 3.2.1 -> 3.2.2
python3-pandas: upgrade 1.5.0 -> 1.5.1
python3-pika: upgrade 1.3.0 -> 1.3.1
python3-protobuf: upgrade 4.21.7 -> 4.21.8
python3-pywbemtools: upgrade 1.0.0 -> 1.0.1
python3-socketio: upgrade 5.7.1 -> 5.7.2
python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42
tracker: upgrade 3.4.0 -> 3.4.1
wolfssl: upgrade 5.5.1 -> 5.5.2
cglm: upgrade 0.8.5 -> 0.8.7
ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0
function2: upgrade 4.2.1 -> 4.2.2
poco: upgrade 1.12.2 -> 1.12.3
audit: upgrade 3.0.8 -> 3.0.9
colord: upgrade 1.4.5 -> 1.4.6
smcroute: upgrade 2.5.5 -> 2.5.6
openwsman: upgrade 2.7.1 -> 2.7.2
python3-pillow: upgrade 9.2.0 -> 9.3.0
python3-pillow: upgrade 9.3.0 -> 9.4.0
apache2: upgrade 2.4.54 -> 2.4.55
python3-django: upgrade 4.1 -> 4.1.3
python3-django: upgrade 4.1.3 -> 4.1.6
apache2: upgrade 2.4.55 -> 2.4.56
openwsman: Change download branch from master to main.
Xiangyu Chen (1):
ipmitool: fix typo in .bb file's comments, using = instead of =?
Yi Zhao (4):
ostree: fix selinux policy rebuild error on first deployment
strongswan: upgrade 5.9.8 -> 5.9.9
freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861
apache2: use /run instead of /var/run for systemd volatile config
Yogita Urade (1):
multipath-tools: fix CVE-2022-41974
zhengruoqin (2):
tcpslice: upgrade 1.5 -> 1.6
tio: upgrade 2.1 -> 2.2
meta-arm: 4ee457693e..58952aa7ba:
Abdellatif El Khlifi (1):
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the user guide
Adam Johnston (2):
arm/trusted-services: Fix 'no such file' when building libts
CI: Remove ts-smm-gateway from N1SDP
Adrian Herrera (2):
atp: decouple m5readfile from m5ops
atp: move m5readfile to meta-gem5
Adrián Herrera Arcila (5):
atp: fix failing test_readme
gem5: support for EXTRAS
atp: separate recipe for gem5 models
atp: fix machine overrides in recipes
ci: add meta-atp to check-layers
Anton Antonov (1):
arm-bsp/fvp-base: Enable virtio-rng support and unset preferred 5.15 kernel
Daniel Díaz (1):
arm-bsp/firmware-image-juno: Fix deployment of compressed Image
Diego Sueiro (2):
arm/classes: Introduce apply_local_src_patches bbclass
arm/trusted-firmware-m: Fix local source patches application
Emekcan (3):
arm-bsp/trusted-services: add checks for null attributes in smm gateway
arm-bsp/trusted-services: Fix GetNextVariable max_name_len in smm gateway
arm/fvp: Upgrade Corstone1000 FVP
Emekcan Aras (3):
arm-bsp/documentation: corstone1000: update the user guide
kas/corstone1000-base.yml: set refspec for Corstone1000 release
arm/trusted-firmware-m: Do not use release branches
Gowtham Suresh Kumar (6):
arm/edk2-basetools: Add edk2 base tool native recipe
arm-bsp/uefi_capsule: Add UEFI capsule generation class
arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform
arm/edk2-basetools: Convert edk2 basetools recipes to native only
arm-bsp/uefi_capsule: Use json file to pass capsule config
arm-bsp/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR
Jon Mason (4):
CI: define DEFAULT_TAG and CPU_REQUEST
arm-bsp/juno: move to compressed initramfs image
arm-bsp/juno: Update kernel patches to the latest
CI: dev kernel allow failure
Luca Fancellu (1):
arm,arm-bsp/recipes-kernel: don't use PN in arm-ffa-transport.inc
Peter Hoyes (15):
arm/fvp: Join cli arguments in verbose logging
arm/lib: Factor out asyncio in FVPRunner
arm/lib: Decouple console parsing from the FVPRunner
arm/oeqa: Log the FVP output in OEFVPSSHTarget
runfvp: Fix verbose output when using --console
arm/fvp: Backport shlex.join from Python 3.8
arm/fvpboot: Disable timing annotation by default
arm/classes: Ensure patch files are sorted in apply_local_src_patches
arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized
arm/scp-firmware: Disable cppcheck
arm/lib: Add XAUTHORITY to runfvp environment
classes: Define FVP_ENV_PASSTHROUGH variable dependencies
classes: Prevent passing None to the runfvp environment
classes: Set ARMLMD_LICENSE_FILE in the runfvp environment
CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds
Qi Feng (1):
kas/fvp-baser-aemv8r64: Use langdale as kas default refspec
Robbie Cao (1):
arm/fvp-base-r-aem: upgrade to version 11.20.15
Ross Burton (9):
arm/linux-arm64-ack: fix buildpaths in the perf Python module
CI: revert a meta-clang change which breaks pixman (thus, xserver)
CI: add variables needed for k8s runners
CI: add tags to all jobs
CI: no need to install telnet
CI: use the .setup fragment in machine-coverage
CI: fix builds with clang
CI: pin to kas 3.2 as 3.2.1 fails
arm-bsp/external-system: fix the gen_module race, again
Rui Miguel Silva (4):
arm/trusted-services: check before applying patches
arm-bsp/trusted-services: psa test setup corstone1000
arm-bsp/trusted-firmware-m: adjust ps assets for corstone1000
kas/corstone500.yml: pin repos to langdale
Vishnu Banavath (3):
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the release notes
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the change log
arm-bsp/optee: register DRAM1 for N1SDP target
poky: 6b9db5a99b..3e95f268ce:
Adrian Freihofer (2):
buildconf: compare abspath
bblayers/setupwriters/oe-setup-layers: create dir if not exists
Alejandro Hernandez Samaniego (2):
baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
testimage: Fix error message to reflect new syntax
Alex Kiernan (2):
cargo_common.bbclass: Fix typos
classes: image: Set empty weak default IMAGE_LINGUAS
Alex Stewart (2):
lsof: add update-alternatives logic
opkg: upgrade to version 0.6.1
Alexander Kanavin (69):
rust-target-config: match riscv target names with what rust expects
rust: install rustfmt for riscv32 as well
shadow: update 4.12.1 -> 4.12.3
lttng-modules: upgrade 2.13.4 -> 2.13.5
quilt: backport a patch to address grep 3.8 failures
go: submit patch upstream
go: update 1.19 -> 1.19.2
groff: submit patches upstream
tcl: correct patch status
lttng-tools: submit determinism.patch upstream
kea: submit patch upstream
ovmf: correct patches status
libffi: submit patch upstream
rust: submit a rewritten version of crossbeam_atomic.patch upstream
ffmpeg: upgrade 5.1.1 -> 5.1.2
linux-firmware: upgrade 20220913 -> 20221012
xwayland: upgrade 22.1.3 -> 22.1.4
libffi: upgrade 3.4.2 -> 3.4.4
libical: upgrade 3.0.15 -> 3.0.16
mtd-utils: upgrade 2.1.4 -> 2.1.5
selftest: add a copy of previous mtd-utils version to meta-selftest
gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
pango: upgrade 1.50.10 -> 1.50.11
pango: replace a recipe fix with an upstream submitted patch
gstreamer1.0: upgrade 1.20.3 -> 1.20.4
libepoxy: convert to git
libepoxy: update 1.5.9 -> 1.5.10
mesa: do not rely on native llvm-config in target sysroot
systemd: update 251.4 -> 251.8
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
gnomebase.bbclass: return the whole version for tarball directory if it is a number
glibc-tests: correctly pull in the actual tests when installing -ptest package
libnewt: update 0.52.21 -> 0.52.23
ruby: merge .inc into .bb
ruby: update 3.1.2 -> 3.1.3
tzdata: update 2022d -> 2022g
cmake: update 3.24.0 -> 3.24.2
devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
libarchive: upgrade 3.6.1 -> 3.6.2
go: update 1.19.3 -> 1.19.4
devtool: process local files only for the main branch
libksba: update 1.6.2 -> 1.6.3
linux-firmware: upgrade 20221109 -> 20221214
xwayland: upgrade 22.1.5 -> 22.1.7
xserver-xorg: upgrade 21.1.4 -> 21.1.6
selftest/virgl: use pkg-config from the host
vulkan-samples: branch rename master -> main
gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
diffutils: update 3.8 -> 3.9
lttng-tools: update 2.13.8 -> 2.13.9
apr: update 1.7.0 -> 1.7.2
apr-util: update 1.6.1 -> 1.6.3
bind: upgrade 9.18.10 -> 9.18.11
libjpeg-turbo: upgrade 2.1.4 -> 2.1.5
pkgconf: upgrade 1.9.3 -> 1.9.4
linux-firmware: upgrade 20221214 -> 20230117
sudo: upgrade 1.9.12p1 -> 1.9.12p2
libgit2: upgrade 1.5.0 -> 1.5.1
vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
dbus: upgrade 1.14.4 -> 1.14.6
linux-firmware: upgrade 20230117 -> 20230210
wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
bblayers/makesetup: skip git repos that are submodules
sudo: update 1.9.12p2 -> 1.9.13p2
libdnf: update 0.69.0 -> 0.70.0
pango: upgrade 1.50.12 -> 1.50.13
apt: re-enable version check
devtool/upgrade: do not delete the workspace/recipes directory
Alexey Smirnov (1):
classes: make TOOLCHAIN more permissive for kernel
Alexis Lothoré (1):
oeqa/selftest/resulttooltests: fix minor typo
Andrew Geissler (1):
filemap.py: enforce maximum of 4kb block size
Anton Antonov (1):
rust: Do not use default compiler flags defined in CC crate
Antonin Godard (2):
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
Armin Kuster (1):
lttng-modules: Fix for 5.10.163 kernel version
Arnout Vandecappelle (1):
python3-pytest: depend on python3-tomli instead of python3-toml
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Benoît Mauduit (1):
lib/oe/reproducible: Use git log without gpg signature
Bernhard Rosenkränzer (1):
cmake-native: Fix host tool contamination
Bhabu Bindu (1):
qemu: Fix CVE-2022-4144
Bruce Ashfield (35):
linux-yocto/5.15: update to v5.15.72
linux-yocto/5.19: update to v5.19.14
kern-tools: fix relative path processing
linux-yocto/5.15: update to v5.15.74
linux-yocto/5.15: update to v5.15.76
linux-yocto/5.15: update to v5.15.78
linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.19: update to v5.19.16
linux-yocto/5.19: update to v5.19.17
linux-yocto/5.19: cfg: intel and vesa updates
linux-yocto/5.19: security.cfg: remove configs which have been dropped
linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure
kern-tools: integrate ZFS speedup patch
linux-yocto/5.19: fix perf build with clang
linux-yocto/5.15: ltp and squashfs fixes
linux-yocto/5.15: fix perf build with clang
linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
linux-yocto/5.15: update to v5.15.84
linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.15: update to v5.15.87
linux-yocto/5.15: update to v5.15.89
linux-yocto/5.15: update to v5.15.91
lttng-modules: fix for kernel 6.2+
linux-yocto/5.15: update to v5.15.94
linux-yocto/5.15: update to v5.15.96
linux-yocto-rt/5.15: update to -rt59
linux-yocto/5.15: update to v5.15.98
linux-yocto/5.15: update to v5.15.103
lttng-modules: update to v2.13.9
kernel-devsrc: fix mismatched compiler warning
linux-yocto/5.15: update to v5.15.106
linux-yocto/5.15: update to v5.15.107
linux-yocto/5.15: update to v5.15.108
Carlos Alberto Lopez Perez (3):
xwayland: libxshmfence is needed when dri3 is enabled
mesa-gl: gallium is required when enabling x11
mesa-demos: packageconfig weston should have a dependency on wayland-protocols
Changqing Li (2):
base.bbclass: Fix way to check ccache path
apt: fix do_package_qa failure
Charlie Johnston (1):
opkg: ensure opkg uses private gpg.conf when applying keys.
Chee Yang Lee (5):
git: upgrade to 2.37.5
tiff: fix multiple CVEs
git: ignore CVE-2023-22743
tiff: Fix CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
go: upgrade to 1.19.7
Chen Qi (9):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
dhcpcd: fix to work with systemd
resolvconf: make it work
psplash: consider the situation of psplash not exist for systemd
bc: extend to nativesdk
rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
dhcpcd: backport two patches to fix runtime error
libseccomp: fix typo in DESCRIPTION
ffmpeg: fix configure failure on noexec /tmp host
Chris Elledge (1):
busybox: move hwclock init earlier in startup
Christian Eggers (1):
linux-firmware: split rtl8761 firmware
Christoph Lauer (1):
populate_sdk_base: add zip options
Claus Stovgaard (1):
gstreamer1.0-libav: fix errors with ffmpeg 5.x
Diego Sueiro (1):
kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
Dmitry Baryshkov (5):
linux-firmware: upgrade 20221012 -> 20221109
linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
linux-firmware: properly set license for all Qualcomm firmware
linux-firmware: add yamato fw files to qcom-adreno-a2xx package
ffmpeg: fix build failure when vulkan is enabled
Ed Tanous (1):
openssl: Upgrade 3.0.5 -> 3.0.7
Enguerrand de Ribaucourt (1):
bitbake-layers: fix a typo
Enrico Jörns (8):
sstatesig: emit more helpful error message when not finding sstate manifest
oeqa/selftest/cases/runqemu: update imports
oeqa/targetcontrol: fix misspelled RuntimeError
oeqa/targetcontrol: do not set dump_host_cmds redundantly
oeqa/targetcontrol: remove unused imports
oeqa/utils/commands: fix usage of undefined EPIPE
oeqa/utils/commands: remove unused imports
oeqa/utils/qemurunner: replace hard-coded user 'root' in debug output
Etienne Cordonnier (2):
mirrors.bbclass: use shallow tarball for binutils-native
bitbake: siggen: Fix inefficient string concatenation
Fawzi KHABER (3):
ref-manual: update DEV_PKG_DEPENDENCY in variables
package.bbclass: check packages name conflict in do_package
oeqa/selftest/cases/package.py: adding unittest for package rename conflicts
Federico Pellegrin (1):
curl: fix dependencies when building with ldap/ldaps
Frank de Brabander (2):
bitbake: process: log odd unlink events with bitbake.sock
bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system
Frederic Martinsons (1):
cargo.bbclass: use offline mode for building
Geoffrey GIRY (2):
cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
cve-check: Fix false negative version issue
Harald Seiler (2):
opkg: Set correct info_dir and status_file in opkg.conf
bootchart2: Fix usrmerge support
He Zhe (1):
lttng-modules: update 2.13.7 -> 2.13.8
Hitendra Prajapati (3):
openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c
libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Jagadeesh Krishnanjanappa (1):
qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
Jan Kircher (1):
toolchain-scripts: compatibility with unbound variable protection
Jan-Simon Moeller (1):
buildtools-tarball: export certificates to python and curl
Jeremy Puhlman (1):
qemu-native: Add PACKAGECONFIG option for jack
Jermain Horsman (1):
cve-check: write the cve manifest to IMGDEPLOYDIR
Jose Quaresma (10):
kernel-yocto: improve fatal error messages of symbol_why.py
archiver: avoid using machine variable as it breaks multiconfig
sstatesig: skip the rm_work task signature
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
sstate: Allow optimisation of do_deploy_archives task dependencies
Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
gstreamer1.0: Fix race conditions in gstbin tests
oeqs/selftest: OESelftestTestContext: replace the os.environ after subprocess.check_output
oeqa/selftest: OESelftestTestContext: convert relative to full path when newbuilddir is provided
oeqa/selftest/reproducible: Split different packages from missing packages output
Joshua Watt (6):
runqemu: Do not perturb script environment
runqemu: Fix gl-es argument from causing other arguments to be ignored
qemu-helper-native: Re-write bridge helper as C program
qemu-helper-native: Correctly pass program name as argv[0]
scripts: convert-overrides: Allow command-line customizations
classes/populate_sdk_base: Append cleandirs
Justin Bronder (1):
bitbake: asyncrpc: serv: correct closed client socket detection
Kai Kang (3):
mesa: only apply patch to fix ALWAYS_INLINE for native
libuv: fixup SRC_URI
xserver-xorg: 21.1.6 -> 21.1.7
Keiya Nobuta (1):
create-spdx: Remove ";name=..." for downloadLocation
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Khem Raj (11):
tiff: Add packageconfig knob for webp
createrepo-c: Include missing rpm/rpmstring.h
libtirpc: Check if file exists before operating on it
libusb1: Link with latomic only if compiler has no atomic builtins
libusb1: Strip trailing whitespaces
scons: Pass MAXLINELENGTH to scons invocation
scons.bbclass: Make MAXLINELENGTH overridable
libcomps: Fix callback function prototype for PyCOMPS_hash
rpm: Fix hdr_hash function prototype
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
Revert "runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86"
Konrad Weihmann (1):
create-spdx: default share_src for shared sources
Lee Chee Yang (2):
git: Upgrade to 2.37.4
migration-guides: add release-notes for 4.0.7
Leon Anavi (1):
get_module_deps3.py: Check attribute '__file__'
Liam Beguin (1):
meson: make wrapper options sub-command specific
Louis Rannou (1):
oeqa/selftest/locales: Add selftest for locale generation/presence
Luca Boccassi (1):
systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
Luis (1):
rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
Marek Vasut (5):
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
systemd: Make importd depend on glib-2.0 again
bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
bitbake: fetch2/git: Clarify the meaning of namespace
cpio: Fix wrong CRC with ASCII CRC for large files
Mark Asselstine (1):
bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
Markus Volk (2):
mesa: update 22.2.0 -> 22.2.2
librsvg: enable vapi build
Marta Rybczynska (1):
cve-update-db-native: avoid incomplete updates
Martin Jansa (12):
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
externalsrc.bbclass: fix git repo detection
libxml2: fix test data checksums
meta: remove True option to getVar and getVarFlag calls (again)
timezone: use 'tz' subdir instead of ${WORKDIR} directly
tzdata: use separate B instead of WORKDIR for zic output
tzcode-native: fix build with gcc-13 on host
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
bmap-tools: switch to main branch
selftest: runqemu: better check for ROOTFS: in the log
selftest: runqemu: use better error message when asserts fail
runqemu: respect IMAGE_LINK_NAME
Mateusz Marciniec (1):
sstatesig: Improve output hash calculation
Mathieu Dubois-Briand (1):
dbus: Add missing CVE product name
Mauro Queiros (1):
image.bbclass: print all QA functions exceptions
Michael Halstead (3):
uninative: Upgrade to 3.8.1 to include libgcc
selftest/runtime_test/virgl: Disable for all Rocky Linux
uninative: Upgrade to 3.9 to include glibc 2.37
Michael Opdenacker (13):
bitbake: bitbake-user-manual: details about variable flags starting with underscore
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
backport SPDX documentation and vulnerability improvements
Expand create-spdx class documentation
Expand cve-check class documentation
manuals: add 4.0.5 and 4.0.6 release notes
dev-manual: fix old override syntax
ref-manual: variables.rst: fix broken hyperlink
profile-manual: update WireShark hyperlinks
bsp-guide: fix broken git URLs and missing word
manuals: update patchwork instance URL
dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
migration-guides: update release notes
Mikko Rapeli (13):
common-tasks.rst: fix oeqa runtime test path
oeqa context.py: fix --target-ip comment to include ssh port number
oeqa ssh.py: move output prints to new line
oeqa ssh.py: add connection keep alive options to ssh client
oeqa dump.py: add error counter and stop after 5 failures
oeqa qemurunner: read more data at a time from serial
oeqa qemurunner.py: add timeout to QMP calls
oeqa qemurunner.py: try to avoid reading one character at a time
oeqa ssh.py: fix hangs in run()
runqemu: kill qemu if it hangs
oeqa rtc.py: skip if read-only-rootfs
oeqa ping.py: avoid busylooping failing ping command
oeqa ping.py: fail test if target IP address has not been set
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Mingli Yu (6):
grub: disable build on armv7ve/a with hardfp
glslang: branch rename master -> main
mdadm: Fix testcase 06wrmostly
mdadm: fix tests/02lineargrow
mdadm: Fix raid0 tests
report-error: catch Nothing PROVIDES error
Narpat Mali (4):
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
libseccomp: fix for the ptest result format
python3-setuptools: fix for CVE-2022-40897
Nathan Rossi (2):
oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
package: Fix handling of minidebuginfo with newer binutils
Niko Mauno (3):
systemd: Consider PACKAGECONFIG in RRECOMMENDS
Fix missing leading whitespace with ':append'
ref-manual: Fix invalid feature name
Ola x Nilsson (1):
kbd: Don't build tests
Ovidiu Panait (1):
kernel.bbclass: remove empty module directories to prevent QA issues
Pavel Zhukov (4):
bitbake: gitsm: Fix regression in gitsm submodule path parsing
oeqa/rpm.py: Increase timeout and add debug output
wic: Fix usage of fstype=none in wic
u-boot: Map arm64 into map for u-boot dts installation
Pawel Zalewski (1):
classes/fs-uuid: Fix command output decoding issue
Peter Bergin (1):
gptfdisk: remove warning message from target system
Peter Kjellerstedt (4):
externalsrc.bbclass: Remove a trailing slash from ${B}
pango: Make it build with ptest disabled
librsvg: Only enable the Vala bindings if GObject Introspection is enabled
devshell: Do not add scripts/git-intercept to PATH
Peter Marko (6):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
externalsrc: fix lookup for .gitmodules
oeqa/selftest/externalsrc: add test for srctree_hash_files
systemd: add group sgx to udev package
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
Petr Kubizňák (1):
harfbuzz: remove bindir only if it exists
Piotr Łobacz (1):
systemd: fix wrong nobody-group assignment
Polampalli, Archana (1):
libpam: fix CVE-2022-28321
Qiu, Zheng (3):
tiff: fix a typo for CVE-2022-2953.patch
tiff: Security fix for CVE-2022-3970
vim: upgrade 9.0.0820 -> 9.0.0947
Quentin Schulz (4):
cairo: update patch for CVE-2019-6461 with upstream solution
docs: kernel-dev: faq: update tip on how to not include kernel in image
docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
cairo: fix CVE patches assigned wrong CVE number
Randy MacLeod (3):
valgrind: skip the boost_thread test on arm
vim: upgrade 9.0.0947 -> 9.0.1211
vim: upgrade 9.0.1403 -> 9.0.1429
Ranjitsinh Rathod (1):
curl: Correct LICENSE from MIT-open-group to curl
Ravula Adhitya Siddartha (2):
linux-yocto/5.15: update genericx86* machines to v5.15.72
linux-yocto/5.19: update genericx86* machines to v5.19.14
Richard Purdie (37):
build-appliance-image: Update to langdale head revision
bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
lttng-modules: upgrade 2.13.5 -> 2.13.7
bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
gcc-shared-source: Fix source date epoch handling
gcc-source: Fix gengtypes race
gcc-source: Drop gengtype manipulation
gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
sanity: Drop data finalize call
oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
qemu: Ensure libpng dependency is deterministic
yocto-check-layer: Allow OE-Core to be tested
oeqa/concurrencytest: Add number of failures to summary output
build-appliance-image: Update to langdale head revision
bitbake: server/process: Add bitbake.sock race handling
native: Drop special variable handling
kernel/linux-kernel-base: Fix kernel build artefact determinism issues
make-mod-scripts: Ensure kernel build output is deterministic
perf: Enable debug/source packaging
libc-locale: Fix on target locale generation
libssh2: Clean up ptest patch/coverage
build-appliance-image: Update to langdale head revision
bitbake: utils: Allow to_boolean to support int values
bitbake: cookerdata: Remove incorrect SystemExit usage
bitbake: cookerdata: Improve early exception handling
bitbake: cookerdata: Drop dubious exception handling code
binutils: Fix nativesdk ld.so search
oeqa/selftest/prservice: Improve debug output for failure
staging: Separate out different multiconfig manifests
staging/multilib: Fix manifest corruption
glibc: Add missing binutils dependency
selftest/recipetool: Stop test corrupting tinfoil class
base-files: Drop localhost.localdomain from hosts file
pybootchartui: Fix python syntax issue
pybootchart: Fix extents handling to account for cpu/io/mem pressure changes
xdg-utils: Add a patch for CVE-2020-27748
xdg-utils: Fix CVE number
Robert Andersson (1):
go-crosssdk: avoid host contamination by GOCACHE
Robert Joslyn (2):
curl: Backport CVE fixes
curl: Fix CVE-2022-43551 and CVE-2022-43552
Robert Yang (1):
bitbake: fetch/git: Fix local clone url to make it work with repo
Rodolfo Quesada Zumbado (1):
tar: CVE-2022-48303
Romuald JEANNE (1):
image_types: fix vname var init in multiubi_mkfs() function
Romuald Jeanne (1):
image_types: fix multiubi var init
Ross Burton (48):
libx11: apply the fix for CVE-2022-3554
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
tiff: fix a number of CVEs
qemu: backport the fix for CVE-2022-3165
pango: upgrade 1.50.9 -> 1.50.10
zlib: do out-of-tree builds
zlib: upgrade 1.2.12 -> 1.2.13
bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
pixman: backport fix for CVE-2022-44638
sudo: backport fix for CVE-2022-43995
sanity: check for GNU tar specifically
expat: upgrade to 2.5.0
oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
insane: add codeload.github.com to src-uri-bad check
linux-firmware: don't put the firmware into the sysroot
lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
combo-layer: remove unused import
combo-layer: dont use bb.utils.rename
combo-layer: add sync-revs command
libepoxy: remove upstreamed patch
cve-update-db-native: show IP on failure
pango: upgrade 1.50.11 -> 1.50.12
oeqa/selftest/debuginfod: improve testcase
curl: don't enable debug builds
bitbake: bb/utils: include SSL certificate paths in export_proxies
ppp: backport fix for CVE-2022-4603
quilt: fix intermittent failure in faildiff.test
spirv-headers/spirv-tools: set correct branch name
quilt: use upstreamed faildiff.test fix
git: ignore CVE-2022-41953
buildtools-tarball: set pkg-config search path
sdkext/cases/devtool: pass a logger to HTTPService
httpserver: add error handler that write to the logger
less: backport the fix for CVE-2022-46663
lib/buildstats: handle tasks that never finished
cml1: remove redundant addtask
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
vim: upgrade to 9.0.1403
vim: set modified-by to the recipe MAINTAINER
meson: remove obsolete RPATH stripping patch
lib/resulttool: fix typo breaking resulttool log --ptest
scripts/lib/buildstats: handle top-level build_stats not being complete
tzdata: upgrade to 2023c
oeqa/runtime: clean up deprecated backslash expansion
xserver-xorg: backport fix for CVE-2023-1393
screen: backport fix for CVE-2023-24626
Ryan Eatmon (1):
go: Update reproducibility patch to fix panic errors
Sakib Sajal (2):
go: update 1.19.2 -> 1.19.3
git: upgrade 2.37.5 -> 2.37.6
Sandeep Gundlupet Raju (3):
libdrm: Remove libdrm-kms package
kernel-fitimage: Adjust order of dtb/dtbo files
kernel-fitimage: Allow user to select dtb when multiple dtb exists
Saul Wold (2):
at: Change when files are copied
busybox: Fix depmod patch
Sean Anderson (3):
uboot-sign: Fix using wrong KEY_REQ_ARGS
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
Sergei Zhmylev (2):
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
wic: make ext2/3/4 images reproducible
Siddharth (1):
harfbuzz: Security fix for CVE-2023-25193
Siddharth Doshi (3):
openssl: Upgrade 3.0.7 -> 3.0.8
epiphany: Security fix for CVE-2023-26081
openssl: Security fix for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466
Soumya (1):
shadow: Fix can not print full login timeout message
Steve Sakoman (8):
poky.conf: bump version for 4.1.1
Revert "sudo: backport fix for CVE-2022-43995"
poky.conf: bump version for 4.1.2
poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros
poky.conf: bump version for 4.1.3
poky.conf: bump version for 4.1.4
build-appliance-image: Update to langdale head revision
Sudip Mukherjee (1):
libgit2: update license information
Teoh Jay Shen (1):
vim: Upgrade 9.0.0598 -> 9.0.0614
Thomas Perrot (1):
xserver-xorg: move some recommended dependencies in required
Thomas Roos (1):
devtool: fix devtool finish when gitmodules file is empty
Tim Orling (7):
vim: upgrade 9.0.0614 -> 9.0.0820
python3-mako: upgrade 1.2.2 -> 1.2.3
mirrors.bbclass: update CPAN_MIRROR
bitbake: toaster: fixtures/README: django 1.8 -> 3.2
bitbake: toaster: fixtures/gen_fixtures.py: update branches
bitbake: toaster: Add refreshed oe-core and poky fixtures
cracklib: update github branch to 'main'
Tobias Hagelborn (2):
sstate.bbclass: Fetch non-existing local .sig files if needed
lib/oe/gpg_sign.py: Avoid race when creating .sig files in detach_sign
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Trevor Woerner (3):
cups: use BUILDROOT instead of DESTDIR
cups: check PACKAGECONFIG for pam feature
cups: add/fix web interface packaging
Ulrich Ölmann (4):
recipe_sanity: fix old override syntax
lsof: fix old override syntax
update-alternatives: fix typos
kernel-yocto: fix kernel-meta data detection
Vincent Davis Jr (1):
linux-firmware: package amdgpu firmware
Vivek Kumbhar (1):
openssl: fix CVE-2022-3996 double locking leads to denial of service
Vyacheslav Yurkov (1):
overlayfs: Allow not used mount points
Wang Mingyu (26):
bind: upgrade 9.18.7 -> 9.18.8
inetutils: upgrade 2.3 -> 2.4
socat: upgrade 1.7.4.3 -> 1.7.4.4
libxcrypt: upgrade 4.4.28 -> 4.4.30
xwayland: upgrade 22.1.4 -> 22.1.5
sysstat: upgrade 12.6.0 -> 12.6.1
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
libsdl2: upgrade 2.24.1 -> 2.24.2
mesa: upgrade 22.2.2 -> 22.2.3
babeltrace: upgrade 1.5.8 -> 1.5.11
iso-codes: upgrade 4.11.0 -> 4.12.0
bind: upgrade 9.18.8 -> 9.18.9
libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
mpfr: upgrade 4.1.0 -> 4.1.1
libpng: upgrade 1.6.38 -> 1.6.39
help2man: upgrade 1.49.2 -> 1.49.3
gstreamer1.0: upgrade 1.20.4 -> 1.20.5
bind: upgrade 9.18.9 -> 9.18.10
libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1
xwayland: upgrade 22.1.7 -> 22.1.8
iso-codes: upgrade 4.12.0 -> 4.13.0
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
dhcpcd: Fix install conflict when enable multilib.
xcb-proto: Fix install conflict when enable multilib.
Xiangyu Chen (7):
sudo: upgrade 1.9.11p3 -> 1.9.12p1
grub: backport patches to fix CVE-2022-28736
openssh: remove RRECOMMENDS to rng-tools for sshd package
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
numactl: skip test case when target platform doesn't have 2 CPU node
dhcpcd: fix dhcpcd start failure on qemuppc64
sudo: update 1.9.13p2 -> 1.9.13p3
Zoltan Boszormenyi (1):
piglit: Fix build time dependency
ciarancourtney (1):
wic: swap partitions are not added to fstab
leimaohui (1):
libpng: Enable NEON for aarch64 to enensure consistency with arm32.
pgowda (1):
binutils: Add patch to fix CVE-2022-4285
wangmy (13):
meson: upgrade 0.63.2 -> 0.63.3
mtools: upgrade 4.0.40 -> 4.0.41
ifupdown: upgrade 0.8.37 -> 0.8.39
gnutls: upgrade 3.7.7 -> 3.7.8
libcap: upgrade 2.65 -> 2.66
libical: upgrade 3.0.14 -> 3.0.15
numactl: upgrade 2.0.15 -> 2.0.16
wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
libksba: upgrade 1.6.0 -> 1.6.2
libsdl2: upgrade 2.24.0 -> 2.24.1
lttng-ust: upgrade 2.13.4 -> 2.13.5
lighttpd: upgrade 1.4.66 -> 1.4.67
dbus: upgrade 1.14.0 -> 1.14.4
meta-security: 2aa48e6f4e..a4562b1912:
Anton Antonov (2):
Flush caches after OEQA tests
Fix PACKAGECONFIG check in Parsec OEQA tests
Armin Kuster (2):
packagegroup-security-tpm2: restore pkgs removed earlier
Revert "meta-parsec/layer.conf: Insert addpylib declaration"
Peter Hoyes (1):
meta-parsec/layer.conf: Insert addpylib declaration
meta-raspberrypi: 722c51647c..8e3cbfa598:
Andrei Gherzan (2):
ci: Bump actions/checkout to v3
ci: Fix dco-check job with newer git versions
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
Martin Jansa (1):
raspberrypi4-64: drop DEFAULTTUNE assignment
Sung Gon Kim (1):
libcamera: rename bbappend to match any version
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I394eff2a339089121317b9dfb1a2ff4dfcae3339
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 7d050a5..0ba2280 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -1,4 +1,12 @@
-image: ghcr.io/siemens/kas/kas:latest-release
+image: ghcr.io/siemens/kas/kas:3.2
+
+variables:
+ CPU_REQUEST: ""
+ DEFAULT_TAG: ""
+ # These are needed as the k8s executor doesn't respect the container entrypoint
+ # by default
+ FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0
+ FF_KUBERNETES_HONOR_ENTRYPOINT: 1
stages:
- prep
@@ -6,6 +14,8 @@
# Common job fragment to get a worker ready
.setup:
+ tags:
+ - $DEFAULT_TAG
stage: build
interruptible: true
variables:
@@ -25,11 +35,29 @@
- mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
# Must do this here, as it's the only way to make sure the toolchain is installed on the same builder
- ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR
- - sudo apt-get update && sudo apt-get install --yes telnet python3-subunit
+ # This can be removed with Kas 3.2
+ - sudo apt-get update && sudo apt-get install --yes python3-subunit
# Generalised fragment to do a Kas build
.build:
extends: .setup
+ variables:
+ KUBERNETES_CPU_REQUEST: $CPU_REQUEST
+ rules:
+ # Don't run MR pipelines
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ when: never
+ # Don't run pipelines for tags
+ - if: $CI_COMMIT_TAG
+ when: never
+ # Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex
+ - if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX'
+ when: never
+ # Allow the dev kernels to fail and not fail the overall build
+ - if: '$KERNEL == "linux-yocto-dev"'
+ allow_failure: true
+ # Catch all for everything else
+ - if: '$KERNEL != "linux-yocto-dev"'
script:
- KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME")
- kas shell --update --force-checkout $KASFILES -c 'cat conf/*.conf'
@@ -210,7 +238,7 @@
"yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency"
parallel:
matrix:
- - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain, meta-gem5]
+ - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain, meta-gem5, meta-atp]
pending-updates:
extends: .setup
@@ -228,8 +256,7 @@
# What percentage of machines in the layer do we build
machine-coverage:
- stage: build
- interruptible: true
+ extends: .setup
script:
- ./ci/check-machine-coverage
coverage: '/Coverage: \d+/'
diff --git a/meta-arm/README.md b/meta-arm/README.md
index 221633e..e82f553 100644
--- a/meta-arm/README.md
+++ b/meta-arm/README.md
@@ -20,7 +20,7 @@
* meta-atp
- This layer contains recipes for the Adaptive Traffic Generation integration into meta-gem5.
+ This layer contains recipes for the [AMBA Adaptive Traffic Profiles (ATP)](https://developer.arm.com/documentation/ihi0082/latest) generation integration into meta-gem5.
* meta-gem5
diff --git a/meta-arm/ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch b/meta-arm/ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch
new file mode 100644
index 0000000..4ad6607
--- /dev/null
+++ b/meta-arm/ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch
@@ -0,0 +1,26 @@
+This causes illegal instruction faults in pixman, so xserver crashes.
+https://github.com/kraj/meta-clang/issues/696
+
+From 8659c5c5bec39dd43a1988b19d4cf30507a44679 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Mon, 28 Nov 2022 16:52:50 +0000
+Subject: [PATCH] Revert "pixman: Do not use clang assembler for now"
+
+This reverts commit 84dbafa42d8141b00da75d6664aef07c252a52ee.
+---
+ conf/nonclangable.conf | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/conf/nonclangable.conf b/conf/nonclangable.conf
+index 04112f4..b5db848 100644
+--- a/conf/nonclangable.conf
++++ b/conf/nonclangable.conf
+@@ -347,5 +347,4 @@ DEPENDS:append:pn-pixman:mips:toolchain-clang = " openmp"
+ #| .endfunc
+ #| ^
+ CFLAGS:append:pn-pixman:arm:toolchain-clang = " -no-integrated-as"
+-CFLAGS:append:pn-pixman:aarch64:toolchain-clang = " -no-integrated-as"
+
+--
+2.34.1
+
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml
index e5e7dd5..6c90902 100644
--- a/meta-arm/ci/clang.yml
+++ b/meta-arm/ci/clang.yml
@@ -4,8 +4,16 @@
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
- refspec: master
+ patches:
+ pixman:
+ repo: meta-arm
+ path: ci/0001-Revert-pixman-Do-not-use-clang-assembler-for-now.patch
local_conf_header:
clang: |
TOOLCHAIN = "clang"
+ # Backport d89e06ad94a46f6810d0a8787004b71b8ecaf87d to langdale
+ OBJCOPY:pn-linux-yocto:toolchain-clang = "${HOST_PREFIX}objcopy"
+ # Perf needs fixes backported, use GCC for now
+ # https://lore.kernel.org/linux-perf-users/Y5d4k7fDxfRP7hcN@kernel.org/T/#t
+ TOOLCHAIN:pn-perf = "gcc"
diff --git a/meta-arm/ci/n1sdp.yml b/meta-arm/ci/n1sdp.yml
index 797a522..f688307 100644
--- a/meta-arm/ci/n1sdp.yml
+++ b/meta-arm/ci/n1sdp.yml
@@ -4,3 +4,7 @@
- ci/base.yml
machine: n1sdp
+
+local_conf_header:
+ unsupported_trusted_services: |
+ MACHINE_FEATURES:remove = "ts-smm-gateway"
diff --git a/meta-arm/documentation/oeqa-fvp.md b/meta-arm/documentation/oeqa-fvp.md
index 582dd38..e146885 100644
--- a/meta-arm/documentation/oeqa-fvp.md
+++ b/meta-arm/documentation/oeqa-fvp.md
@@ -4,7 +4,7 @@
Tests can be configured to run automatically post-build by setting the variable `TESTIMAGE_AUTO="1"`, e.g. in your Kas file or local.conf.
-There are two main methods of testing, using different test "targets".
+There are two main methods of testing, using different test "targets". Both test targets generate an additional log file with the prefix 'fvp_log' in the image recipe's `${WORKDIR}/testimage` containing the FVP's stdout.
## OEFVPTarget
diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml
index 5fe7f4d..19aeaa0 100644
--- a/meta-arm/kas/corstone1000-base.yml
+++ b/meta-arm/kas/corstone1000-base.yml
@@ -16,6 +16,7 @@
poky:
url: https://git.yoctoproject.org/git/poky
+ refspec: 79434a17eb4835e85fcd477baec08c8ce49a4c14
layers:
meta:
meta-poky:
@@ -23,6 +24,7 @@
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
+ refspec: c5668905a6d8a78fb72c2cbf8b20e91e686ceb86
layers:
meta-oe:
meta-python:
diff --git a/meta-arm/kas/corstone500.yml b/meta-arm/kas/corstone500.yml
index a454a46..5e1b9e6 100644
--- a/meta-arm/kas/corstone500.yml
+++ b/meta-arm/kas/corstone500.yml
@@ -5,7 +5,7 @@
defaults:
repos:
- refspec: master
+ refspec: langdale
repos:
meta-arm:
@@ -16,7 +16,6 @@
poky:
url: https://git.yoctoproject.org/git/poky
- refspec: master
layers:
meta:
meta-poky:
@@ -24,7 +23,6 @@
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
- refspec: master
layers:
meta-oe:
meta-python:
diff --git a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
index dd175d0..70a58be 100644
--- a/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
+++ b/meta-arm/kas/fvp-baser-aemv8r64-bsp.yml
@@ -6,7 +6,7 @@
defaults:
repos:
- refspec: master
+ refspec: langdale
repos:
meta-arm:
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
index 320e22c..1ba0708 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -10,10 +10,10 @@
TUNE_FEATURES = "aarch64"
PREFERRED_VERSION_u-boot ?= "2022.04"
-PREFERRED_VERSION_linux-yocto ?= "5.15%"
-PREFERRED_VERSION_linux-yocto-rt ?= "5.15%"
# FVP u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig"
KERNEL_IMAGETYPE = "Image"
+
+FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
index 8119cb6..06bef29 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf
@@ -9,8 +9,6 @@
EXTRA_IMAGEDEPENDS += "boot-wrapper-aarch64"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-PREFERRED_VERSION_linux-yocto ?= "5.15%"
-PREFERRED_VERSION_linux-yocto-rt ?= "5.15%"
PREFERRED_VERSION_u-boot ?= "2022.07"
KERNEL_IMAGETYPE = "Image"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/juno.conf b/meta-arm/meta-arm-bsp/conf/machine/juno.conf
index c002ed6..4a86d4e 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/juno.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/juno.conf
@@ -10,10 +10,10 @@
MACHINE_FEATURES = "usbhost usbgadget alsa screen wifi bluetooth optee pci"
-KERNEL_IMAGETYPE = "Image"
+KERNEL_IMAGETYPE = "Image.gz"
KERNEL_DEVICETREE = "arm/juno.dtb arm/juno-r1.dtb arm/juno-r2.dtb"
-IMAGE_FSTYPES += "tar.bz2 ext4"
+IMAGE_FSTYPES += "tar.bz2 ext4 cpio.gz"
SERIAL_CONSOLES = "115200;ttyAMA0"
@@ -25,3 +25,6 @@
# Juno u-boot configuration
UBOOT_MACHINE = "vexpress_aemv8a_juno_defconfig"
+
+INITRAMFS_IMAGE_BUNDLE ?= "1"
+INITRAMFS_IMAGE = "core-image-minimal"
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
index 5d6493a..64e82aa 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
@@ -8,7 +8,73 @@
##########
This document contains a summary of the new features, changes and
-fixes in each release of corstone1000 software stack.
+fixes in each release of Corstone-1000 software stack.
+
+******************
+Version 2022.11.23
+******************
+
+Changes
+=======
+
+- Booting the External System (Cortex-M3) with RTX RTOS
+- Adding MHU communication between the HOST (Cortex-A35) and the External System
+- Adding a Linux application to test the External System
+- Adding ESRT (EFI System Resource Table) support
+- Upgrading the SW stack recipes
+- Upgrades for the U-Boot FF-A driver and MM communication
+
+Corstone-1000 components versions
+=======================================
+
++-------------------------------------------+------------+
+| arm-ffa-tee | 1.1.1 |
++-------------------------------------------+------------+
+| arm-ffa-user | 5.0.0 |
++-------------------------------------------+------------+
+| corstone1000-external-sys-tests | 1.0 |
++-------------------------------------------+------------+
+| external-system | 0.1.0 |
++-------------------------------------------+------------+
+| linux-yocto | 5.19 |
++-------------------------------------------+------------+
+| u-boot | 2022.07 |
++-------------------------------------------+------------+
+| optee-client | 3.18.0 |
++-------------------------------------------+------------+
+| optee-os | 3.18.0 |
++-------------------------------------------+------------+
+| trusted-firmware-a | 2.7.0 |
++-------------------------------------------+------------+
+| trusted-firmware-m | 1.6.0 |
++-------------------------------------------+------------+
+| ts-newlib | 4.1.0 |
++-------------------------------------------+------------+
+| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 |
++-------------------------------------------+------------+
+| ts-sp-{se-proxy, smm-gateway} | 3d4956770f |
++-------------------------------------------+------------+
+
+Yocto distribution components versions
+=======================================
+
++-------------------------------------------+---------------------+
+| meta-arm | langdale |
++-------------------------------------------+---------------------+
+| poky | langdale |
++-------------------------------------------+---------------------+
+| meta-openembedded | langdale |
++-------------------------------------------+---------------------+
+| busybox | 1.35.0 |
++-------------------------------------------+---------------------+
+| musl | 1.2.3+git37e18b7bf3 |
++-------------------------------------------+---------------------+
+| gcc-arm-none-eabi-native | 11.2-2022.02 |
++-------------------------------------------+---------------------+
+| gcc-cross-aarch64 | 12.2 |
++-------------------------------------------+---------------------+
+| openssl | 3.0.5 |
++-------------------------------------------+---------------------+
******************
Version 2022.04.04
@@ -26,10 +92,10 @@
Changes
=======
-- Building and running psa-arch-tests on corstone1000 FVP
-- Enabled smm-gateway partition in Trusted Service on corstone1000 FVP
-- Enabled MHU driver in Trusted Service on corstone1000 FVP
-- Enabled OpenAMP support in SE proxy SP on corstone1000 FVP
+- Building and running psa-arch-tests on Corstone-1000 FVP
+- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP
+- Enabled MHU driver in Trusted Service on Corstone-1000 FVP
+- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP
******************
Version 2022.02.21
@@ -48,7 +114,7 @@
=======
- psa-arch-tests: change master to main for psa-arch-tests
- U-Boot: fix null pointer exception for get_image_info
-- TF-M: fix capsule instability issue for corstone1000
+- TF-M: fix capsule instability issue for Corstone-1000
******************
Version 2022.01.07
@@ -56,9 +122,9 @@
Changes
=======
-- corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
+- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
- U-Boot: send bootcomplete event to secure enclave.
-- U-Boot: support populating corstone1000 image_info to ESRT table.
+- U-Boot: support populating Corstone-1000 image_info to ESRT table.
- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
******************
@@ -67,7 +133,7 @@
Changes
=======
-- Enabling corstone1000 FPGA support on:
+- Enabling Corstone-1000 FPGA support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
@@ -83,7 +149,7 @@
Changes
=======
-- Enabling corstone1000 FVP support on:
+- Enabling Corstone-1000 FVP support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
@@ -95,4 +161,4 @@
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
index 385331b..89a4fa9 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
@@ -7,23 +7,61 @@
Release notes
#############
+
+*************************
+Disclaimer
+*************************
+
+You expressly assume all liabilities and risks relating to your use or operation
+of Your Software and Your Hardware designed or modified using the Arm Tools,
+including without limitation, Your software or Your Hardware designed or
+intended for safety-critical applications. Should Your Software or Your Hardware
+prove defective, you assume the entire cost of all necessary servicing, repair
+or correction.
+
+
+**************************
+Release notes - 2022.11.23
+**************************
+
+Known Issues or Limitations
+---------------------------
+ - The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system.
+ - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
+ - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
+ - Below SCT FAILURE is a known issues in the FVP:
+ UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
+ - Below SCT FAILURE is a known issue when a terminal emulator (in the system where the user connects to serial ports) does not support 80x25 or 80x50 mode:
+ EFI_SIMPLE_TEXT_OUT_PROTOCOL.SetMode - SetMode() with valid mode -- FAILURE
+ - Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid;
+ The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests.
+ In both cases, the system executes the entire test suite and writes the results as stated in the user guide.
+
+
+Platform Support
+-----------------
+ - This software release is tested on Corstone-1000 FPGA version AN550_v1
+ https://developer.arm.com/downloads/-/download-fpga-images
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
+ https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
**************************
Release notes - 2022.04.04
**************************
Known Issues or Limitations
---------------------------
- - FGPA support Linux distro install and boot through installer. However,
+ - FPGA support Linux distro install and boot through installer. However,
FVP only support openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide
- cannot boot on corstone1000 (i.e. user may experience timeouts or boot hang).
+ cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
Platform Support
-----------------
- - This software release is tested on corstone1000 FPGA version AN550_v1
- - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23
+ - This software release is tested on Corstone-1000 FPGA version AN550_v1
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
@@ -32,13 +70,13 @@
Known Issues or Limitations
---------------------------
- - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS,
+ - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot.
Platform Support
----------------
- - This software release is tested on corstone1000 FPGA version AN550_v1
- - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23
+ - This software release is tested on Corstone-1000 FPGA version AN550_v1
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.02.21
@@ -46,13 +84,13 @@
Known Issues or Limitations
---------------------------
- - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS,
+ - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, psa-arch-test.
Platform Support
----------------
- - This software release is tested on corstone1000 FPGA version AN550_v1
- - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21
+ - This software release is tested on Corstone-1000 FPGA version AN550_v1
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.01.18
@@ -85,13 +123,13 @@
Platform Support
----------------
- - This software release is tested on corstone1000 FPGA version AN550_v1
- - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21
+ - This software release is tested on Corstone-1000 FPGA version AN550_v1
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS,
+ - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, and
psa-arch-tests.
- Only the manual capsule update from UEFI shell is supported on FPGA.
@@ -107,7 +145,7 @@
Software Features
-----------------
-This initial release of corstone1000 supports booting Linux on the Cortex-A35
+This initial release of Corstone-1000 supports booting Linux on the Cortex-A35
and TF-M/MCUBOOT in the Secure Enclave. The following components are present in
the release:
@@ -119,7 +157,7 @@
Platform Support
----------------
- - This Software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21
+ - This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
@@ -130,8 +168,10 @@
Support
-------
-For support email: support-subsystem-iot@arm.com
+For technical support email: support-subsystem-iot@arm.com
+
+For all security issues, contact Arm by email at arm-security@arm.com.
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
index d5930fc..e173f24 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -9,18 +9,16 @@
Notice
------
-The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build
-a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the
-`Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__
+The Corstone-1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build
+a tiny Linux distribution suitable for the Corstone-1000 platform (kernel and initramfs filesystem less than 5 MB on the flash).
+The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__
tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__
for more information.
Prerequisites
-------------
-These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with
-at least 32GB of free disk space and 16GB of RAM as minimum requirement. The
-following instructions expect that you are using a bash shell.
+These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths.
The following prerequisites must be available on the host system. To resolve these dependencies, run:
@@ -35,12 +33,12 @@
Provided components
-------------------
-Within the Yocto Project, each component included in the corstone1000 software stack is specified as
-a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__.
-The recipes specific to the corstone1000 BSP are located at:
+Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as
+a `bitbake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__.
+The recipes specific to the Corstone-1000 BSP are located at:
``<_workspace>/meta-arm/meta-arm-bsp/``.
-The Yocto machine config files for the corstone1000 FVP and FPGA are:
+The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are:
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
- ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf``
@@ -86,7 +84,7 @@
distribution which is a Linux distribution stripped down to a minimal configuration.
The provided distribution is based on busybox and built using muslibc. The
-recipe responsible for building a tiny version of linux is listed below.
+recipe responsible for building a tiny version of Linux is listed below.
+-----------+----------------------------------------------------------------------------------------------+
| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend |
@@ -96,6 +94,16 @@
| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig |
+-----------+----------------------------------------------------------------------------------------------+
+External System Tests
+=======================
+Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__
+
++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb |
++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+
+The recipe provides the systems-comms-tests command run in Linux and used for testing the External System.
+
**************************************************
Software for Boot Processor (a.k.a Secure Enclave)
**************************************************
@@ -107,6 +115,18 @@
| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb |
+----------+-------------------------------------------------------------------------------------------------+
+**************************************************
+Software for the External System
+**************************************************
+
+RTX
+====
+Based on `RTX RTOS <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__
+
++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb |
++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
+
Building the software stack
---------------------------
Create a new folder that will be your workspace and will henceforth be referred
@@ -117,26 +137,28 @@
mkdir <_workspace>
cd <_workspace>
-corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake
+Corstone-1000 software is based on the Yocto Project which uses kas and bitbake
commands to build the stack. To install kas tool, run:
::
pip3 install kas
+If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'.
+
In the top directory of the workspace ``<_workspace>``, run:
::
- git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07
+ git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23
-To build corstone1000 image for MPS3 FPGA, run:
+To build a Corstone-1000 image for MPS3 FPGA, run:
::
kas build meta-arm/kas/corstone1000-mps3.yml
-Alternatively, to build corstone1000 image for FVP, run:
+Alternatively, to build a Corstone-1000 image for FVP, run:
::
@@ -150,22 +172,19 @@
- ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build;
- ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
-Everything apart from the ROM firmware is bundled into a single binary, the
-``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the
-``bl1.bin`` file.
+Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the
+``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file.
-The output binaries used by FVP are the following:
- - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin``
- - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt``
-
-The output binaries used by FPGA are the following:
- - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``
- - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt``
+The output binaries run in the Corstone-1000 platform are the following:
+ - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin``
+ - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin``
+ - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt``
Flash the firmware image on FPGA
--------------------------------
-The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__
+The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1``
+from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__
and under the section ``Arm® Corstone™-1000 for MPS3``.
The directory structure of the FPGA bundle is shown below.
@@ -196,9 +215,10 @@
└── config.txt
Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file
-(in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory.
+(in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory.
-Here is an example
+The images.txt file that is compatible with the latest version of the software
+stack can be seen below;
::
@@ -214,24 +234,32 @@
;************************************************
[IMAGES]
- TOTALIMAGES: 2 ;Number of Images (Max: 32)
-
+ TOTALIMAGES: 3 ;Number of Images (Max: 32)
+
IMAGE0PORT: 1
IMAGE0ADDRESS: 0x00_0000_0000
IMAGE0UPDATE: RAM
IMAGE0FILE: \SOFTWARE\bl1.bin
-
+
IMAGE1PORT: 0
- IMAGE1ADDRESS: 0x00_00010_0000
+ IMAGE1ADDRESS: 0x00_0010_0000
IMAGE1UPDATE: AUTOQSPI
IMAGE1FILE: \SOFTWARE\cs1000.bin
+
+ IMAGE2PORT: 2
+ IMAGE2ADDRESS: 0x00_0000_0000
+ IMAGE2UPDATE: RAM
+ IMAGE2FILE: \SOFTWARE\es0.bin
OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3``
1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle.
-2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE
- directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
+2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle
+ and rename the binary to ``es0.bin``.
+3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE
+ directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``.
+
**NOTE:** Renaming of the images are required because MCC firmware has
limitation of 8 characters before .(dot) and 3 characters after .(dot).
@@ -240,41 +268,60 @@
Running the software on FPGA
----------------------------
-On the host machine, open 3 minicom sessions. In case of Linux machine it will
-be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine.
+On the host machine, open 4 serial port terminals. In case of Linux machine it will
+be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machines.
- ttyUSB0 for MCC, OP-TEE and Secure Partition
- ttyUSB1 for Boot Processor (Cortex-M0+)
- ttyUSB2 for Host Processor (Cortex-A35)
+ - ttyUSB3 for External System Processor (Cortex-M3)
-Run following commands to open minicom sessions on Linux:
+Run following commands to open serial port terminals on Linux:
::
sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal
sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal
sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal.
+ sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal.
Once the system boot is completed, you should see console
-logs on the minicom sessions. Once the HOST(Cortex-A35) is
+logs on the serial port terminals. Once the HOST(Cortex-A35) is
booted completely, user can login to the shell using
**"root"** login.
+If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case.
+
+
Running the software on FVP
---------------------------
-An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the
-included run script.
-The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the
-`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs"
-section to download the Corstone1000 platform FVP installer. Follow the
+An FVP (Fixed Virtual Platform) model of the Corstone-1000 platform must be available to run the
+Corstone-1000 FVP software image.
+
+A Yocto recipe is provided and allows to download the latest supported FVP version.
+
+The recipe is located at <_workspace>/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
+
+The latest supported Fixed Virtual Platform (FVP) version is 11.19_21 and is automatically downloaded and installed when using the runfvp command as detailed below. The FVP version can be checked by running the following command:
+
+::
+
+<_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- --version
+
+The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate
+to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the
instructions of the installer and setup the FVP.
+To run the FVP using the runfvp command, please run the following command:
+
+::
+
<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf
When the script is executed, three terminal instances will be launched, one for the boot processor
(aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is
-executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic
+executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt
file are copied to their respective memory locations within the model, enforce firewall policies
on memories and peripherals and then, bring the host out of reset.
@@ -282,13 +329,20 @@
(FVP host_terminal_0):
::
+
corstone1000-fvp login:
Login using the username root.
-Running test applications
+The External System can be released out of reset on demand using the systems-comms-tests command.
+
+SystemReady-IR tests
-------------------------
+*********************
+Testing steps
+*********************
+
**NOTE**: Running the SystemReady-IR tests described below requires the user to
work with USB sticks. In our testing, not all USB stick models work well with
MPS3 FPGA. Here are the USB sticks models that are stable in our test
@@ -305,7 +359,8 @@
the testing.
Clean Secure Flash Before Testing (applicable to FPGA only)
------------------------------------------------------------
+==================================================================
+
To prepare a clean board environment with clean secure flash for the testing,
the user should prepare an image that erases the secure flash cleanly during
boot. Run following commands to build such image.
@@ -313,8 +368,8 @@
::
cd <_workspace>
- git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18
- git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
+ git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23
+ git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23
cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm
cd meta-arm
git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch
@@ -325,8 +380,9 @@
- The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
- The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
-Now reboot the board. This step erases the Corstone1000 SecureEnclave flash
-completely, the user should expect following message from TF-M log:
+Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash
+completely, the user should expect following message from TF-M log (can be seen
+in ttyUSB1):
::
@@ -338,9 +394,9 @@
software stack and flash the FPGA as normal. And continue the testing.
Run SystemReady-IR ACS tests
------------------------------
+=============================
-ACS image contains two partitions. BOOT partition and RESULTS partition.
+ACS image contains two partitions. BOOT partition and RESULT partition.
Following packages are under BOOT partition
* SCT
@@ -350,15 +406,15 @@
* grub
* uefi manual capsule application
-RESULTS partition is used to store the test results.
-PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
+RESULT partition is used to store the test results.
+PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
WILL NOT BE CONSISTENT
FPGA instructions for ACS image
--------------------------------
+================================
This section describes how the user can build and run Architecture Compliance
-Suite (ACS) tests on Corstone1000.
+Suite (ACS) tests on Corstone-1000.
First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__.
This repository contains the infrastructure to build the Architecture
@@ -374,8 +430,8 @@
- ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz``
**NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide
-USB driver support for Corstone1000. The ACS image with newer kernel version
-and with full USB support for Corstone1000 will be available in the next
+USB driver support for Corstone-1000. The ACS image with newer kernel version
+and with full USB support for Corstone-1000 will be available in the next
SystemReady release in this repository.
Then, the user should prepare a USB stick with ACS image. In the given example here,
@@ -385,7 +441,7 @@
::
- cd <_workspace>/arm-systemready/IR/scripts/output/
+ cd <_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA
unxz ir_acs_live_image.img.xz
sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
@@ -393,20 +449,24 @@
ensure that only the USB stick with the ACS image is connected to the board,
and then boot the board.
-FVP instructions for ACS image and run
----------------------------------------
+The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions.
-Download acs image from:
+FVP instructions for ACS image and run
+============================================
+
+Download ACS image from:
- ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7``
-Use the below command to run the FVP with acs image support in the
+Use the below command to run the FVP with ACS image support in the
SD card.
::
unxz ${<path-to-img>/ir_acs_live_image.img.xz}
-<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}"
+ tmux
+
+ <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}"
The test results can be fetched using following commands:
@@ -416,8 +476,8 @@
sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/
fdisk -lu <path-to-img>/ir_acs_live_image.img
-> Device Start End Sectors Size Type
- /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data
- /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data
+ <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data
+ <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data
-> <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488
@@ -427,7 +487,7 @@
instructions.
Common to FVP and FPGA
------------------------
+===========================
U-Boot should be able to boot the grub bootloader from
the 1st partition and if grub is not interrupted, tests are executed
@@ -438,83 +498,228 @@
- FWTS
- BSA Linux
-The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP).
+The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP).
-Manual capsule update test
---------------------------
+#####################################################
-The following steps describe running manual capsule update with the ``direct``
-method.
+Manual capsule update and ESRT checks
+---------------------------------------------------------------------
-Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file
+The following section describes running manual capsule update with the ``direct`` method.
+
+The steps described in this section perform manual capsule update and show how to use the ESRT feature
+to retrieve the installed capsule details.
+
+For the following tests two capsules are needed to perform 2 capsule updates. A positive update and a negative update.
+
+A positive test case capsule which boots the platform correctly until the Linux prompt, and a negative test case with an
+incorrect capsule (corrupted or outdated) which fails to boot to the host software.
+
+Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file
- ``ir_acs_live_image.img.xz``
-Download edk2 and generate capsule file:
+Download edk2 under <_workspace> :
::
git clone https://github.com/tianocore/edk2.git
- edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
- cs1k_cap --fw-version 1 --lsv 0 --guid \
- e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
- 0 --verbose <binary_file>
-The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and
-corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file
-(capsule) should be less than 15 MB.
+*********************
+Generating Capsules
+*********************
+
+The capsule binary size (wic.nopt file) should be less than 15 MB.
Based on the user's requirement, the user can change the firmware version
number given to ``--fw-version`` option (the version number needs to be >= 1).
-Capsule Copy instructions for FPGA
------------------------------------
+Generating FPGA Capsules
+========================
+
+::
+
+ <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
+ cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \
+ e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+ 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+
+::
+
+ <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
+ cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \
+ e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+ 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+
+Generating FVP Capsules
+========================
+
+::
+
+ <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
+ cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \
+ e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+ 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt
+
+::
+
+ <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
+ cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \
+ e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+ 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt
+
+*********************
+Copying Capsules
+*********************
+
+Copying the FPGA capsules
+=========================
The user should prepare a USB stick as explained in ACS image section (see above).
-Place the generated ``cs1k_cap`` file in the root directory of the boot partition
+Place the generated ``cs1k_cap`` files in the root directory of the boot partition
in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file
should not be under the EFI/UpdateCapsule directory as this may or may not trigger
the on disk method.
-Capsule Copy instructions for FVP
----------------------------------
+::
-Run below commands to copy capsule into the
-image file and run FVP software.
+ sudo cp cs1k_cap_mps3_v6 <mounting path>/BOOT/
+ sudo cp cs1k_cap_mps3_v5 <mounting path>/BOOT/
+ sync
+
+Copying the FVP capsules
+========================
+
+First, mount the IR image:
::
- sudo mkdir /mnt/test
- sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/
- sudo cp cs1k_cap /mnt/test/
- sudo umount /mnt/test
- exit
+ sudo mkdir /mnt/test
+ sudo mount -o rw,offset=1048576 <path-to-img>/ir_acs_live_image.img /mnt/test
-<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}"
+Then, copy the capsules:
+
+::
+
+ sudo cp cs1k_cap_fvp_v6 /mnt/test/
+ sudo cp cs1k_cap_fvp_v5 /mnt/test/
+ sync
+
+Then, unmount the IR image:
+
+::
+
+ sudo umount /mnt/test
+
+**NOTE:**
Size of first partition in the image file is calculated in the following way. The data is
just an example and might vary with different ir_acs_live_image.img files.
::
- fdisk -lu <path-to-img>/ir_acs_live_image.img
- -> Device Start End Sectors Size Type
- /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data
- /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data
+ fdisk -lu <path-to-img>/ir_acs_live_image.img
+ -> Device Start End Sectors Size Type
+ <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data
+ <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data
- -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576
+ -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576
-Common to FVP and FPGA
------------------------
-Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell.
+******************************
+Performing the capsule update
+******************************
+
+During this section we will be using the capsule with the higher version (cs1k_cap_<fvp/mps3>_v6) for the positive scenario
+and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario.
+
+Running the FVP with the IR prebuilt image
+==============================================
+
+Run the FVP with the IR prebuilt image:
+
+::
+
+ <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}"
+
+Running the FPGA with the IR prebuilt image
+==============================================
+
+Insert the prepared USB stick then Power cycle the MPS3 board.
+
+Executing capsule update for FVP and FPGA
+==============================================
+
+Reach u-boot then interrupt the boot to reach the EFI shell.
+
+::
+
+ Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
+
+Then, type FS0: as shown below:
::
FS0:
- EFI/BOOT/app/CapsuleApp.efi cs1k_cap
-For this test, the user can provide two capsules for testing: a positive test
-case capsule which boots the board correctly, and a negative test case with an
-incorrect capsule which fails to boot the host software.
+In case of the positive scenario run the update with the higher version capsule as shown below:
+
+::
+
+ EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6
+
+After successfully updating the capsule the system will reset.
+
+In case of the negative scenario run the update with the lower version capsule as shown below:
+
+::
+
+ EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5
+
+The command above should fail and in the TF-M logs the following message should appear:
+
+::
+
+ ERROR: flash_full_capsule: version error
+
+Then, reboot manually:
+
+::
+
+ Shell> reset
+
+FPGA: Select Corstone-1000 Linux kernel boot
+==============================================
+
+Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting.
+
+**NOTE:** Otherwise, the execution ends up in the ACS live image.
+
+FVP: Select Corstone-1000 Linux kernel boot
+==============================================
+
+Interrupt the u-boot shell.
+
+::
+
+ Hit any key to stop autoboot:
+
+Run the following commands in order to run the Corstone-1000 Linux kernel and being able to check the ESRT table.
+
+**NOTE:** Otherwise, the execution ends up in the ACS live image.
+
+::
+
+ $ run retrieve_kernel_load_addr
+ $ unzip $kernel_addr 0x90000000
+ $ loadm 0x90000000 $kernel_addr_r 0xf00000
+ $ bootefi $kernel_addr_r $fdtcontroladdr
+
+
+***********************
+Capsule update status
+***********************
+
+Positive scenario
+=================
In the positive case scenario, the user should see following log in TF-M log,
indicating the new capsule image is successfully applied, and the board boots
@@ -532,11 +737,59 @@
...
-In the negative case scenario, the user should see appropriate logs in
-the secure enclave terminal. If capsule pass initial verification, but fails
-verifications performed during boot time, secure enclave will try new images
-predetermined number of times (defined in the code), before reverting back to
-the previous good bank.
+It's possible to check the content of the ESRT table after the system fully boots.
+
+In the Linux command-line run the following:
+
+::
+
+ # cd /sys/firmware/efi/esrt/entries/entry0
+ # cat *
+
+ 0x0
+ e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+ 0
+ 6
+ 0
+ 6
+ 0
+
+.. line-block::
+ capsule_flags: 0x0
+ fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+ fw_type: 0
+ fw_version: 6
+ last_attempt_status: 0
+ last_attempt_version: 6
+ lowest_supported_fw_ver: 0
+
+
+Negative scenario
+=================
+
+In the negative case scenario (rollback the capsule version), the user should
+see appropriate logs in the secure enclave terminal.
+
+::
+
+ ...
+ uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928
+ uefi_capsule_retrieve_images: exit
+ flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10
+ ERROR: flash_full_capsule: version error
+ private_metadata_write: enter: boot_index = 1
+ private_metadata_write: success
+ fmp_set_image_info:133 Enter
+ FMP image update: image id = 0
+ FMP image update: status = 1version=11 last_attempt_version=10.
+ fmp_set_image_info:157 Exit.
+ corstone1000_fwu_flash_image: exit: ret = -1
+ ...
+
+
+If capsule pass initial verification, but fails verifications performed during
+boot time, secure enclave will try new images predetermined number of times
+(defined in the code), before reverting back to the previous good bank.
::
@@ -545,16 +798,45 @@
fwu_select_previous: in regular state by choosing previous active bank
...
-*******************************************************
-Linux distro install and boot (applicable to FPGA only)
-*******************************************************
+It's possible to check the content of the ESRT table after the system fully boots.
-To test Linux distro install and boot, the user should prepare two empty USB sticks.
+In the Linux command-line run the following:
+
+::
+
+ # cd /sys/firmware/efi/esrt/entries/entry0
+ # cat *
+
+ 0x0
+ e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+ 0
+ 6
+ 1
+ 5
+ 0
+
+.. line-block::
+ capsule_flags: 0x0
+ fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+ fw_type: 0
+ fw_version: 6
+ last_attempt_status: 1
+ last_attempt_version: 5
+ lowest_supported_fw_ver: 0
+
+Linux distros tests
+----------------------------------
+
+***************************************************************************************
+Debian/OpenSUSE install and boot (applicable to FPGA only)
+***************************************************************************************
+
+To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32).
Download one of following Linux distro images:
- Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/
- OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/
- - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso
+ - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive.
@@ -565,7 +847,7 @@
::
- sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
+ sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
Boot the MSP3 board with the first USB stick connected. Open following minicom sessions:
@@ -574,11 +856,9 @@
sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal
sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal.
-Press <Ctrl+x>.
+Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process.
-Now plug in the second USB stick, the distro installation process will start.
-
-**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the
+**NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the
distro installation process can take up to 24 hours to complete.
Once installation is complete, unplug the first USB stick and reboot the board.
@@ -591,61 +871,40 @@
Login with the username root.
-Run psa-arch-test (applicable to both FPGA and FVP)
----------------------------------------------------
+**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to
+follow on the subsequent popups to solve the issue during the installation:
-When running psa-arch-test on MPS3 FPGA, the user should make sure there is no
-USB stick connected to the board. Power on the board and boot the board to
-Linux. Then, the user should follow the steps below to run the psa_arch_tests.
-
-When running psa-arch-test on Corstone1000 FVP, the user should follow the
-instructions in `Running the software on FVP`_ section to boot Linux in FVP
-host_terminal_0, and login using the username ``root``.
-
-As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__
-can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
-
-First, create a file containing SE_PROXY_SP UUID. Run:
+1. Select "Continue", then "Continue" again on the next popup
+2. Scroll down and select "Execute a shell"
+3. Select "Continue"
+4. Enter the following command:
::
- echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt
+ in-target grub-install --no-nvram --force-extra-removable
-Then, load FFA driver module into Linux kernel. Run:
+5. Enter the following command:
::
- load_ffa_debugfs.sh .
+ in-target update-grub
-Then, check whether the FFA driver loaded correctly by using the following command:
+6. Enter the following command:
::
- cat /proc/modules | grep arm_ffa_user
+ exit
-The output should be:
+7. Select "Continue without boot loader", then select "Continue" on the next popup
+8. At this stage, the installation should proceed as normal.
-::
-
- arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O)
-
-Now, run the PSA arch tests with following commands. The user should run the
-tests in following order:
-
-::
-
- psa-iat-api-test
- psa-crypto-api-test
- psa-its-api-test
- psa-ps-api-test
-
-********************************************************
-Linux distro: OpenSUSE Raw image installation (FVP Only)
-********************************************************
+***************************************************************************************
+OpenSUSE Raw image install and boot (applicable to FVP only)
+***************************************************************************************
Steps to download openSUSE Tumbleweed raw image:
- Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/
- - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz``
+ - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz``
Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
@@ -670,16 +929,150 @@
Login with the username 'root' and password 'linux'.
-**************************************
+PSA API tests
+----------------------
+
+***************************************************************************************
+Run PSA API test commands (applicable to both FPGA and FVP)
+***************************************************************************************
+
+When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no
+USB stick connected to the board. Power on the board and boot the board to
+Linux. Then, the user should follow the steps below to run the tests.
+
+When running the tests on the Corstone-1000 FVP, the user should follow the
+instructions in `Running the software on FVP`_ section to boot Linux in FVP
+host_terminal_0, and login using the username ``root``.
+
+First, load FF-A TEE kernel module:
+
+::
+
+ insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko
+
+Then, check whether the FF-A TEE driver is loaded correctly by using the following command:
+
+::
+
+ cat /proc/modules | grep arm_ffa_tee
+
+The output should be:
+
+::
+
+ arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O)
+
+Now, run the PSA API tests in the following order:
+
+::
+
+ psa-iat-api-test
+ psa-crypto-api-test
+ psa-its-api-test
+ psa-ps-api-test
+
+External System tests
+-----------------------------------
+
+***************************************************************************************
+Running the External System test command (systems-comms-tests)
+***************************************************************************************
+
+Test 1: Releasing the External System out of reset
+===================================================
+
+Run this command in the Linux command-line:
+
+::
+
+ systems-comms-tests 1
+
+The output on the External System terminal should be:
+
+::
+
+ ___ ___
+ | / __|
+ |=== \___
+ |___ |___/
+ External System Cortex-M3 Processor
+ Running RTX RTOS
+ v0.1.0_2022-10-19_16-41-32-8c9dca7
+ MHUv2 module 'MHU0_H' started
+ MHUv2 module 'MHU1_H' started
+ MHUv2 module 'MHU0_SE' started
+ MHUv2 module 'MHU1_SE' started
+
+Test 2: Communication
+=============================================
+
+Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System.
+
+After running Test 1, run this command in the Linux command-line:
+
+::
+
+ systems-comms-tests 2
+
+Additional output on the External System terminal will be printed:
+
+::
+
+ MHUv2: Message from 'MHU0_H': 0xabcdef1
+ Received 'abcdef1' From Host MHU0
+ CMD: Increment and return to sender...
+ MHUv2: Message from 'MHU1_H': 0xabcdef1
+ Received 'abcdef1' From Host MHU1
+ CMD: Increment and return to sender...
+
+When running Test 2 the first, Test 1 will be run in the background.
+
+The output on the External System terminal should be:
+
+::
+
+ ___ ___
+ | / __|
+ |=== \___
+ |___ |___/
+ External System Cortex-M3 Processor
+ Running RTX RTOS
+ v0.1.0_2022-10-19_16-41-32-8c9dca7
+ MHUv2 module 'MHU0_H' started
+ MHUv2 module 'MHU1_H' started
+ MHUv2 module 'MHU0_SE' started
+ MHUv2 module 'MHU1_SE' started
+ MHUv2: Message from 'MHU0_H': 0xabcdef1
+ Received 'abcdef1' From Host MHU0
+ CMD: Increment and return to sender...
+ MHUv2: Message from 'MHU1_H': 0xabcdef1
+ Received 'abcdef1' From Host MHU1
+ CMD: Increment and return to sender...
+
+The output on the Host terminal should be:
+
+::
+
+ Received abcdf00 from es0mhu0
+ Received abcdf00 from es0mhu1
+
+
+Tests results
+-----------------------------------
+
+As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__
+can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
+
Running the software on FVP on Windows
-**************************************
-If the user needs to run the Corstone1000 software on FVP on Windows. The user
+---------------------------------------------------------------
+
+If the user needs to run the Corstone-1000 software on FVP on Windows. The user
should follow the build instructions in this document to build on Linux host
PC, and copy the output binaries to the Windows PC where the FVP is located,
and launch the FVP binary.
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
index 9127a6c..e29aad3 100644
--- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
+++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
@@ -27,9 +27,9 @@
where either a standard or Real-Time Linux kernel (PREEMPT\_RT) can be built
and run:
- - FVP_Base_AEMv8R: v11.19.14
+ - FVP_Base_AEMv8R: v11.20.15
- boot-wrapper-aarch64: provides PSCI support
- - U-Boot: v2022.04 - provides UEFI services
+ - U-Boot: v2022.07 - provides UEFI services
- Linux kernel: linux-yocto-5.15
- Linux kernel with PREEMPT\_RT support: linux-yocto-rt-5.15
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
index 5bb8c37..dce29a9 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
@@ -8,7 +8,8 @@
LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \
file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e"
-SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master"
+SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master \
+ file://race.patch"
SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080"
PV .= "+git${SRCPV}"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch
new file mode 100644
index 0000000..c6bc4f2
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/files/race.patch
@@ -0,0 +1,66 @@
+Upstream-Status: Submitted [https://gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx/-/issues/1]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 34e1c04534607f5605255f39fb46e26261fc9c4e Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 8 Sep 2020 11:49:08 +0100
+Subject: [PATCH] tools/gen_module_code: atomically rewrite the generated files
+
+The gen_module rule in rules.mk is marked as .PHONY, so make will
+execute it whenever it is mentioned. This results in gen_module_code
+being executed 64 times for a Juno build.
+
+However in heavily parallel builds there's a good chance that
+gen_module_code is writing a file whilst the compiler is reading it
+because make also doesn't know what files are generated by
+gen_module_code.
+
+The correct fix is to adjust the Makefiles so that the dependencies are
+correct but this isn't trivial, so band-aid the problem by atomically
+writing the generated files.
+
+Change-Id: I82d44f9ea6537a91002e1f80de8861d208571630
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ tools/gen_module_code.py | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/tools/gen_module_code.py b/tools/gen_module_code.py
+index 7b3953845..ee099b713 100755
+--- a/tools/gen_module_code.py
++++ b/tools/gen_module_code.py
+@@ -17,6 +17,7 @@
+ import argparse
+ import os
+ import sys
++import tempfile
+
+ DEFAULT_PATH = 'build/'
+
+@@ -53,13 +54,21 @@
+
+ def generate_file(path, filename, content):
+ full_filename = os.path.join(path, filename)
+- with open(full_filename, 'a+') as f:
+- f.seek(0)
+- if f.read() != content:
++
++ try:
++ with open(full_filename) as f:
++ rewrite = f.read() != content
++ except FileNotFoundError:
++ rewrite = True
++
++ if rewrite:
++ with tempfile.NamedTemporaryFile(prefix="gen-module-code",
++ dir=path,
++ delete=False,
++ mode="wt") as f:
+ print("[GEN] {}...".format(full_filename))
+- f.seek(0)
+- f.truncate()
+ f.write(content)
++ os.replace(f.name, full_filename)
+
+
+ def generate_header(path, modules):
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
index 76a7126..932b161 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
@@ -7,10 +7,15 @@
inherit image
inherit wic_nopt tfm_sign_image
+inherit uefi_capsule
PACKAGE_INSTALL = ""
-IMAGE_FSTYPES += "wic wic.nopt"
+IMAGE_FSTYPES += "wic wic.nopt uefi_capsule"
+
+UEFI_FIRMWARE_BINARY = "${PN}-${MACHINE}.${CAPSULE_IMGTYPE}"
+UEFI_CAPSULE_CONFIG = "${THISDIR}/files/${PN}-capsule-update-image.json"
+CAPSULE_IMGTYPE = "wic.nopt"
do_sign_images() {
# Sign TF-A BL2
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json
new file mode 100644
index 0000000..0f011ff
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/files/corstone1000-image-capsule-update-image.json
@@ -0,0 +1,11 @@
+{
+ "Payloads": [
+ {
+ "FwVersion": "5",
+ "Guid": "e2bb9c06-70e9-4b14-97a3-5a7913176e3f",
+ "LowestSupportedVersion": "1",
+ "Payload": "$UEFI_FIRMWARE_BINARY",
+ "UpdateImageIndex": "0"
+ }
+ ]
+}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
index 80565af..45f2ec7 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
@@ -63,10 +63,10 @@
done
if [ "${INITRAMFS_IMAGE_BUNDLE}" -eq 1 ]; then
- cp -L -f ${DEPLOY_DIR_IMAGE}/Image-initramfs-juno.bin \
+ cp -L -f ${DEPLOY_DIR_IMAGE}/Image.gz-initramfs-juno.bin \
${D}/${UNPACK_DIR}/SOFTWARE/Image
else
- cp -L -f ${DEPLOY_DIR_IMAGE}/Image ${D}/${UNPACK_DIR}/SOFTWARE/
+ cp -L -f ${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE} ${D}/${UNPACK_DIR}/SOFTWARE/
fi
# Compress the files
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch
new file mode 100644
index 0000000..7fae7b6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch
@@ -0,0 +1,27 @@
+From 5be42e1c05205209fc3988f0df30a02da95c2448 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 2 Nov 2022 00:12:35 +0000
+Subject: [PATCH] corstone1000: adjust PS asset configuration
+
+Adjust protected storage asset configuration to be more inline
+with the one in trusted service side, that would make thinks
+work when testing and using more than the default variables.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ platform/ext/target/arm/corstone1000/config.cmake | 1 ++
+ 1 file changed, 1 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index ab0fe17ba886..c2b4b646e6b0 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -56,3 +56,4 @@ set(PS_ENCRYPTION OFF CACHE BOOL "Enable
+ set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition")
+
+ set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.")
++set(PS_NUM_ASSETS "40" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area")
+--
+2.38.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index 341a594..58ad103 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -34,6 +34,7 @@
file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \
file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \
file://0006-corstone1000-remove-two-partition-configuration.patch \
+ file://0007-corstone1000-adjust-PS-asset-configuration.patch \
"
do_install() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch
new file mode 100644
index 0000000..2bf68fe
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/juno/0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch
@@ -0,0 +1,41 @@
+From 097a43223da4fa42335944295903ede2755e2dfd Mon Sep 17 00:00:00 2001
+From: Jon Mason <jdmason@kudzu.us>
+Date: Mon, 19 Dec 2022 11:36:04 -0500
+Subject: [PATCH] configs: vexpress: modify to boot compressed initramfs
+
+Signed-off-by: Jon Mason <jdmason@kudzu.us>
+Upstream-Status: Inappropriate
+
+---
+ configs/vexpress_aemv8a_juno_defconfig | 1 +
+ include/configs/vexpress_aemv8.h | 2 ++
+ 2 files changed, 3 insertions(+)
+
+diff --git a/configs/vexpress_aemv8a_juno_defconfig b/configs/vexpress_aemv8a_juno_defconfig
+index e02124cc7f54..6ffe8f5fe67e 100644
+--- a/configs/vexpress_aemv8a_juno_defconfig
++++ b/configs/vexpress_aemv8a_juno_defconfig
+@@ -16,6 +16,7 @@ CONFIG_SYS_LOAD_ADDR=0x90000000
+ CONFIG_BOOTDELAY=1
+ CONFIG_USE_BOOTARGS=y
+ CONFIG_BOOTARGS="console=ttyAMA0,115200n8 root=/dev/sda2 rw rootwait earlycon=pl011,0x7ff80000 debug user_debug=31 androidboot.hardware=juno loglevel=9"
++CONFIG_BOOTCOMMAND="echo running default boot command; afs load ${kernel_name} ${kernel_addr_r} ; if test $? -eq 1; then echo Loading ${kernel_alt_name} instead of ${kernel_name}; afs load ${kernel_alt_name} ${kernel_addr_r};fi ; afs load ${fdtfile} ${fdt_addr_r} ; if test $? -eq 1; then echo Loading ${fdt_alt_name} instead of ${fdtfile}; afs load ${fdt_alt_name} ${fdt_addr_r}; fi ; fdt addr ${fdt_addr_r}; fdt resize; if afs load ${initrd_name} ${initrd_addr_r} ; then setenv initrd_param ${initrd_addr_r}; else setenv initrd_param -; fi ; booti ${kernel_addr_r} ${initrd_param} ${fdt_addr_r}"
+ # CONFIG_DISPLAY_CPUINFO is not set
+ # CONFIG_DISPLAY_BOARDINFO is not set
+ CONFIG_SYS_PROMPT="VExpress64# "
+diff --git a/include/configs/vexpress_aemv8.h b/include/configs/vexpress_aemv8.h
+index cd7f6c1b9ba0..c2f5eb302076 100644
+--- a/include/configs/vexpress_aemv8.h
++++ b/include/configs/vexpress_aemv8.h
+@@ -164,6 +164,8 @@
+ "kernel_name=norkern\0" \
+ "kernel_alt_name=Image\0" \
+ "kernel_addr_r=0x80080000\0" \
++ "kernel_comp_addr_r=0x90000000\0" \
++ "kernel_comp_size=0x3000000\0" \
+ "initrd_name=ramdisk.img\0" \
+ "initrd_addr_r=0x88000000\0" \
+ "fdtfile=board.dtb\0" \
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index 6144e97..e01c850 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -82,7 +82,9 @@
#
# Juno Machines
#
-SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from-uEnv.tx.patch"
+SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from-uEnv.tx.patch \
+ file://0002-configs-vexpress-modify-to-boot-compressed-initramfs.patch \
+ "
#
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch
new file mode 100644
index 0000000..1cbdc9a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch
@@ -0,0 +1,29 @@
+From b443c8efd563dc372c60e7ad9f52aeddf7c13706 Mon Sep 17 00:00:00 2001
+From: Anton Antonov <Anton.Antonov@arm.com>
+Date: Mon, 7 Nov 2022 11:37:51 +0000
+Subject: [PATCH] arm64: dts: fvp: Enable virtio-rng support
+
+The virtio-rng is available from FVP_Base_RevC-2xAEMvA version 11.17.
+Enable it since Yocto includes a recipe for a newer FVP version.
+
+Upstream-Status: Inappropriate [Yocto specific]
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+---
+ arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi
+index ec2d5280a30b..acafdcbf1063 100644
+--- a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi
++++ b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi
+@@ -26,7 +26,6 @@ virtio@200000 {
+ compatible = "virtio,mmio";
+ reg = <0x200000 0x200>;
+ interrupts = <46>;
+- status = "disabled";
+ };
+ };
+ };
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch
new file mode 100644
index 0000000..1c0f25e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch
@@ -0,0 +1,60 @@
+From c4a7b9b587ca1bb4678d48d8be7132492b23a81c Mon Sep 17 00:00:00 2001
+From: Cristian Marussi <cristian.marussi@arm.com>
+Date: Fri, 28 Oct 2022 15:08:33 +0100
+Subject: [PATCH] arm64: dts: juno: Add thermal critical trip points
+
+When thermnal zones are defined, trip points definitions are mandatory.
+Define a couple of critical trip points for monitoring of existing
+PMIC and SOC thermal zones.
+
+This was lost between txt to yaml conversion and was re-enforced recently
+via the commit 8c596324232d ("dt-bindings: thermal: Fix missing required property")
+
+Cc: Rob Herring <robh+dt@kernel.org>
+Cc: Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>
+Cc: devicetree@vger.kernel.org
+Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
+Fixes: f7b636a8d83c ("arm64: dts: juno: add thermal zones for scpi sensors")
+Link: https://lore.kernel.org/r/20221028140833.280091-8-cristian.marussi@arm.com
+Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Backport
+---
+ arch/arm64/boot/dts/arm/juno-base.dtsi | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/arm/juno-base.dtsi b/arch/arm64/boot/dts/arm/juno-base.dtsi
+index 2f27619d8abd..8b4d280b1e7e 100644
+--- a/arch/arm64/boot/dts/arm/juno-base.dtsi
++++ b/arch/arm64/boot/dts/arm/juno-base.dtsi
+@@ -751,12 +751,26 @@ pmic {
+ polling-delay = <1000>;
+ polling-delay-passive = <100>;
+ thermal-sensors = <&scpi_sensors0 0>;
++ trips {
++ pmic_crit0: trip0 {
++ temperature = <90000>;
++ hysteresis = <2000>;
++ type = "critical";
++ };
++ };
+ };
+
+ soc {
+ polling-delay = <1000>;
+ polling-delay-passive = <100>;
+ thermal-sensors = <&scpi_sensors0 3>;
++ trips {
++ soc_crit0: trip0 {
++ temperature = <80000>;
++ hysteresis = <2000>;
++ type = "critical";
++ };
++ };
+ };
+
+ big_cluster_thermal_zone: big-cluster {
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch
new file mode 100644
index 0000000..f19fb8b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch
@@ -0,0 +1,141 @@
+From 59fb813f9742b349f48250bd7793279cafe2752c Mon Sep 17 00:00:00 2001
+From: Pierre Gondois <pierre.gondois@arm.com>
+Date: Mon, 7 Nov 2022 16:56:58 +0100
+Subject: [PATCH] arm64: dts: Update cache properties for Arm Ltd platforms
+
+The DeviceTree Specification v0.3 specifies that the cache node
+"compatible" and "cache-level" properties are required.
+
+Cf. s3.8 Multi-level and Shared Cache Nodes
+The 'cache-unified' property should be present if one of the properties
+for unified cache is present ('cache-size', ...).
+
+Update the relevant device trees nodes accordingly.
+
+Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
+Link: https://lore.kernel.org/r/20221107155825.1644604-6-pierre.gondois@arm.com
+Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Backport
+---
+ arch/arm64/boot/dts/arm/corstone1000.dtsi | 1 +
+ arch/arm64/boot/dts/arm/foundation-v8.dtsi | 1 +
+ arch/arm64/boot/dts/arm/juno-r1.dts | 2 ++
+ arch/arm64/boot/dts/arm/juno-r2.dts | 2 ++
+ arch/arm64/boot/dts/arm/juno.dts | 2 ++
+ arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts | 1 +
+ arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts | 1 +
+ 7 files changed, 10 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/arm/corstone1000.dtsi b/arch/arm64/boot/dts/arm/corstone1000.dtsi
+index 4e46826f883a..21f1f952e985 100644
+--- a/arch/arm64/boot/dts/arm/corstone1000.dtsi
++++ b/arch/arm64/boot/dts/arm/corstone1000.dtsi
+@@ -53,6 +53,7 @@ gic: interrupt-controller@1c000000 {
+
+ L2_0: l2-cache0 {
+ compatible = "cache";
++ cache-unified;
+ cache-level = <2>;
+ cache-size = <0x80000>;
+ cache-line-size = <64>;
+diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi
+index 83e3e7e3984f..c8bd23b1a7ba 100644
+--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi
++++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi
+@@ -58,6 +58,7 @@ cpu3: cpu@3 {
+
+ L2_0: l2-cache0 {
+ compatible = "cache";
++ cache-level = <2>;
+ };
+ };
+
+diff --git a/arch/arm64/boot/dts/arm/juno-r1.dts b/arch/arm64/boot/dts/arm/juno-r1.dts
+index 6451c62146fd..1d90eeebb37d 100644
+--- a/arch/arm64/boot/dts/arm/juno-r1.dts
++++ b/arch/arm64/boot/dts/arm/juno-r1.dts
+@@ -189,6 +189,7 @@ A53_3: cpu@103 {
+
+ A57_L2: l2-cache0 {
+ compatible = "cache";
++ cache-unified;
+ cache-size = <0x200000>;
+ cache-line-size = <64>;
+ cache-sets = <2048>;
+@@ -197,6 +198,7 @@ A57_L2: l2-cache0 {
+
+ A53_L2: l2-cache1 {
+ compatible = "cache";
++ cache-unified;
+ cache-size = <0x100000>;
+ cache-line-size = <64>;
+ cache-sets = <1024>;
+diff --git a/arch/arm64/boot/dts/arm/juno-r2.dts b/arch/arm64/boot/dts/arm/juno-r2.dts
+index 438cd1ff4bd0..d2ada69b0a43 100644
+--- a/arch/arm64/boot/dts/arm/juno-r2.dts
++++ b/arch/arm64/boot/dts/arm/juno-r2.dts
+@@ -195,6 +195,7 @@ A53_3: cpu@103 {
+
+ A72_L2: l2-cache0 {
+ compatible = "cache";
++ cache-unified;
+ cache-size = <0x200000>;
+ cache-line-size = <64>;
+ cache-sets = <2048>;
+@@ -203,6 +204,7 @@ A72_L2: l2-cache0 {
+
+ A53_L2: l2-cache1 {
+ compatible = "cache";
++ cache-unified;
+ cache-size = <0x100000>;
+ cache-line-size = <64>;
+ cache-sets = <1024>;
+diff --git a/arch/arm64/boot/dts/arm/juno.dts b/arch/arm64/boot/dts/arm/juno.dts
+index cf4a58211399..5e48a01a5b9f 100644
+--- a/arch/arm64/boot/dts/arm/juno.dts
++++ b/arch/arm64/boot/dts/arm/juno.dts
+@@ -194,6 +194,7 @@ A53_3: cpu@103 {
+
+ A57_L2: l2-cache0 {
+ compatible = "cache";
++ cache-unified;
+ cache-size = <0x200000>;
+ cache-line-size = <64>;
+ cache-sets = <2048>;
+@@ -202,6 +203,7 @@ A57_L2: l2-cache0 {
+
+ A53_L2: l2-cache1 {
+ compatible = "cache";
++ cache-unified;
+ cache-size = <0x100000>;
+ cache-line-size = <64>;
+ cache-sets = <1024>;
+diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts
+index 258991ad7cc0..ef68f5aae7dd 100644
+--- a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts
++++ b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts
+@@ -71,6 +71,7 @@ cpu@3 {
+
+ L2_0: l2-cache0 {
+ compatible = "cache";
++ cache-level = <2>;
+ };
+ };
+
+diff --git a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts
+index 5b6d9d8e934d..796cd7d02eb5 100644
+--- a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts
++++ b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts
+@@ -57,6 +57,7 @@ cpu@1 {
+
+ L2_0: l2-cache0 {
+ compatible = "cache";
++ cache-level = <2>;
+ };
+ };
+
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch
new file mode 100644
index 0000000..34dd025
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch
@@ -0,0 +1,38 @@
+From 3bd7a0219082c2c91570b81afc35f2aec57cade2 Mon Sep 17 00:00:00 2001
+From: James Clark <james.clark@arm.com>
+Date: Thu, 17 Nov 2022 10:25:36 +0000
+Subject: [PATCH] arm64: dts: fvp: Add SPE to Foundation FVP
+
+Add SPE DT node to FVP model. If the model doesn't support SPE (e.g.,
+turned off via parameter), the driver will skip the initialisation
+accordingly and thus is safe.
+
+Signed-off-by: James Clark <james.clark@arm.com>
+Link: https://lore.kernel.org/r/20221117102536.237515-1-james.clark@arm.com
+Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Backport
+---
+ arch/arm64/boot/dts/arm/foundation-v8.dtsi | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi
+index c8bd23b1a7ba..029578072d8f 100644
+--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi
++++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi
+@@ -85,6 +85,11 @@ pmu {
+ <GIC_SPI 63 IRQ_TYPE_LEVEL_HIGH>;
+ };
+
++ spe-pmu {
++ compatible = "arm,statistical-profiling-extension-v1";
++ interrupts = <GIC_PPI 5 IRQ_TYPE_LEVEL_HIGH>;
++ };
++
+ watchdog@2a440000 {
+ compatible = "arm,sbsa-gwdt";
+ reg = <0x0 0x2a440000 0 0x1000>,
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch
new file mode 100644
index 0000000..72f7161
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch
@@ -0,0 +1,149 @@
+From b2d5025e129289d9b914c696646e64495a7453c0 Mon Sep 17 00:00:00 2001
+From: Sudeep Holla <sudeep.holla@arm.com>
+Date: Fri, 18 Nov 2022 15:10:17 +0000
+Subject: [PATCH] arm64: dts: fvp: Add information about L1 and L2 caches
+
+Add the information about L1 and L2 caches on FVP RevC platform.
+Though the cache size is configurable through the model parameters,
+having default values in the device tree helps to exercise and debug
+any code utilising the cache information without the need of real
+hardware.
+
+Link: https://lore.kernel.org/r/20221118151017.704716-1-sudeep.holla@arm.com
+Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Backport
+---
+ arch/arm64/boot/dts/arm/fvp-base-revc.dts | 73 +++++++++++++++++++++++
+ 1 file changed, 73 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/arm/fvp-base-revc.dts b/arch/arm64/boot/dts/arm/fvp-base-revc.dts
+index 5f6f30c801a7..60472d65a355 100644
+--- a/arch/arm64/boot/dts/arm/fvp-base-revc.dts
++++ b/arch/arm64/boot/dts/arm/fvp-base-revc.dts
+@@ -47,48 +47,121 @@ cpu0: cpu@0 {
+ compatible = "arm,armv8";
+ reg = <0x0 0x000>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C0_L2>;
+ };
+ cpu1: cpu@100 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x100>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C0_L2>;
+ };
+ cpu2: cpu@200 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x200>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C0_L2>;
+ };
+ cpu3: cpu@300 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x300>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C0_L2>;
+ };
+ cpu4: cpu@10000 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x10000>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C1_L2>;
+ };
+ cpu5: cpu@10100 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x10100>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C1_L2>;
+ };
+ cpu6: cpu@10200 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x10200>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C1_L2>;
+ };
+ cpu7: cpu@10300 {
+ device_type = "cpu";
+ compatible = "arm,armv8";
+ reg = <0x0 0x10300>;
+ enable-method = "psci";
++ i-cache-size = <0x8000>;
++ i-cache-line-size = <64>;
++ i-cache-sets = <256>;
++ d-cache-size = <0x8000>;
++ d-cache-line-size = <64>;
++ d-cache-sets = <256>;
++ next-level-cache = <&C1_L2>;
++ };
++ C0_L2: l2-cache0 {
++ compatible = "cache";
++ cache-size = <0x80000>;
++ cache-line-size = <64>;
++ cache-sets = <512>;
++ cache-level = <2>;
++ cache-unified;
++ };
++
++ C1_L2: l2-cache1 {
++ compatible = "cache";
++ cache-size = <0x80000>;
++ cache-line-size = <64>;
++ cache-sets = <512>;
++ cache-level = <2>;
++ cache-unified;
+ };
+ };
+
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch
new file mode 100644
index 0000000..c551250
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/juno/0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch
@@ -0,0 +1,84 @@
+From e15031539490733279c41ba87f4ef2b440a685f5 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Date: Fri, 25 Nov 2022 15:41:12 +0100
+Subject: [PATCH] ARM: dts: vexpress: align LED node names with dtschema
+
+The node names should be generic and DT schema expects certain pattern.
+
+ vexpress-v2p-ca9.dtb: leds: 'user1', 'user2', 'user3', 'user4', 'user5', 'user6', 'user7', 'user8' do not match any of the regexes: '(^led-[0-9a-f]$|led)', 'pinctrl-[0-9]+'
+
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Link: https://lore.kernel.org/r/20221125144112.476817-1-krzysztof.kozlowski@linaro.org
+Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
+
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+Upstream-Status: Backport
+---
+ arch/arm/boot/dts/vexpress-v2m.dtsi | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/arch/arm/boot/dts/vexpress-v2m.dtsi b/arch/arm/boot/dts/vexpress-v2m.dtsi
+index f434fe5cf4a1..def538ce8769 100644
+--- a/arch/arm/boot/dts/vexpress-v2m.dtsi
++++ b/arch/arm/boot/dts/vexpress-v2m.dtsi
+@@ -383,49 +383,49 @@ v2m_refclk32khz: refclk32khz {
+ leds {
+ compatible = "gpio-leds";
+
+- user1 {
++ led-user1 {
+ label = "v2m:green:user1";
+ gpios = <&v2m_led_gpios 0 0>;
+ linux,default-trigger = "heartbeat";
+ };
+
+- user2 {
++ led-user2 {
+ label = "v2m:green:user2";
+ gpios = <&v2m_led_gpios 1 0>;
+ linux,default-trigger = "mmc0";
+ };
+
+- user3 {
++ led-user3 {
+ label = "v2m:green:user3";
+ gpios = <&v2m_led_gpios 2 0>;
+ linux,default-trigger = "cpu0";
+ };
+
+- user4 {
++ led-user4 {
+ label = "v2m:green:user4";
+ gpios = <&v2m_led_gpios 3 0>;
+ linux,default-trigger = "cpu1";
+ };
+
+- user5 {
++ led-user5 {
+ label = "v2m:green:user5";
+ gpios = <&v2m_led_gpios 4 0>;
+ linux,default-trigger = "cpu2";
+ };
+
+- user6 {
++ led-user6 {
+ label = "v2m:green:user6";
+ gpios = <&v2m_led_gpios 5 0>;
+ linux,default-trigger = "cpu3";
+ };
+
+- user7 {
++ led-user7 {
+ label = "v2m:green:user7";
+ gpios = <&v2m_led_gpios 6 0>;
+ linux,default-trigger = "cpu4";
+ };
+
+- user8 {
++ led-user8 {
+ label = "v2m:green:user8";
+ gpios = <&v2m_led_gpios 7 0>;
+ linux,default-trigger = "cpu5";
+--
+2.30.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index 99a40e7..4f9bcfd 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -36,7 +36,6 @@
# Corstone1000 KMACHINE
#
FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}"
-FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}"
COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}"
KCONFIG_MODE:corstone1000 = "--alldefconfig"
KMACHINE:corstone1000 = "corstone1000"
@@ -70,6 +69,7 @@
COMPATIBLE_MACHINE:fvp-base = "fvp-base"
KMACHINE:fvp-base = "fvp"
FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}"
+SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch"
#
# FVP BASE ARM32 KMACHINE
@@ -100,6 +100,13 @@
KBUILD_DEFCONFIG:juno = "defconfig"
KCONFIG_MODE:juno = "--alldefconfig"
FILESEXTRAPATHS:prepend:juno := "${ARMBSPFILESPATHS}"
+SRC_URI:append:juno = " \
+ file://0001-arm64-dts-juno-Add-thermal-critical-trip-points.patch \
+ file://0002-arm64-dts-Update-cache-properties-for-Arm-Ltd-platfo.patch \
+ file://0003-arm64-dts-fvp-Add-SPE-to-Foundation-FVP.patch \
+ file://0004-arm64-dts-fvp-Add-information-about-L1-and-L2-caches.patch \
+ file://0005-ARM-dts-vexpress-align-LED-node-names-with-dtschema.patch \
+ "
#
# Musca B1/S2 can't run Linux
@@ -115,7 +122,6 @@
KBUILD_DEFCONFIG:n1sdp = "defconfig"
KCONFIG_MODE:n1sdp = "--alldefconfig"
FILESEXTRAPATHS:prepend:n1sdp := "${ARMBSPFILESPATHS}"
-FILESEXTRAPATHS:prepend:n1sdp := "${ARMFILESPATHS}"
SRC_URI:append:n1sdp = " \
file://0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch \
file://0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch \
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch
new file mode 100644
index 0000000..d9e20f8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch
@@ -0,0 +1,52 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From 2eb1da30564428551ca687d456d848129105abac Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Tue, 25 Oct 2022 19:08:49 +0100
+Subject: [PATCH] plat-n1sdp: register DRAM1 to optee-os
+
+N1SDP supports two DRAM's. This change is to add 2nd DRAM
+starting at 0x8080000000 address.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk
+index 06b4975a..5374e406 100644
+--- a/core/arch/arm/plat-n1sdp/conf.mk
++++ b/core/arch/arm/plat-n1sdp/conf.mk
+@@ -38,4 +38,4 @@ CFG_SHMEM_START ?= 0x83000000
+ CFG_SHMEM_SIZE ?= 0x00210000
+ # DRAM1 is defined above 4G
+ $(call force,CFG_CORE_LARGE_PHYS_ADDR,y)
+-$(call force,CFG_CORE_ARM64_PA_BITS,36)
++$(call force,CFG_CORE_ARM64_PA_BITS,42)
+diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
+index cfb7f19b..bb951ce6 100644
+--- a/core/arch/arm/plat-n1sdp/main.c
++++ b/core/arch/arm/plat-n1sdp/main.c
+@@ -33,6 +33,7 @@ static struct pl011_data console_data __nex_bss;
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+
+ register_ddr(DRAM0_BASE, DRAM0_SIZE);
++register_ddr(DRAM1_BASE, DRAM1_SIZE);
+
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
+diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
+index 81b99409..bf0a3c83 100644
+--- a/core/arch/arm/plat-n1sdp/platform_config.h
++++ b/core/arch/arm/plat-n1sdp/platform_config.h
+@@ -35,6 +35,9 @@
+ #define DRAM0_BASE 0x80000000
+ #define DRAM0_SIZE 0x80000000
+
++#define DRAM1_BASE 0x8080000000ULL
++#define DRAM1_SIZE 0x80000000ULL
++
+ #define GICD_BASE 0x30000000
+ #define GICC_BASE 0x2C000000
+ #define GICR_BASE 0x300C0000
+--
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
index 219f08b..5e6e150 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
@@ -11,6 +11,7 @@
file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \
file://0003-HACK-disable-instruction-cache-and-data-cache.patch \
file://0004-Handle-logging-syscall.patch \
+ file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \
"
EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
index 801905d..c44885c 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
@@ -1,7 +1,7 @@
-From 7c9589c4bb056db5e1696f2a777891ab235b1b63 Mon Sep 17 00:00:00 2001
+From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 16:36:51 +0000
-Subject: [PATCH 01/19] Add openamp to SE proxy deployment
+Subject: [PATCH 01/20] Add openamp to SE proxy deployment
Openamp is required to communicate between secure partitions(running on
Cortex-A) and trusted-firmware-m(running on Cortex-M).
@@ -283,5 +283,5 @@
+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include")
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
index 39edc9d..0371a7a 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
@@ -1,7 +1,7 @@
-From e4ccb92f8de94a82edd3548d62c853790ae36bd1 Mon Sep 17 00:00:00 2001
+From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 18:00:46 +0000
-Subject: [PATCH 02/19] Implement mhu driver and the OpenAmp conversion layer.
+Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer.
This commit adds an mhu driver (v2.1 and v2) to the secure
partition se_proxy and a conversion layer to communicate with
@@ -1087,5 +1087,5 @@
+# include MHU driver
+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
index bf52a23..5686fac 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
@@ -1,7 +1,7 @@
-From e187510a814b48b7b2e477a9913ee35b68522d06 Mon Sep 17 00:00:00 2001
+From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:00:54 +0000
-Subject: [PATCH 03/19] Add openamp rpc caller
+Subject: [PATCH 03/20] Add openamp rpc caller
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
@@ -1192,5 +1192,5 @@
# Stub service provider backends
"components/rpc/dummy"
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
index 3246224..84d418c 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
@@ -1,7 +1,7 @@
-From 8c1bc5a7ae525d64802e2a06746f698f54cf07ca Mon Sep 17 00:00:00 2001
+From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:05:18 +0000
-Subject: [PATCH 04/19] add psa client definitions for ff-m
+Subject: [PATCH 04/20] add psa client definitions for ff-m
Add PSA client definitions in common include to add future
ff-m support.
@@ -294,5 +294,5 @@
+
+#endif /* __PSA_MANIFEST_SID_H__ */
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
index e179fb0..df3cb2f 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
@@ -1,7 +1,7 @@
-From e9778f726ed582360152f150301995b10d268aae Mon Sep 17 00:00:00 2001
+From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:13:03 +0000
-Subject: [PATCH 05/19] Add common service component to ipc support
+Subject: [PATCH 05/20] Add common service component to ipc support
Add support for inter processor communication for PSA
including, the openamp client side structures lib.
@@ -291,5 +291,5 @@
"components/service/discovery/provider"
"components/service/discovery/provider/serializer/packed-c"
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
index cac43ec..74a8377 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
@@ -1,7 +1,7 @@
-From 0df82487a7a253c601ca20ca1bd64fbb9ed64230 Mon Sep 17 00:00:00 2001
+From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:19:24 +0000
-Subject: [PATCH 06/19] Add secure storage ipc backend
+Subject: [PATCH 06/20] Add secure storage ipc backend
Add secure storage ipc ff-m implementation which may use
openamp as rpc to communicate with other processor.
@@ -519,5 +519,5 @@
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
index 192e976..ad33295 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
@@ -1,7 +1,7 @@
-From 9c7f1e6a5eb9ab887e568cfa3c2003583d387bc9 Mon Sep 17 00:00:00 2001
+From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:25:34 +0000
-Subject: [PATCH 07/19] Use secure storage ipc and openamp for se_proxy
+Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy
Remove mock up backend for secure storage in se proxy
deployment and use instead the secure storage ipc backend with
@@ -59,5 +59,5 @@
return secure_storage_provider_init(&ps_provider, backend);
}
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
index ce7aacf..ab57688 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
@@ -1,7 +1,7 @@
-From d9169d380366afc63af5d4bf02791aeb41f47897 Mon Sep 17 00:00:00 2001
+From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 12 Dec 2021 10:43:48 +0000
-Subject: [PATCH 08/19] Run psa-arch-test
+Subject: [PATCH 08/20] Run psa-arch-test
Fixes needed to run psa-arch-test
@@ -68,5 +68,5 @@
};
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
index ca0c9d9..3295fa9 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
@@ -1,7 +1,7 @@
-From ee767c1ae857cfcc8b4bb520b2558091e253cf94 Mon Sep 17 00:00:00 2001
+From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 12 Dec 2021 10:57:17 +0000
-Subject: [PATCH 09/19] Use address instead of pointers
+Subject: [PATCH 09/20] Use address instead of pointers
Since secure enclave is 32bit and we 64bit there is an issue
in the protocol communication design that force us to handle
@@ -164,5 +164,5 @@
(void)client_id;
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
index d47b0de..2d0725c 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
@@ -1,7 +1,7 @@
-From afdeb8e098a1f2822adf2ea83ded8dd9e2d021ba Mon Sep 17 00:00:00 2001
+From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva <rui.silva@linaro.org>
Date: Tue, 7 Dec 2021 11:50:00 +0000
-Subject: [PATCH 10/19] Add psa ipc attestation to se proxy
+Subject: [PATCH 10/20] Add psa ipc attestation to se proxy
Implement attestation client API as psa ipc and include it to
se proxy deployment.
@@ -16,12 +16,15 @@
.../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++
components/service/common/include/psa/sid.h | 4 +
.../se-proxy/common/service_proxy_factory.c | 6 ++
- deployments/se-proxy/se-proxy.cmake | 3 +-
- 7 files changed, 169 insertions(+), 1 deletion(-)
+ deployments/se-proxy/se-proxy.cmake | 7 +-
+ ...ble-using-hard-coded-attestation-key.patch | 29 -------
+ external/psa_arch_tests/psa_arch_tests.cmake | 4 -
+ 9 files changed, 171 insertions(+), 36 deletions(-)
create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
+ delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
new file mode 100644
@@ -243,10 +246,10 @@
attest_provider_register_serializer(&attest_provider,
TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index cd51460406ca..38d26821d44d 100644
+index cd51460406ca..3dbbc36c968d 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -49,12 +49,13 @@ add_components(TARGET "se-proxy"
+@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy"
"components/service/attestation/include"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
@@ -258,9 +261,63 @@
"components/rpc/dummy"
"components/rpc/common/caller"
- "components/service/attestation/reporter/stub"
- "components/service/attestation/key_mngr/stub"
- "components/service/crypto/backend/stub"
+- "components/service/attestation/key_mngr/stub"
+- "components/service/crypto/backend/stub"
++ "components/service/attestation/key_mngr/local"
++ "components/service/crypto/backend/psa_ipc"
"components/service/crypto/client/psa"
+ "components/service/secure_storage/backend/mock_store"
+ )
+diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
+deleted file mode 100644
+index 6664961ab662..000000000000
+--- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
++++ /dev/null
+@@ -1,29 +0,0 @@
+-From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001
+-From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+-Date: Tue, 8 Feb 2022 17:06:37 +0000
+-Subject: [PATCH 1/1] Disable using hard-coded attestation key
+-
+-Modify platform config to disable using a hard-coded attestation
+-key.
+-
+-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+----
+- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +-
+- 1 file changed, 1 insertion(+), 1 deletion(-)
+-
+-diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
+-index 6112ba7..1cdf581 100755
+---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
+-+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
+-@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t;
+- #define CRYPTO_VERSION_BETA3
+-
+- /* Use hardcoded public key */
+--#define PLATFORM_OVERRIDE_ATTEST_PK
+-+//#define PLATFORM_OVERRIDE_ATTEST_PK
+-
+- /*
+- * Include of PSA defined Header files
+---
+-2.17.1
+-
+diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
+index a8b77a1fc05e..1995df3e0b49 100644
+--- a/external/psa_arch_tests/psa_arch_tests.cmake
++++ b/external/psa_arch_tests/psa_arch_tests.cmake
+@@ -15,10 +15,6 @@ set(GIT_OPTIONS
+ GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
+ GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
+ GIT_SHALLOW FALSE
+- PATCH_COMMAND git stash
+- COMMAND git tag -f ts-before-am
+- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch
+- COMMAND git reset ts-before-am
+ )
+
+ # Ensure list of defines is separated correctly
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
index 988fbbe..5803cc1 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
@@ -1,7 +1,7 @@
-From 94770f9660154bb1157e19c11fb706889a81ae73 Mon Sep 17 00:00:00 2001
+From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Thu, 9 Dec 2021 14:11:06 +0000
-Subject: [PATCH 11/19] Setup its backend as openamp rpc using secure storage
+Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage
ipc implementation.
Upstream-Status: Pending
@@ -159,5 +159,5 @@
+ return secure_storage_provider_init(&its_provider, backend);
}
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
index fdc39b0..67ea7b8 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
@@ -1,7 +1,7 @@
-From 896b5009bb07c4b53541290e1712856063411107 Mon Sep 17 00:00:00 2001
+From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva <rui.silva@linaro.org>
Date: Thu, 9 Dec 2021 14:17:39 +0000
-Subject: [PATCH 12/19] add psa ipc crypto backend
+Subject: [PATCH 12/20] add psa ipc crypto backend
Add psa ipc crypto backend and attach it to se proxy
deployment.
@@ -36,9 +36,8 @@
.../crypto/include/psa/crypto_client_struct.h | 8 +-
.../service/crypto/include/psa/crypto_sizes.h | 2 +-
.../se-proxy/common/service_proxy_factory.c | 15 +-
- deployments/se-proxy/se-proxy.cmake | 2 +-
.../providers/arm/corstone1000/platform.cmake | 2 +
- 29 files changed, 2293 insertions(+), 11 deletions(-)
+ 28 files changed, 2292 insertions(+), 10 deletions(-)
create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake
create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
@@ -2556,19 +2555,6 @@
return crypto_iface;
}
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 38d26821d44d..f647190d9559 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -57,7 +57,7 @@ add_components(TARGET "se-proxy"
- "components/rpc/dummy"
- "components/rpc/common/caller"
- "components/service/attestation/key_mngr/stub"
-- "components/service/crypto/backend/stub"
-+ "components/service/crypto/backend/psa_ipc"
- "components/service/crypto/client/psa"
- "components/service/secure_storage/backend/mock_store"
- )
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
index bb778bb9719b..51e5faa3e4d8 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
@@ -2580,5 +2566,5 @@
+
+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
index 1a6e8f5..0040e12 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
@@ -1,7 +1,7 @@
-From 6b8ebdeb8caa6326ae2a4befaf4410a7a54d4e02 Mon Sep 17 00:00:00 2001
+From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001
From: Julian Hall <julian.hall@arm.com>
Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH 13/19] Add stub capsule update service components
+Subject: [PATCH 13/20] Add stub capsule update service components
To facilitate development of a capsule update service provider,
stub components are added to provide a starting point for an
@@ -338,7 +338,7 @@
#ifdef __cplusplus
}
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index f647190d9559..e35b0d0f610d 100644
+index 3dbbc36c968d..f0db2d43f443 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy"
@@ -432,5 +432,5 @@
+
+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
index 52c793c..22b1da6 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
@@ -1,7 +1,7 @@
-From a71b26f867f1b4a08285d6da82528de6a54321f2 Mon Sep 17 00:00:00 2001
+From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Date: Thu, 16 Dec 2021 21:31:40 +0000
-Subject: [PATCH 14/19] Configure storage size
+Subject: [PATCH 14/20] Configure storage size
Upstream-Status: Pending
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
@@ -10,7 +10,7 @@
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 715ccc3cb546..aeb8a22062b7 100644
+index 611e2e225c6b..6c3b9ed81c25 100644
--- a/components/service/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/smm_variable/backend/uefi_variable_store.c
@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator(
@@ -38,5 +38,5 @@
context->owner_id = owner_id;
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
index a8f5559..426f2ca 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
@@ -1,7 +1,7 @@
-From 3cc9c417f12f005244530d8d706a6b7f3be35627 Mon Sep 17 00:00:00 2001
+From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 13 Feb 2022 09:01:10 +0000
-Subject: [PATCH 15/19] Fix: Crypto interface structure aligned with tf-m
+Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m
change.
NO NEED TO RAISE PR: The PR for this FIX is raied by Emek.
@@ -27,5 +27,5 @@
* AEAD until the API is
* restructured
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
index a091197..a59d140 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
@@ -1,7 +1,7 @@
-From c54afe45c1be25c4819b0f762cf03a24e6343ce5 Mon Sep 17 00:00:00 2001
+From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 13 Feb 2022 09:49:51 +0000
-Subject: [PATCH 16/19] Integrate remaining psa-ipc client APIs.
+Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs.
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
@@ -490,5 +490,5 @@
}
#endif
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
index e7c1dc3..4adcd90 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
@@ -1,7 +1,7 @@
-From b1ff44c650ae82f364a2f74059eeb280996dc4f8 Mon Sep 17 00:00:00 2001
+From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 17:52:00 +0000
-Subject: [PATCH 17/19] Fix : update psa_set_key_usage_flags definition to the
+Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the
latest from the tf-m
Upstream-Status: Pending
@@ -36,5 +36,5 @@
}
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index 9ab1157..c1598a9 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,11 +1,10 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001
+From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58.
+Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58.
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
@@ -118,5 +117,5 @@
/* Variable length input parameter tags */
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
index 984e297..02c89d8 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
@@ -1,7 +1,7 @@
-From 07ad7e1f7ba06045bf331d5b73a6adf38a098fb7 Mon Sep 17 00:00:00 2001
+From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva <rui.silva@linaro.org>
Date: Tue, 11 Oct 2022 10:46:10 +0100
-Subject: [PATCH 19/19] plat: corstone1000: change default smm values
+Subject: [PATCH 19/20] plat: corstone1000: change default smm values
Smm gateway uses SE proxy to route the calls for any NV
storage so set the NV_STORE_SN.
@@ -33,5 +33,5 @@
+ SMM_GATEWAY_MAX_UEFI_VARIABLES=100
+)
--
-2.38.0
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
index 79429c7..ce40df0 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
@@ -1,7 +1,7 @@
-From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001
+From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Fri, 8 Jul 2022 09:48:06 +0100
-Subject: [PATCH] FMP Support in Corstone1000.
+Subject: [PATCH 20/20] FMP Support in Corstone1000.
The FMP support is used by u-boot to pupolate ESRT information
for the kernel.
@@ -11,6 +11,7 @@
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../provider/capsule_update_provider.c | 5 +
.../capsule_update/provider/component.cmake | 1 +
@@ -21,7 +22,7 @@
create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index 9bbd7abc..871d6bcf 100644
+index e133753f8560..991a2235cd73 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -11,6 +11,7 @@
@@ -58,7 +59,7 @@
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
-index 1d412eb2..6b060149 100644
+index 1d412eb234d9..6b0601494938 100644
--- a/components/service/capsule_update/provider/component.cmake
+++ b/components/service/capsule_update/provider/component.cmake
@@ -10,4 +10,5 @@ endif()
@@ -69,7 +70,7 @@
)
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
new file mode 100644
-index 00000000..6a7a47a7
+index 000000000000..6a7a47a7ed99
--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -0,0 +1,307 @@
@@ -382,7 +383,7 @@
+}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
new file mode 100644
-index 00000000..95fba2a0
+index 000000000000..95fba2a04d5c
--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -0,0 +1,26 @@
@@ -413,5 +414,5 @@
+
+#endif /* CORSTONE1000_FMP_SERVICE_H */
--
-2.17.1
+2.38.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
new file mode 100644
index 0000000..87c053f
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
@@ -0,0 +1,35 @@
+From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Wed, 2 Nov 2022 09:58:27 +0000
+Subject: [PATCH] smm_gateway: add checks for null attributes
+
+As par EDK-2 and EDK-2 test code, setVariable() with 0
+attributes means a delete variable request. Currently,
+smm gatway doesn't handle this scenario. This commit adds
+that support.
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ components/service/smm_variable/backend/uefi_variable_store.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
+index 6c3b9ed8..a691dc5d 100644
+--- a/components/service/smm_variable/backend/uefi_variable_store.c
++++ b/components/service/smm_variable/backend/uefi_variable_store.c
+@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable(
+ if (info->is_variable_set) {
+
+ /* It's a request to update to an existing variable */
+- if (!(var->Attributes &
++ if (!(var->Attributes) || (!(var->Attributes &
+ (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
+- !var->DataSize) {
++ !var->DataSize)) {
+
+ /* It's a remove operation - for a remove, the variable
+ * data must be removed from the storage backend before
+--
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
new file mode 100644
index 0000000..ed4e6e2
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
@@ -0,0 +1,33 @@
+From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Thu, 3 Nov 2022 17:43:40 +0000
+Subject: [PATCH] smm_gateway: GetNextVariableName Fix
+
+GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
+when NameSize is smaller than the actual NameSize. It
+currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
+max_name_len incorrectly. This fixes max_name_len error by
+replacing it with actual NameSize request by u-boot.
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ .../service/smm_variable/provider/smm_variable_provider.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
+index a9679b7e..6a4b6fa7 100644
+--- a/components/service/smm_variable/provider/smm_variable_provider.c
++++ b/components/service/smm_variable/provider/smm_variable_provider.c
+@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re
+ efi_status = uefi_variable_store_get_next_variable_name(
+ &this_instance->variable_store,
+ (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
+- max_name_len,
++ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
+ &resp_buf->data_len);
+ }
+ else {
+--
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend
new file mode 100644
index 0000000..a885d38
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend
@@ -0,0 +1,10 @@
+MACHINE_TS_REQUIRE ?= ""
+MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc"
+
+require ${MACHINE_TS_REQUIRE}
+
+
+EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x02000000 \
+ -DMM_COMM_BUFFER_PAGE_COUNT=1 \
+ "
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
index 03f7dff..e97fb59 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
@@ -1,29 +1,26 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
-SRC_URI:append = " \
- file://0001-Add-openamp-to-SE-proxy-deployment.patch \
- file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \
- file://0003-Add-openamp-rpc-caller.patch \
- file://0004-add-psa-client-definitions-for-ff-m.patch \
- file://0005-Add-common-service-component-to-ipc-support.patch \
- file://0006-Add-secure-storage-ipc-backend.patch \
- file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \
- file://0008-Run-psa-arch-test.patch \
- file://0009-Use-address-instead-of-pointers.patch \
- file://0010-Add-psa-ipc-attestation-to-se-proxy.patch \
- file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \
- file://0012-add-psa-ipc-crypto-backend.patch \
- file://0013-Add-stub-capsule-update-service-components.patch \
- file://0014-Configure-storage-size.patch \
- file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \
- file://0016-Integrate-remaining-psa-ipc-client-APIs.patch \
- file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \
- file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
- file://0019-plat-corstone1000-change-default-smm-values.patch \
- file://0020-FMP-Support-in-Corstone1000.patch \
- "
-
-
-EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
- -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+SRC_URI:append:corstone1000 = " \
+ file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \
+ file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \
+ file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \
+ file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \
+ file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \
+ file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \
+ file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \
+ file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \
+ file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \
+ file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \
+ file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \
+ file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \
+ file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
+ file://0014-Configure-storage-size.patch;patchdir=../trusted-services \
+ file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \
+ file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \
+ file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \
+ file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+ file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \
+ file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
+ file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \
+ file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc
new file mode 100644
index 0000000..50ff960
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc
@@ -0,0 +1,7 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/psa-apitest:"
+
+include ts-corstone1000.inc
+
+SRC_URI:append:corstone1000 = " \
+ file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
+ "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
index 6595c92..ea49213 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
@@ -1,7 +1 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
-FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:"
-
-SRC_URI:append:corstone1000 = " \
- file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
- file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
- "
+require ts-psa-api-test.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend
new file mode 100644
index 0000000..ea49213
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend
new file mode 100644
index 0000000..ea49213
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend
new file mode 100644
index 0000000..ea49213
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
index 8a37a281..f39d239 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
@@ -2,3 +2,8 @@
MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc"
require ${MACHINE_TS_REQUIRE}
+
+EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
+ -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+ "
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
index 8a37a281..f39d239 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
@@ -2,3 +2,8 @@
MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc"
require ${MACHINE_TS_REQUIRE}
+
+EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
+ -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+ "
+
diff --git a/meta-arm/meta-arm/classes/apply_local_src_patches.bbclass b/meta-arm/meta-arm/classes/apply_local_src_patches.bbclass
new file mode 100644
index 0000000..e193935
--- /dev/null
+++ b/meta-arm/meta-arm/classes/apply_local_src_patches.bbclass
@@ -0,0 +1,48 @@
+# This class is to be inherited by recipes where there are patches located inside
+# the fetched source code which need to be applied.
+
+# The following variables need to be set:
+# LOCAL_SRC_PATCHES_INPUT_DIR is the directory from where the patches are located
+# LOCAL_SRC_PATCHES_DEST_DIR is the directory where the patches will be applied
+
+do_patch[depends] += "quilt-native:do_populate_sysroot"
+
+LOCAL_SRC_PATCHES_INPUT_DIR ??= ""
+LOCAL_SRC_PATCHES_DEST_DIR ??= "${LOCAL_SRC_PATCHES_INPUT_DIR}"
+
+python() {
+ if not d.getVar('LOCAL_SRC_PATCHES_INPUT_DIR'):
+ bb.warn("LOCAL_SRC_PATCHES_INPUT_DIR variable needs to be set.")
+}
+
+apply_local_src_patches() {
+
+ input_dir="${LOCAL_SRC_PATCHES_INPUT_DIR}"
+ dest_dir="${LOCAL_SRC_PATCHES_DEST_DIR}"
+
+ if [ ! -d "$input_dir" ] ; then
+ bbfatal "LOCAL_SRC_PATCHES_INPUT_DIR=$input_dir not found."
+ fi
+
+ if [ ! -d "$dest_dir" ] ; then
+ bbfatal "LOCAL_SRC_PATCHES_DEST_DIR=$dest_dir not found."
+ fi
+
+ cd $dest_dir
+ export QUILT_PATCHES=./patches-extra
+ mkdir -p patches-extra
+
+ for patch in $(find $input_dir -type f -name *.patch -or -name *.diff | sort)
+ do
+ patch_basename=`basename $patch`
+ if ! quilt applied $patch_basename >/dev/null ; then
+ bbdebug 1 "Applying $patch_basename in $dest_dir."
+ echo $patch_basename >> patches-extra/series
+ cp $patch patches-extra
+ quilt push $patch_basename
+ else
+ bbdebug 1 "$patch_basename already applied."
+ fi
+ done
+}
+do_patch[postfuncs] += "apply_local_src_patches"
diff --git a/meta-arm/meta-arm/classes/fvpboot.bbclass b/meta-arm/meta-arm/classes/fvpboot.bbclass
index 78dabd7..3159cd4 100644
--- a/meta-arm/meta-arm/classes/fvpboot.bbclass
+++ b/meta-arm/meta-arm/classes/fvpboot.bbclass
@@ -24,7 +24,10 @@
# Arbitrary extra arguments
FVP_EXTRA_ARGS ?= ""
# Bitbake variables to pass to the FVP environment
-FVP_ENV_PASSTHROUGH ?= ""
+FVP_ENV_PASSTHROUGH ?= "FASTSIM_DISABLE_TA ARMLMD_LICENSE_FILE"
+FVP_ENV_PASSTHROUGH[vardeps] = "${FVP_ENV_PASSTHROUGH}"
+# Disable timing annotation by default
+FASTSIM_DISABLE_TA ?= "1"
EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}"
@@ -70,7 +73,8 @@
data["env"] = {}
for var in d.getVar("FVP_ENV_PASSTHROUGH").split():
- data["env"][var] = d.getVar(var)
+ if d.getVar(var) is not None:
+ data["env"][var] = d.getVar(var)
os.makedirs(os.path.dirname(conffile), exist_ok=True)
with open(conffile, "wt") as f:
diff --git a/meta-arm/meta-arm/classes/uefi_capsule.bbclass b/meta-arm/meta-arm/classes/uefi_capsule.bbclass
new file mode 100644
index 0000000..690e7af
--- /dev/null
+++ b/meta-arm/meta-arm/classes/uefi_capsule.bbclass
@@ -0,0 +1,55 @@
+# This class generates UEFI capsules
+# The current class supports generating a capsule with single firmware binary
+
+DEPENDS += "gettext-native"
+inherit python3native
+
+IMAGE_TYPES += "uefi_capsule"
+
+# edk2 base tools should be installed in the native sysroot directory
+do_image_uefi_capsule[depends] += "edk2-basetools-native:do_populate_sysroot"
+
+# By default the wic image is used to create a capsule
+CAPSULE_IMGTYPE ?= "wic"
+
+# IMGDEPLOYDIR is used as the default location of firmware binary for which the capsule needs to be created
+CAPSULE_IMGLOCATION ?= "${IMGDEPLOYDIR}"
+
+# The generated capsule by default has uefi.capsule extension
+CAPSULE_EXTENSION ?= "uefi.capsule"
+
+# The following variables must be set to be able to generate a capsule update
+UEFI_FIRMWARE_BINARY ?= ""
+UEFI_CAPSULE_CONFIG ?= ""
+
+# Check if the required variables are set
+python() {
+ for var in ["UEFI_FIRMWARE_BINARY", "UEFI_CAPSULE_CONFIG"]:
+ if not d.getVar(var):
+ raise bb.parse.SkipRecipe(f"{var} not set")
+}
+
+IMAGE_CMD:uefi_capsule(){
+
+ # Force the GenerateCapsule script to use python3
+ export PYTHON_COMMAND=${PYTHON}
+
+ # Copy the firmware and the capsule config json to current directory
+ if [ -e ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} ]; then
+ cp ${CAPSULE_IMGLOCATION}/${UEFI_FIRMWARE_BINARY} . ;
+ fi
+
+ export UEFI_FIRMWARE_BINARY=${UEFI_FIRMWARE_BINARY}
+ envsubst < ${UEFI_CAPSULE_CONFIG} > ./${MACHINE}-capsule-update-image.json
+
+ ${STAGING_DIR_NATIVE}/usr/bin/edk2-BaseTools/BinWrappers/PosixLike/GenerateCapsule \
+ -e -o ${IMGDEPLOYDIR}/${UEFI_FIRMWARE_BINARY}.${CAPSULE_EXTENSION} -j \
+ ${MACHINE}-capsule-update-image.json
+
+ # Remove the firmware to avoid contamination of IMGDEPLOYDIR
+ rm ${UEFI_FIRMWARE_BINARY}
+
+}
+
+# The firmware binary should be created before generating the capsule
+IMAGE_TYPEDEP:uefi_capsule:append = "${CAPSULE_IMGTYPE}"
diff --git a/meta-arm/meta-arm/lib/fvp/runner.py b/meta-arm/meta-arm/lib/fvp/runner.py
index 28351a3..c52cdc1 100644
--- a/meta-arm/meta-arm/lib/fvp/runner.py
+++ b/meta-arm/meta-arm/lib/fvp/runner.py
@@ -1,7 +1,7 @@
-import asyncio
import re
import subprocess
import os
+import shlex
import shutil
import sys
@@ -44,50 +44,70 @@
if not bool(shutil.which("telnet")):
raise RuntimeError("Cannot find telnet, this is needed to connect to the FVP.")
+
+class ConsolePortParser:
+ def __init__(self, lines):
+ self._lines = lines
+ self._console_ports = {}
+
+ def parse_port(self, console):
+ if console in self._console_ports:
+ return self._console_ports[console]
+
+ while True:
+ try:
+ line = next(self._lines).strip().decode(errors='ignore')
+ m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line)
+ if m:
+ matched_console = m.group(1)
+ matched_port = int(m.group(2))
+ if matched_console == console:
+ return matched_port
+ else:
+ self._console_ports[matched_console] = matched_port
+ except StopIteration:
+ # self._lines might be a growing log file
+ pass
+
+
+# This function is backported from Python 3.8. Remove it and replace call sites
+# with shlex.join once OE-core support for earlier Python versions is dropped.
+def shlex_join(split_command):
+ """Return a shell-escaped string from *split_command*."""
+ return ' '.join(shlex.quote(arg) for arg in split_command)
+
+
class FVPRunner:
def __init__(self, logger):
- self._terminal_ports = {}
- self._line_callbacks = []
self._logger = logger
self._fvp_process = None
self._telnets = []
self._pexpects = []
- def add_line_callback(self, callback):
- self._line_callbacks.append(callback)
-
- async def start(self, config, extra_args=[], terminal_choice="none"):
+ def start(self, config, extra_args=[], terminal_choice="none", stdout=subprocess.PIPE):
cli = cli_from_config(config, terminal_choice)
cli += extra_args
# Pass through environment variables needed for GUI applications, such
# as xterm, to work.
env = config['env']
- for name in ('DISPLAY', 'WAYLAND_DISPLAY'):
+ for name in ('DISPLAY', 'WAYLAND_DISPLAY', 'XAUTHORITY'):
if name in os.environ:
env[name] = os.environ[name]
- self._logger.debug(f"Constructed FVP call: {cli}")
- self._fvp_process = await asyncio.create_subprocess_exec(
- *cli,
- stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
+ self._logger.debug(f"Constructed FVP call: {shlex_join(cli)}")
+ self._fvp_process = subprocess.Popen(
+ cli,
+ stdin=subprocess.DEVNULL, stdout=stdout, stderr=subprocess.STDOUT,
env=env)
- def detect_terminals(line):
- m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line)
- if m:
- terminal = m.group(1)
- port = int(m.group(2))
- self._terminal_ports[terminal] = port
- self.add_line_callback(detect_terminals)
-
- async def stop(self):
+ def stop(self):
if self._fvp_process:
self._logger.debug(f"Terminating FVP PID {self._fvp_process.pid}")
try:
self._fvp_process.terminate()
- await asyncio.wait_for(self._fvp_process.wait(), 10.0)
- except asyncio.TimeoutError:
+ self._fvp_process.wait(10.0)
+ except subprocess.TimeoutExpired:
self._logger.debug(f"Killing FVP PID {self._fvp_process.pid}")
self._fvp_process.kill()
except ProcessLookupError:
@@ -96,8 +116,8 @@
for telnet in self._telnets:
try:
telnet.terminate()
- await asyncio.wait_for(telnet.wait(), 10.0)
- except asyncio.TimeoutError:
+ telnet.wait(10.0)
+ except subprocess.TimeoutExpired:
telnet.kill()
except ProcessLookupError:
pass
@@ -117,34 +137,21 @@
else:
return 0
- async def run(self, until=None):
- if until and until():
- return
+ def wait(self, timeout):
+ self._fvp_process.wait(timeout)
- async for line in self._fvp_process.stdout:
- line = line.strip().decode("utf-8", errors="replace")
- for callback in self._line_callbacks:
- callback(line)
- if until and until():
- return
+ @property
+ def stdout(self):
+ return self._fvp_process.stdout
- async def _get_terminal_port(self, terminal, timeout):
- def terminal_exists():
- return terminal in self._terminal_ports
- await asyncio.wait_for(self.run(terminal_exists), timeout)
- return self._terminal_ports[terminal]
-
- async def create_telnet(self, terminal, timeout=15.0):
+ def create_telnet(self, port):
check_telnet()
- port = await self._get_terminal_port(terminal, timeout)
- telnet = await asyncio.create_subprocess_exec("telnet", "localhost", str(port), stdin=sys.stdin, stdout=sys.stdout)
+ telnet = subprocess.Popen(["telnet", "localhost", str(port)], stdin=sys.stdin, stdout=sys.stdout)
self._telnets.append(telnet)
return telnet
- async def create_pexpect(self, terminal, timeout=15.0, **kwargs):
- check_telnet()
+ def create_pexpect(self, port, **kwargs):
import pexpect
- port = await self._get_terminal_port(terminal, timeout)
instance = pexpect.spawn(f"telnet localhost {port}", **kwargs)
self._pexpects.append(instance)
return instance
diff --git a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py
index c8dcf29..e8a094f 100644
--- a/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py
+++ b/meta-arm/meta-arm/lib/oeqa/controllers/fvp.py
@@ -1,4 +1,3 @@
-import asyncio
import pathlib
import pexpect
import os
@@ -13,7 +12,7 @@
Contains common logic to start and stop an FVP.
"""
def __init__(self, logger, target_ip, server_ip, timeout=300, user='root',
- port=None, dir_image=None, rootfs=None, **kwargs):
+ port=None, dir_image=None, rootfs=None, bootlog=None, **kwargs):
super().__init__(logger, target_ip, server_ip, timeout, user, port)
image_dir = pathlib.Path(dir_image)
# rootfs may have multiple extensions so we need to strip *all* suffixes
@@ -21,36 +20,40 @@
basename = basename.name.replace("".join(basename.suffixes), "")
self.fvpconf = image_dir / (basename + ".fvpconf")
self.config = conffile.load(self.fvpconf)
+ self.bootlog = bootlog
if not self.fvpconf.exists():
raise FileNotFoundError(f"Cannot find {self.fvpconf}")
- async def boot_fvp(self):
- self.fvp = runner.FVPRunner(self.logger)
- await self.fvp.start(self.config)
- self.logger.debug(f"Started FVP PID {self.fvp.pid()}")
- await self._after_start()
-
- async def _after_start(self):
+ def _after_start(self):
pass
- async def _after_stop(self):
- pass
-
- async def stop_fvp(self):
- returncode = await self.fvp.stop()
- await self._after_stop()
-
- self.logger.debug(f"Stopped FVP with return code {returncode}")
-
def start(self, **kwargs):
- # When we can assume Py3.7+, this can simply be asyncio.run()
- loop = asyncio.get_event_loop()
- loop.run_until_complete(asyncio.gather(self.boot_fvp()))
+ self.fvp_log = self._create_logfile("fvp")
+ self.fvp = runner.FVPRunner(self.logger)
+ self.fvp.start(self.config, stdout=self.fvp_log)
+ self.logger.debug(f"Started FVP PID {self.fvp.pid()}")
+ self._after_start()
def stop(self, **kwargs):
- loop = asyncio.get_event_loop()
- loop.run_until_complete(asyncio.gather(self.stop_fvp()))
+ returncode = self.fvp.stop()
+ self.logger.debug(f"Stopped FVP with return code {returncode}")
+
+ def _create_logfile(self, name):
+ if not self.bootlog:
+ return None
+
+ test_log_path = pathlib.Path(self.bootlog).parent
+ test_log_suffix = pathlib.Path(self.bootlog).suffix
+ fvp_log_file = f"{name}_log{test_log_suffix}"
+ fvp_log_path = pathlib.Path(test_log_path, fvp_log_file)
+ fvp_log_symlink = pathlib.Path(test_log_path, f"{name}_log")
+ try:
+ os.remove(fvp_log_symlink)
+ except:
+ pass
+ os.symlink(fvp_log_file, fvp_log_symlink)
+ return open(fvp_log_path, 'wb')
class OEFVPTarget(OEFVPSSHTarget):
@@ -59,31 +62,34 @@
waits for a Linux shell before returning to ensure that SSH commands work
with the default test dependencies.
"""
- def __init__(self, logger, target_ip, server_ip, bootlog=None, **kwargs):
+ def __init__(self, logger, target_ip, server_ip, **kwargs):
super().__init__(logger, target_ip, server_ip, **kwargs)
- self.logfile = bootlog and open(bootlog, "wb") or None
+ self.logfile = self.bootlog and open(self.bootlog, "wb") or None
# FVPs boot slowly, so allow ten minutes
self.boot_timeout = 10 * 60
- async def _after_start(self):
- self.logger.debug(f"Awaiting console on terminal {self.config['consoles']['default']}")
- console = await self.fvp.create_pexpect(self.config['consoles']['default'])
- try:
- console.expect("login\\:", timeout=self.boot_timeout)
- self.logger.debug("Found login prompt")
- except pexpect.TIMEOUT:
- self.logger.info("Timed out waiting for login prompt.")
- self.logger.info("Boot log follows:")
- self.logger.info(b"\n".join(console.before.splitlines()[-200:]).decode("utf-8", errors="replace"))
- raise RuntimeError("Failed to start FVP.")
+ def _after_start(self):
+ with open(self.fvp_log.name, 'rb') as logfile:
+ parser = runner.ConsolePortParser(logfile)
+ self.logger.debug(f"Awaiting console on terminal {self.config['consoles']['default']}")
+ port = parser.parse_port(self.config['consoles']['default'])
+ console = self.fvp.create_pexpect(port)
+ try:
+ console.expect("login\\:", timeout=self.boot_timeout)
+ self.logger.debug("Found login prompt")
+ except pexpect.TIMEOUT:
+ self.logger.info("Timed out waiting for login prompt.")
+ self.logger.info("Boot log follows:")
+ self.logger.info(b"\n".join(console.before.splitlines()[-200:]).decode("utf-8", errors="replace"))
+ raise RuntimeError("Failed to start FVP.")
class OEFVPSerialTarget(OEFVPSSHTarget):
"""
This target is intended for interaction with the target over one or more
telnet consoles using pexpect.
-
+
This still depends on OEFVPSSHTarget so SSH commands can still be run on
the target, but note that this class does not inherently guarantee that
the SSH server is running prior to running test cases. Test cases that use
@@ -92,40 +98,25 @@
"""
DEFAULT_CONSOLE = "default"
- def __init__(self, logger, target_ip, server_ip, bootlog=None, **kwargs):
+ def __init__(self, logger, target_ip, server_ip, **kwargs):
super().__init__(logger, target_ip, server_ip, **kwargs)
self.terminals = {}
- self.test_log_path = pathlib.Path(bootlog).parent
- self.test_log_suffix = pathlib.Path(bootlog).suffix
- self.bootlog = bootlog
+ def _after_start(self):
+ with open(self.fvp_log.name, 'rb') as logfile:
+ parser = runner.ConsolePortParser(logfile)
+ for name, console in self.config["consoles"].items():
+ logfile = self._create_logfile(name)
+ self.logger.info(f'Creating terminal {name} on {console}')
+ port = parser.parse_port(console)
+ self.terminals[name] = \
+ self.fvp.create_pexpect(port, logfile=logfile)
- async def _add_terminal(self, name, fvp_name):
- logfile = self._create_logfile(name)
- self.logger.info(f'Creating terminal {name} on {fvp_name}')
- self.terminals[name] = \
- await self.fvp.create_pexpect(fvp_name, logfile=logfile)
-
- def _create_logfile(self, name):
- fvp_log_file = f"{name}_log{self.test_log_suffix}"
- fvp_log_path = pathlib.Path(self.test_log_path, fvp_log_file)
- fvp_log_symlink = pathlib.Path(self.test_log_path, f"{name}_log")
- try:
- os.remove(fvp_log_symlink)
- except:
- pass
- os.symlink(fvp_log_file, fvp_log_symlink)
- return open(fvp_log_path, 'wb')
-
- async def _after_start(self):
- for name, console in self.config["consoles"].items():
- await self._add_terminal(name, console)
-
- # testimage.bbclass expects to see a log file at `bootlog`,
- # so make a symlink to the 'default' log file
- if name == 'default':
- default_test_file = f"{name}_log{self.test_log_suffix}"
- os.symlink(default_test_file, self.bootlog)
+ # testimage.bbclass expects to see a log file at `bootlog`,
+ # so make a symlink to the 'default' log file
+ if name == 'default':
+ default_test_file = f"{name}_log{self.test_log_suffix}"
+ os.symlink(default_test_file, self.bootlog)
def _get_terminal(self, name):
return self.terminals[name]
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
index cf8a3c5..5cc8660 100644
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
@@ -81,13 +81,13 @@
class RunnerTests(OESelftestTestCase):
def create_mock(self):
- return unittest.mock.patch("asyncio.create_subprocess_exec")
+ return unittest.mock.patch("subprocess.Popen")
def test_start(self):
from fvp import runner
with self.create_mock() as m:
fvp = runner.FVPRunner(self.logger)
- asyncio.run(fvp.start({
+ fvp.start({
"fvp-bindir": "/usr/bin",
"exe": "FVP_Binary",
"parameters": {'foo': 'bar'},
@@ -96,13 +96,13 @@
"terminals": {},
"args": ['--extra-arg'],
"env": {"FOO": "BAR"}
- }))
+ })
- m.assert_called_once_with('/usr/bin/FVP_Binary',
+ m.assert_called_once_with(['/usr/bin/FVP_Binary',
'--parameter', 'foo=bar',
'--data', 'data1',
'--application', 'a1=file',
- '--extra-arg',
+ '--extra-arg'],
stdin=unittest.mock.ANY,
stdout=unittest.mock.ANY,
stderr=unittest.mock.ANY,
@@ -113,7 +113,7 @@
from fvp import runner
with self.create_mock() as m:
fvp = runner.FVPRunner(self.logger)
- asyncio.run(fvp.start({
+ fvp.start({
"fvp-bindir": "/usr/bin",
"exe": "FVP_Binary",
"parameters": {},
@@ -122,9 +122,9 @@
"terminals": {},
"args": [],
"env": {"FOO": "BAR"}
- }))
+ })
- m.assert_called_once_with('/usr/bin/FVP_Binary',
+ m.assert_called_once_with(['/usr/bin/FVP_Binary'],
stdin=unittest.mock.ANY,
stdout=unittest.mock.ANY,
stderr=unittest.mock.ANY,
diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb
index 4828fb5..055e0c1 100644
--- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.10.0.bb
@@ -27,7 +27,7 @@
# For now we only build with GCC, so stop meta-clang trying to get involved
TOOLCHAIN = "gcc"
-SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'release', 'debug', d)}"
+SCP_BUILD_STR = "${@bb.utils.contains('SCP_BUILD_RELEASE', '1', 'Release', 'Debug', d)}"
inherit deploy
@@ -46,6 +46,7 @@
EXTRA_OECMAKE = "-D CMAKE_BUILD_TYPE=${SCP_BUILD_STR} \
-D SCP_LOG_LEVEL=${SCP_LOG_LEVEL} \
-D SCP_PLATFORM_FEATURE_SET=${SCP_PLATFORM_FEATURE_SET} \
+ -D DISABLE_CPPCHECK=1 \
"
do_configure() {
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb
index c10efd5..6b06c8a 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb
@@ -16,20 +16,19 @@
file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \
- git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \
+ git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;nobranch=1;name=tfm-tests;destsuffix=git/tf-m-tests \
git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \
git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \
"
# The required dependencies are documented in tf-m/config/config_default.cmake
# TF-Mv1.6.0
-SRCBRANCH_tfm ?= "release/1.6.x"
+SRCBRANCH_tfm ?= "master"
SRCREV_tfm = "7387d88158701a3c51ad51c90a05326ee12847a8"
# mbedtls-3.1.0
SRCBRANCH_mbedtls ?= "master"
SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49"
# TF-Mv1.6.0
-SRCBRANCH_tfm-tests ?= "release/1.6.x"
SRCREV_tfm-tests = "723905d46019596f3f2df66d79b5d6bff6f3f213"
# v1.9.0
SRCBRANCH_mcuboot ?= "main"
@@ -108,10 +107,9 @@
# TF-M ships patches that it needs applied to mbedcrypto, so apply them
# as part of do_patch.
-apply_local_patches() {
- cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls
-}
-do_patch[postfuncs] += "apply_local_patches"
+LOCAL_SRC_PATCHES_INPUT_DIR = "${S}/lib/ext/mbedcrypto"
+LOCAL_SRC_PATCHES_DEST_DIR = "${S}/../mbedtls"
+inherit apply_local_src_patches
do_configure[cleandirs] = "${B}"
do_configure() {
diff --git a/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb
new file mode 100644
index 0000000..6a59c22
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/edk2-basetools/edk2-basetools-native_202211.bb
@@ -0,0 +1,24 @@
+# Install EDK2 Base Tools in native sysroot. Currently the BaseTools are not
+# built, they are just copied to native sysroot. This is sufficient for
+# generating UEFI capsules as it only depends on some python scripts. Other
+# tools need to be built first before adding to sysroot.
+
+SUMMARY = "EDK2 Base Tools"
+LICENSE = "BSD-2-Clause-Patent"
+
+# EDK2
+SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https"
+LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a"
+
+SRCREV = "fff6d81270b57ee786ea18ad74f43149b9f03494"
+
+S = "${WORKDIR}/git"
+
+inherit native
+
+RDEPENDS:${PN} += "python3-core"
+
+do_install () {
+ mkdir -p ${D}${bindir}/edk2-BaseTools
+ cp -r ${WORKDIR}/git/BaseTools/* ${D}${bindir}/edk2-BaseTools/
+}
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.20.15.bb
similarity index 85%
rename from meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb
rename to meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.20.15.bb
index 3ef0891..f5175b2 100644
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.20.15.bb
@@ -5,6 +5,6 @@
file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411 \
file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=2e53bda6ff2db4c35d69944b93926c9f"
-SRC_URI[sha256sum] = "788ede659414af36a2d09489e400c4d822c859b726565f1f171bc3102a9413d0"
+SRC_URI[sha256sum] = "c252616489b79fffa3bb721255b1c99ff4ee8c38e4beebce4fa05862a3195fe9"
MODEL_CODE = "FVP_Base_AEMv8R"
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
index 35ffe0b..7d55661 100644
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
@@ -2,10 +2,10 @@
MODEL = "Corstone-1000-23"
MODEL_CODE = "FVP_Corstone_1000"
-PV = "11.17_23"
+PV = "11.19_21"
-SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/Linux/${MODEL_CODE}_${PV}.tgz;subdir=${BP}"
-SRC_URI[sha256sum] = "00ccb72d02c90e2424d24a625d275cabf8ea8dc024713985208f618bb88d1934"
+SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/Linux/${MODEL_CODE}_${PV}_${FVP_ARCH}.tgz;subdir=${BP}"
+SRC_URI[sha256sum] = "dbdcb8b0c206fd56fd2296fe338a62902eb978883ba07f4da28440e180383b24"
LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \
- file://license_terms/third_party_licenses.txt;md5=41029e71051b1c786bae3112a29905a7"
+ file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411"
diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
index 453d456..06c0316 100644
--- a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
+++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
@@ -1,7 +1,7 @@
SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH}"
# Use the wrapper script from TF-Mv1.6.0
-SRCBRANCH ?= "release/1.6.x"
+SRCBRANCH ?= "master"
SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8"
LICENSE = "BSD-3-Clause"
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc b/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc
index dec31dd..b3d377b 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc
+++ b/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-transport.inc
@@ -1,4 +1,4 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+FILESEXTRAPATHS:prepend := "${ARMFILESPATHS}"
# Enable ARM-FFA transport
SRC_URI:append = " \
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/arm-ffa-transport.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg
similarity index 100%
rename from meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/arm-ffa-transport.cfg
rename to meta-arm/meta-arm/recipes-kernel/linux/files/arm-ffa-transport.cfg
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/efi.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/efi.cfg
similarity index 100%
rename from meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/efi.cfg
rename to meta-arm/meta-arm/recipes-kernel/linux/files/efi.cfg
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/generic-arm64-kmeta/generic-arm64-standard.scc b/meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc
similarity index 100%
rename from meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/generic-arm64-kmeta/generic-arm64-standard.scc
rename to meta-arm/meta-arm/recipes-kernel/linux/files/generic-arm64-kmeta/generic-arm64-standard.scc
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/no-strict-devmem.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg
similarity index 100%
rename from meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/no-strict-devmem.cfg
rename to meta-arm/meta-arm/recipes-kernel/linux/files/no-strict-devmem.cfg
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/tee.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/tee.cfg
similarity index 100%
rename from meta-arm/meta-arm/recipes-kernel/linux/linux-yocto/tee.cfg
rename to meta-arm/meta-arm/recipes-kernel/linux/files/tee.cfg
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-change-root-to-prefix-for-python-install.patch b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-change-root-to-prefix-for-python-install.patch
new file mode 100644
index 0000000..637d90a
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack/0001-perf-change-root-to-prefix-for-python-install.patch
@@ -0,0 +1,34 @@
+Take a patch from linux-yocto to fix buildpaths in perf's python module.
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From b8cd0e429bf75b673c438a8277d4bc74327df992 Mon Sep 17 00:00:00 2001
+From: Tom Zanussi <tom.zanussi@intel.com>
+Date: Tue, 3 Jul 2012 13:07:23 -0500
+Subject: [PATCH] perf: change --root to --prefix for python install
+
+Otherwise we get the sysroot path appended to the build path, not what
+we want.
+
+Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
+---
+ tools/perf/Makefile.perf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf
+index 8f738e11356d..ee945d8e3996 100644
+--- a/tools/perf/Makefile.perf
++++ b/tools/perf/Makefile.perf
+@@ -1022,7 +1022,7 @@ install-bin: install-tools install-tests install-traceevent-plugins
+ install: install-bin try-install-man
+
+ install-python_ext:
+- $(PYTHON_WORD) util/setup.py --quiet install --root='/$(DESTDIR_SQ)'
++ $(PYTHON_WORD) util/setup.py --quiet install --prefix='$(DESTDIR_SQ)/usr'
+
+ # 'make install-doc' should call 'make -C Documentation install'
+ $(INSTALL_DOC_TARGETS):
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb
index c3c9b4d..804c068 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-arm64-ack_5.15.bb
@@ -8,6 +8,7 @@
git://android.googlesource.com/kernel/common.git;protocol=https;branch=android13-5.15-lts \
file://0001-lib-build_OID_registry-fix-reproducibility-issues.patch \
file://0002-vt-conmakehash-improve-reproducibility.patch \
+ file://0001-perf-change-root-to-prefix-for-python-install.patch \
"
# tag: ASB-2022-05-05_13-5.15-93-ge8b3f31d7a60
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend
index 896add8..a641ec2 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_%.bbappend
@@ -1,4 +1,4 @@
-ARMFILESPATHS := "${THISDIR}/${PN}:"
+ARMFILESPATHS := "${THISDIR}/files:"
COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64"
FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb
index 598b281..aafe851 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb
@@ -24,11 +24,14 @@
fi
# Move the dynamic libraries into the standard place.
- # Update a cmake file to use correct paths.
install -d ${D}${libdir}
mv ${D}${TS_INSTALL}/lib/libts* ${D}${libdir}
- sed -i -e "s#/${TS_ENV}##g" ${D}${TS_INSTALL}/lib/cmake/libts/libtsTargets-noconfig.cmake
+ # Update generated cmake file to use correct paths.
+ target_cmake=$(find ${D}${TS_INSTALL}/lib/cmake/libts -type f -iname "libtsTargets-*.cmake")
+ if [ ! -z "$target_cmake" ]; then
+ sed -i -e "s#/${TS_ENV}##g" $target_cmake
+ fi
}
inherit ${@oe.utils.conditional('VIRTUAL-RUNTIME_dev_manager', 'busybox-mdev', '', 'useradd', d)}
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
index dfd4716..41cb0c0 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
@@ -18,11 +18,9 @@
-DPSA_ARCH_TESTS_SOURCE_DIR=${WORKDIR}/git/psatest \
"
-# TS ships patches that need to be applied to psa-arch-tests
+# TS check if there are patches to apply to psa-arch-tests, if so apply them
apply_ts_patch() {
- for p in ${S}/external/psa_arch_tests/*.patch; do
- patch -p1 -d ${WORKDIR}/git/psatest < ${p}
- done
+ find ${S}/external/psa_arch_tests -type f -name '*.patch' -exec patch -p1 -d ${WORKDIR}/git/psatest -i {} \;
}
do_patch[postfuncs] += "apply_ts_patch"
diff --git a/meta-arm/meta-atp/README.md b/meta-arm/meta-atp/README.md
index 15d0e29..490ddca 100644
--- a/meta-arm/meta-atp/README.md
+++ b/meta-arm/meta-atp/README.md
@@ -1,76 +1 @@
-# meta-atp layer
-
-The meta-atp layer supports building environments with traffic generation capabilities based on [AMBA Adaptive Traffic Profiles (ATP)](https://developer.arm.com/documentation/ihi0082/latest).
-
-## Recipes
-
-The meta-atp layer supports building the following software components:
-
-- Arm's implementation of the AMBA ATP specification, namely the [AMBA ATP Engine](https://github.com/ARM-software/ATP-Engine).
-- Linux kernel modules and user API (UAPI) for programming ATP devices.
-- Integration test suite for verification of kernel modules and UAPI.
-
-It is also possible to build the AMBA ATP Engine as part of the final [gem5](https://www.gem5.org/) executable. For this, meta-atp extends the `gem5-aarch64-native` recipe to add the AMBA ATP engine code as extra sources.
-
-## Machines
-
-The `gem5-atp-arm64` machine extends the `gem5-arm64` machine to instantiate a simulated platform with support for programmable AMBA ATP traffic generation. The platform includes the following models:
-
-- `ProfileGen` model. This is the adapter layer between gem5 and the AMBA ATP Engine. It is the source of traffic into the gem5 host platform.
-- `ATPDevice` model. Software can program it using the Linux kernel modules and UAPI to control traffic generation.
-
-## Usage
-
-Users should add the meta-atp layer and layer dependencies to `conf/bblayers.conf`. See `conf/layer.conf` for dependencies.
-
-### Standalone Engine executable
-
-Users can build the AMBA ATP Engine as a standalone native executable as follows:
-
-```bash
-bitbake atp-native
-```
-
-Users can run the executable through standard build scripts:
-
-```bash
-oe-run-native atp-native atpeng [--help | args...]
-```
-
-## Integration of the Engine in gem5
-
-Users should select the `gem5-atp-arm64` platform in their `conf/local.conf` file.
-
-Users can build the target image of preference, for example:
-
-```bash
-bitbake core-image-minimal
-```
-
-The resulting gem5 native executable contains the AMBA ATP Engine. The resulting target image contains the kernel modules, UAPI and test suite.
-
-Users should run the environment as follows:
-
-```bash
-./tmp/deploy/tools/start-gem5-atp.sh
-```
-
-This script launches a fast simulation to fast-forward Linux boot. Once Linux boot is completed, the fast simulation switches into a detailed simulation for the final usable environment. Users can connect and interact with the environment as follows:
-
-```bash
-oe-run-native gem5-m5term-native m5term <PORT>
-```
-
-The connection PORT is announced by the deploy script as:
-
-```bash
-system.terminal: Listening for connections on port <PORT>
-```
-
-This is usually port 3456.
-
-Users can verify access to the ATP device by running the integration test suite from within the simulated environment as follows:
-
-```bash
-test_atp.out
-```
+See ../README.md
diff --git a/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf b/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf
index d5fe22a..6e6d49a 100644
--- a/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf
+++ b/meta-arm/meta-atp/conf/machine/gem5-atp-arm64.conf
@@ -5,7 +5,11 @@
GEM5_RUN_PROFILE = "configs/baremetal_atp.py"
# Require m5term
EXTRA_IMAGEDEPENDS += "gem5-m5term-native"
-# Require ATP kernel modules, user API and gem5 m5ops
-MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-module-atp atp-uapi gem5-m5ops"
+# Require ATP kernel modules, user API and gem5 m5readfile
+MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "kernel-module-atp atp-uapi gem5-m5readfile"
# Optionally provide ATP kernel tests
MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS += "atp-test"
+
+# Use ATP Engine gem5 models in gem5 build
+DEPENDS:append:pn-gem5-aarch64-native = " atp-gem5-native"
+GEM5_EXTRAS:pn-gem5-aarch64-native = "${STAGING_DATADIR_NATIVE}/atp"
diff --git a/meta-arm/meta-atp/documentation/atp-standalone.md b/meta-arm/meta-atp/documentation/atp-standalone.md
new file mode 100644
index 0000000..1ab4528
--- /dev/null
+++ b/meta-arm/meta-atp/documentation/atp-standalone.md
@@ -0,0 +1,13 @@
+# Standalone ATP Engine executable
+
+Users can build the AMBA ATP Engine as a standalone native executable as follows:
+
+```bash
+bitbake atp-native
+```
+
+Users can run the executable through standard build scripts:
+
+```bash
+oe-run-native atp-native atpeng [--help | args...]
+```
diff --git a/meta-arm/meta-atp/documentation/gem5-atp-arm64.md b/meta-arm/meta-atp/documentation/gem5-atp-arm64.md
new file mode 100644
index 0000000..018f374
--- /dev/null
+++ b/meta-arm/meta-atp/documentation/gem5-atp-arm64.md
@@ -0,0 +1,37 @@
+## ATP Engine integration in gem5, and the gem5-atp-arm64 machine
+
+Users should select the `gem5-atp-arm64` machine in their `conf/local.conf` file.
+
+Users can build the target image of preference, for example:
+
+```bash
+bitbake core-image-minimal
+```
+
+The resulting gem5 native executable contains the AMBA ATP Engine. The resulting target image contains the kernel modules, UAPI and test suite.
+
+Users should run the environment as follows:
+
+```bash
+oe-run-native atp-gem5-native start-gem5-atp.sh
+```
+
+This script launches a fast simulation to fast-forward Linux boot. Once Linux boot is completed, the fast simulation switches into a detailed simulation for the final usable environment. Users can connect and interact with the environment as follows:
+
+```bash
+oe-run-native gem5-m5term-native m5term <PORT>
+```
+
+The connection PORT is announced by the deploy script as:
+
+```bash
+system.terminal: Listening for connections on port <PORT>
+```
+
+This is usually port 3456.
+
+Users can verify access to the ATP device by running the integration test suite from within the simulated environment as follows:
+
+```bash
+test_atp.out
+```
diff --git a/meta-arm/meta-atp/documentation/summary.md b/meta-arm/meta-atp/documentation/summary.md
new file mode 100644
index 0000000..7ac6c3f
--- /dev/null
+++ b/meta-arm/meta-atp/documentation/summary.md
@@ -0,0 +1,11 @@
+# meta-atp summary
+
+The meta-atp layer supports building the following software components:
+
+- Arm's implementation of the AMBA ATP specification, namely the [AMBA ATP Engine](https://github.com/ARM-software/ATP-Engine).
+- Linux kernel modules and user API (UAPI) for programming ATP devices.
+- Integration test suite for verification of kernel modules and UAPI.
+
+It is also possible to build the AMBA ATP Engine as part of the final [gem5](https://www.gem5.org/) executable. For this, meta-atp extends the `gem5-aarch64-native` recipe to add the AMBA ATP engine code as extra sources.
+
+Users should add the meta-atp layer and layer dependencies to `conf/bblayers.conf`. See `conf/layer.conf` for dependencies.
diff --git a/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5-native_3.1.bb b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5-native_3.1.bb
new file mode 100644
index 0000000..634c9b1
--- /dev/null
+++ b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5-native_3.1.bb
@@ -0,0 +1,24 @@
+require atp-source_3.1.inc
+inherit native
+
+SUMMARY = "AMBA ATP Engine gem5 models"
+
+S = "${WORKDIR}/git"
+SRC_URI = "${ATP_SRC} file://start-gem5-atp.sh"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+ install -d ${D}${datadir}/gem5/configs ${D}${datadir}/atp ${D}${bindir}
+
+ # baremetal_atp.py machine configuration and sample stream.atp file
+ install ${S}/gem5/baremetal_atp.py ${S}/configs/stream.atp ${D}${datadir}/gem5/configs
+ # ATP Engine sources for gem5 to use
+ install ${S}/SConscript ${S}/*.hh ${S}/*.cc ${D}${datadir}/atp
+ cp -RL ${S}/gem5 ${S}/proto ${D}${datadir}/atp
+
+ install ${WORKDIR}/start-gem5-atp.sh ${D}${bindir}
+}
+
+addtask addto_recipe_sysroot after do_populate_sysroot before do_build
diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native/start-gem5-atp.sh b/meta-arm/meta-atp/recipes-devtools/atp/atp-gem5/start-gem5-atp.sh
similarity index 100%
rename from meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native/start-gem5-atp.sh
rename to meta-arm/meta-atp/recipes-devtools/atp/atp-gem5/start-gem5-atp.sh
diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend
index 2b55b89..c96f2cd 100644
--- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend
+++ b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-dtb.bbappend
@@ -1,3 +1,5 @@
-# Export datadir paths for baremetal_atp.py script
-export GEM5_DATADIR = "${STAGING_DATADIR_NATIVE}/gem5"
-export ATP_DATADIR = "${STAGING_DATADIR_NATIVE}/gem5"
+do_compile:prepend:gem5-atp-arm64() {
+ # Export datadir paths for baremetal_atp.py script
+ export GEM5_DATADIR="${STAGING_DATADIR_NATIVE}/gem5"
+ export ATP_DATADIR="${STAGING_DATADIR_NATIVE}/gem5"
+}
diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native_20.bbappend b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native_20.bbappend
deleted file mode 100644
index 6607f0f..0000000
--- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-aarch64-native_20.bbappend
+++ /dev/null
@@ -1,24 +0,0 @@
-require recipes-devtools/atp/atp-source_3.1.inc
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
-
-SRC_URI += "${ATP_SRC};destsuffix=git/atp;name=atp \
- file://start-gem5-atp.sh"
-SRCREV_FORMAT = "gem5_atp"
-SRCREV_atp = "${ATP_REV}"
-LICENSE += "& ${ATP_LIC}"
-LIC_FILES_CHKSUM += "file://atp/LICENSE;md5=${ATP_LIC_MD5}"
-
-EXTRA_OESCONS += "EXTRAS=${S}/atp"
-
-do_install:append() {
- # baremetal_atp.py machine configuration and sample stream.atp file
- install -m 644 ${B}/atp/gem5/baremetal_atp.py \
- ${B}/atp/configs/stream.atp \
- ${D}${datadir}/gem5/configs
-}
-
-do_deploy:append() {
- # start-gem5-atp.sh launch script
- install -m 755 ${WORKDIR}/start-gem5-atp.sh ${DEPLOYDIR}
-}
diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops_20.bbappend b/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops_20.bbappend
deleted file mode 100644
index 3ba0c3c..0000000
--- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops_20.bbappend
+++ /dev/null
@@ -1,14 +0,0 @@
-inherit update-rc.d
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
-
-# Add startup script calling m5 readfile for automatic checkpoint and restore
-SRC_URI += "file://m5-readfile.sh"
-
-INITSCRIPT_NAME = "m5-readfile.sh"
-INITSCRIPT_PARAMS = "defaults 99"
-
-do_install:append() {
- install -d ${D}/${INIT_D_DIR}
- install -m 755 ${WORKDIR}/m5-readfile.sh ${D}/${INIT_D_DIR}
-}
diff --git a/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb b/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb
index 0bf4949..9b54e1c 100644
--- a/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb
+++ b/meta-arm/meta-atp/recipes-kernel/atp/atp-module_3.1.bb
@@ -1,3 +1,4 @@
+COMPATIBLE_MACHINE = "gem5-atp-arm64"
require recipes-devtools/atp/atp-source_3.1.inc
inherit module
diff --git a/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb b/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb
index e98e13c..3c88e08 100644
--- a/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb
+++ b/meta-arm/meta-atp/recipes-kernel/atp/atp-test_3.1.bb
@@ -1,3 +1,4 @@
+COMPATIBLE_MACHINE = "gem5-atp-arm64"
require recipes-devtools/atp/atp-source_3.1.inc
SUMMARY = "End-to-end tests evaluating ATP kernel modules service correctness"
diff --git a/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb b/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb
index 140105f..a8b1479 100644
--- a/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb
+++ b/meta-arm/meta-atp/recipes-kernel/atp/atp-uapi_3.1.bb
@@ -1,3 +1,4 @@
+COMPATIBLE_MACHINE = "gem5-atp-arm64"
require recipes-devtools/atp/atp-source_3.1.inc
SUMMARY = "User API for accessing services from ATP kernel modules"
diff --git a/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend
index f59f8d4..8cb86a9 100644
--- a/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend
+++ b/meta-arm/meta-atp/recipes-kernel/linux/linux-yocto_%.bbappend
@@ -1,2 +1,2 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-SRC_URI += "file://no_ftrace.cfg file://smmuv3.cfg"
+FILESEXTRAPATHS:prepend:gem5-atp-arm64 := "${THISDIR}/files:"
+SRC_URI:append:gem5-atp-arm64 = " file://no_ftrace.cfg file://smmuv3.cfg"
diff --git a/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile.bb b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile.bb
new file mode 100644
index 0000000..9cddc27
--- /dev/null
+++ b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile.bb
@@ -0,0 +1,17 @@
+inherit update-rc.d
+
+SUMMARY = "Enables reading any script at simulation launch time"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9"
+
+SRC_URI = "file://m5-readfile.sh"
+
+INITSCRIPT_NAME = "m5-readfile.sh"
+INITSCRIPT_PARAMS = "defaults 99"
+
+do_install() {
+ install -d ${D}/${INIT_D_DIR}
+ install -m 755 ${WORKDIR}/m5-readfile.sh ${D}/${INIT_D_DIR}
+}
+
+RDEPENDS:${PN} = "gem5-m5ops"
diff --git a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops/m5-readfile.sh b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile/m5-readfile.sh
similarity index 65%
rename from meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops/m5-readfile.sh
rename to meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile/m5-readfile.sh
index 44477e9..edf79b8 100755
--- a/meta-arm/meta-atp/recipes-devtools/gem5/gem5-m5ops/m5-readfile.sh
+++ b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-m5readfile/m5-readfile.sh
@@ -3,7 +3,7 @@
# Provides: m5-readfile
# Required-Start: $all
# Default-Start: 5
-# Description: Enables reading any script at simulation launch time.
+# Description: Enables reading any script at simulation launch time.
### END INIT INFO
m5 readfile | sh
diff --git a/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc
index 91a554b..0f794b3 100644
--- a/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc
+++ b/meta-arm/meta-gem5/recipes-devtools/gem5/gem5-native.inc
@@ -12,10 +12,15 @@
# What gem5 binary are we building
GEM5_BUILD_CONFIGS ?= "build/X86/gem5.{GEM5_BUILD_VARIANT}"
+# Extra directories with sources for gem5 build. Intended to be used from
+# machine configuration files, to add out-of-tree gem5 models of their
+# hardware components.
+GEM5_EXTRAS ?= ""
+
# Scons build arguments
GEM5_SCONS_ARGS ?= "CC=${BUILD_CC} CXX=${BUILD_CXX} \
AS=${BUILD_AS} AR=${BUILD_AR} ${GEM5_BUILD_CONFIGS} \
- PYTHON_CONFIG=python3-config"
+ PYTHON_CONFIG=python3-config EXTRAS=${GEM5_EXTRAS}"
# Default profile to run
GEM5_RUN_PROFILE ?= "configs/example/fs.py"
diff --git a/meta-arm/scripts/runfvp b/meta-arm/scripts/runfvp
index c5a74b2..939352b 100755
--- a/meta-arm/scripts/runfvp
+++ b/meta-arm/scripts/runfvp
@@ -1,10 +1,11 @@
#! /usr/bin/env python3
-import asyncio
+import itertools
import os
import pathlib
import signal
import sys
+import threading
import logging
logger = logging.getLogger("RunFVP")
@@ -37,7 +38,8 @@
fvp_args = []
args = parser.parse_args(args=arguments)
- logging.basicConfig(level=args.verbose and logging.DEBUG or logging.WARNING)
+ logging.basicConfig(level=args.verbose and logging.DEBUG or logging.WARNING,
+ format='\033[G%(levelname)s: %(message)s')
# If we're hooking up the console, don't start any terminals
if args.console:
@@ -47,27 +49,37 @@
logger.debug(f"FVP arguments: {fvp_args}")
return args, fvp_args
-
-async def start_fvp(args, config, extra_args):
+def start_fvp(args, config, extra_args):
fvp = runner.FVPRunner(logger)
try:
- await fvp.start(config, extra_args, args.terminals)
+ fvp.start(config, extra_args, args.terminals)
if args.console:
- fvp.add_line_callback(lambda line: logger.debug(f"FVP output: {line}"))
expected_terminal = config["consoles"]["default"]
if not expected_terminal:
logger.error("--console used but FVP_CONSOLE not set in machine configuration")
return 1
- telnet = await fvp.create_telnet(expected_terminal)
- await telnet.wait()
+ port_stdout, log_stdout = itertools.tee(fvp.stdout, 2)
+ parser = runner.ConsolePortParser(port_stdout)
+ port = parser.parse_port(expected_terminal)
+
+ def debug_log():
+ for line in log_stdout:
+ line = line.strip().decode(errors='ignore')
+ logger.debug(f'FVP output: {line}')
+ log_thread = threading.Thread(None, debug_log)
+ log_thread.start()
+
+ telnet = fvp.create_telnet(port)
+ telnet.wait()
logger.debug(f"Telnet quit, cancelling tasks")
else:
- fvp.add_line_callback(lambda line: print(line))
- await fvp.run()
+ for line in fvp.stdout:
+ print(line.strip().decode(errors='ignore'))
finally:
- await fvp.stop()
+ fvp.stop()
+
def runfvp(cli_args):
args, extra_args = parse_args(cli_args)
@@ -77,14 +89,8 @@
config_file = conffile.find(args.config)
logger.debug(f"Loading {config_file}")
config = conffile.load(config_file)
+ start_fvp(args, config, extra_args)
- try:
- # When we can assume Py3.7+, this can simply be asyncio.run()
- loop = asyncio.get_event_loop()
- return loop.run_until_complete(start_fvp(args, config, extra_args))
- except asyncio.CancelledError:
- # This means telnet exited, which isn't an error
- return 0
if __name__ == "__main__":
try:
diff --git a/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb b/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
similarity index 95%
rename from meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
rename to meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
index b29716a..37a8106 100644
--- a/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
+++ b/meta-openembedded/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb
@@ -10,7 +10,7 @@
file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
"
S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[sha256sum] = "0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93"
+SRC_URI[sha256sum] = "f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c"
UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/"
UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz"
diff --git a/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util/0001-libau-Do-not-build-LFS-version-of-readdir.patch b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util/0001-libau-Do-not-build-LFS-version-of-readdir.patch
new file mode 100644
index 0000000..c983733
--- /dev/null
+++ b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util/0001-libau-Do-not-build-LFS-version-of-readdir.patch
@@ -0,0 +1,32 @@
+From 12ba95281d0bbea3576350d635b4dee0f953b94a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 29 Nov 2022 18:38:07 -0800
+Subject: [PATCH] libau: Do not build LFS version of readdir
+
+rdu64 is providing largefile supported version of readdir and readdir_r
+however, we enable largefile support unconditionally in OE therefore its
+not needed since readdir() and readdir_r() are already LFS capable
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libau/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libau/Makefile b/libau/Makefile
+index 9ada831..1fd1ccc 100644
+--- a/libau/Makefile
++++ b/libau/Makefile
+@@ -30,7 +30,7 @@ STRIP ?= strip
+ all: ${LibSo}
+
+ ifeq (${Glibc},yes)
+-LibSoObj += rdu64.o
++#LibSoObj += rdu64.o
+
+ # this is unnecessary on 64bit system?
+ rdu64.c: rdu.c
+--
+2.38.1
+
diff --git a/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb
index f565be3..fbf7753 100644
--- a/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb
+++ b/meta-openembedded/meta-filesystems/recipes-utils/aufs-util/aufs-util_git.bb
@@ -12,6 +12,7 @@
https://raw.githubusercontent.com/sfjro/aufs4-linux/aufs4.9/include/uapi/linux/aufs_type.h;name=aufs_type \
file://aufs-util-don-t-strip-executables.patch \
file://aufs-util-add-tool-concept-to-Makefile-for-cross-com.patch \
+ file://0001-libau-Do-not-build-LFS-version-of-readdir.patch \
"
SRC_URI[aufs_type.md5sum] = "b37129ef0703de72a852db7e48bdedc6"
SRC_URI[aufs_type.sha256sum] = "7ff6566adb9c7a3b6862cdc85a690ab546f1d0bc81ddd595fd663c0a69031683"
diff --git a/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb b/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb
index 1446b15..763384b 100644
--- a/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb
+++ b/meta-openembedded/meta-gnome/recipes-gnome/gnome-text-editor/gnome-text-editor_42.2.bb
@@ -10,6 +10,7 @@
gtk4 \
gtksourceview5 \
enchant2 \
+ libpcre \
"
GTKIC_VERSION = "4"
diff --git a/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.0.bb b/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.1.bb
similarity index 93%
rename from meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.0.bb
rename to meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.1.bb
index ed0fbb6..1428159 100644
--- a/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.0.bb
+++ b/meta-openembedded/meta-gnome/recipes-gnome/tracker/tracker_3.4.1.bb
@@ -22,7 +22,7 @@
inherit gnomebase gsettings gobject-introspection vala gtk-doc manpages bash-completion features_check python3native
-SRC_URI[archive.sha256sum] = "b3b380c9571d7c7423b5f401e4a2f2d78de47143b035eb2c1281e2423c59218b"
+SRC_URI[archive.sha256sum] = "ea9d41a9fb9c2b42ad80fc2c82327b5c713d594c969b09e1a49be63fb74f4fae"
# gobject-introspection is mandatory and cannot be configured
REQUIRED_DISTRO_FEATURES = "gobject-introspection-data"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
index 3e43c0d..e7f9183 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb
@@ -22,4 +22,4 @@
CFLAGS += " -I${S}"
FILES:${PN} += "${datadir}/dbus-1"
-FILES:${PN}-dev += "${libdir}/${PN}/*.so"
+FILES:${PN}-dev += "${libdir}/${BPN}/*.so"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
index b25e446..0713797 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb
@@ -19,4 +19,4 @@
inherit autotools pkgconfig
FILES:${PN} += "${datadir}/dbus-1"
-FILES:${PN}-dev += "${libdir}/${PN}/*.so"
+FILES:${PN}-dev += "${libdir}/${BPN}/*.so"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
index 14d09e5..a4590d6 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
@@ -4,7 +4,7 @@
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594"
-SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https"
+SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https"
SRCREV = "8b00644751578ba67b709a827cbe5133d849d339"
S = "${WORKDIR}/git"
PV = "2.2.6"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera_0.0.1.bb
similarity index 74%
rename from meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb
rename to meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera_0.0.1.bb
index 53cd94c..2b77d99 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/libcamera/libcamera_0.0.1.bb
@@ -12,9 +12,9 @@
git://git.libcamera.org/libcamera/libcamera.git;protocol=https;branch=master \
"
-SRCREV = "ed591e705c451d0ce14988ae96829a31a2ae2f9a"
+SRCREV = "a83aed77df1258e469c0eb42d9cb4f1938db53f2"
-PV = "202105+git${SRCPV}"
+PE = "1"
S = "${WORKDIR}/git"
@@ -45,8 +45,8 @@
}
do_install:append() {
- chrpath -d ${D}${libdir}/libcamera.so.0.0.0
- chrpath -d ${D}${libdir}/libcamera-base.so.0.0.0
+ chrpath -d ${D}${libdir}/libcamera.so
+ chrpath -d ${D}${libdir}/v4l2-compat.so
}
addtask do_recalculate_ipa_signatures_package after do_package before do_packagedata
@@ -62,13 +62,5 @@
${S}/src/ipa/ipa-sign-install.sh ${B}/src/ipa-priv-key.pem "${modules}"
}
-FILES:${PN}-dev = "${includedir} ${libdir}/pkgconfig"
-FILES:${PN}-dev += " ${libdir}/libcamera.so"
-FILES:${PN} += " ${libdir}/libcamera.so.0"
-FILES:${PN} += " ${libdir}/libcamera.so.0.0.0"
-FILES:${PN}-dev += " ${libdir}/libcamera-base.so"
-FILES:${PN} += " ${libdir}/libcamera-base.so.0"
-FILES:${PN} += " ${libdir}/libcamera-base.so.0.0.0"
FILES:${PN} += " ${libdir}/v4l2-compat.so"
-FILES:${PN}-gst = "${libdir}/gstreamer-1.0/libgstlibcamera.so"
-FILES:${PN} += " ${bindir}/cam"
+FILES:${PN}-gst = "${libdir}/gstreamer-1.0"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.9.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
similarity index 98%
rename from meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.9.bb
rename to meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
index e63c1b5..1393844 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.9.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb
@@ -21,7 +21,7 @@
SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \
file://mpd.conf.in \
"
-SRCREV = "12147f6d5822899cc4316799b494c093b4b47f91"
+SRCREV = "d91da9679801224847c30147f5914785b6f8f240"
S = "${WORKDIR}/git"
EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch
new file mode 100644
index 0000000..92094af
--- /dev/null
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch
@@ -0,0 +1,37 @@
+From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001
+From: Max Kellermann <max@musicpd.org>
+Date: Wed, 23 Nov 2022 12:25:50 +0100
+Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion
+
+Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591]
+---
+ src/SearchPage.cxx | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx
+index 2fa5edbc..3f91c4fe 100644
+--- a/src/SearchPage.cxx
++++ b/src/SearchPage.cxx
+@@ -81,7 +81,7 @@ search_get_tag_id(const char *name)
+ }
+
+ struct SearchMode {
+- enum mpd_tag_type table;
++ int table;
+ const char *label;
+ };
+
+@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = {
+ { MPD_TAG_TITLE, N_("Title") },
+ { MPD_TAG_ARTIST, N_("Artist") },
+ { MPD_TAG_ALBUM, N_("Album") },
+- { (enum mpd_tag_type)SEARCH_URI, N_("Filename") },
+- { (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") },
++ { SEARCH_URI, N_("Filename") },
++ { SEARCH_ARTIST_TITLE, N_("Artist + Title") },
+ { MPD_TAG_COUNT, nullptr }
+ };
+
+--
+2.39.0
+
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
similarity index 92%
rename from meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb
rename to meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
index a77d4f9..4404691 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb
@@ -34,6 +34,7 @@
SRC_URI = " \
git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \
+ file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \
"
-SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4"
+SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass
index 1238172..9ad566c 100644
--- a/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass
+++ b/meta-openembedded/meta-networking/classes/kernel_wireless_regdb.bbclass
@@ -17,4 +17,4 @@
cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt
}
do_kernel_add_regdb[dirs] = "${S}"
-addtask kernel_add_regdb before do_build after do_configure
+addtask kernel_add_regdb before do_compile after do_configure
diff --git a/meta-openembedded/meta-networking/licenses/netperf b/meta-openembedded/meta-networking/licenses/netperf
deleted file mode 100644
index 3f3ceb2..0000000
--- a/meta-openembedded/meta-networking/licenses/netperf
+++ /dev/null
@@ -1,43 +0,0 @@
-
-
- Copyright (C) 1993 Hewlett-Packard Company
- ALL RIGHTS RESERVED.
-
- The enclosed software and documentation includes copyrighted works
- of Hewlett-Packard Co. For as long as you comply with the following
- limitations, you are hereby authorized to (i) use, reproduce, and
- modify the software and documentation, and to (ii) distribute the
- software and documentation, including modifications, for
- non-commercial purposes only.
-
- 1. The enclosed software and documentation is made available at no
- charge in order to advance the general development of
- high-performance networking products.
-
- 2. You may not delete any copyright notices contained in the
- software or documentation. All hard copies, and copies in
- source code or object code form, of the software or
- documentation (including modifications) must contain at least
- one of the copyright notices.
-
- 3. The enclosed software and documentation has not been subjected
- to testing and quality control and is not a Hewlett-Packard Co.
- product. At a future time, Hewlett-Packard Co. may or may not
- offer a version of the software and documentation as a product.
-
- 4. THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS".
- HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE,
- REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
- DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL
- PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR
- DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES,
- EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE
- DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
- 5. HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY
- DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
- (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION,
- MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION.
-
-
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb
index c3cde1f..2822e87 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb
@@ -26,6 +26,7 @@
python3-dbus \
python3-pygobject \
python3-terminal \
+ python3-fcntl \
packagegroup-tools-bluetooth \
"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch
new file mode 100644
index 0000000..4ea519c
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch
@@ -0,0 +1,118 @@
+From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 7 Feb 2022 22:26:05 -0500
+Subject: [PATCH] it's probably wrong to be completely retarded. Let's fix
+ that.
+
+CVE: CVE-2022-41860
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++-------
+ 1 file changed, 52 insertions(+), 17 deletions(-)
+
+diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c
+index cf1e8a7dd9..e438a844ea 100644
+--- a/src/modules/rlm_eap/libeap/eapsimlib.c
++++ b/src/modules/rlm_eap/libeap/eapsimlib.c
+@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r,
+ newvp->vp_length = 1;
+ fr_pair_add(&(r->vps), newvp);
+
++ /*
++ * EAP-SIM has a 1 octet of subtype, and 2 octets
++ * reserved.
++ */
+ attr += 3;
+ attrlen -= 3;
+
+- /* now, loop processing each attribute that we find */
+- while(attrlen > 0) {
++ /*
++ * Loop over each attribute. The format is:
++ *
++ * 1 octet of type
++ * 1 octet of length (value 1..255)
++ * ((4 * length) - 2) octets of data.
++ */
++ while (attrlen > 0) {
+ uint8_t *p;
+
+- if(attrlen < 2) {
++ if (attrlen < 2) {
+ fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen);
+ return 0;
+ }
+
++ if (!attr[1]) {
++ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute,
++ es_attribute_count);
++ return 0;
++ }
++
+ eapsim_attribute = attr[0];
+ eapsim_len = attr[1] * 4;
+
++ /*
++ * The length includes the 2-byte header.
++ */
+ if (eapsim_len > attrlen) {
+ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)",
+ eapsim_attribute, es_attribute_count, eapsim_len, attrlen);
+ return 0;
+ }
+
+- if(eapsim_len > MAX_STRING_LEN) {
+- eapsim_len = MAX_STRING_LEN;
+- }
+- if (eapsim_len < 2) {
+- fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute,
+- es_attribute_count);
+- return 0;
+- }
++ newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0);
++ if (!newvp) {
++ /*
++ * RFC 4186 Section 8.1 says 0..127 are
++ * "non-skippable". If one such
++ * attribute is found and we don't
++ * understand it, the server has to send:
++ *
++ * EAP-Request/SIM/Notification packet with an
++ * (AT_NOTIFICATION code, which implies general failure ("General
++ * failure after authentication" (0), or "General failure" (16384),
++ * depending on the phase of the exchange), which terminates the
++ * authentication exchange.
++ */
++ if (eapsim_attribute <= 127) {
++ fr_strerror_printf("Unknown mandatory attribute %d, failing",
++ eapsim_attribute);
++ return 0;
++ }
+
+- newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
+- newvp->vp_length = eapsim_len-2;
+- newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
+- memcpy(p, &attr[2], eapsim_len-2);
+- fr_pair_add(&(r->vps), newvp);
+- newvp = NULL;
++ } else {
++ /*
++ * It's known, ccount for header, and
++ * copy the value over.
++ */
++ newvp->vp_length = eapsim_len - 2;
++
++ newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
++ memcpy(p, &attr[2], newvp->vp_length);
++ fr_pair_add(&(r->vps), newvp);
++ }
+
+ /* advance pointers, decrement length */
+ attr += eapsim_len;
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
new file mode 100644
index 0000000..352c021
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch
@@ -0,0 +1,53 @@
+From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 28 Feb 2022 10:34:15 -0500
+Subject: [PATCH] manual port of commit 5906bfa1
+
+CVE: CVE-2022-41861
+
+Upstream-Status: Backport
+[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/lib/filters.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/filters.c b/src/lib/filters.c
+index 4868cd385d..3f3b63daee 100644
+--- a/src/lib/filters.c
++++ b/src/lib/filters.c
+@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+ }
+ }
+ } else if (filter->type == RAD_FILTER_GENERIC) {
+- int count;
++ size_t count, masklen;
++
++ masklen = ntohs(filter->u.generic.len);
++ if (masklen >= sizeof(filter->u.generic.mask)) {
++ *p = '\0';
++ return;
++ }
+
+ i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset));
+ p += i;
+
+ /* show the mask */
+- for (count = 0; count < ntohs(filter->u.generic.len); count++) {
++ for (count = 0; count < masklen; count++) {
+ i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]);
+ p += i;
+ outlen -= i;
+@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in
+ outlen--;
+
+ /* show the value */
+- for (count = 0; count < ntohs(filter->u.generic.len); count++) {
++ for (count = 0; count < masklen; count++) {
+ i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]);
+ p += i;
+ outlen -= i;
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service
index 37a2eb3..7969bfb 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service
+++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service
@@ -4,10 +4,11 @@
[Service]
Type=forking
+EnvironmentFile=-/etc/sysconfig/radiusd
PIDFile=/run/radiusd/radiusd.pid
ExecStartPre=-@BASE_BINDIR@/chown -R radiusd:radiusd /run/radiusd
ExecStartPre=@SBINDIR@/radiusd -C
-ExecStart=@SBINDIR@/radiusd -d @SYSCONFDIR@/raddb
+ExecStart=@SBINDIR@/radiusd -d @SYSCONFDIR@/${MLPREFIX}raddb
ExecReload=@SBINDIR@/radiusd -C
ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
index 1407b79..d18c387 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb
@@ -33,6 +33,8 @@
file://radiusd-volatiles.conf \
file://check-openssl-cmds-in-script-bootstrap.patch \
file://0001-version.c-don-t-print-build-flags.patch \
+ file://CVE-2022-41860.patch \
+ file://CVE-2022-41861.patch \
"
raddbdir="${sysconfdir}/${MLPREFIX}raddb"
@@ -199,9 +201,39 @@
# Fix ownership for /etc/raddb/*, /var/lib/radiusd
chown -R radiusd:radiusd ${raddbdir}
chown -R radiusd:radiusd ${localstatedir}/lib/radiusd
+
+ # for radiusd.service with multilib
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${sysconfdir}/sysconfig
+ echo "MLPREFIX=${MLPREFIX}" > ${sysconfdir}/sysconfig/radiusd
+ fi
+ else
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d $D${sysconfdir}/sysconfig
+ echo "MLPREFIX=${MLPREFIX}" > $D${sysconfdir}/sysconfig/radiusd
+ fi
fi
}
+pkg_postrm:${PN} () {
+ # only try to remove ${sysconfdir}/sysconfig/radiusd for systemd
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
+ exit 0
+ fi
+
+ if [ -d ${sysconfdir}/raddb ]; then
+ exit 0
+ fi
+ for variant in ${MULTILIB_GLOBAL_VARIANTS}; do
+ if [ -d ${sysconfdir}/${variant}-raddb ]; then
+ exit 0
+ fi
+ done
+
+ rm -f ${sysconfdir}/sysconfig/radiusd
+ rmdir --ignore-fail-on-non-empty ${sysconfdir}/sysconfig
+}
+
# We really need the symlink :(
INSANE_SKIP:${PN} = "dev-so"
INSANE_SKIP:${PN}-krb5 = "dev-so"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
index 742414d..15bd7cf 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.2.bb
@@ -23,7 +23,7 @@
SECTION = "libs"
S = "${WORKDIR}/git"
-SRCREV = "dd79db10014d85b26d11fe57218431f2e5ede6f2"
+SRCREV = "89f040a5c938985c5f30728baed21e49d0846a53"
SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28"
inherit cmake
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
index 10241e1..8017391 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
@@ -104,9 +104,11 @@
PACKAGECONFIG[audit] = "-Dlibaudit=yes,-Dlibaudit=no"
PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux"
PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false"
-PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=yes,-Ddhcpcd=no,,dhcpcd"
+PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=${base_sbindir}/dhcpcd,-Ddhcpcd=no,,dhcpcd"
PACKAGECONFIG[dhclient] = "-Ddhclient=yes,-Ddhclient=no,,dhcp"
PACKAGECONFIG[concheck] = "-Dconcheck=true,-Dconcheck=false"
+# The following PACKAGECONFIG is used to determine whether NM is managing /etc/resolv.conf itself or not
+PACKAGECONFIG[man-resolv-conf] = ",,"
PACKAGES =+ " \
@@ -258,9 +260,9 @@
"
RCONFLICTS:${PN}-daemon += "connman"
ALTERNATIVE_PRIORITY = "100"
-ALTERNATIVE:${PN}-daemon = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
-ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
-ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+ALTERNATIVE:${PN}-daemon = "${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','${sysconfdir}/resolv.conf','',d)}"
# The networkmanager package is an empty meta package which weakly depends on all the compiled features.
@@ -285,7 +287,7 @@
rm -rf ${D}/run ${D}${localstatedir}/run
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ if ${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','true','false',d)}; then
# For read-only filesystem, do not create links during bootup
ln -sf ../run/NetworkManager/resolv.conf ${D}${sysconfdir}/resolv-conf.NetworkManager
@@ -295,11 +297,11 @@
# Enable iwd if compiled
if ${@bb.utils.contains('PACKAGECONFIG','iwd','true','false',d)}; then
- install -Dm 0644 ${WORKDIR}/enable-iwd.conf ${D}${libdir}/NetworkManager/conf.d/enable-iwd.conf
+ install -Dm 0644 ${WORKDIR}/enable-iwd.conf ${D}${nonarch_libdir}/NetworkManager/conf.d/enable-iwd.conf
fi
# Enable dhcpd if compiled
if ${@bb.utils.contains('PACKAGECONFIG','dhcpcd','true','false',d)}; then
- install -Dm 0644 ${WORKDIR}/enable-dhcpcd.conf ${D}${libdir}/NetworkManager/conf.d/enable-dhcpcd.conf
+ install -Dm 0644 ${WORKDIR}/enable-dhcpcd.conf ${D}${nonarch_libdir}/NetworkManager/conf.d/enable-dhcpcd.conf
fi
}
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
index e715135..03eff43 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb
@@ -9,11 +9,11 @@
LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6"
DEPENDS = "asio fmt http-parser"
-SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2"
+SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2"
SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c"
SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7"
-S = "${WORKDIR}/${PN}-${PV}/dev"
+S = "${WORKDIR}/${BP}/dev"
inherit cmake
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb b/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb
index 5c52437..ad7b083 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/sshpass/sshpass_1.09.bb
@@ -1,7 +1,7 @@
DESCRIPTION = "Non-interactive ssh password auth"
HOMEPAGE = "http://sshpass.sourceforge.net/"
SECTION = "console/network"
-LICENSE = "GPLv2"
+LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.gz"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.2.bb
similarity index 93%
rename from meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.1.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.2.bb
index 790fa68..aafb6d3 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.1.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.5.2.bb
@@ -13,7 +13,7 @@
RPROVIDES:${PN} = "cyassl"
SRC_URI = "git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master"
-SRCREV = "f1e2165c591f074feb47872a8ff712713ec411e1"
+SRCREV = "0ea0b887a51771cc1668d71b9113bbc286dd4f8a"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.15.bb
similarity index 94%
rename from meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
rename to meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.15.bb
index eda0129..6a3687c 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.14.bb
+++ b/meta-openembedded/meta-networking/recipes-daemons/lldpd/lldpd_1.0.15.bb
@@ -11,9 +11,9 @@
file://lldpd.default \
"
-SRC_URI[sha256sum] = "a74819214f116a5dbc407a3d490caa01ba401a249517ac826a374059c12d12e8"
+SRC_URI[sha256sum] = "f7fe3a130be98a19c491479ef60f36b8ee41a9e6bc4d7f2c41033f63956a3126"
-inherit autotools update-rc.d useradd systemd pkgconfig bash-completion
+inherit autotools update-rc.d useradd systemd pkgconfig bash-completion github-releases
USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "--system -g lldpd --shell /bin/false lldpd"
diff --git a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc
index 8a4428c..5133caa 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc
+++ b/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc
@@ -115,7 +115,7 @@
'data_directory=${localstatedir}/lib/postfix' \
-non-interactive
rm -rf ${D}${localstatedir}/spool/postfix
- mv ${D}${sysconfdir}/postfix/main.cf ${D}${sysconfdir}/postfix/sample-main.cf
+ mv ${D}${sysconfdir}/postfix/main.cf ${D}${sysconfdir}/postfix/${MLPREFIX}sample-main.cf
install -m 755 ${S}/bin/smtp-sink ${D}/${sbindir}/
install -d ${D}${sysconfdir}/init.d
install -m 644 ${WORKDIR}/main.cf ${D}${sysconfdir}/postfix/main.cf
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch
new file mode 100644
index 0000000..b7d9ad5
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch
@@ -0,0 +1,175 @@
+From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Tue, 6 Dec 2022 13:28:31 +0000
+Subject: [PATCH] make: Add top-level Makefile
+
+Simple top level Makefile that just delegates to mDNSPosix.
+
+Upstream-Status: Inappropriate [oe-specific]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ Makefile | 154 +------------------------------------------------------
+ 1 file changed, 2 insertions(+), 152 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 8b6fa77..feb6ac6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,152 +1,2 @@
+-#
+-# Copyright (c) 2003-2018 Apple Inc. All rights reserved.
+-#
+-# Top level makefile for Build & Integration (B&I).
+-#
+-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple.
+-#
+-# The various platform directories contain makefiles or projects specific to that platform.
+-#
+-# B&I builds must respect the following target:
+-# install:
+-# installsrc:
+-# installhdrs:
+-# installapi:
+-# clean:
+-#
+-
+-include $(MAKEFILEPATH)/pb_makefiles/platform.make
+-
+-MVERS = "mDNSResponder-1310.140.1"
+-
+-VER =
+-ifneq ($(strip $(GCC_VERSION)),)
+- VER = -- GCC_VERSION=$(GCC_VERSION)
+-endif
+-echo "VER = $(VER)"
+-
+-projectdir := $(SRCROOT)/mDNSMacOSX
+-buildsettings := OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT)
+-
+-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean
+-
+-# Sanitizer support
+-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210.
+-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim
+-PROJECT_SUPPORTS_SANITIZERS := 1
+-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0)
+- PROJECT_SUPPORTS_SANITIZERS := 0
+-endif
+-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1)
+- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+- $(info Enabling Address Sanitizer)
+- buildsettings += -enableAddressSanitizer YES
+- else
+- $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName))
+- endif
+-endif
+-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1)
+- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+- $(info Enabling Thread Sanitizer)
+- buildsettings += -enableThreadSanitizer YES
+- else
+- $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName))
+- endif
+-endif
+-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1)
+- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1)
+- $(info Enabling Undefined Behavior Sanitizer)
+- buildsettings += -enableUndefinedBehaviorSanitizer YES
+- else
+- $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName))
+- endif
+-endif
+-
+-# B&I install build targets
+-#
+-# For the mDNSResponder build alias, the make target used by B&I depends on the platform:
+-#
+-# Platform Make Target
+-# -------- -----------
+-# osx install
+-# ios installSome
+-# atv installSome
+-# watch installSome
+-#
+-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries
+-# target for all platforms.
+-
+-install:
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+- mkdir -p $(DSTROOT)/AppleInternal
+-else
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER)
+-endif
+-
+-installSome:
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER)
+-
+-installEmpty:
+- mkdir -p $(DSTROOT)/AppleInternal
+-
+-installExtras:
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER)
+-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios)
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER)
+-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv)
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER)
+-else
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER)
+-endif
+-
+-SystemLibraries:
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER)
+-
+-# B&I installhdrs build targets
+-
+-installhdrs::
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+- mkdir -p $(DSTROOT)/AppleInternal
+-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),)
+- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER)
+-endif
+-
+-# B&I installapi build targets
+-
+-installapi:
+-ifeq ($(RC_ProjectName), mDNSResponderServices)
+-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx)
+- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER)
+-else
+- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER)
+-endif
+-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim)
+- mkdir -p $(DSTROOT)/AppleInternal
+-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),)
+- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER)
+-endif
+-
+-# Misc. targets
+-
+-installsrc:
+- ditto . '$(SRCROOT)'
+- rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension'
+-
+-java:
+- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER)
+-
+-clean::
+- echo clean
++all clean:
++ cd mDNSPosix && $(MAKE) $@
+--
+2.38.1
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service
similarity index 100%
rename from meta-openembedded/meta-networking/recipes-protocols/mdns/files/mdns.service
rename to meta-openembedded/meta-networking/recipes-protocols/mdns/mdns/mdns.service
diff --git a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
index 205dc92..65f4847 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb
@@ -2,28 +2,31 @@
DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks."
HOMEPAGE = "http://developer.apple.com/networking/bonjour/"
LICENSE = "Apache-2.0 & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf"
DEPENDS:append:libc-musl = " musl-nscd"
RPROVIDES:${PN} += "libdns_sd.so"
-SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \
+# matches annotated tag mDNSResponder-1310.140.1
+SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77"
+BRANCH = "rel/mDNSResponder-1310"
+SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \
file://mdns.service \
- file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \
- file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \
- file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \
- file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \
- file://0003-Track-interface-socket-family.patch;patchdir=.. \
- file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \
- file://0006-Remove-unneeded-function.patch;patchdir=.. \
- file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \
- file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \
- file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \
- file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \
- file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \
+ file://0001-mdns-include-stddef.h-for-NULL.patch \
+ file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \
+ file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \
+ file://0002-Create-subroutine-for-tearing-down-an-interface.patch \
+ file://0003-Track-interface-socket-family.patch \
+ file://0004-Use-list-for-changed-interfaces.patch \
+ file://0006-Remove-unneeded-function.patch \
+ file://0008-Mark-deleted-interfaces-as-being-changed.patch \
+ file://0009-Fix-possible-NULL-dereference.patch \
+ file://0010-Handle-errors-from-socket-calls.patch \
+ file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \
+ file://0001-dns-sd-Include-missing-headers.patch \
+ file://0006-make-Add-top-level-Makefile.patch \
"
-SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f"
CVE_PRODUCT = "apple:mdnsresponder"
@@ -42,13 +45,22 @@
PARALLEL_MAKE = ""
-S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix"
+# We install a stub Makefile in the top directory so that the various checks
+# in base.bbclass pass their tests for a Makefile, this ensures (that amongst
+# other things) the sstate checks will clean the build directory when the
+# task hashes changes.
+#
+# We can't use the approach of setting ${S} to mDNSPosix as we need
+# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too.
+S = "${WORKDIR}/git"
EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'"
TARGET_CC_ARCH += "${LDFLAGS}"
do_install () {
+ cd mDNSPosix
+
install -d ${D}${sbindir}
install -m 0755 build/prod/mdnsd ${D}${sbindir}
diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch
new file mode 100644
index 0000000..6fbace7
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch
@@ -0,0 +1,32 @@
+From 5719f40db65a72624a0b0f08e546d12bf823bd1e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Jan 2023 14:38:44 -0800
+Subject: [PATCH] Add noreturn attribute to netsnmp_pci_error()
+
+Fixes build with clang16
+| mibgroup/if-mib/data_access/interface_linux.c:152:23: error: incompatible function pointer types assigning to 'void (*)(char *, ...) __attribute__((noreturn))' from 'void (char *, ...)' [-Wincompatible-function-pointer-types]
+| pci_access->error = netsnmp_pci_error;
+| ^ ~~~~~~~~~~~~~~~~~
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ agent/mibgroup/if-mib/data_access/interface_linux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
+index c6cc54e..12eb865 100644
+--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
++++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
+@@ -31,7 +31,7 @@ static struct pci_access *pci_access;
+ /* Avoid letting libpci call exit(1) when no PCI bus is available. */
+ static int do_longjmp =0;
+ static jmp_buf err_buf;
+-static void
++__attribute__((noreturn)) static void
+ netsnmp_pci_error(char *msg, ...)
+ {
+ va_list args;
+--
+2.39.1
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch
new file mode 100644
index 0000000..b18d4dc
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch
@@ -0,0 +1,121 @@
+From d13302656d9ff0807c5defe18623adc947f43a2b Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Wed, 8 Feb 2023 13:15:39 +0000
+Subject: [PATCH] agent: Disallow SET requests with any NULL varbind Merge pull
+ request #490 from fenner/set-null
+
+fixes: #474 and #475
+
+CVE: CVE-2022-44792, CVE-2022-44793
+
+Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ agent/snmp_agent.c | 32 +++++++++++++++++++
+ apps/snmpset.c | 1 +
+ .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++
+ 3 files changed, 64 insertions(+)
+ create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
+
+diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
+index 867d0c1..3f678fe 100644
+--- a/agent/snmp_agent.c
++++ b/agent/snmp_agent.c
+@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
+ return 1;
+ }
+
++static int
++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
++{
++ int i;
++ netsnmp_variable_list *v = NULL;
++
++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
++ if (v->type == ASN_NULL) {
++ /*
++ * Protect SET implementations that do not protect themselves
++ * against wrong type.
++ */
++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
++ asp->index = i;
++ return SNMP_ERR_WRONGTYPE;
++ }
++ }
++ return SNMP_ERR_NOERROR;
++}
++
+ int
+ handle_pdu(netsnmp_agent_session *asp)
+ {
+ int status, inclusives = 0;
+ netsnmp_variable_list *v = NULL;
+
++#ifndef NETSNMP_NO_WRITE_SUPPORT
++ /*
++ * Check for ASN_NULL in SET request
++ */
++ if (asp->pdu->command == SNMP_MSG_SET) {
++ status = check_set_pdu_for_null_varbind(asp);
++ if (status != SNMP_ERR_NOERROR) {
++ return status;
++ }
++ }
++#endif /* NETSNMP_NO_WRITE_SUPPORT */
++
+ /*
+ * for illegal requests, mark all nodes as ASN_NULL
+ */
+diff --git a/apps/snmpset.c b/apps/snmpset.c
+index 48e14bd..d542713 100644
+--- a/apps/snmpset.c
++++ b/apps/snmpset.c
+@@ -182,6 +182,7 @@ main(int argc, char *argv[])
+ case 'x':
+ case 'd':
+ case 'b':
++ case 'n': /* undocumented */
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ case 'I':
+ case 'U':
+diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
+new file mode 100644
+index 0000000..0f1b8f3
+--- /dev/null
++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
+@@ -0,0 +1,31 @@
++#!/bin/sh
++
++. ../support/simple_eval_tools.sh
++
++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
++
++SKIPIF NETSNMP_DISABLE_SET_SUPPORT
++SKIPIF NETSNMP_NO_WRITE_SUPPORT
++SKIPIF NETSNMP_DISABLE_SNMPV2C
++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
++
++#
++# Begin test
++#
++
++# standard V2C configuration: testcomunnity
++snmp_write_access='all'
++. ./Sv2cconfig
++STARTAGENT
++
++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
++
++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
++
++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
++
++CHECK "Reason: wrongType"
++
++STOPAGENT
++
++FINISHED
+--
+2.34.1
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
index 7af5147..f40fb8b 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb
@@ -26,6 +26,8 @@
file://net-snmp-fix-for-disable-des.patch \
file://reproducibility-have-printcap.patch \
file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
+ file://0001-Add-noreturn-attribute-to-netsnmp_pci_error.patch \
+ file://CVE-2022-44792-CVE-2022-44793.patch \
"
SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a"
diff --git a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb
index d0e2c4b..870c9d8 100644
--- a/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb
+++ b/meta-openembedded/meta-networking/recipes-support/chrony/chrony_4.3.bb
@@ -53,14 +53,6 @@
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}"
# Configuration options:
-# - For command line editing support in chronyc, you may specify either
-# 'editline' or 'readline' but not both. editline is smaller, but
-# many systems already have readline for other purposes so you might want
-# to choose that instead. However, beware license incompatibility
-# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+.
-# You can of course choose neither, but if you're that tight on space
-# consider dropping chronyc entirely (you can use it remotely with
-# appropriate chrony.conf options).
# - Security-related:
# - 'sechash' is omitted by default because it pulls in nss which is huge.
# - 'privdrop' allows chronyd to run as non-root; would need changes to
@@ -70,14 +62,17 @@
PACKAGECONFIG ??= "editline \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
-PACKAGECONFIG[readline] = "--without-editline,--disable-readline,readline"
PACKAGECONFIG[editline] = ",--without-editline,libedit"
PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss"
-PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap"
+PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap"
PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp"
PACKAGECONFIG[ipv6] = ",--disable-ipv6,"
-PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
-PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap"
+
+# These are left for backwards compatibility, to avoid breaking existing
+# configurations.
+PACKAGECONFIG[libcap] = ""
+PACKAGECONFIG[nss] = ""
+PACKAGECONFIG[readline] = ""
# --disable-static isn't supported by chrony's configure script.
DISABLE_STATIC = ""
diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
index a8ff21a..9e0f529 100644
--- a/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
+++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/dnsmasq.inc
@@ -14,6 +14,7 @@
file://dnsmasq-resolvconf.service \
file://dnsmasq-noresolvconf.service \
file://dnsmasq-resolved.conf \
+ file://CVE-2023-28450.patch \
"
inherit pkgconfig update-rc.d systemd
diff --git a/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch
new file mode 100644
index 0000000..129c904
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/dnsmasq/files/CVE-2023-28450.patch
@@ -0,0 +1,48 @@
+From eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 7 Mar 2023 22:07:46 +0000
+Subject: [PATCH] Set the default maximum DNS UDP packet size to 1232.
+
+http://www.dnsflagday.net/2020/ refers.
+
+Thanks to Xiang Li for the prompt.
+
+CVE: CVE-2023-28450
+Upstream-Status: Backport [https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ man/dnsmasq.8 | 3 ++-
+ src/config.h | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 41e2e04..5acb935 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP.
+ .TP
+ .B \-P, --edns-packet-max=<size>
+ Specify the largest EDNS.0 UDP packet which is supported by the DNS
+-forwarder. Defaults to 4096, which is the RFC5625-recommended size.
++forwarder. Defaults to 1232, which is the recommended size following the
++DNS flag day in 2020. Only increase if you know what you are doing.
+ .TP
+ .B \-Q, --query-port=<query_port>
+ Send outbound DNS queries from, and listen for their replies on, the
+diff --git a/src/config.h b/src/config.h
+index 1e7b30f..37b374e 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -19,7 +19,7 @@
+ #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
+ #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
+ #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
+-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
++#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
+ #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
+ #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
+ #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
+--
+2.20.1
+
diff --git a/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb b/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb
index 7d37f41..b0958e6 100644
--- a/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb
+++ b/meta-openembedded/meta-networking/recipes-support/ettercap/ettercap_0.8.3.1.bb
@@ -10,6 +10,7 @@
librepo \
libnet \
libpcap \
+ libpcre \
ncurses \
openssl \
zlib \
diff --git a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index 2ae53dc..c4589c2 100644
--- a/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-openembedded/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -30,6 +30,7 @@
SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
# CVE-2016-9312 is only for windows.
+# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility
# The other CVEs are not correctly identified because cve-check
# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
CVE_CHECK_IGNORE += "\
@@ -53,6 +54,7 @@
CVE-2016-7433 \
CVE-2016-9310 \
CVE-2016-9311 \
+ CVE-2019-11331 \
"
diff --git a/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.5.bb b/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.6.bb
similarity index 89%
rename from meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.5.bb
rename to meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.6.bb
index b0b96be..0975282 100644
--- a/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.5.bb
+++ b/meta-openembedded/meta-networking/recipes-support/smcroute/smcroute_2.5.6.bb
@@ -5,7 +5,7 @@
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-SRCREV = "9ca7441add4427a91fe90c34ae4a178ed9a50553"
+SRCREV = "999bdd724a1f963ac8bfd0598ffdd2a3d651646e"
SRC_URI = "git://github.com/troglobit/smcroute.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.8.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.9.bb
similarity index 98%
rename from meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.8.bb
rename to meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.9.bb
index 266d43a..a11cd5a 100644
--- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.8.bb
+++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.9.bb
@@ -11,7 +11,7 @@
SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
"
-SRC_URI[sha256sum] = "d3303a43c0bd7b75a12b64855e8edcb53696f06190364f26d1533bde1f2e453c"
+SRC_URI[sha256sum] = "5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d"
UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.5.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.6.bb
similarity index 80%
rename from meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.5.bb
rename to meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.6.bb
index 4909acd..7128a23 100644
--- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.5.bb
+++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpslice_1.6.bb
@@ -8,8 +8,7 @@
SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz \
"
-SRC_URI[md5sum] = "8907e60376e629f6e6ce2255988aaf47"
-SRC_URI[sha256sum] = "f6935e3e7ca00ef50c515d062fddd410868467ec5b6d8f2eca12066f8d91dda2"
+SRC_URI[sha256sum] = "60d23f00d4c485fef2dda9b12c2018af958df3a511238c45374733bbc1231920"
UPSTREAM_CHECK_REGEX = "tcpslice-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
new file mode 100644
index 0000000..4e2157c
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
@@ -0,0 +1,33 @@
+From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 8 Sep 2022 15:18:04 +0000
+Subject: [PATCH] prevent junk from showing up in error page in invalid
+ requests
+
+fixes #457
+
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
+Upstream-Status: Backport
+CVE: CVE-2022-40468
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ src/reqs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index bce69819..45db118d 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
+ goto fail;
+ }
+
++ /* zero-terminate the strings so they don't contain junk in error page */
++ request->method[0] = url[0] = request->protocol[0] = 0;
++
+ ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+ request->method, url, request->protocol);
++
+ if (ret == 2 && !strcasecmp (request->method, "GET")) {
+ request->protocol[0] = 0;
+
diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
index 86f57d8..999deff 100644
--- a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
+++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
@@ -7,6 +7,7 @@
file://disable-documentation.patch \
file://tinyproxy.service \
file://tinyproxy.conf \
+ file://CVE-2022-40468.patch \
"
SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"
diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb
index 234d347..7e975d2 100644
--- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb
+++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.2.bb
@@ -49,9 +49,9 @@
# Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA
do_install:prepend() {
- rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/
- mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/
- tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S}
+ rm -rf ${S}/python-pkg/dist/
+ mkdir ${S}/python-pkg/dist/
+ tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S}
}
# In code, path to python is a variable that is replaced with path to native version of it
diff --git a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
index d040ab1..ff0938d 100644
--- a/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
+++ b/meta-openembedded/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
@@ -118,7 +118,7 @@
# install mongo data folder
install -m 755 -d ${D}${localstatedir}/lib/${BPN}
- chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN}
+ chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN}
# Create /var/log/mongodb in runtime.
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch
new file mode 100644
index 0000000..8b6405b
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch
@@ -0,0 +1,46 @@
+From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001
+From: Michael Larabel <michael@phoronix.com>
+Date: Sat, 23 Jul 2022 07:32:43 -0500
+Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in
+ phoromatic_quit_if_invalid_input_found()
+
+Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678
+
+Upstream-Status: Backport
+CVE: CVE-2022-40704
+
+Reference to upstream patch:
+https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php
+index 74ccc5444c..c2313dcdea 100644
+--- a/pts-core/phoromatic/phoromatic_functions.php
++++ b/pts-core/phoromatic/phoromatic_functions.php
+@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
+ {
+ foreach($input_keys as $key)
+ {
+- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
++ if(isset($_GET[$key]) && !empty($_GET[$key]))
+ {
+- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check)
++ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check)
++ {
++ if(stripos($val_to_check, $invalid_string) !== false)
++ {
++ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check);
++ exit;
++ }
++ }
++ }
++ if(isset($_POST[$key]) && !empty($_POST[$key]))
++ {
++ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check)
+ {
+ if(stripos($val_to_check, $invalid_string) !== false)
+ {
diff --git a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb
index be9756d..8de3314 100644
--- a/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb
+++ b/meta-openembedded/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.4.bb
@@ -5,7 +5,10 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SECTION = "console/tests"
-SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz"
+SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \
+ file://CVE-2022-40704.patch \
+ "
+
SRC_URI[sha256sum] = "1f2092d536c0a3193efc53e4a50f3cee65c0ef1a78d31e5404f1c663fff7b7f4"
S = "${WORKDIR}/phoronix-test-suite"
diff --git a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/CVE-2022-3287.patch b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/CVE-2022-3287.patch
new file mode 100644
index 0000000..5360e98
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd/CVE-2022-3287.patch
@@ -0,0 +1,218 @@
+From ea676855f2119e36d433fbd2ed604039f53b2091 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Wed, 21 Sep 2022 14:56:10 +0100
+Subject: [PATCH] Never save the Redfish passwords to a file readable by users
+
+When the redfish plugin automatically creates an OPERATOR user account on the
+BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it
+is chmod'ed to 0660 before writing the file with g_key_file_save_to_file().
+
+Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with
+the keyfile string data.
+I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being
+used to copy permissions, but alas not.
+
+GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666,
+which undoes the previous chmod().
+
+Use g_file_set_contents_full() with the correct mode for newer GLib versions,
+and provide a fallback with the same semantics for older versions.
+
+https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091
+Upstream-Status: Backport
+CVE: CVE-2022-3287
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ contrib/fwupd.spec.in | 3 ++
+ libfwupdplugin/fu-plugin.c | 65 +++++++++++++++++++++++++++++------
+ libfwupdplugin/fu-self-test.c | 57 ++++++++++++++++++++++++++++++
+ 3 files changed, 114 insertions(+), 11 deletions(-)
+
+diff --git a/contrib/fwupd.spec.in b/contrib/fwupd.spec.in
+index b011292b1b..42ea2024a8 100644
+--- a/contrib/fwupd.spec.in
++++ b/contrib/fwupd.spec.in
+@@ -326,6 +326,9 @@ for fn in /etc/fwupd/remotes.d/*.conf; do
+ fi
+ done
+
++# ensure this is private
++chmod 0660 /etc/fwupd/redfish.conf
++
+ %preun
+ %systemd_preun fwupd.service
+
+diff --git a/libfwupdplugin/fu-plugin.c b/libfwupdplugin/fu-plugin.c
+index 9744af9d60..b431f6d418 100644
+--- a/libfwupdplugin/fu-plugin.c
++++ b/libfwupdplugin/fu-plugin.c
+@@ -9,6 +9,7 @@
+ #include "config.h"
+
+ #include <errno.h>
++#include <fcntl.h>
+ #include <fwupd.h>
+ #include <glib/gstdio.h>
+ #include <gmodule.h>
+@@ -2417,6 +2418,46 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value,
+ return g_key_file_save_to_file(keyfile, conf_path, error);
+ }
+
++#if !GLIB_CHECK_VERSION(2, 66, 0)
++
++#define G_FILE_SET_CONTENTS_CONSISTENT 0
++typedef guint GFileSetContentsFlags;
++static gboolean
++g_file_set_contents_full(const gchar *filename,
++ const gchar *contents,
++ gssize length,
++ GFileSetContentsFlags flags,
++ int mode,
++ GError **error)
++{
++ gint fd;
++ gssize wrote;
++
++ if (length < 0)
++ length = strlen(contents);
++ fd = g_open(filename, O_CREAT, mode);
++ if (fd <= 0) {
++ g_set_error(error,
++ G_IO_ERROR,
++ G_IO_ERROR_FAILED,
++ "could not open %s file",
++ filename);
++ return FALSE;
++ }
++ wrote = write(fd, contents, length);
++ if (wrote != length) {
++ g_set_error(error,
++ G_IO_ERROR,
++ G_IO_ERROR_FAILED,
++ "did not write %s file",
++ filename);
++ g_close(fd, NULL);
++ return FALSE;
++ }
++ return g_close(fd, error);
++}
++#endif
++
+ /**
+ * fu_plugin_set_secure_config_value:
+ * @self: a #FuPlugin
+@@ -2438,7 +2479,8 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
+ GError **error)
+ {
+ g_autofree gchar *conf_path = fu_plugin_get_config_filename(self);
+- gint ret;
++ g_autofree gchar *data = NULL;
++ g_autoptr(GKeyFile) keyfile = g_key_file_new();
+
+ g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE);
+ g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
+@@ -2447,17 +2489,18 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
+ g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path);
+ return FALSE;
+ }
+- ret = g_chmod(conf_path, 0660);
+- if (ret == -1) {
+- g_set_error(error,
+- FWUPD_ERROR,
+- FWUPD_ERROR_INTERNAL,
+- "failed to set permissions on %s",
+- conf_path);
++ if (!g_key_file_load_from_file(keyfile, conf_path, G_KEY_FILE_KEEP_COMMENTS, error))
+ return FALSE;
+- }
+-
+- return fu_plugin_set_config_value(self, key, value, error);
++ g_key_file_set_string(keyfile, fu_plugin_get_name(self), key, value);
++ data = g_key_file_to_data(keyfile, NULL, error);
++ if (data == NULL)
++ return FALSE;
++ return g_file_set_contents_full(conf_path,
++ data,
++ -1,
++ G_FILE_SET_CONTENTS_CONSISTENT,
++ 0660,
++ error);
+ }
+
+ /**
+diff --git a/libfwupdplugin/fu-self-test.c b/libfwupdplugin/fu-self-test.c
+index 2dbc9c94ff..aaf49c172b 100644
+--- a/libfwupdplugin/fu-self-test.c
++++ b/libfwupdplugin/fu-self-test.c
+@@ -674,6 +674,62 @@ _plugin_device_added_cb(FuPlugin *plugin, FuDevice *device, gpointer user_data)
+ fu_test_loop_quit();
+ }
+
++static void
++fu_plugin_config_func(void)
++{
++ GStatBuf statbuf = {0};
++ gboolean ret;
++ gint rc;
++ g_autofree gchar *conf_dir = NULL;
++ g_autofree gchar *conf_file = NULL;
++ g_autofree gchar *fn = NULL;
++ g_autofree gchar *testdatadir = NULL;
++ g_autofree gchar *value = NULL;
++ g_autoptr(FuPlugin) plugin = fu_plugin_new(NULL);
++ g_autoptr(GError) error = NULL;
++
++ /* this is a build file */
++ testdatadir = g_test_build_filename(G_TEST_BUILT, "tests", NULL);
++ (void)g_setenv("FWUPD_SYSCONFDIR", testdatadir, TRUE);
++ conf_dir = fu_path_from_kind(FU_PATH_KIND_SYSCONFDIR_PKG);
++
++ /* remove existing file */
++ fu_plugin_set_name(plugin, "test");
++ conf_file = g_strdup_printf("%s.conf", fu_plugin_get_name(plugin));
++ fn = g_build_filename(conf_dir, conf_file, NULL);
++ ret = fu_path_mkdir_parent(fn, &error);
++ g_assert_no_error(error);
++ g_assert_true(ret);
++ g_remove(fn);
++ ret = g_file_set_contents(fn, "", -1, &error);
++ g_assert_no_error(error);
++ g_assert_true(ret);
++
++ /* set a value */
++ ret = fu_plugin_set_config_value(plugin, "Key", "True", &error);
++ g_assert_no_error(error);
++ g_assert_true(ret);
++ g_assert_true(g_file_test(fn, G_FILE_TEST_EXISTS));
++
++ /* check it is world readable */
++ rc = g_stat(fn, &statbuf);
++ g_assert_cmpint(rc, ==, 0);
++ g_assert_cmpint(statbuf.st_mode & 0777, ==, 0644);
++
++ /* read back the value */
++ value = fu_plugin_get_config_value(plugin, "Key");
++ g_assert_cmpstr(value, ==, "True");
++ g_assert_true(fu_plugin_get_config_value_boolean(plugin, "Key"));
++
++ /* check it is private, i.e. only readable by the user/group */
++ ret = fu_plugin_set_secure_config_value(plugin, "Key", "False", &error);
++ g_assert_no_error(error);
++ g_assert_true(ret);
++ rc = g_stat(fn, &statbuf);
++ g_assert_cmpint(rc, ==, 0);
++ g_assert_cmpint(statbuf.st_mode & 0777, ==, 0640);
++}
++
+ static void
+ fu_plugin_devices_func(void)
+ {
+@@ -3598,6 +3654,7 @@ main(int argc, char **argv)
+ g_test_add_func("/fwupd/progress{finish}", fu_progress_finish_func);
+ g_test_add_func("/fwupd/bios-attrs{load}", fu_bios_settings_load_func);
+ g_test_add_func("/fwupd/security-attrs{hsi}", fu_security_attrs_hsi_func);
++ g_test_add_func("/fwupd/plugin{config}", fu_plugin_config_func);
+ g_test_add_func("/fwupd/plugin{devices}", fu_plugin_devices_func);
+ g_test_add_func("/fwupd/plugin{device-inhibit-children}",
+ fu_plugin_device_inhibit_children_func);
diff --git a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb
index 72f37ae..794a678 100644
--- a/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb
+++ b/meta-openembedded/meta-oe/recipes-bsp/fwupd/fwupd_1.8.4.bb
@@ -6,7 +6,9 @@
SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
file://c54ae9c524998e449b822feb465a0c90317cd735.patch \
- file://run-ptest"
+ file://run-ptest \
+ file://CVE-2022-3287.patch \
+ "
SRC_URI[sha256sum] = "adfa07434cdc29ec41c40fef460e8d970963fe0c7e849dec7f3932adb161f886"
UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases"
@@ -83,7 +85,7 @@
PACKAGECONFIG[plugin_ep963x] = "-Dplugin_ep963x=true,-Dplugin_ep963x=false"
PACKAGECONFIG[plugin_fastboot] = "-Dplugin_fastboot=true,-Dplugin_fastboot=false"
PACKAGECONFIG[plugin_flashrom] = "-Dplugin_flashrom=true,-Dplugin_flashrom=false,flashrom"
-PACKAGECONFIG[plugin_gpio] = "-Dplugin_gpio=true,-Dplugin_gpio"
+PACKAGECONFIG[plugin_gpio] = "-Dplugin_gpio=true,-Dplugin_gpio=false"
PACKAGECONFIG[plugin_intel_spi] = "-Dplugin_intel_spi=true -Dlzma=true,-Dplugin_intel_spi=false -Dlzma=false,xz"
PACKAGECONFIG[plugin_logitech_bulkcontroller] = "-Dplugin_logitech_bulkcontroller=true,-Dplugin_logitech_bulkcontroller=false,protobuf-c-native protobuf-c"
PACKAGECONFIG[plugin_modem_manager] = "-Dplugin_modem_manager=true,-Dplugin_modem_manager=false,libqmi modemmanager"
diff --git a/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.2.bb b/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.3.bb
similarity index 93%
rename from meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.2.bb
rename to meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.3.bb
index 5261367..8d9d423 100644
--- a/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.2.bb
+++ b/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.19.3.bb
@@ -5,7 +5,7 @@
SECTION = "libs"
SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz"
-SRC_URI[sha256sum] = "3af5f17615c6b5cd8b832d269fb6cb4d54ec64f9eb09ddbf1add5093941b4d75"
+SRC_URI[sha256sum] = "dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55"
S = "${WORKDIR}/Botan-${PV}"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221023.0.bb
similarity index 95%
rename from meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb
rename to meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221023.0.bb
index 5564a9b..b7703ce 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221023.0.bb
@@ -14,7 +14,7 @@
inherit autotools-brokensep pkgconfig manpages
-SRCREV = "5d506a1a3b6850f05de5e785c5d14cfd6f9b1620"
+SRCREV = "d8f5c062ea6ff484f4f1f5095a7d3c364f3019ea"
SRC_URI = "git://github.com/universal-ctags/ctags;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb b/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb
index 37f7746..6f76013 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb
@@ -4,7 +4,7 @@
SUMMARY = "Gstreamer editing services"
HOMEPAGE = "http://cgit.freedesktop.org/gstreamer/gst-editing-services/"
-LICENSE = "GPL-2.0-on-later & LGPL-2.1-or-later"
+LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \
file://COPYING.LIB;md5=6762ed442b3822387a51c92d928ead0d"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb
index 5022628..6cf2775 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.11.2.bb
@@ -18,7 +18,7 @@
EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"
# nlohmann-json is a header only C++ library, so the main package will be empty.
-
+ALLOW_EMPTY:${PN} = "1"
RDEPENDS:${PN}-dev = ""
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache
similarity index 100%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.19/oe-npm-cache
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb
similarity index 100%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.19.bb
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch
similarity index 70%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch
index 8db1f1d..445aaf8 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch
@@ -3,14 +3,17 @@
Date: Fri, 3 Jan 2020 11:25:54 +0100
Subject: [PATCH] Using native binaries
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
- node.gyp | 4 ++--
- tools/v8_gypfiles/v8.gyp | 11 ++++-------
- 2 files changed, 6 insertions(+), 9 deletions(-)
+ node.gyp | 2 ++
+ tools/v8_gypfiles/v8.gyp | 5 +++++
+ 2 files changed, 7 insertions(+)
+diff --git a/node.gyp b/node.gyp
+index 24505da7ba..7d41bd52db 100644
--- a/node.gyp
+++ b/node.gyp
-@@ -294,6 +294,7 @@
+@@ -319,6 +319,7 @@
'action_name': 'run_mkcodecache',
'process_outputs_as_sources': 1,
'inputs': [
@@ -18,14 +21,16 @@
'<(mkcodecache_exec)',
],
'outputs': [
-@@ -319,6 +320,7 @@
- 'action_name': 'node_mksnapshot',
- 'process_outputs_as_sources': 1,
- 'inputs': [
-+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
- '<(node_mksnapshot_exec)',
- ],
- 'outputs': [
+@@ -366,6 +367,7 @@
+ 'action_name': 'node_mksnapshot',
+ 'process_outputs_as_sources': 1,
+ 'inputs': [
++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
+ '<(node_mksnapshot_exec)',
+ ],
+ 'outputs': [
+diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp
+index ed042f8829..371b8e02c2 100644
--- a/tools/v8_gypfiles/v8.gyp
+++ b/tools/v8_gypfiles/v8.gyp
@@ -68,6 +68,7 @@
@@ -40,11 +45,11 @@
'<@(torque_outputs_inc)',
],
'action': [
-+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh',
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)',
'-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated',
'-v8-root', '<(V8_ROOT)',
-@@ -225,6 +227,7 @@
+@@ -211,6 +213,7 @@
{
'action_name': 'generate_bytecode_builtins_list_action',
'inputs': [
@@ -52,7 +57,7 @@
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)',
],
'outputs': [
-@@ -415,6 +418,7 @@
+@@ -395,6 +398,7 @@
],
},
'inputs': [
@@ -60,7 +65,7 @@
'<(mksnapshot_exec)',
],
'outputs': [
-@@ -1548,6 +1552,7 @@
+@@ -1513,6 +1517,7 @@
{
'action_name': 'run_gen-regexp-special-case_action',
'inputs': [
@@ -68,3 +73,6 @@
'<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)',
],
'outputs': [
+--
+2.34.1
+
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
deleted file mode 100644
index 5cb2e97..0000000
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001
-From: Elliott Sales de Andrade <quantum.analyst@gmail.com>
-Date: Tue, 19 Mar 2019 23:22:40 -0400
-Subject: [PATCH 2/2] Install both binaries and use libdir.
-
-This allows us to build with a shared library for other users while
-still providing the normal executable.
-
-Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch
-
-Upstream-Status: Pending
-
-Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com>
-Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.py | 7 +++++++
- tools/install.py | 21 +++++++++------------
- 2 files changed, 16 insertions(+), 12 deletions(-)
-
-diff --git a/configure.py b/configure.py
-index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755
---- a/configure.py
-+++ b/configure.py
-@@ -721,10 +721,16 @@ parser.add_argument('--shared',
- dest='shared',
- default=None,
- help='compile shared library for embedding node in another project. ' +
- '(This mode is not officially supported for regular applications)')
-
-+parser.add_argument('--libdir',
-+ action='store',
-+ dest='libdir',
-+ default='lib',
-+ help='a directory to install the shared library into')
-+
- parser.add_argument('--without-v8-platform',
- action='store_true',
- dest='without_v8_platform',
- default=False,
- help='do not initialize v8 platform during node.js startup. ' +
-@@ -1305,10 +1311,11 @@ def configure_node(o):
- o['variables']['debug_nghttp2'] = 'false'
-
- o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
-
- o['variables']['node_shared'] = b(options.shared)
-+ o['variables']['libdir'] = options.libdir
- node_module_version = getmoduleversion.get_version()
-
- if options.dest_os == 'android':
- shlib_suffix = 'so'
- elif sys.platform == 'darwin':
-diff --git a/tools/install.py b/tools/install.py
-index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755
---- a/tools/install.py
-+++ b/tools/install.py
-@@ -128,26 +128,23 @@ def subdir_files(path, dest, action):
- for subdir, files_in_path in ret.items():
- action(files_in_path, subdir + '/')
-
- def files(action):
- is_windows = sys.platform == 'win32'
-- output_file = 'node'
- output_prefix = 'out/Release/'
-+ output_libprefix = output_prefix
-
-- if 'false' == variables.get('node_shared'):
-- if is_windows:
-- output_file += '.exe'
-+ if is_windows:
-+ output_bin = 'node.exe'
-+ output_lib = 'node.dll'
- else:
-- if is_windows:
-- output_file += '.dll'
-- else:
-- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
-+ output_bin = 'node'
-+ output_lib = 'libnode.' + variables.get('shlib_suffix')
-
-- if 'false' == variables.get('node_shared'):
-- action([output_prefix + output_file], 'bin/' + output_file)
-- else:
-- action([output_prefix + output_file], 'lib/' + output_file)
-+ action([output_prefix + output_bin], 'bin/' + output_bin)
-+ if 'true' == variables.get('node_shared'):
-+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
-
- if 'true' == variables.get('node_use_dtrace'):
- action(['out/Release/node.d'], 'lib/dtrace/node.d')
-
- # behave similarly for systemtap
---
-2.33.0
-
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
deleted file mode 100644
index 4d238c0..0000000
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001
-From: Daniel Bevenius <daniel.bevenius@gmail.com>
-Date: Sat, 16 Oct 2021 08:50:16 +0200
-Subject: [PATCH] src: add --openssl-legacy-provider option
-
-This commit adds an option to Node.js named --openssl-legacy-provider
-and if specified will load OpenSSL 3.0 Legacy provider.
-
-$ ./node --help
-...
---openssl-legacy-provider enable OpenSSL 3.0 legacy provider
-
-Example usage:
-
-$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")'
-Hash {
- _options: undefined,
- [Symbol(kHandle)]: Hash {},
- [Symbol(kState)]: { [Symbol(kFinalized)]: false }
-}
-
-Co-authored-by: Richard Lau <rlau@redhat.com>
-Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455]
----
- doc/api/cli.md | 10 ++++++++++
- src/crypto/crypto_util.cc | 10 ++++++++++
- src/node_options.cc | 10 ++++++++++
- src/node_options.h | 7 +++++++
- .../test-process-env-allowed-flags-are-documented.js | 5 +++++
- 5 files changed, 42 insertions(+)
-
-diff --git a/doc/api/cli.md b/doc/api/cli.md
-index 74057706bf8d..608b9cdeddf1 100644
---- a/doc/api/cli.md
-+++ b/doc/api/cli.md
-@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
- used to enable FIPS-compliant crypto if Node.js is built
- against FIPS-enabled OpenSSL.
-
-+### `--openssl-legacy-provider`
-+<!-- YAML
-+added: REPLACEME
-+-->
-+
-+Enable OpenSSL 3.0 legacy provider. For more information please see
-+[providers readme][].
-+
- ### `--pending-deprecation`
-
- <!-- YAML
-@@ -1544,6 +1552,7 @@ Node.js options that are allowed are:
- * `--no-warnings`
- * `--node-memory-debug`
- * `--openssl-config`
-+* `--openssl-legacy-provider`
- * `--pending-deprecation`
- * `--policy-integrity`
- * `--preserve-symlinks-main`
-@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js
- [emit_warning]: process.md#processemitwarningwarning-options
- [jitless]: https://v8.dev/blog/jitless
- [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
-+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
- [remote code execution]: https://www.owasp.org/index.php/Code_Injection
- [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
- [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
-diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 7e0c8ba3eb60..796ea3025e41 100644
---- a/src/crypto/crypto_util.cc
-+++ b/src/crypto/crypto_util.cc
-@@ -148,6 +148,16 @@ void InitCryptoOnce() {
- }
- #endif
-
-+#if OPENSSL_VERSION_MAJOR >= 3
-+ // --openssl-legacy-provider
-+ if (per_process::cli_options->openssl_legacy_provider) {
-+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
-+ if (legacy_provider == nullptr) {
-+ fprintf(stderr, "Unable to load legacy provider.\n");
-+ }
-+ }
-+#endif
-+
- OPENSSL_init_ssl(0, settings);
- OPENSSL_INIT_free(settings);
- settings = nullptr;
-diff --git a/src/node_options.cc b/src/node_options.cc
-index 00bdc6688a4c..3363860919a9 100644
---- a/src/node_options.cc
-+++ b/src/node_options.cc
-@@ -4,6 +4,9 @@
- #include "env-inl.h"
- #include "node_binding.h"
- #include "node_internals.h"
-+#if HAVE_OPENSSL
-+#include "openssl/opensslv.h"
-+#endif
-
- #include <errno.h>
- #include <sstream>
-diff --git a/src/node_options.h b/src/node_options.h
-index fd772478d04d..1c0e018ab16f 100644
---- a/src/node_options.h
-+++ b/src/node_options.h
-@@ -11,6 +11,10 @@
- #include "node_mutex.h"
- #include "util.h"
-
-+#if HAVE_OPENSSL
-+#include "openssl/opensslv.h"
-+#endif
-+
- namespace node {
-
- class HostPort {
-@@ -251,6 +255,9 @@ class PerProcessOptions : public Options {
- bool enable_fips_crypto = false;
- bool force_fips_crypto = false;
- #endif
-+#if OPENSSL_VERSION_MAJOR >= 3
-+ bool openssl_legacy_provider = false;
-+#endif
-
- // Per-process because reports can be triggered outside a known V8 context.
- bool report_on_fatalerror = false;
-diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
-index 64626b71f019..8a4e35997907 100644
---- a/test/parallel/test-process-env-allowed-flags-are-documented.js
-+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
-@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
- }
- }
-
-+if (!common.hasOpenSSL3) {
-+ documented.delete('--openssl-legacy-provider');
-+}
-+
- // Filter out options that are conditionally present.
- const conditionalOpts = [
- {
-@@ -50,6 +54,7 @@ const conditionalOpts = [
- filter: (opt) => {
- return [
- '--openssl-config',
-+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
- '--tls-cipher-list',
- '--use-bundled-ca',
- '--use-openssl-ca',
-
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb
similarity index 94%
rename from meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
rename to meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb
index 62188f9..e4ed2f2 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb
@@ -1,7 +1,7 @@
DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript"
HOMEPAGE = "http://nodejs.org"
-LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a"
+LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & OpenSSL"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ab4d0d45e717c9978737499a3489e515"
DEPENDS = "openssl"
DEPENDS:append:class-target = " qemu-native"
@@ -19,9 +19,7 @@
SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
file://0001-Disable-running-gyp-files-for-bundled-deps.patch \
- file://0002-Install-both-binaries-and-use-libdir.patch \
file://0004-v8-don-t-override-ARM-CFLAGS.patch \
- file://0005-add-openssl-legacy-provider-option.patch \
file://big-endian.patch \
file://mips-less-memory.patch \
file://system-c-ares.patch \
@@ -29,7 +27,7 @@
file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \
"
SRC_URI:append:class-target = " \
- file://0002-Using-native-binaries.patch \
+ file://0001-Using-native-binaries.patch \
"
SRC_URI:append:toolchain-clang:x86 = " \
file://libatomic.patch \
@@ -37,7 +35,7 @@
SRC_URI:append:toolchain-clang:powerpc64le = " \
file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \
"
-SRC_URI[sha256sum] = "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1"
+SRC_URI[sha256sum] = "17fb716406198125b30c94dd3d1756207b297705626afe16d8dc479a65a1d8b5"
S = "${WORKDIR}/node-v${PV}"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb b/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
index 449508a..ec642ec 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.22.bb
@@ -21,7 +21,7 @@
PACKAGECONFIG[python3] = ",,python3-core,python3-core"
-EXTRA_OECMAKE = "-D__LIB=lib -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF"
+EXTRA_OECMAKE = "-D__LIB=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF"
FILES:${PN} = "${bindir}/pahole \
${libdir}/libdwarves.so* \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb
index 98e39f0..d1980a0 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb
@@ -70,24 +70,14 @@
elif [ $arch = "aarch64" ]; then
arch="arm64"
fi
-
- # For ARM32 with hardware floating point using clang and musl, we need to
- # specify -mfloat-abi=hard to make the ABI settings of the linker and the
- # compiler match. The linker would use hardware float ABI. The compiler does
- # not. As a result we need to force the compiler to do so by adding
- # -mfloat-abi=hard to compilation flags.
- FLOAT_ABI=""
- if [[ "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'true', 'false', d)}" == "true" ]]; then
- FLOAT_ABI="-mfloat-abi=hard"
- fi
ARGS=$ARGS" target_os=\"linux\""
ARGS=$ARGS" target_cpu=\"$arch\""
- ARGS=$ARGS" target_cc=\"$CC_BIN ${FLOAT_ABI}\""
- ARGS=$ARGS" target_cxx=\"$CXX_BIN -std=c++11 ${FLOAT_ABI}\""
+ ARGS=$ARGS" target_cc=\"$CC_BIN ${TUNE_CCARGS}\""
+ ARGS=$ARGS" target_cxx=\"$CXX_BIN -std=c++11 ${TUNE_CCARGS}\""
ARGS=$ARGS" target_strip=\"$STRIP_BIN\"" #
ARGS=$ARGS" target_sysroot=\"${RECIPE_SYSROOT}\""
- ARGS=$ARGS" target_linker=\"$CC_BIN ${FLOAT_ABI} ${LDFLAGS}\""
+ ARGS=$ARGS" target_linker=\"$CC_BIN ${TUNE_CCARGS} ${LDFLAGS}\""
ARGS=$ARGS" target_ar=\"$AR\""
ARGS="'$ARGS'"
cmd="tools/gn gen --args=$ARGS ${B}"
@@ -100,7 +90,6 @@
# Eliminate a few incompatible build flags
REPLACES="s/-Wl,--icf=all//g"
REPLACES=$REPLACES";s/-Werror//g"
- REPLACES=$REPLACES";s/-mfpu=neon//g"
REPLACES=$REPLACES";s/-fcolor-diagnostics//g"
REPLACES=$REPLACES";s/=format-security//g"
REPLACES=$REPLACES";s/-fdiagnostics-show-template-tree//g"
@@ -111,12 +100,12 @@
# If using the clang toolchain: use the clang host-side binaries built by Bitbake
if [ "${TOOLCHAIN}" = "clang" ]; then
- BB_CLANGXX="${BUILD_CXX} ${BUILD_LDFLAGS} ${FLOAT_ABI}"
- BB_CLANG="${BUILD_CC} ${FLOAT_ABI}"
+ BB_CLANGXX="${BUILD_CXX} ${BUILD_LDFLAGS}"
+ BB_CLANG="${BUILD_CC}"
BB_LLVM_OBJCOPY="${RECIPE_SYSROOT_NATIVE}/usr/bin/llvm-objcopy"
- HOST_CLANGXX="${STAGING_DIR_NATIVE}/usr/bin/clang++ -stdlib=libc++ -rtlib=libgcc -unwindlib=libgcc ${FLOAT_ABI}"
- HOST_CLANG="${STAGING_DIR_NATIVE}/usr/bin/clang ${FLOAT_ABI}"
+ HOST_CLANGXX="${STAGING_DIR_NATIVE}/usr/bin/clang++ -stdlib=libc++ -rtlib=libgcc -unwindlib=libgcc"
+ HOST_CLANG="${STAGING_DIR_NATIVE}/usr/bin/clang"
HOST_LLVM_OBJCOPY="${STAGING_DIR_NATIVE}/usr/bin/llvm-objcopy"
cd gcc_like_host
diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.11.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb
similarity index 98%
rename from meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.11.bb
rename to meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb
index fefabf7..8a898cb 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.11.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_8.1.16.bb
@@ -33,7 +33,7 @@
"
S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = "af6250b18b4403b6eeff9b4a02786ac86a12a208141f6f65478f79256f47f246"
+SRC_URI[sha256sum] = "cd9f0ea14d82d9455587a49a0b6c802a7b8d8ff79703f9f48b17db010fb633ce"
CVE_CHECK_IGNORE += "\
CVE-2007-2728 \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb
index c8b9158..201908f 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/protobuf/protobuf_3.21.5.bb
@@ -92,6 +92,8 @@
FILES:${PN}-compiler = "${bindir} ${libdir}/libprotoc${SOLIBS}"
FILES:${PN}-lite = "${libdir}/libprotobuf-lite${SOLIBS}"
+SYSROOT_DIRS += "${bindir}"
+
RDEPENDS:${PN}-compiler = "${PN}"
RDEPENDS:${PN}-dev += "${PN}-compiler"
RDEPENDS:${PN}-ptest = "bash ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-protobuf', '', d)}"
diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.1.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.2.bb
similarity index 94%
rename from meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.1.bb
rename to meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.2.bb
index 7fc5d42..39a9c52 100644
--- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.1.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.7.2.bb
@@ -15,9 +15,9 @@
inherit features_check
REQUIRED_DISTRO_FEATURES = "pam"
-SRCREV = "6cdf3bee50388d8e5f70850322a4df57fd685a5e"
+SRCREV = "0120e256faa255d997d9a49d5207662c0b73d430"
-SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \
file://libssl-is-required-if-eventint-supported.patch \
file://openwsmand.service \
file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree/0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree/0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch
new file mode 100644
index 0000000..248dcf4
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree/0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch
@@ -0,0 +1,44 @@
+From bd325061dc9585886f7e60e58d9fc0c8b37e71db Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Wed, 9 Nov 2022 11:18:36 -0500
+Subject: [PATCH] deploy: Don't rebuild selinux policy on first deployment
+
+Basically, it should not be necessary - the policy should be
+up-to-date. We don't want to force on continual policy rebuilds.
+
+Even trying to run bwrap when we're *not* in a booted
+root can cause failures in nested containerization scenarios.
+
+Closes: https://github.com/ostreedev/ostree/issues/2758
+
+Upstream-Status: Backport
+[https://github.com/ostreedev/ostree/commit/bd325061dc9585886f7e60e58d9fc0c8b37e71db]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/libostree/ostree-sysroot-deploy.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c
+index f27ae0e1..26b07080 100644
+--- a/src/libostree/ostree-sysroot-deploy.c
++++ b/src/libostree/ostree-sysroot-deploy.c
+@@ -2987,12 +2987,12 @@ sysroot_finalize_deployment (OstreeSysroot *self,
+ if (!merge_configuration_from (self, merge_deployment, deployment, deployment_dfd,
+ cancellable, error))
+ return FALSE;
+- }
+
+ #ifdef HAVE_SELINUX
+- if (!sysroot_finalize_selinux_policy(deployment_dfd, error))
+- return FALSE;
++ if (!sysroot_finalize_selinux_policy (deployment_dfd, error))
++ return FALSE;
+ #endif /* HAVE_SELINUX */
++ }
+
+ const char *osdeploypath = glnx_strjoina ("ostree/deploy/", ostree_deployment_get_osname (deployment));
+ glnx_autofd int os_deploy_dfd = -1;
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb
index a21c473..7838537 100644
--- a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2022.5.bb
@@ -22,6 +22,7 @@
file://0001-Remove-unused-linux-fs.h-includes.patch \
file://0001-libostree-Remove-including-sys-mount.h.patch \
file://0001-s390x-se-luks-gencpio-There-is-no-bashism.patch \
+ file://0001-deploy-Don-t-rebuild-selinux-policy-on-first-deploym.patch \
file://run-ptest \
"
SRCREV = "15740d042c9c5258a1c082b5e228cf6f115edbb0"
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
index 01f8421..385b0ae 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
@@ -1,4 +1,4 @@
-From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001
+From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 26 Oct 2020 21:32:22 -0700
Subject: [PATCH] Define correct gregs for RISCV32
@@ -6,18 +6,17 @@
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Updated patch for 6.2.1
-Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
-
+Updated patch for 6.2.8
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
src/debug.c | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/src/debug.c b/src/debug.c
-index 2da2c5d..1d778fa 100644
+index ebda858..90bc450 100644
--- a/src/debug.c
+++ b/src/debug.c
-@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) {
+@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
#endif
#elif defined(__linux__)
/* Linux */
@@ -25,10 +24,10 @@
+ #if defined(__riscv) && __riscv_xlen == 32
+ return (void*) uc->uc_mcontext.__gregs[REG_PC];
+ #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
- return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+ GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
#elif defined(__X86_64__) || defined(__x86_64__)
- return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
-@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) {
+ GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) {
#endif
/* Linux */
#elif defined(__linux__)
@@ -58,3 +57,6 @@
serverLog(LL_WARNING,
"\n"
"EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n"
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
index b2d1a32..9d7e502 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch
@@ -1,4 +1,4 @@
-From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001
+From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 26 Oct 2020 21:32:22 -0700
Subject: [PATCH] Define correct gregs for RISCV32
@@ -13,10 +13,10 @@
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/src/debug.c b/src/debug.c
-index e7fec29..5abb404 100644
+index 5318c14..8c21b47 100644
--- a/src/debug.c
+++ b/src/debug.c
-@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) {
+@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
#endif
#elif defined(__linux__)
/* Linux */
@@ -24,10 +24,10 @@
+ #if defined(__riscv) && __riscv_xlen == 32
+ return (void*) uc->uc_mcontext.__gregs[REG_PC];
+ #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
- return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
+ GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
#elif defined(__X86_64__) || defined(__x86_64__)
- return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
-@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) {
+ GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
+@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) {
#endif
/* Linux */
#elif defined(__linux__)
@@ -57,3 +57,6 @@
serverLog(LL_WARNING,
"\n"
"EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n"
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.11.bb
similarity index 95%
rename from meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb
rename to meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.11.bb
index 7f922a4..5a410bf 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.7.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_6.2.11.bb
@@ -17,7 +17,7 @@
file://GNU_SOURCE.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
"
-SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319"
+SRC_URI[sha256sum] = "8c75fb9cdd01849e92c23f30cb7fe205ea0032a38d11d46af191014e9acc3098"
inherit autotools-brokensep update-rc.d systemd useradd
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.10.bb
similarity index 96%
rename from meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb
rename to meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.10.bb
index 7ed1519..5d21f7e 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.10.bb
@@ -19,7 +19,7 @@
file://GNU_SOURCE-7.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
"
-SRC_URI[sha256sum] = "67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3"
+SRC_URI[sha256sum] = "1dee4c6487341cae7bd6432ff7590906522215a061fdef87c7d040a0cb600131"
inherit autotools-brokensep update-rc.d systemd useradd
diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/setuptools.patch b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/setuptools.patch
deleted file mode 100644
index c375e10..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock/setuptools.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Switch to setuptools as distutils is deprecated.
-
-Upstream-Status: Backport [https://pagure.io/sanlock/c/75758fc10db2354dda397d3aba63c7b72a420982]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-diff --git a/python/setup.py b/python/setup.py
-index b3bfaf1..dfbaf21 100644
---- a/python/setup.py
-+++ b/python/setup.py
-@@ -4,7 +4,7 @@
- # modify, copy, or redistribute it subject to the terms and conditions
- # of the GNU General Public License v.2.
-
--from distutils.core import setup, Extension
-+from setuptools import setup, Extension
-
- sanlocklib = ['sanlock']
- sanlock = Extension(name='sanlock',
diff --git a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.5.bb
similarity index 94%
rename from meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
rename to meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.5.bb
index 3b4ae31..c2a17d0 100644
--- a/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.4.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/sanlock/sanlock_3.8.5.bb
@@ -15,10 +15,9 @@
SRC_URI = "git://pagure.io/sanlock.git;protocol=http;branch=master \
file://0001-sanlock-Replace-cp-a-with-cp-R-no-dereference-preser.patch \
- file://setuptools.patch \
file://0001-add-missing-system-header-string.h.patch \
"
-SRCREV = "a181e951376d49a82eef17920c8ebedec80b4823"
+SRCREV = "b820c63093c4ae85d7da4f719cf3026d7fca5d09"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb
index faf8dd3..aff555a 100644
--- a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb
@@ -16,7 +16,7 @@
SRCNAME = "volume_key"
S = "${WORKDIR}/${SRCNAME}-${PV}"
-inherit autotools python3native gettext pkgconfig
+inherit autotools python3native python3targetconfig gettext pkgconfig
DEPENDS += " \
util-linux \
diff --git a/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.5.bb b/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.7.bb
similarity index 93%
rename from meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.5.bb
rename to meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.7.bb
index 5a437c1..95a651d 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.5.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/cglm/cglm_0.8.7.bb
@@ -10,7 +10,7 @@
SRC_URI = "git://github.com/recp/cglm;branch=master;protocol=https"
# Tag v0.8.5
-SRCREV = "7e5d1f435f628b873347eb052b7d6605b0b997f2"
+SRCREV = "8cfc98d2835a8cd1a9041f257c7ba0bfe4fbc1f3"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb b/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb
index c53f2db..ddb4443 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/fontforge/fontforge_20220308.bb
@@ -9,7 +9,7 @@
DEPENDS = "python3 glib-2.0 pango giflib tiff libxml2 jpeg libtool uthash gettext-native libspiro"
DEPENDS:append:class-target = " libxi"
-inherit cmake pkgconfig python3native features_check gettext gtk-icon-cache mime mime-xdg
+inherit cmake pkgconfig python3native python3targetconfig features_check gettext gtk-icon-cache mime mime-xdg
REQUIRED_DISTRO_FEATURES:append:class-target = " x11"
diff --git a/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb b/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.7.0.bb
similarity index 97%
rename from meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb
rename to meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.7.0.bb
index 123af4d..8daf38a 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.6.9.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/fvwm/fvwm_2.7.0.bb
@@ -36,7 +36,7 @@
file://0001-Fix-compilation-for-disabled-gnome.patch \
"
-SRCREV = "88eab6dc16da6e5dd25fe97fbb56b96ef0d58657"
+SRCREV = "7baf540e56fb1a3e91752acba872a88543529d46"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
index 1a94215..cf33c69 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb
@@ -9,7 +9,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2"
# TODO: Pin upstream release (current v7.11.0-80-g419a757)
-SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;nobranch=1"
SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254"
DEPENDS = "libxkbcommon lvgl wayland"
@@ -19,15 +19,15 @@
inherit cmake
inherit features_check
-S = "${WORKDIR}/${PN}-${PV}"
+S = "${WORKDIR}/git"
LVGL_CONFIG_WAYLAND_HOR_RES ?= "480"
LVGL_CONFIG_WAYLAND_VER_RES ?= "320"
-EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}"
+EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}"
TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1"
-TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl"
+TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl"
# Upstream does not support a default configuration
# but propose a default "disabled" template, which is used as reference
diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
index 032e85f..22b4826 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb
@@ -8,21 +8,23 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2"
-SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;nobranch=1"
SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a"
+S = "${WORKDIR}/git"
+
# because of lvgl dependency
REQUIRED_DISTRO_FEATURES = "wayland"
DEPENDS += "lvgl"
-EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}"
+EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}"
inherit cmake
inherit features_check
TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1"
-TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl"
+TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl"
FILES:${PN}-dev = "\
${includedir}/lvgl/lv_lib_png/ \
diff --git a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
index 2005afa..ea74c59 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb
@@ -8,7 +8,7 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a"
-SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1"
+SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;nobranch=1"
SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0"
REQUIRED_DISTRO_FEATURES = "wayland"
@@ -16,8 +16,8 @@
inherit cmake
inherit features_check
-EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}"
-S = "${WORKDIR}/${PN}-${PV}"
+EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}"
+S = "${WORKDIR}/git"
LVGL_CONFIG_LV_MEM_CUSTOM ?= "0"
diff --git a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb
index 0a600e2..a8d203e 100644
--- a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb
+++ b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.19.bb
@@ -30,7 +30,7 @@
IANA_ENTERPRISE_NUMBERS ?= ""
# Add these via bbappend if this database is needed by the system
-#IANA_ENTERPRISE_NUMBERS ?= "http://www.iana.org/assignments/enterprise-numbers;name=iana-enterprise-numbers;downloadfilename=iana-enterprise-numbers"
+#IANA_ENTERPRISE_NUMBERS = "http://www.iana.org/assignments/enterprise-numbers;name=iana-enterprise-numbers;downloadfilename=iana-enterprise-numbers"
#SRC_URI[iana-enterprise-numbers.sha256sum] = "cdd97fc08325667434b805eb589104ae63f7a9eb720ecea73cb55110b383934c"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.1.bb b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.2.bb
similarity index 96%
rename from meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.1.bb
rename to meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.2.bb
index eb004c2..1c3538a 100644
--- a/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.1.bb
+++ b/meta-openembedded/meta-oe/recipes-kernel/makedumpfile/makedumpfile_1.7.2.bb
@@ -11,7 +11,7 @@
LICENSE = "GPL-2.0-only"
SRCBRANCH ?= "master"
-SRCREV = "74bbdd14ec861552ace1ca63953eb2ef73e1f965"
+SRCREV = "9fefc6848d0b3765760e709cfe92fb9d76d5d452"
DEPENDS = "bzip2 zlib elfutils xz"
RDEPENDS:${PN}-tools = "perl ${PN}"
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb
similarity index 96%
rename from meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb
rename to meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb
index 78439f6..9621d9e 100644
--- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.8.bb
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.9.bb
@@ -16,9 +16,9 @@
"
S = "${WORKDIR}/git"
-SRCREV = "54a62e78792fe583267cf80da717ee480b8f42bc"
+SRCREV = "81fa28e0e8b4be83ddba03de8b816a3df510c17e"
-inherit autotools python3native update-rc.d systemd
+inherit autotools python3native python3targetconfig update-rc.d systemd
UPDATERCPN = "auditd"
INITSCRIPT_NAME = "auditd"
diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch
new file mode 100644
index 0000000..fb8fa34
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch
@@ -0,0 +1,60 @@
+Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1
+From: Oliver Kiddle <opk@zsh.org>
+Date: Wed, 15 Dec 2021 01:56:40 +0100
+Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on
+ %F/%K arguments
+
+Mitigates CVE-2021-45444
+
+https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog | 5 +++++
+ Src/prompt.c | 10 ++++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 8d7dfc169..eb248ec06 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2022-01-27 dana <dana@dana.is>
++
++ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
++ PROMPT_SUBST
++
+ 2020-02-14 dana <dana@dana.is>
+
+ * unposted: Config/version.mk: Update for 5.8
+diff --git a/Src/prompt.c b/Src/prompt.c
+index b65bfb86b..91e21c8e9 100644
+--- a/Src/prompt.c
++++ b/Src/prompt.c
+@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
+ bv->fm += 2; /* skip over F{ */
+ if ((ep = strchr(bv->fm, '}'))) {
+ char oc = *ep, *col, *coll;
++ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
++ int opp = opts[PROMPTPERCENT];
++
++ opts[PROMPTPERCENT] = 1;
++ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
++
+ *ep = '\0';
+ /* expand the contents of the argument so you can use
+ * %v for example */
+@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
+ arg = match_colour((const char **)&coll, is_fg, 0);
+ free(col);
+ bv->fm = ep;
++
++ opts[PROMPTSUBST] = ops;
++ opts[PROMPTBANG] = opb;
++ opts[PROMPTPERCENT] = opp;
+ } else {
+ arg = match_colour((const char **)&bv->fm, is_fg, 0);
+ if (*bv->fm != '}')
+--
+2.34.1
diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch
new file mode 100644
index 0000000..e5b6d7c
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch
@@ -0,0 +1,140 @@
+From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001
+From: Marc Cornellà <hello@mcornella.com>
+Date: Mon, 24 Jan 2022 09:43:28 +0100
+Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to
+ work around CVE-2021-45444 in VCS_Info
+Comment: Updated to use the same file name without blanks as actually
+ used in the final 5.8.1 release.
+
+
+https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog | 5 +
+ Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++
+ 2 files changed, 103 insertions(+)
+ create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch
+
+diff --git a/ChangeLog b/ChangeLog
+index eb248ec06..9a05a09e1 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,10 @@
+ 2022-01-27 dana <dana@dana.is>
+
++ * Marc Cornellà: security/89:
++ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
++ can optionally be used to work around recursive PROMPT_SUBST
++ issue in VCS_Info
++
+ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
+ PROMPT_SUBST
+
+diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch
+new file mode 100644
+index 000000000..13e54be77
+--- /dev/null
++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch
+@@ -0,0 +1,98 @@
++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001
++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com>
++Date: Mon, 24 Jan 2022 09:43:28 +0100
++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444,
++which is mitigated in the shell itself in 5.8.1 and later versions. It is
++offered for users who are concerned about an exploit but are unable to update
++their binaries to receive the complete fix.
++
++The patch works around the vulnerability by pre-escaping values substituted
++into format strings in VCS_Info. Please note that this may break some user
++configurations that rely on those values being un-escaped (which is why it was
++not included directly in 5.8.1). It may be possible to limit this breakage by
++adjusting exactly which ones are pre-escaped, but of course this may leave
++them vulnerable again.
++
++If applying the patch to the file system is inconvenient or not possible, the
++following script can be used to idempotently patch the relevant function
++running in memory (and thus must be re-run when the shell is restarted):
++
++
++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version)
++autoload -Uz is-at-least
++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then
++ return
++fi
++
++# Quote necessary $hook_com[<field>] items just before they are used
++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats
++# function, where <field> is:
++#
++# base: the full path of the repository's root directory.
++# base-name: the name of the repository's root directory.
++# branch: the name of the currently checked out branch.
++# revision: an identifier of the currently checked out revision.
++# subdir: the path of the current directory relative to the
++# repository's root directory.
++# misc: a string that may contain anything the vcs_info backend wants.
++#
++# This patch %-quotes these fields previous to their use in vcs_info hooks and
++# the zformat call and, eventually, when they get expanded in the prompt.
++# It's important to quote these here, and not later after hooks have modified the
++# fields, because then we could be quoting % characters from valid prompt sequences,
++# like %F{color}, %B, etc.
++#
++# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
++# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}"
++# 34 │
++# 35 + │ for tmp in base base-name branch misc revision subdir; do
++# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
++# 37 + │ done
++# 38 + │
++# 39 │ VCS_INFO_hook 'post-backend'
++#
++# This is especially important so that no command substitution is performed
++# due to malicious input as a consequence of CVE-2021-45444, which affects
++# zsh versions from 5.0.3 to 5.8.
++#
++autoload -Uz +X regexp-replace VCS_INFO_formats
++
++# We use $tmp here because it's already a local variable in VCS_INFO_formats
++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"'
++# Unique string to avoid reapplying the patch if this code gets called twice
++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b
++# Only patch the VCS_INFO_formats function if not already patched
++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then
++ regexp-replace 'functions[VCS_INFO_formats]' \
++ "VCS_INFO_hook 'post-backend'" \
++ ': ${PATCH_ID}; ${PATCH}; ${MATCH}'
++fi
++unset PATCH PATCH_ID
++
++
++---
++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++
++ 1 file changed, 4 insertions(+)
++
++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats
++index e0e1dc738..4d88e28b6 100644
++--- a/Functions/VCS_Info/VCS_INFO_formats
+++++ b/Functions/VCS_Info/VCS_INFO_formats
++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}"
++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})"
++ hook_com[subdir_orig]="${hook_com[subdir]}"
++
+++for tmp in base base-name branch misc revision subdir; do
+++ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"
+++done
+++
++ VCS_INFO_hook 'post-backend'
++
++ ## description (for backend authors):
++--
++2.34.1
+--
+2.34.1
diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch
new file mode 100644
index 0000000..adfc00a
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch
@@ -0,0 +1,77 @@
+From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001
+From: dana <dana@dana.is>
+Date: Tue, 21 Dec 2021 13:13:33 -0600
+Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README
+
+https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch
+Upstream-Status: Backport
+CVE: CVE-2021-45444
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ ChangeLog | 2 ++
+ NEWS | 20 ++++++++++++++++++++
+ README | 6 ++++++
+ 3 files changed, 28 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 9a05a09e1..93b0bc337 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,7 @@
+ 2022-01-27 dana <dana@dana.is>
+
++ * CVE-2021-45444: NEWS, README: Document preceding two changes
++
+ * Marc Cornellà: security/89:
+ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which
+ can optionally be used to work around recursive PROMPT_SUBST
+diff --git a/NEWS b/NEWS
+index 964e1633f..d34b3f79e 100644
+--- a/NEWS
++++ b/NEWS
+@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
+
+ Note also the list of incompatibilities in the README file.
+
++Changes since 5.8
++-----------------
++
++CVE-2021-45444: Some prompt expansion sequences, such as %F, support
++'arguments' which are themselves expanded in case they contain colour
++values, etc. This additional expansion would trigger PROMPT_SUBST
++evaluation, if enabled. This could be abused to execute code the user
++didn't expect. e.g., given a certain prompt configuration, an attacker
++could trick a user into executing arbitrary code by having them check
++out a Git branch with a specially crafted name.
++
++This is fixed in the shell itself by no longer performing PROMPT_SUBST
++evaluation on these prompt-expansion arguments.
++
++Users who are concerned about an exploit but unable to update their
++binaries may apply the partial work-around described in the file
++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell
++source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to
++Marc Cornellà <hello@mcornella.com>. ]
++
+ Changes since 5.7.1-test-3
+ --------------------------
+
+diff --git a/README b/README
+index 7f1dd5f92..c9e994ab3 100644
+--- a/README
++++ b/README
+@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the
+ file FEATURES, and for the latest changes see NEWS. For more
+ details, see the documentation.
+
++Incompatibilities since 5.8
++---------------------------
++
++PROMPT_SUBST expansion is no longer performed on arguments to prompt-
++expansion sequences such as %F.
++
+ Incompatibilities since 5.7.1
+ -----------------------------
+
+--
+2.34.1
diff --git a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb
index 0429cb9..7602ff9 100644
--- a/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb
+++ b/meta-openembedded/meta-oe/recipes-shells/zsh/zsh_5.8.bb
@@ -10,7 +10,11 @@
DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \
+ file://CVE-2021-45444_1.patch \
+ file://CVE-2021-45444_2.patch \
+ file://CVE-2021-45444_3.patch \
+ "
SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27"
inherit autotools-brokensep gettext update-alternatives manpages
@@ -18,8 +22,8 @@
EXTRA_OECONF = " \
--bindir=${base_bindir} \
--enable-etcdir=${sysconfdir} \
- --enable-fndir=${datadir}/${PN}/${PV}/functions \
- --enable-site-fndir=${datadir}/${PN}/site-functions \
+ --enable-fndir=${datadir}/${BPN}/${PV}/functions \
+ --enable-site-fndir=${datadir}/${BPN}/site-functions \
--with-term-lib='ncursesw ncurses' \
--with-tcsetpgrp \
--enable-cap \
diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch
new file mode 100644
index 0000000..0a0e8f0
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch
@@ -0,0 +1,66 @@
+From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001
+From: hopper-vul <118949689+hopper-vul@users.noreply.github.com>
+Date: Wed, 18 Jan 2023 22:14:26 +0800
+Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow
+ (#497)
+
+In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse
+the input str and initialize a sortlist configuration.
+
+However, ares_set_sortlist has not any checks about the validity of the input str.
+It is very easy to create an arbitrary length stack overflow with the unchecked
+`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);`
+statements in the config_sortlist call, which could potentially cause severe
+security impact in practical programs.
+
+This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the
+potential stack overflows.
+
+fixes #496
+
+Fix By: @hopper-vul
+
+CVE: CVE-2022-4415
+Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/lib/ares_init.c | 4 ++++
+ test/ares-test-init.cc | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
+index 51668a5c..3f9cec65 100644
+--- a/src/lib/ares_init.c
++++ b/src/lib/ares_init.c
+@@ -1913,6 +1913,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
+ q = str;
+ while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
+ q++;
++ if (q-str >= 16)
++ return ARES_EBADSTR;
+ memcpy(ipbuf, str, q-str);
+ ipbuf[q-str] = '\0';
+ /* Find the prefix */
+@@ -1921,6 +1923,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
+ const char *str2 = q+1;
+ while (*q && *q != ';' && !ISSPACE(*q))
+ q++;
++ if (q-str >= 32)
++ return ARES_EBADSTR;
+ memcpy(ipbufpfx, str, q-str);
+ ipbufpfx[q-str] = '\0';
+ str = str2;
+diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc
+index 63c6a228..ee845181 100644
+--- a/test/ares-test-init.cc
++++ b/test/ares-test-init.cc
+@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) {
+
+ TEST_F(DefaultChannelTest, SetSortlistFailures) {
+ EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
+ EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
+ EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
+ }
diff --git a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
index 2cd00cb..5614d13 100644
--- a/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb
@@ -5,7 +5,9 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006"
-SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https"
+SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \
+ file://CVE-2022-4904.patch \
+ "
SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed"
UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)"
diff --git a/meta-openembedded/meta-oe/recipes-support/colord/colord.inc b/meta-openembedded/meta-oe/recipes-support/colord/colord.inc
index 41962cd..0ae1a30 100644
--- a/meta-openembedded/meta-oe/recipes-support/colord/colord.inc
+++ b/meta-openembedded/meta-oe/recipes-support/colord/colord.inc
@@ -6,7 +6,7 @@
file://meson.build;beginline=3;endline=3;md5=f42198707d793be58b274d34fd5238c3 \
"
-PV = "1.4.5"
+PV = "1.4.6"
SRC_URI = "https://www.freedesktop.org/software/colord/releases/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "b774ea443d239f4a2ee1853bd678426e669ddeda413dcb71cea1638c4d6c5e17"
+SRC_URI[sha256sum] = "7407631a27bfe5d1b672e7ae42777001c105d860b7b7392283c8c6300de88e6f"
diff --git a/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch b/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch
new file mode 100644
index 0000000..8d576f5
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch
@@ -0,0 +1,261 @@
+From 689c65fb050976d5a548a5b9a0f5d2c14eaa3301 Mon Sep 17 00:00:00 2001
+From: Alexander Stein <alexander.stein@tq-group.com>
+Date: Thu, 8 Dec 2022 14:11:46 +0100
+Subject: [PATCH 1/1] Fix rename in docs
+
+The content of dool.1.adoc is completly unchanged from dstat.1.adoc.
+Unfortunately the 'NAME' specifies the created file name. So
+building/cleaning docs is currently broken
+
+Upstream-Status: Pending
+https://github.com/scottchiefbaker/dool/pull/30
+
+Signed-off-by: Alexander Stein <alexander.stein@tq-group.com>
+---
+ docs/dool.1.adoc | 108 +++++++++++++++++++++++------------------------
+ 1 file changed, 54 insertions(+), 54 deletions(-)
+
+diff --git a/docs/dool.1.adoc b/docs/dool.1.adoc
+index 24c4a54..921df1f 100644
+--- a/docs/dool.1.adoc
++++ b/docs/dool.1.adoc
+@@ -1,35 +1,35 @@
+-= dstat(1)
++= dool(1)
+ Dag Wieers <dag@wieers.com>
+ v0.7.3, August 2014
+
+
+ == NAME
+-dstat - versatile tool for generating system resource statistics
++dool - versatile tool for generating system resource statistics
+
+
+ == SYNOPSIS
+-dstat [-afv] [options..] [delay [count]]
++dool [-afv] [options..] [delay [count]]
+
+
+ == DESCRIPTION
+-Dstat is a versatile replacement for vmstat, iostat and ifstat. Dstat
++Dool is a versatile replacement for vmstat, iostat and ifstat. Dool
+ overcomes some of the limitations and adds some extra features.
+
+-Dstat allows you to view all of your system resources instantly, you
++Dool allows you to view all of your system resources instantly, you
+ can eg. compare disk usage in combination with interrupts from your
+ IDE controller, or compare the network bandwidth numbers directly with
+ the disk throughput (in the same interval).
+
+-Dstat also cleverly gives you the most detailed information in columns
++Dool also cleverly gives you the most detailed information in columns
+ and clearly indicates in what magnitude and unit the output is displayed.
+ Less confusion, less mistakes, more efficient.
+
+-Dstat is unique in letting you aggregate block device throughput for a
++Dool is unique in letting you aggregate block device throughput for a
+ certain diskset or network bandwidth for a group of interfaces, ie.
+ you can see the throughput for all the block devices that make up a
+ single filesystem or storage system.
+
+-Dstat allows its data to be directly written to a CSV file to be
++Dool allows its data to be directly written to a CSV file to be
+ imported and used by OpenOffice, Gnumeric or Excel to create graphs.
+
+ [NOTE]
+@@ -187,13 +187,13 @@ Possible internal stats are::
+ write CSV output to file
+
+ --profile::
+- show profiling statistics when exiting dstat
++ show profiling statistics when exiting dool
+
+
+ == PLUGINS
+-While anyone can create their own dstat plugins (and contribute them) dstat
++While anyone can create their own dool plugins (and contribute them) dool
+ ships with a number of plugins already that extend its capabilities greatly.
+-Here is an overview of the plugins dstat ships with:
++Here is an overview of the plugins dool ships with:
+
+ --battery::
+ battery in percentage (needs ACPI)
+@@ -225,17 +225,17 @@ Here is an overview of the plugins dstat ships with:
+ --disk-wait::
+ average time (in milliseconds) for I/O requests issued to the device to be served
+
+---dstat::
+- show dstat cputime consumption and latency
++--dool::
++ show dool cputime consumption and latency
+
+---dstat-cpu::
+- show dstat advanced cpu usage
++--dool-cpu::
++ show dool advanced cpu usage
+
+---dstat-ctxt::
+- show dstat context switches
++--dool-ctxt::
++ show dool context switches
+
+---dstat-mem::
+- show dstat advanced memory usage
++--dool-mem::
++ show dool advanced memory usage
+
+ --fan::
+ fan speed (needs ACPI)
+@@ -250,7 +250,7 @@ Here is an overview of the plugins dstat ships with:
+ GPFS filesystem operations (needs mmpmon)
+
+ --helloworld::
+- Hello world example dstat plugin
++ Hello world example dool plugin
+
+ --innodb-buffer::
+ show innodb buffer stats
+@@ -340,22 +340,22 @@ Here is an overview of the plugins dstat ships with:
+ show sendmail queue size (needs sendmail)
+
+ --snmp-cpu::
+- show CPU stats using SNMP from DSTAT_SNMPSERVER
++ show CPU stats using SNMP from DOOL_SNMPSERVER
+
+ --snmp-load::
+- show load stats using SNMP from DSTAT_SNMPSERVER
++ show load stats using SNMP from DOOL_SNMPSERVER
+
+ --snmp-mem::
+- show memory stats using SNMP from DSTAT_SNMPSERVER
++ show memory stats using SNMP from DOOL_SNMPSERVER
+
+ --snmp-net::
+- show network stats using SNMP from DSTAT_SNMPSERVER
++ show network stats using SNMP from DOOL_SNMPSERVER
+
+ --snmp-net-err:
+- show network errors using SNMP from DSTAT_SNMPSERVER
++ show network errors using SNMP from DOOL_SNMPSERVER
+
+ --snmp-sys::
+- show system stats (interrupts and context switches) using SNMP from DSTAT_SNMPSERVER
++ show system stats (interrupts and context switches) using SNMP from DOOL_SNMPSERVER
+
+ --snooze::
+ show number of ticks per second
+@@ -463,7 +463,7 @@ The default delay is 1 and count is unspecified (unlimited)
+
+
+ == INTERMEDIATE UPDATES
+-When invoking dstat with a *delay* greater than 1 and without the
++When invoking dool with a *delay* greater than 1 and without the
+ *--noupdate* option, it will show intermediate updates, ie. the first
+ time a 1 sec average, the second update a 2 second average, etc. until
+ the delay has been reached.
+@@ -475,34 +475,34 @@ average on a new line, just like with vmstat.
+
+
+ == EXAMPLES
+-Using dstat to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters:
++Using dool to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters:
+ ----
+-dstat -dnyc -N eth0 -C total -f 5
++dool -dnyc -N eth0 -C total -f 5
+ ----
+
+-Checking dstat's behaviour and the system impact of dstat:
++Checking dool's behaviour and the system impact of dool:
+ ----
+-dstat -taf --debug
++dool -taf --debug
+ ----
+
+ Using the time plugin together with cpu, net, disk, system, load, proc and
+ top_cpu plugins:
+ ----
+-dstat -tcndylp --top-cpu
++dool -tcndylp --top-cpu
+ ----
+ this is identical to
+ ----
+-dstat --time --cpu --net --disk --sys --load --proc --top-cpu
++dool --time --cpu --net --disk --sys --load --proc --top-cpu
+ ----
+
+-Using dstat to relate advanced cpu stats with interrupts per device:
++Using dool to relate advanced cpu stats with interrupts per device:
+ ----
+-dstat -t --cpu-adv -yif
++dool -t --cpu-adv -yif
+ ----
+
+
+ == BUGS
+-Since it is practically impossible to test dstat on every possible
++Since it is practically impossible to test dool on every possible
+ permutation of kernel, python or distribution version, I need your
+ help and your feedback to fix the remaining problems. If you have
+ improvements or bugreports, please send them to:
+@@ -513,40 +513,40 @@ Please see the TODO file for known bugs and future plans.
+
+
+ == FILES
+-Paths that may contain external dstat_*.py plugins:
++Paths that may contain external dool_*.py plugins:
+
+- ~/.dstat/
++ ~/.dool/
+ (path of binary)/plugins/
+- /usr/share/dstat/
+- /usr/local/share/dstat/
++ /usr/share/dool/
++ /usr/local/share/dool/
+
+ == ENVIRONMENT VARIABLES
+
+-Dstat will read additional command line arguments from the environment
+-variable *DSTAT_OPTS*. You can use this to configure Dstat's default
++Dool will read additional command line arguments from the environment
++variable *DOOL_OPTS*. You can use this to configure Dool's default
+ behavior, e.g. if you have a black-on-white terminal:
+
+- export DSTAT_OPTS="--bw --noupdate"
++ export DOOL_OPTS="--bw --noupdate"
+
+ Other internal or external plugins have their own environment variables
+ to influence their behavior, e.g.
+
+
+- DSTAT_NTPSERVER
++ DOOL_NTPSERVER
+
+- DSTAT_MYSQL
+- DSTAT_MYSQL_HOST
+- DSTAT_MYSQL_PORT
+- DSTAT_MYSQL_SOCKET
+- DSTAT_MYSQL_USER
+- DSTAT_MYSQL_PWD
++ DOOL_MYSQL
++ DOOL_MYSQL_HOST
++ DOOL_MYSQL_PORT
++ DOOL_MYSQL_SOCKET
++ DOOL_MYSQL_USER
++ DOOL_MYSQL_PWD
+
+- DSTAT_SNMPSERVER
+- DSTAT_SNMPCOMMUNITY
++ DOOL_SNMPSERVER
++ DOOL_SNMPCOMMUNITY
+
+- DSTAT_SQUID_OPTS
++ DOOL_SQUID_OPTS
+
+- DSTAT_TIMEFMT
++ DOOL_TIMEFMT
+
+ == SEE ALSO
+
+--
+2.34.1
+
diff --git a/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb b/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb
index dcb66c7..211f3a2 100644
--- a/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb
+++ b/meta-openembedded/meta-oe/recipes-support/dool/dool_1.1.0.bb
@@ -11,6 +11,7 @@
SRC_URI = "git://github.com/scottchiefbaker/dool.git;branch=master;protocol=https \
file://0001-Fix-build-error-as-following.patch \
+ file://0001-Fix-rename-in-docs.patch \
"
SRCREV = "41ec7b392b358dae29f0b587711d5c8f7f462805"
diff --git a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 1380638..64b132e 100644
--- a/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-openembedded/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -4,7 +4,7 @@
DEPENDS = "zlib expat"
-SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz"
+SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz"
SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"
# Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either
diff --git a/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.1.bb b/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.2.bb
similarity index 92%
rename from meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.1.bb
rename to meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.2.bb
index 8e37181..31cd077 100644
--- a/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/function2/function2_4.2.2.bb
@@ -3,7 +3,7 @@
HOMEPAGE = "https://naios.github.io/function2"
LICENSE = "BSL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
-SRCREV = "f569a63cfe369df867a1a4d17aaa12269156536c"
+SRCREV = "2d3a878ef19dd5d2fb188898513610fac0a48621"
PV .= "+git${SRCPV}"
SRC_URI += "gitsm://github.com/Naios/function2;branch=master;protocol=https"
diff --git a/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.5.bb b/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.6.bb
similarity index 60%
rename from meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.5.bb
rename to meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.6.bb
index 111a820..eb23816 100644
--- a/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.5.bb
+++ b/meta-openembedded/meta-oe/recipes-support/imapfilter/imapfilter_2.7.6.bb
@@ -1,11 +1,13 @@
SUMMARY = "IMAPFilter is a mail filtering utility that processes mailboxes based on IMAP queries"
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=db3b99f230f9758fd77e4a0654e2266d"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c11d4fd926d3ce7aac13b0ed1e9b3a63"
-SRC_URI = "https://codeload.github.com/lefcha/${BPN}/tar.gz/v${PV};downloadfilename=${BP}.tar.gz \
+# v2.7.6
+SRCREV = "b39d0430f29d7c953581186955c11b461e6c824f"
+SRC_URI = "git://github.com/lefcha/imapfilter;protocol=https;branch=master \
file://ldflags.patch \
"
-SRC_URI[sha256sum] = "ab19f840712e6951e51c29e44c43b3b2fa42e93693f98f8969cc763a4fad56bf"
+S = "${WORKDIR}/git"
DEPENDS= "openssl lua libpcre2"
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch
new file mode 100644
index 0000000..7cdb5f9
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch
@@ -0,0 +1,164 @@
+From 0168696f95b5c610c3861ced8ef98accd1a83b91 Mon Sep 17 00:00:00 2001
+From: Benjamin Marzinski <bmarzins@redhat.com>
+Date: Tue, 27 Sep 2022 12:36:37 +0200
+Subject: [PATCH] multipathd: ignore duplicated multipathd command keys
+
+multipath adds rather than or-s the values of command keys. Fix this.
+Also, return an invalid fingerprint if a key is used more than once.
+
+CVE: CVE-2022-41974
+
+References:
+https://nvd.nist.gov/vuln/detail/CVE-2022-41974
+https://github.com/opensvc/multipath-tools/issues/59
+
+Upstream-Status: Backport
+[https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c]
+
+Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ multipathd/cli.c | 8 ++--
+ multipathd/main.c | 104 +++++++++++++++++++++++-----------------------
+ 2 files changed, 57 insertions(+), 55 deletions(-)
+
+diff --git a/multipathd/cli.c b/multipathd/cli.c
+index 800c0fbe..0a266761 100644
+--- a/multipathd/cli.c
++++ b/multipathd/cli.c
+@@ -336,9 +336,11 @@ fingerprint(vector vec)
+ if (!vec)
+ return 0;
+
+- vector_foreach_slot(vec, kw, i)
+- fp += kw->code;
+-
++ vector_foreach_slot(vec, kw, i) {
++ if (fp & kw->code)
++ return (uint64_t)-1;
++ fp |= kw->code;
++ }
+ return fp;
+ }
+
+diff --git a/multipathd/main.c b/multipathd/main.c
+index 8baf9abe..975287d2 100644
+--- a/multipathd/main.c
++++ b/multipathd/main.c
+@@ -1522,61 +1522,61 @@ uxlsnrloop (void * ap)
+ /* Tell main thread that thread has started */
+ post_config_state(DAEMON_CONFIGURE);
+
+- set_handler_callback(LIST+PATHS, cli_list_paths);
+- set_handler_callback(LIST+PATHS+FMT, cli_list_paths_fmt);
+- set_handler_callback(LIST+PATHS+RAW+FMT, cli_list_paths_raw);
+- set_handler_callback(LIST+PATH, cli_list_path);
+- set_handler_callback(LIST+MAPS, cli_list_maps);
+- set_handler_callback(LIST+STATUS, cli_list_status);
+- set_unlocked_handler_callback(LIST+DAEMON, cli_list_daemon);
+- set_handler_callback(LIST+MAPS+STATUS, cli_list_maps_status);
+- set_handler_callback(LIST+MAPS+STATS, cli_list_maps_stats);
+- set_handler_callback(LIST+MAPS+FMT, cli_list_maps_fmt);
+- set_handler_callback(LIST+MAPS+RAW+FMT, cli_list_maps_raw);
+- set_handler_callback(LIST+MAPS+TOPOLOGY, cli_list_maps_topology);
+- set_handler_callback(LIST+TOPOLOGY, cli_list_maps_topology);
+- set_handler_callback(LIST+MAPS+JSON, cli_list_maps_json);
+- set_handler_callback(LIST+MAP+TOPOLOGY, cli_list_map_topology);
+- set_handler_callback(LIST+MAP+FMT, cli_list_map_fmt);
+- set_handler_callback(LIST+MAP+RAW+FMT, cli_list_map_fmt);
+- set_handler_callback(LIST+MAP+JSON, cli_list_map_json);
+- set_handler_callback(LIST+CONFIG+LOCAL, cli_list_config_local);
+- set_handler_callback(LIST+CONFIG, cli_list_config);
+- set_handler_callback(LIST+BLACKLIST, cli_list_blacklist);
+- set_handler_callback(LIST+DEVICES, cli_list_devices);
+- set_handler_callback(LIST+WILDCARDS, cli_list_wildcards);
+- set_handler_callback(RESET+MAPS+STATS, cli_reset_maps_stats);
+- set_handler_callback(RESET+MAP+STATS, cli_reset_map_stats);
+- set_handler_callback(ADD+PATH, cli_add_path);
+- set_handler_callback(DEL+PATH, cli_del_path);
+- set_handler_callback(ADD+MAP, cli_add_map);
+- set_handler_callback(DEL+MAP, cli_del_map);
+- set_handler_callback(SWITCH+MAP+GROUP, cli_switch_group);
++ set_handler_callback(LIST|PATHS, cli_list_paths);
++ set_handler_callback(LIST|PATHS|FMT, cli_list_paths_fmt);
++ set_handler_callback(LIST|PATHS|RAW|FMT, cli_list_paths_raw);
++ set_handler_callback(LIST|PATH, cli_list_path);
++ set_handler_callback(LIST|MAPS, cli_list_maps);
++ set_handler_callback(LIST|STATUS, cli_list_status);
++ set_unlocked_handler_callback(LIST|DAEMON, cli_list_daemon);
++ set_handler_callback(LIST|MAPS|STATUS, cli_list_maps_status);
++ set_handler_callback(LIST|MAPS|STATS, cli_list_maps_stats);
++ set_handler_callback(LIST|MAPS|FMT, cli_list_maps_fmt);
++ set_handler_callback(LIST|MAPS|RAW|FMT, cli_list_maps_raw);
++ set_handler_callback(LIST|MAPS|TOPOLOGY, cli_list_maps_topology);
++ set_handler_callback(LIST|TOPOLOGY, cli_list_maps_topology);
++ set_handler_callback(LIST|MAPS|JSON, cli_list_maps_json);
++ set_handler_callback(LIST|MAP|TOPOLOGY, cli_list_map_topology);
++ set_handler_callback(LIST|MAP|FMT, cli_list_map_fmt);
++ set_handler_callback(LIST|MAP|RAW|FMT, cli_list_map_fmt);
++ set_handler_callback(LIST|MAP|JSON, cli_list_map_json);
++ set_handler_callback(LIST|CONFIG|LOCAL, cli_list_config_local);
++ set_handler_callback(LIST|CONFIG, cli_list_config);
++ set_handler_callback(LIST|BLACKLIST, cli_list_blacklist);
++ set_handler_callback(LIST|DEVICES, cli_list_devices);
++ set_handler_callback(LIST|WILDCARDS, cli_list_wildcards);
++ set_handler_callback(RESET|MAPS|STATS, cli_reset_maps_stats);
++ set_handler_callback(RESET|MAP|STATS, cli_reset_map_stats);
++ set_handler_callback(ADD|PATH, cli_add_path);
++ set_handler_callback(DEL|PATH, cli_del_path);
++ set_handler_callback(ADD|MAP, cli_add_map);
++ set_handler_callback(DEL|MAP, cli_del_map);
++ set_handler_callback(SWITCH|MAP|GROUP, cli_switch_group);
+ set_unlocked_handler_callback(RECONFIGURE, cli_reconfigure);
+- set_handler_callback(SUSPEND+MAP, cli_suspend);
+- set_handler_callback(RESUME+MAP, cli_resume);
+- set_handler_callback(RESIZE+MAP, cli_resize);
+- set_handler_callback(RELOAD+MAP, cli_reload);
+- set_handler_callback(RESET+MAP, cli_reassign);
+- set_handler_callback(REINSTATE+PATH, cli_reinstate);
+- set_handler_callback(FAIL+PATH, cli_fail);
+- set_handler_callback(DISABLEQ+MAP, cli_disable_queueing);
+- set_handler_callback(RESTOREQ+MAP, cli_restore_queueing);
+- set_handler_callback(DISABLEQ+MAPS, cli_disable_all_queueing);
+- set_handler_callback(RESTOREQ+MAPS, cli_restore_all_queueing);
++ set_handler_callback(SUSPEND|MAP, cli_suspend);
++ set_handler_callback(RESUME|MAP, cli_resume);
++ set_handler_callback(RESIZE|MAP, cli_resize);
++ set_handler_callback(RELOAD|MAP, cli_reload);
++ set_handler_callback(RESET|MAP, cli_reassign);
++ set_handler_callback(REINSTATE|PATH, cli_reinstate);
++ set_handler_callback(FAIL|PATH, cli_fail);
++ set_handler_callback(DISABLEQ|MAP, cli_disable_queueing);
++ set_handler_callback(RESTOREQ|MAP, cli_restore_queueing);
++ set_handler_callback(DISABLEQ|MAPS, cli_disable_all_queueing);
++ set_handler_callback(RESTOREQ|MAPS, cli_restore_all_queueing);
+ set_unlocked_handler_callback(QUIT, cli_quit);
+ set_unlocked_handler_callback(SHUTDOWN, cli_shutdown);
+- set_handler_callback(GETPRSTATUS+MAP, cli_getprstatus);
+- set_handler_callback(SETPRSTATUS+MAP, cli_setprstatus);
+- set_handler_callback(UNSETPRSTATUS+MAP, cli_unsetprstatus);
+- set_handler_callback(FORCEQ+DAEMON, cli_force_no_daemon_q);
+- set_handler_callback(RESTOREQ+DAEMON, cli_restore_no_daemon_q);
+- set_handler_callback(GETPRKEY+MAP, cli_getprkey);
+- set_handler_callback(SETPRKEY+MAP+KEY, cli_setprkey);
+- set_handler_callback(UNSETPRKEY+MAP, cli_unsetprkey);
+- set_handler_callback(SETMARGINAL+PATH, cli_set_marginal);
+- set_handler_callback(UNSETMARGINAL+PATH, cli_unset_marginal);
+- set_handler_callback(UNSETMARGINAL+MAP, cli_unset_all_marginal);
++ set_handler_callback(GETPRSTATUS|MAP, cli_getprstatus);
++ set_handler_callback(SETPRSTATUS|MAP, cli_setprstatus);
++ set_handler_callback(UNSETPRSTATUS|MAP, cli_unsetprstatus);
++ set_handler_callback(FORCEQ|DAEMON, cli_force_no_daemon_q);
++ set_handler_callback(RESTOREQ|DAEMON, cli_restore_no_daemon_q);
++ set_handler_callback(GETPRKEY|MAP, cli_getprkey);
++ set_handler_callback(SETPRKEY|MAP|KEY, cli_setprkey);
++ set_handler_callback(UNSETPRKEY|MAP, cli_unsetprkey);
++ set_handler_callback(SETMARGINAL|PATH, cli_set_marginal);
++ set_handler_callback(UNSETMARGINAL|PATH, cli_unset_marginal);
++ set_handler_callback(UNSETMARGINAL|MAP, cli_unset_all_marginal);
+
+ umask(077);
+ uxsock_listen(&uxsock_trigger, ux_sock, ap);
+--
+2.31.1
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index 5a8db08..feb8a06 100644
--- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -48,6 +48,7 @@
file://0001-add-explicit-dependency-on-libraries.patch \
file://0001-fix-boolean-value-with-json-c-0.14.patch \
file://0001-libmultipath-uevent.c-fix-error-handling-for-udev_mo.patch \
+ file://CVE-2022-41974.patch \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
index eb6174a..950fae6 100644
--- a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch
@@ -18,7 +18,12 @@
index 2012d18..78fca62 100644
--- a/nss/coreconf/arch.mk
+++ b/nss/coreconf/arch.mk
-@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m)
+@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
+ # Attempt to differentiate between sparc and x86 Solaris
+ #
+
+-OS_TEST := $(shell uname -m)
++OS_TEST ?= $(shell uname -m)
ifeq ($(OS_TEST),i86pc)
OS_RELEASE := $(shell uname -r)_$(OS_TEST)
else
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb
index 333bbdf..4a9482f 100644
--- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb
+++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb
@@ -20,7 +20,7 @@
VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
-SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
+SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
file://nss.pc.in \
file://0001-nss-fix-support-cross-compiling.patch \
file://nss-no-rpath-for-cross-compiling.patch \
@@ -280,5 +280,11 @@
BBCLASSEXTEND = "native nativesdk"
+CVE_PRODUCT += "network_security_services"
+
# CVE-2006-5201 affects only Sun Solaris
CVE_CHECK_IGNORE += "CVE-2006-5201"
+
+# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect
+# the legacy db (libnssdbm), only compiled with --enable-legacy-db.
+CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698"
diff --git a/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.2.bb b/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.3.bb
similarity index 98%
rename from meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.2.bb
rename to meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.3.bb
index 5ecc5b8..32c57ce 100644
--- a/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.2.bb
+++ b/meta-openembedded/meta-oe/recipes-support/poco/poco_1.12.3.bb
@@ -11,7 +11,7 @@
SRC_URI = "git://github.com/pocoproject/poco.git;branch=master;protocol=https \
file://run-ptest \
"
-SRCREV = "be19dc4a2f30eb97cc9bdd7551460db11cc27353"
+SRCREV = "f1aefe34a46891b09230422bbc37465bc6d0a0d1"
UPSTREAM_CHECK_GITTAGREGEX = "poco-(?P<pver>\d+(\.\d+)+)"
diff --git a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.2.bb
similarity index 91%
rename from meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb
rename to meta-openembedded/meta-oe/recipes-support/tio/tio_2.2.bb
index 1c36bd5..8bfebc7 100644
--- a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.2.bb
@@ -7,7 +7,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=0e1a95b7892d3015ecd6d0016f601f2c"
SRC_URI = "git://github.com/tio/tio;protocol=https;nobranch=1"
-SRCREV = "14fc77ffc13a4c60a98f0bb7e0f431e9ed7cf1fd"
+SRCREV = "eaab692d4d6be1ef41c0f6950977cf9054520cb7"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.0.bb b/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.2.bb
similarity index 94%
rename from meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.0.bb
rename to meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.2.bb
index 4b90dcc..74e683e 100644
--- a/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.0.bb
+++ b/meta-openembedded/meta-oe/recipes-test/bats/bats_1.8.2.bb
@@ -11,7 +11,7 @@
"
# v1.7.0
-SRCREV = "e9b286bb39ad7b0cb7b7d2e819d44d1aff387522"
+SRCREV = "e8c840b58f0833e23461c682655fe540aa923f85"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb b/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb
index 921143a..d923e7a 100644
--- a/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb
+++ b/meta-openembedded/meta-oe/recipes-test/cpputest/cpputest_4.0.bb
@@ -18,4 +18,6 @@
-DEXTENSIONS=OFF \
"
+DEV_PKG_DEPENDENCY = ""
+
FILES:${PN}-dev += "${libdir}/CppUTest/cmake/*"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.11.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.12.bb
similarity index 89%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.11.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.12.bb
index b9dc580..aa0ce44 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.11.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-astroid_2.12.12.bb
@@ -4,7 +4,7 @@
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a70cf540abf41acb644ac3b621b2fad1"
-SRC_URI[sha256sum] = "2df4f9980c4511474687895cbfdb8558293c1a826d9118bb09233d7c2bff1c83"
+SRC_URI[sha256sum] = "1c00a14f5a3ed0339d38d2e2e5b74ea2591df5861c0936bb292b84ccf3a78d83"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_2.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_3.0.0.bb
similarity index 81%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_2.1.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_3.0.0.bb
index 1ab72e5..895f88a 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_2.1.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-charset-normalizer_3.0.0.bb
@@ -3,7 +3,7 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=0974a390827087287db39928f7c524b5"
-SRC_URI[sha256sum] = "5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845"
+SRC_URI[sha256sum] = "b27d10ad15740b45fd55f76e6901a4391e6dca3917ef48ecdcf17edf6e00d770"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.6.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.6.bb
new file mode 100644
index 0000000..e54398c
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.6.bb
@@ -0,0 +1,9 @@
+require python-django.inc
+inherit setuptools3
+
+SRC_URI[sha256sum] = "bceb0fe1a386781af0788cae4108622756cd05e7775448deec04a71ddf87685d"
+
+RDEPENDS:${PN} += "\
+ ${PYTHON_PN}-sqlparse \
+ ${PYTHON_PN}-asgiref \
+"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.bb
deleted file mode 100644
index 44ea539..0000000
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require python-django.inc
-inherit setuptools3
-
-SRC_URI[sha256sum] = "032f8a6fc7cf05ccd1214e4a2e21dfcd6a23b9d575c6573cacc8c67828dbe642"
-
-RDEPENDS:${PN} += "\
- ${PYTHON_PN}-sqlparse \
- ${PYTHON_PN}-asgiref \
-"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb
index 03231f9..8d66545 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.2.bb
@@ -12,6 +12,6 @@
inherit setuptools3
PIP_INSTALL_PACKAGE = "gcovr"
-RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments"
+RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.65.0.bb
similarity index 86%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.65.0.bb
index af83c17..4246d46 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.65.0.bb
@@ -4,7 +4,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
-SRC_URI[sha256sum] = "0dc4c967a5c795e981af01340f1bd22173a986534de968b5456cb208ed6775a6"
+SRC_URI[sha256sum] = "b8a0ca8454ad57bc65199044717d3d214197ae1e2d666426bbcd4021b36762e0"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.13.0.bb
similarity index 87%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.13.0.bb
index 53c1d00..9e4129b 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.13.0.bb
@@ -6,7 +6,7 @@
inherit pypi setuptools3
-SRC_URI[sha256sum] = "f12d86502ce0f2c0174e2e70ecc8d36c69593817e67e1d9c5e34489120422e4b"
+SRC_URI[sha256sum] = "9352dd6394093169157e6971526bab9a2799244d68a94a4a609f0dd751ef6f5e"
RDEPENDS:${PN} += "\
${PYTHON_PN}-asyncio \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.4.bb
similarity index 77%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.3.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.4.bb
index f8f4062..2f43381 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.3.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-huey_2.4.4.bb
@@ -5,7 +5,7 @@
PYPI_PACKAGE = "huey"
-SRC_URI[sha256sum] = "4fa2f6055d581778c3bcf93fc8c9ce87aecc2a345d5ff35bd955da152c02ef37"
+SRC_URI[sha256sum] = "6a27a7862a7a982c0508ad4e548d95765e3b0d97093a51106f07540837a09c86"
RDEPENDS:${PN} += " \
python3-datetime \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
similarity index 92%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
index 8cc3048..566279d 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb
@@ -4,7 +4,7 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482"
-SRC_URI[sha256sum] = "1565237372795bf6ee3e5aba5e2a85bd5a65d0e2aa5c628b9a97b7d7a0da3721"
+SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.1.bb
similarity index 89%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.1.bb
index 998aa12..65cd29d 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pandas_1.5.1.bb
@@ -6,7 +6,7 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c1cc9ab35a8b2aabf933cd6d245b5db3"
-SRC_URI[sha256sum] = "3ee61b881d2f64dd90c356eb4a4a4de75376586cd3c9341c6c0fcaae18d52977"
+SRC_URI[sha256sum] = "249cec5f2a5b22096440bd85c33106b6102e0672204abd2d5c014106459804ee"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.1.bb
similarity index 86%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.1.bb
index 7ffec26..075f3bb 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pika_1.3.1.bb
@@ -8,7 +8,7 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=678ec81495ba50edf81e84e4f1aa69f3"
-SRC_URI[sha256sum] = "15357ddc47a5c28f0b07d80e93d504cbbf7a1ad5e1cd129ecd27afe76472c529"
+SRC_URI[sha256sum] = "beb19ff6dd1547f99a29acc2c6987ebb2ba7c44bf44a3f8e305877c5ef7d2fdc"
inherit pypi python_setuptools_build_meta
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest
new file mode 100644
index 0000000..3385d68
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}'
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.2.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.2.0.bb
deleted file mode 100644
index 454d61a..0000000
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.2.0.bb
+++ /dev/null
@@ -1,42 +0,0 @@
-SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
-Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
-Contributors."
-HOMEPAGE = "https://pillow.readthedocs.io"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849"
-
-SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.2.x;protocol=https \
- file://0001-support-cross-compiling.patch \
- file://0001-explicitly-set-compile-options.patch \
- "
-SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
-
-inherit setuptools3
-
-PIP_INSTALL_PACKAGE = "Pillow"
-PIP_INSTALL_DIST_PATH = "${S}/dist"
-
-DEPENDS += " \
- zlib \
- jpeg \
- tiff \
- freetype \
- lcms \
- openjpeg \
-"
-
-RDEPENDS:${PN} += " \
- ${PYTHON_PN}-misc \
- ${PYTHON_PN}-logging \
- ${PYTHON_PN}-numbers \
-"
-
-CVE_PRODUCT = "pillow"
-
-S = "${WORKDIR}/git"
-
-RPROVIDES:${PN} += "python3-imaging"
-
-BBCLASSEXTEND = "native"
-
-SRCREV = "58acec3312fb8671c9d84829197e1c8150085589"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
new file mode 100644
index 0000000..86705d2
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
@@ -0,0 +1,64 @@
+SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \
+Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \
+Contributors."
+HOMEPAGE = "https://pillow.readthedocs.io"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=bc416d18f294943285560364be7cbec1"
+
+SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https \
+ file://0001-support-cross-compiling.patch \
+ file://0001-explicitly-set-compile-options.patch \
+ file://run-ptest \
+ "
+SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8"
+
+inherit setuptools3 ptest
+
+PIP_INSTALL_PACKAGE = "Pillow"
+PIP_INSTALL_DIST_PATH = "${S}/dist"
+
+DEPENDS += " \
+ zlib \
+ jpeg \
+ tiff \
+ freetype \
+ lcms \
+ openjpeg \
+"
+
+RDEPENDS:${PN} += " \
+ ${PYTHON_PN}-misc \
+ ${PYTHON_PN}-logging \
+ ${PYTHON_PN}-numbers \
+"
+
+RDEPENDS:${PN}-ptest += " \
+ bash \
+ ghostscript \
+ jpeg-tools \
+ libwebp \
+ ${PYTHON_PN}-core \
+ ${PYTHON_PN}-distutils \
+ ${PYTHON_PN}-image \
+ ${PYTHON_PN}-mmap \
+ ${PYTHON_PN}-pytest \
+ ${PYTHON_PN}-pytest-timeout \
+ ${PYTHON_PN}-resource \
+ ${PYTHON_PN}-unixadmin\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \
+"
+
+CVE_PRODUCT = "pillow"
+
+S = "${WORKDIR}/git"
+
+RPROVIDES:${PN} += "python3-imaging"
+
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/Tests
+ cp -rf ${S}/Tests ${D}${PTEST_PATH}/
+}
+
+BBCLASSEXTEND = "native"
+
+SRCREV = "a5bbab1c1e63b439de191ef2040173713b26d2da"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.7.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.8.bb
similarity index 91%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.7.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.8.bb
index 24ce61c..1eb1832 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.7.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-protobuf_4.21.8.bb
@@ -7,7 +7,7 @@
inherit pypi setuptools3
-SRC_URI[sha256sum] = "71d9dba03ed3432c878a801e2ea51e034b0ea01cf3a4344fb60166cb5f6c8757"
+SRC_URI[sha256sum] = "427426593b55ff106c84e4a88cac855175330cb6eb7e889e85aaa7b5652b686d"
# http://errors.yoctoproject.org/Errors/Details/184715/
# Can't find required file: ../src/google/protobuf/descriptor.proto
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.4.bb
similarity index 77%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.3.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.4.bb
index 5e016fb..62f5c0c 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.3.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pythonping_1.1.4.bb
@@ -4,7 +4,7 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://setup.py;beginline=12;endline=12;md5=2d33c00f47720c7e35e1fdb4b9fab027"
-SRC_URI[sha256sum] = "3555a03439eb48d5e0e8c201f7c334c1e13b997d744f93453d4d601c0fc8330f"
+SRC_URI[sha256sum] = "acef84640fee6f20b725f2a1d2392771f2845554cfabcef30b1fdea5030161af"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.2.bb
similarity index 89%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.2.bb
index f71d4da..bfc5437 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-socketio_5.7.2.bb
@@ -9,7 +9,7 @@
PYPI_PACKAGE = "python-socketio"
-SRC_URI[sha256sum] = "5011a0cd2545c954d7df09eef7489ec424c93b001cc146599cd72f1dd20f0d46"
+SRC_URI[sha256sum] = "92395062d9db3c13d30e7cdedaa0e1330bba78505645db695415f9a3c628d097"
PACKAGECONFIG ?= "asyncio_client client"
PACKAGECONFIG[asyncio_client] = ",,,${PYTHON_PN}-aiohttp ${PYTHON_PN}-websockets"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.41.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.42.bb
similarity index 86%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.41.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.42.bb
index 5b93458..6999554 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.41.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlalchemy_1.4.42.bb
@@ -4,7 +4,7 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f4001d1ca15b69d096fa1b4fd1bdce79"
-SRC_URI[sha256sum] = "0292f70d1797e3c54e862e6f30ae474014648bc9c723e14a2fda730adb0a9791"
+SRC_URI[sha256sum] = "177e41914c476ed1e1b77fd05966ea88c094053e17a85303c4ce007f88eff363"
PYPI_PACKAGE = "SQLAlchemy"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb b/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.1.bb
similarity index 91%
rename from meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
rename to meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.1.bb
index 3a9f0ad..ea9d652 100644
--- a/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb
+++ b/meta-openembedded/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.1.bb
@@ -4,7 +4,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa"
-SRC_URI[sha256sum] = "0af7e067e0c0ba32cc19c2c2dc67875c591b806c4b49480ebe46e37bfb399684"
+SRC_URI[sha256sum] = "3fd2fec6a11992afb8a34c0181b76c8d36c6fae1b79d83fb4542ce08e0fb4127"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
new file mode 100644
index 0000000..996eabf
--- /dev/null
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
@@ -0,0 +1,31 @@
+From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001
+From: Valeria Petrov <valeria.petrov@spinetix.com>
+Date: Tue, 18 Apr 2023 15:38:53 +0200
+Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to
+ include path if mod_rewrite is enabled.
+
+Upstream-Status: Accepted [https://svn.apache.org/viewvc?view=revision&revision=1909241]
+
+---
+ modules/mappers/config9.m4 | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4
+index 55a97ab993..7120b729b7 100644
+--- a/modules/mappers/config9.m4
++++ b/modules/mappers/config9.m4
+@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos
+ APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes)
+ APACHE_MODULE(rewrite, rule based URL manipulation, , , most)
+
++if test "x$enable_rewrite" != "xno"; then
++ # mod_rewrite needs test_char.h
++ APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server])
++fi
++
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
+
+ APACHE_MODPATH_FINISH
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
similarity index 97%
rename from meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
rename to meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
index 4f30eca..00f8aaa 100644
--- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
@@ -16,6 +16,7 @@
file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch \
+ file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \
"
SRC_URI:append:class-target = " \
@@ -27,7 +28,7 @@
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"
+SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a"
S = "${WORKDIR}/httpd-${PV}"
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
index ff2c587..0852a88 100644
--- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf
@@ -1,2 +1,2 @@
-d /var/run/apache2 0755 root root -
+d /run/apache2 0755 root root -
d /var/log/apache2 0755 root root -
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
index 5b7e327..d3e2275 100644
--- a/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
+++ b/meta-openembedded/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb
@@ -7,12 +7,13 @@
SECTION = "net"
-SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \
+SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \
file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \
file://monkey.service \
file://monkey.init"
-SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb"
+SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c"
+S = "${WORKDIR}/git"
UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases"
UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz"
diff --git a/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb b/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb
index 21bbda3..eefe332 100644
--- a/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb
+++ b/meta-openembedded/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb
@@ -6,3 +6,4 @@
inherit xfce-panel-plugin
SRC_URI[sha256sum] = "ebda5e5eb62d6e42afdc6f121d2f1cbd4d9d3c2b16a5e3ed8192b1b224b8f825"
+DEPENDS += "libpcre"
diff --git a/meta-raspberrypi/.github/workflows/compliance.yml b/meta-raspberrypi/.github/workflows/compliance.yml
index cfba185..ec489f0 100644
--- a/meta-raspberrypi/.github/workflows/compliance.yml
+++ b/meta-raspberrypi/.github/workflows/compliance.yml
@@ -13,7 +13,7 @@
runs-on: ubuntu-latest
steps:
- name: Checkout the code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build a temporary DCO image
@@ -39,7 +39,7 @@
runs-on: ubuntu-latest
steps:
- name: Checkout the code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Do reuse check
diff --git a/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh b/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh
index 135d410..af2c507 100755
--- a/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh
+++ b/meta-raspberrypi/.github/workflows/docker-images/dco-check/entrypoint.sh
@@ -16,6 +16,14 @@
[ -d "$GIT_REPO_PATH/.git" ] ||
error "Can't find a git checkout under $GIT_REPO_PATH ."
cd "$GIT_REPO_PATH"
+
+# The GitHub runner user and the container user might differ making git error
+# out with:
+# error: fatal: detected dubious ownership in repository at '/work'
+# Avoid this as the security risk is minimum here while guarding the git hooks
+# via PRs.
+git config --global --add safe.directory /work
+
dco-check \
--verbose \
--default-branch "origin/$BASE_REF"
diff --git a/meta-raspberrypi/.github/workflows/yocto-builds.yml b/meta-raspberrypi/.github/workflows/yocto-builds.yml
index d237f0a..93f9f46 100644
--- a/meta-raspberrypi/.github/workflows/yocto-builds.yml
+++ b/meta-raspberrypi/.github/workflows/yocto-builds.yml
@@ -38,7 +38,7 @@
SSTATE_DIR: /var/lib/ci/yocto/sstate
steps:
- name: Checkout the code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Define Yocto build files
diff --git a/meta-raspberrypi/.github/workflows/yocto-layer.yml b/meta-raspberrypi/.github/workflows/yocto-layer.yml
index 63cb9e9..fa11815 100644
--- a/meta-raspberrypi/.github/workflows/yocto-layer.yml
+++ b/meta-raspberrypi/.github/workflows/yocto-layer.yml
@@ -15,7 +15,7 @@
runs-on: [self-hosted, Linux]
steps:
- name: Checkout the code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Define Yocto build files
diff --git a/meta-raspberrypi/conf/machine/raspberrypi4-64.conf b/meta-raspberrypi/conf/machine/raspberrypi4-64.conf
index d8b8ec0..37217c5 100644
--- a/meta-raspberrypi/conf/machine/raspberrypi4-64.conf
+++ b/meta-raspberrypi/conf/machine/raspberrypi4-64.conf
@@ -12,8 +12,6 @@
bluez-firmware-rpidistro-bcm4345c5-hcd \
"
-DEFAULTTUNE = "cortexa72"
-
require conf/machine/include/arm/armv8a/tune-cortexa72.inc
include conf/machine/include/rpi-base.inc
diff --git a/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera.bbappend b/meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera_%.bbappend
similarity index 100%
rename from meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera.bbappend
rename to meta-raspberrypi/dynamic-layers/multimedia-layer/recipes-multimedia/libcamera/libcamera_%.bbappend
diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
index 42cfcdd..3ae4385 100644
--- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
+++ b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
@@ -3,16 +3,17 @@
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
SRC_URI = " \
- file://99-com.rules \
+ git://github.com/RPi-Distro/raspberrypi-sys-mods;protocol=https;branch=master \
file://can.rules \
"
+SRCREV = "5ce3ef2b7f377c23fea440ca9df0e30f3f8447cf"
-S = "${WORKDIR}"
+S = "${WORKDIR}/git"
INHIBIT_DEFAULT_DEPS = "1"
do_install () {
install -d ${D}${sysconfdir}/udev/rules.d
- install -m 0644 ${WORKDIR}/99-com.rules ${D}${sysconfdir}/udev/rules.d/
+ install -m 0644 ${S}/etc.armhf/udev/rules.d/99-com.rules ${D}${sysconfdir}/udev/rules.d/
install -m 0644 ${WORKDIR}/can.rules ${D}${sysconfdir}/udev/rules.d/
}
diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules
deleted file mode 100644
index ddd1e17..0000000
--- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules
+++ /dev/null
@@ -1,21 +0,0 @@
-KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
- ALIASES=/proc/device-tree/aliases; \
- if cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \
- echo 0;\
- elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \
- echo 1; \
- else \
- exit 1; \
- fi\
-'", SYMLINK+="serial%c"
-
-KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
- ALIASES=/proc/device-tree/aliases; \
- if cmp -s $$ALIASES/uart1 $$ALIASES/serial0; then \
- echo 0; \
- elif cmp -s $$ALIASES/uart1 $$ALIASES/serial1; then \
- echo 1; \
- else \
- exit 1; \
- fi \
-'", SYMLINK+="serial%c"
diff --git a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
index 6be84ba..3729863 100644
--- a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
+++ b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
@@ -24,6 +24,10 @@
self.parsec_status='pgrep -l parsec'
self.parsec_reload='/etc/init.d/parsec reload'
+ def tearDown(self):
+ self.target.run('sync')
+ super(ParsecTest, self).tearDown()
+
def copy_subconfig(self, cfg, provider):
""" Copy a provider configuration to target and append it to Parsec config """
@@ -61,9 +65,18 @@
def check_packageconfig(self, prov):
""" Check that the require provider is included in Parsec """
- if prov not in self.tc.td['PACKAGECONFIG:pn-parsec-service']:
+
+ if 'PACKAGECONFIG:pn-parsec-service' in self.tc.td.keys():
+ providers = self.tc.td['PACKAGECONFIG:pn-parsec-service']
+ else:
+ # PACKAGECONFIG is not defined in local.conf
+ # Let's use the default value
+ providers = "PKCS11 MBED-CRYPTO"
+ if 'tpm2' in self.tc.td['DISTRO_FEATURES']:
+ providers += " TPM"
+ if prov not in providers:
self.skipTest('%s provider is not included in Parsec. Parsec PACKAGECONFIG: "%s"' % \
- (prov, self.tc.td['PACKAGECONFIG:pn-parsec-service']))
+ (prov, providers))
def check_packages(self, prov, packages):
""" Check for the required packages for Parsec providers software backends """
diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index fb36fab..fb0105e 100644
--- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -3,6 +3,8 @@
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+PACKAGE_ARCH = "${TUNE_PKGARCH}"
+
inherit packagegroup
PACKAGES = "${PN}"
@@ -12,6 +14,9 @@
tpm2-tools \
trousers \
tpm2-tss \
+ libtss2-mu \
+ libtss2-tcti-device \
+ libtss2-tcti-mssim \
libtss2 \
tpm2-abrmd \
tpm2-pkcs11 \
diff --git a/poky/bitbake/bin/bitbake b/poky/bitbake/bin/bitbake
index 7cbf88f..f869eb4 100755
--- a/poky/bitbake/bin/bitbake
+++ b/poky/bitbake/bin/bitbake
@@ -25,8 +25,7 @@
from bb import cookerdata
from bb.main import bitbake_main, BitBakeConfigParameters, BBMainException
-if sys.getfilesystemencoding() != "utf-8":
- sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\nPython can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.")
+bb.utils.check_system_locale()
__version__ = "2.2.0"
diff --git a/poky/bitbake/bin/bitbake-server b/poky/bitbake/bin/bitbake-server
index f53f88b..d00bb06 100755
--- a/poky/bitbake/bin/bitbake-server
+++ b/poky/bitbake/bin/bitbake-server
@@ -12,8 +12,9 @@
import logging
sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(sys.argv[0])), 'lib'))
-if sys.getfilesystemencoding() != "utf-8":
- sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\nPython can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.")
+import bb
+
+bb.utils.check_system_locale()
# Users shouldn't be running this code directly
if len(sys.argv) != 10 or not sys.argv[1].startswith("decafbad"):
diff --git a/poky/bitbake/bin/bitbake-worker b/poky/bitbake/bin/bitbake-worker
index 7be3937..f3198c5 100755
--- a/poky/bitbake/bin/bitbake-worker
+++ b/poky/bitbake/bin/bitbake-worker
@@ -24,8 +24,7 @@
from multiprocessing import Lock
from threading import Thread
-if sys.getfilesystemencoding() != "utf-8":
- sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\nPython can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.")
+bb.utils.check_system_locale()
# Users shouldn't be running this code directly
if len(sys.argv) != 2 or not sys.argv[1].startswith("decafbad"):
diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
index 9c269ca..519aec9 100644
--- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
+++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
@@ -424,8 +424,8 @@
- *"nobranch":* Tells the fetcher to not check the SHA validation for
the branch when set to "1". The default is "0". Set this option for
- the recipe that refers to the commit that is valid for a tag instead
- of the branch.
+ the recipe that refers to the commit that is valid for any namespace
+ (branch, tag, ...) instead of the branch.
- *"bareclone":* Tells the fetcher to clone a bare clone into the
destination directory without checking out a working tree. Only the
diff --git a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst
index b533d9d..b7c3d80 100644
--- a/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst
+++ b/poky/bitbake/doc/bitbake-user-manual/bitbake-user-manual-metadata.rst
@@ -422,6 +422,12 @@
CACHE[doc] = "The directory holding the cache of the metadata."
+.. note::
+
+ Variable flag names starting with an underscore (``_``) character
+ are allowed but are ignored by ``d.getVarFlags("VAR")``
+ in Python code. Such flag names are used internally by BitBake.
+
Inline Python Variable Expansion
--------------------------------
diff --git a/poky/bitbake/lib/bb/asyncrpc/serv.py b/poky/bitbake/lib/bb/asyncrpc/serv.py
index 5cf45f9..d2de489 100644
--- a/poky/bitbake/lib/bb/asyncrpc/serv.py
+++ b/poky/bitbake/lib/bb/asyncrpc/serv.py
@@ -42,7 +42,7 @@
# Read protocol and version
client_protocol = await self.reader.readline()
- if client_protocol is None:
+ if not client_protocol:
return
(client_proto_name, client_proto_version) = client_protocol.decode('utf-8').rstrip().split()
@@ -59,7 +59,7 @@
# an empty line to signal the end of the headers
while True:
line = await self.reader.readline()
- if line is None:
+ if not line:
return
line = line.decode('utf-8').rstrip()
diff --git a/poky/bitbake/lib/bb/cookerdata.py b/poky/bitbake/lib/bb/cookerdata.py
index 8a354fe..b4bfba3 100644
--- a/poky/bitbake/lib/bb/cookerdata.py
+++ b/poky/bitbake/lib/bb/cookerdata.py
@@ -160,12 +160,7 @@
def wrapped(fn, *args):
try:
return func(fn, *args)
- except IOError as exc:
- import traceback
- parselog.critical(traceback.format_exc())
- parselog.critical("Unable to parse %s: %s" % (fn, exc))
- raise bb.BBHandledException()
- except bb.data_smart.ExpansionError as exc:
+ except Exception as exc:
import traceback
bbdir = os.path.dirname(__file__) + os.sep
@@ -177,9 +172,6 @@
break
parselog.critical("Unable to parse %s" % fn, exc_info=(exc_class, exc, tb))
raise bb.BBHandledException()
- except bb.parse.ParseError as exc:
- parselog.critical(str(exc))
- raise bb.BBHandledException()
return wrapped
@catch_parse_error
@@ -302,14 +294,9 @@
bb.event.fire(bb.event.MultiConfigParsed(self.mcdata), self.data)
self.data_hash = data_hash.hexdigest()
- except (SyntaxError, bb.BBHandledException):
- raise bb.BBHandledException()
except bb.data_smart.ExpansionError as e:
logger.error(str(e))
raise bb.BBHandledException()
- except Exception:
- logger.exception("Error parsing configuration files")
- raise bb.BBHandledException()
# Handle obsolete variable names
@@ -436,7 +423,7 @@
msg += (" and bitbake did not find a conf/bblayers.conf file in"
" the expected location.\nMaybe you accidentally"
" invoked bitbake from the wrong directory?")
- raise SystemExit(msg)
+ bb.fatal(msg)
if not data.getVar("TOPDIR"):
data.setVar("TOPDIR", os.path.abspath(os.getcwd()))
diff --git a/poky/bitbake/lib/bb/fetch2/git.py b/poky/bitbake/lib/bb/fetch2/git.py
index 17d4904..4645a5a 100644
--- a/poky/bitbake/lib/bb/fetch2/git.py
+++ b/poky/bitbake/lib/bb/fetch2/git.py
@@ -44,7 +44,8 @@
- nobranch
Don't check the SHA validation for branch. set this option for the recipe
- referring to commit which is valid in tag instead of branch.
+ referring to commit which is valid in any namespace (branch, tag, ...)
+ instead of branch.
The default is "0", set nobranch=1 if needed.
- usehead
@@ -243,7 +244,7 @@
for name in ud.names:
ud.unresolvedrev[name] = 'HEAD'
- ud.basecmd = d.getVar("FETCHCMD_git") or "git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat"
+ ud.basecmd = d.getVar("FETCHCMD_git") or "git -c gc.autoDetach=false -c core.pager=cat"
write_tarballs = d.getVar("BB_GENERATE_MIRROR_TARBALLS") or "0"
ud.write_tarballs = write_tarballs != "0" or ud.rebaseable
@@ -366,9 +367,13 @@
# If the repo still doesn't exist, fallback to cloning it
if not os.path.exists(ud.clonedir):
- # We do this since git will use a "-l" option automatically for local urls where possible
+ # We do this since git will use a "-l" option automatically for local urls where possible,
+ # but it doesn't work when git/objects is a symlink, only works when it is a directory.
if repourl.startswith("file://"):
- repourl = repourl[7:]
+ repourl_path = repourl[7:]
+ objects = os.path.join(repourl_path, 'objects')
+ if os.path.isdir(objects) and not os.path.islink(objects):
+ repourl = repourl_path
clone_cmd = "LANG=C %s clone --bare --mirror %s %s --progress" % (ud.basecmd, shlex.quote(repourl), ud.clonedir)
if ud.proto.lower() != 'file':
bb.fetch2.check_network_access(d, clone_cmd, ud.url)
@@ -382,7 +387,11 @@
runfetchcmd("%s remote rm origin" % ud.basecmd, d, workdir=ud.clonedir)
runfetchcmd("%s remote add --mirror=fetch origin %s" % (ud.basecmd, shlex.quote(repourl)), d, workdir=ud.clonedir)
- fetch_cmd = "LANG=C %s fetch -f --progress %s refs/*:refs/*" % (ud.basecmd, shlex.quote(repourl))
+
+ if ud.nobranch:
+ fetch_cmd = "LANG=C %s fetch -f --progress %s refs/*:refs/*" % (ud.basecmd, shlex.quote(repourl))
+ else:
+ fetch_cmd = "LANG=C %s fetch -f --progress %s refs/heads/*:refs/heads/* refs/tags/*:refs/tags/*" % (ud.basecmd, shlex.quote(repourl))
if ud.proto.lower() != 'file':
bb.fetch2.check_network_access(d, fetch_cmd, ud.url)
progresshandler = GitProgressHandler(d)
diff --git a/poky/bitbake/lib/bb/fetch2/gitsm.py b/poky/bitbake/lib/bb/fetch2/gitsm.py
index 25d5db0..c5f7c03 100644
--- a/poky/bitbake/lib/bb/fetch2/gitsm.py
+++ b/poky/bitbake/lib/bb/fetch2/gitsm.py
@@ -115,7 +115,7 @@
# This has to be a file reference
proto = "file"
url = "gitsm://" + uris[module]
- if "{}{}".format(ud.host, ud.path) in url:
+ if url.endswith("{}{}".format(ud.host, ud.path)):
raise bb.fetch2.FetchError("Submodule refers to the parent repository. This will cause deadlock situation in current version of Bitbake." \
"Consider using git fetcher instead.")
diff --git a/poky/bitbake/lib/bb/runqueue.py b/poky/bitbake/lib/bb/runqueue.py
index 48e2540..ba75660 100644
--- a/poky/bitbake/lib/bb/runqueue.py
+++ b/poky/bitbake/lib/bb/runqueue.py
@@ -2489,17 +2489,6 @@
self.sq_buildable.remove(tid)
if tid in self.sq_running:
self.sq_running.remove(tid)
- harddepfail = False
- for t in self.sqdata.sq_harddeps:
- if tid in self.sqdata.sq_harddeps[t] and t in self.scenequeue_notcovered:
- harddepfail = True
- break
- if not harddepfail and self.sqdata.sq_revdeps[tid].issubset(self.scenequeue_covered | self.scenequeue_notcovered):
- if tid not in self.sq_buildable:
- self.sq_buildable.add(tid)
- if not self.sqdata.sq_revdeps[tid]:
- self.sq_buildable.add(tid)
-
if tid in self.sqdata.outrightfail:
self.sqdata.outrightfail.remove(tid)
if tid in self.scenequeue_notcovered:
@@ -2518,21 +2507,36 @@
if tid in self.build_stamps:
del self.build_stamps[tid]
- update_tasks.append((tid, harddepfail, tid in self.sqdata.valid))
+ update_tasks.append(tid)
- if update_tasks:
+ update_tasks2 = []
+ for tid in update_tasks:
+ harddepfail = False
+ for t in self.sqdata.sq_harddeps:
+ if tid in self.sqdata.sq_harddeps[t] and t in self.scenequeue_notcovered:
+ harddepfail = True
+ break
+ if not harddepfail and self.sqdata.sq_revdeps[tid].issubset(self.scenequeue_covered | self.scenequeue_notcovered):
+ if tid not in self.sq_buildable:
+ self.sq_buildable.add(tid)
+ if not self.sqdata.sq_revdeps[tid]:
+ self.sq_buildable.add(tid)
+
+ update_tasks2.append((tid, harddepfail, tid in self.sqdata.valid))
+
+ if update_tasks2:
self.sqdone = False
for mc in sorted(self.sqdata.multiconfigs):
- for tid in sorted([t[0] for t in update_tasks]):
+ for tid in sorted([t[0] for t in update_tasks2]):
if mc_from_tid(tid) != mc:
continue
h = pending_hash_index(tid, self.rqdata)
if h in self.sqdata.hashes and tid != self.sqdata.hashes[h]:
self.sq_deferred[tid] = self.sqdata.hashes[h]
bb.note("Deferring %s after %s" % (tid, self.sqdata.hashes[h]))
- update_scenequeue_data([t[0] for t in update_tasks], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
+ update_scenequeue_data([t[0] for t in update_tasks2], self.sqdata, self.rqdata, self.rq, self.cooker, self.stampcache, self, summary=False)
- for (tid, harddepfail, origvalid) in update_tasks:
+ for (tid, harddepfail, origvalid) in update_tasks2:
if tid in self.sqdata.valid and not origvalid:
hashequiv_logger.verbose("Setscene task %s became valid" % tid)
if harddepfail:
diff --git a/poky/bitbake/lib/bb/server/process.py b/poky/bitbake/lib/bb/server/process.py
index 5d02c0b..3668a32 100644
--- a/poky/bitbake/lib/bb/server/process.py
+++ b/poky/bitbake/lib/bb/server/process.py
@@ -28,6 +28,7 @@
import pickle
import traceback
import gc
+import stat
import bb.server.xmlrpcserver
from bb import daemonize
from multiprocessing import queues
@@ -64,6 +65,9 @@
self.bitbake_lock_name = lockname
self.sock = sock
self.sockname = sockname
+ # It is possible the directory may be renamed. Cache the inode of the socket file
+ # so we can tell if things changed.
+ self.sockinode = os.stat(self.sockname)[stat.ST_INO]
self.server_timeout = server_timeout
self.timeout = self.server_timeout
@@ -246,10 +250,16 @@
serverlog("Exiting")
# Remove the socket file so we don't get any more connections to avoid races
+ # The build directory could have been renamed so if the file isn't the one we created
+ # we shouldn't delete it.
try:
- os.unlink(self.sockname)
- except:
- pass
+ sockinode = os.stat(self.sockname)[stat.ST_INO]
+ if sockinode == self.sockinode:
+ os.unlink(self.sockname)
+ else:
+ serverlog("bitbake.sock inode mismatch (%s vs %s), not deleting." % (sockinode, self.sockinode))
+ except Exception as err:
+ serverlog("Removing socket file '%s' failed (%s)" % (self.sockname, err))
self.sock.close()
try:
@@ -532,6 +542,7 @@
# Create server control socket
if os.path.exists(sockname):
+ serverlog("WARNING: removing existing socket file '%s'" % sockname)
os.unlink(sockname)
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
diff --git a/poky/bitbake/lib/bb/siggen.py b/poky/bitbake/lib/bb/siggen.py
index 07bb529..dd7039e 100644
--- a/poky/bitbake/lib/bb/siggen.py
+++ b/poky/bitbake/lib/bb/siggen.py
@@ -332,19 +332,19 @@
data = self.basehash[tid]
for dep in self.runtaskdeps[tid]:
- data = data + self.get_unihash(dep)
+ data += self.get_unihash(dep)
for (f, cs) in self.file_checksum_values[tid]:
if cs:
if "/./" in f:
- data = data + "./" + f.split("/./")[1]
- data = data + cs
+ data += "./" + f.split("/./")[1]
+ data += cs
if tid in self.taints:
if self.taints[tid].startswith("nostamp:"):
- data = data + self.taints[tid][8:]
+ data += self.taints[tid][8:]
else:
- data = data + self.taints[tid]
+ data += self.taints[tid]
h = hashlib.sha256(data.encode("utf-8")).hexdigest()
self.taskhash[tid] = h
diff --git a/poky/bitbake/lib/bb/utils.py b/poky/bitbake/lib/bb/utils.py
index 64a004d..d09e178 100644
--- a/poky/bitbake/lib/bb/utils.py
+++ b/poky/bitbake/lib/bb/utils.py
@@ -13,6 +13,7 @@
import logging
import bb
import bb.msg
+import locale
import multiprocessing
import fcntl
import importlib
@@ -608,6 +609,21 @@
]
return v + preserved_envvars_exported()
+def check_system_locale():
+ """Make sure the required system locale are available and configured"""
+ default_locale = locale.getlocale(locale.LC_CTYPE)
+
+ try:
+ locale.setlocale(locale.LC_CTYPE, ("en_US", "UTF-8"))
+ except:
+ sys.exit("Please make sure locale 'en_US.UTF-8' is available on your system")
+ else:
+ locale.setlocale(locale.LC_CTYPE, default_locale)
+
+ if sys.getfilesystemencoding() != "utf-8":
+ sys.exit("Please use a locale setting which supports UTF-8 (such as LANG=en_US.UTF-8).\n"
+ "Python can't change the filesystem locale after loading so we need a UTF-8 when Python starts or things won't work.")
+
def filter_environment(good_vars):
"""
Create a pristine environment for bitbake. This will remove variables that
@@ -992,6 +1008,9 @@
if not string:
return default
+ if isinstance(string, int):
+ return string != 0
+
normalized = string.lower()
if normalized in ("y", "yes", "1", "true"):
return True
@@ -1680,23 +1699,20 @@
def export_proxies(d):
""" export common proxies variables from datastore to environment """
- import os
variables = ['http_proxy', 'HTTP_PROXY', 'https_proxy', 'HTTPS_PROXY',
'ftp_proxy', 'FTP_PROXY', 'no_proxy', 'NO_PROXY',
- 'GIT_PROXY_COMMAND']
- exported = False
+ 'GIT_PROXY_COMMAND', 'SSL_CERT_FILE', 'SSL_CERT_DIR']
- for v in variables:
- if v in os.environ.keys():
- exported = True
- else:
- v_proxy = d.getVar(v)
- if v_proxy is not None:
- os.environ[v] = v_proxy
- exported = True
+ origenv = d.getVar("BB_ORIGENV")
- return exported
+ for name in variables:
+ value = d.getVar(name)
+ if not value and origenv:
+ value = origenv.getVar(name)
+ if value:
+ os.environ[name] = value
+
def load_plugins(logger, plugins, pluginpath):
diff --git a/poky/bitbake/lib/bblayers/layerindex.py b/poky/bitbake/lib/bblayers/layerindex.py
index 0ac8fd2..ba91fac 100644
--- a/poky/bitbake/lib/bblayers/layerindex.py
+++ b/poky/bitbake/lib/bblayers/layerindex.py
@@ -49,6 +49,31 @@
else:
logger.plain("Repository %s needs to be fetched" % url)
return subdir, layername, layerdir
+ elif os.path.exists(repodir) and branch:
+ """
+ If the repo is already cloned, ensure it is on the correct branch,
+ switching branches if necessary and possible.
+ """
+ base_cmd = ['git', '--git-dir=%s/.git' % repodir, '--work-tree=%s' % repodir]
+ cmd = base_cmd + ['branch']
+ completed_proc = subprocess.run(cmd, text=True, capture_output=True)
+ if completed_proc.returncode:
+ logger.error("Unable to validate repo %s (%s)" % (repodir, stderr))
+ return None, None, None
+ else:
+ if branch != completed_proc.stdout[2:-1]:
+ cmd = base_cmd + ['status', '--short']
+ completed_proc = subprocess.run(cmd, text=True, capture_output=True)
+ if completed_proc.stdout.count('\n') != 0:
+ logger.warning("There are uncommitted changes in repo %s" % repodir)
+ cmd = base_cmd + ['checkout', branch]
+ completed_proc = subprocess.run(cmd, text=True, capture_output=True)
+ if completed_proc.returncode:
+ # Could be due to original shallow clone on a different branch for example
+ logger.error("Unable to automatically switch %s to desired branch '%s' (%s)"
+ % (repodir, branch, completed_proc.stderr))
+ return None, None, None
+ return subdir, layername, layerdir
elif os.path.exists(layerdir):
return subdir, layername, layerdir
else:
diff --git a/poky/bitbake/lib/toaster/orm/fixtures/README b/poky/bitbake/lib/toaster/orm/fixtures/README
index 1b1c660..7cd745e 100644
--- a/poky/bitbake/lib/toaster/orm/fixtures/README
+++ b/poky/bitbake/lib/toaster/orm/fixtures/README
@@ -27,4 +27,4 @@
Use the django management command manage.py loaddata <your fixture file>
For further information see the Django command documentation at:
-https://docs.djangoproject.com/en/1.8/ref/django-admin/#django-admin-loaddata
+https://docs.djangoproject.com/en/3.2/ref/django-admin/#django-admin-loaddata
diff --git a/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py b/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py
index 0d5f453..f0a09be 100755
--- a/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py
+++ b/poky/bitbake/lib/toaster/orm/fixtures/gen_fixtures.py
@@ -35,17 +35,18 @@
# [Codename, Yocto Project Version, Release Date, Current Version, Support Level, Poky Version, BitBake branch]
current_releases = [
# Release slot #1
- ['Kirkstone','3.5','April 2022','','Future - Long Term Support (until Apr. 2024)','27.0','1.54'],
-# ['Dunfell','3.1','April 2021','3.1.5 (March 2022)','Stable - Support for 13 months (until Apr. 2022)','23.0','1.46'],
+ ['Kirkstone','4.0','April 2022','4.0.8 (March 2023)','Stable - Long Term Support (until Apr. 2024)','','2.0'],
# Release slot #2 'local'
['HEAD','HEAD','','Local Yocto Project','HEAD','','HEAD'],
# Release slot #3 'master'
['Master','master','','Yocto Project master','master','','master'],
# Release slot #4
- ['Honister','3.4','October 2021','3.4.2 (February 2022)','Support for 7 months (until May 2022)','26.0','1.52'],
-# ['Gatesgarth','3.2','Oct 2020','3.2.4 (May 2021)','EOL','24.0','1.48'],
+ ['Langdale','4.1','October 2022','4.1.3 (March 2023)','Support for 7 months (until May 2023)','','2.2'],
+# ['Honister','3.4','October 2021','3.4.2 (February 2022)','Support for 7 months (until May 2022)','26.0','1.52'],
+# ['Gatesgarth','3.2','Oct 2020','3.2.4 (May 2021)','EOL','24.0','1.48'],
# Optional Release slot #4
- ['Hardknott','3.3','April 2021','3.3.5 (March 2022)','Stable - Support for 13 months (until Apr. 2022)','25.0','1.50'],
+ ['Dunfell','3.1','April 2021','3.1.23 (February 2023)','Stable - Long Term Support (until Apr. 2024)','23.0','1.46'],
+# ['Hardknott','3.3','April 2021','3.3.5 (March 2022)','Stable - Support for 13 months (until Apr. 2022)','25.0','1.50'],
]
default_poky_layers = [
diff --git a/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml b/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml
index 450e7a2..615e88a 100644
--- a/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml
+++ b/poky/bitbake/lib/toaster/orm/fixtures/oe-core.xml
@@ -10,7 +10,7 @@
<object model="orm.bitbakeversion" pk="1">
<field type="CharField" name="name">kirkstone</field>
<field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field>
- <field type="CharField" name="branch">1.54</field>
+ <field type="CharField" name="branch">2.0</field>
</object>
<object model="orm.bitbakeversion" pk="2">
<field type="CharField" name="name">HEAD</field>
@@ -23,14 +23,14 @@
<field type="CharField" name="branch">master</field>
</object>
<object model="orm.bitbakeversion" pk="4">
- <field type="CharField" name="name">honister</field>
+ <field type="CharField" name="name">langdale</field>
<field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field>
- <field type="CharField" name="branch">1.52</field>
+ <field type="CharField" name="branch">2.2</field>
</object>
<object model="orm.bitbakeversion" pk="5">
- <field type="CharField" name="name">hardknott</field>
+ <field type="CharField" name="name">dunfell</field>
<field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field>
- <field type="CharField" name="branch">1.50</field>
+ <field type="CharField" name="branch">1.46</field>
</object>
<!-- Releases available -->
@@ -56,18 +56,18 @@
<field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/\">OpenEmbedded master</a> branch.</field>
</object>
<object model="orm.release" pk="4">
- <field type="CharField" name="name">honister</field>
- <field type="CharField" name="description">Openembedded Honister</field>
+ <field type="CharField" name="name">langdale</field>
+ <field type="CharField" name="description">Openembedded Langdale</field>
<field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field>
- <field type="CharField" name="branch_name">honister</field>
- <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=honister\">OpenEmbedded Honister</a> branch.</field>
+ <field type="CharField" name="branch_name">langdale</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=langdale\">OpenEmbedded Langdale</a> branch.</field>
</object>
<object model="orm.release" pk="5">
- <field type="CharField" name="name">hardknott</field>
- <field type="CharField" name="description">Openembedded Hardknott</field>
+ <field type="CharField" name="name">dunfell</field>
+ <field type="CharField" name="description">Openembedded Dunfell</field>
<field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">5</field>
- <field type="CharField" name="branch_name">hardknott</field>
- <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=hardknott\">OpenEmbedded Hardknott</a> branch.</field>
+ <field type="CharField" name="branch_name">dunfell</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=dunfell\">OpenEmbedded Dunfell</a> branch.</field>
</object>
<!-- Default layers for each release -->
diff --git a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml
index 20fcc01..04e12f9 100644
--- a/poky/bitbake/lib/toaster/orm/fixtures/poky.xml
+++ b/poky/bitbake/lib/toaster/orm/fixtures/poky.xml
@@ -26,15 +26,15 @@
<field type="CharField" name="dirpath">bitbake</field>
</object>
<object model="orm.bitbakeversion" pk="4">
- <field type="CharField" name="name">honister</field>
+ <field type="CharField" name="name">langdale</field>
<field type="CharField" name="giturl">git://git.yoctoproject.org/poky</field>
- <field type="CharField" name="branch">honister</field>
+ <field type="CharField" name="branch">langdale</field>
<field type="CharField" name="dirpath">bitbake</field>
</object>
<object model="orm.bitbakeversion" pk="5">
- <field type="CharField" name="name">hardknott</field>
+ <field type="CharField" name="name">dunfell</field>
<field type="CharField" name="giturl">git://git.yoctoproject.org/poky</field>
- <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="branch">dunfell</field>
<field type="CharField" name="dirpath">bitbake</field>
</object>
@@ -62,18 +62,18 @@
<field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/">Yocto Project Master branch</a>.</field>
</object>
<object model="orm.release" pk="4">
- <field type="CharField" name="name">honister</field>
- <field type="CharField" name="description">Yocto Project 3.4 "Honister"</field>
+ <field type="CharField" name="name">langdale</field>
+ <field type="CharField" name="description">Yocto Project 4.1 "Langdale"</field>
<field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field>
- <field type="CharField" name="branch_name">honister</field>
- <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=honister">Yocto Project Honister branch</a>.</field>
+ <field type="CharField" name="branch_name">langdale</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=langdale">Yocto Project Langdale branch</a>.</field>
</object>
<object model="orm.release" pk="5">
- <field type="CharField" name="name">hardknott</field>
- <field type="CharField" name="description">Yocto Project 3.3 "Hardknott"</field>
+ <field type="CharField" name="name">dunfell</field>
+ <field type="CharField" name="description">Yocto Project 3.1 "Dunfell"</field>
<field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">5</field>
- <field type="CharField" name="branch_name">hardknott</field>
- <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=hardknott">Yocto Project Hardknott branch</a>.</field>
+ <field type="CharField" name="branch_name">dunfell</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the <a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=dunfell">Yocto Project Dunfell branch</a>.</field>
</object>
<!-- Default project layers for each release -->
@@ -177,14 +177,14 @@
<field rel="ManyToOneRel" to="orm.layer" name="layer">1</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
- <field type="CharField" name="branch">honister</field>
+ <field type="CharField" name="branch">langdale</field>
<field type="CharField" name="dirpath">meta</field>
</object>
<object model="orm.layer_version" pk="5">
<field rel="ManyToOneRel" to="orm.layer" name="layer">1</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">5</field>
- <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="branch">dunfell</field>
<field type="CharField" name="dirpath">meta</field>
</object>
@@ -222,14 +222,14 @@
<field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
- <field type="CharField" name="branch">honister</field>
+ <field type="CharField" name="branch">langdale</field>
<field type="CharField" name="dirpath">meta-poky</field>
</object>
<object model="orm.layer_version" pk="10">
<field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">5</field>
- <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="branch">dunfell</field>
<field type="CharField" name="dirpath">meta-poky</field>
</object>
@@ -267,14 +267,14 @@
<field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
- <field type="CharField" name="branch">honister</field>
+ <field type="CharField" name="branch">langdale</field>
<field type="CharField" name="dirpath">meta-yocto-bsp</field>
</object>
<object model="orm.layer_version" pk="15">
<field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">5</field>
- <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="branch">dunfell</field>
<field type="CharField" name="dirpath">meta-yocto-bsp</field>
</object>
</django-objects>
diff --git a/poky/documentation/bsp-guide/bsp.rst b/poky/documentation/bsp-guide/bsp.rst
index 7e17b42..dbbcf47 100644
--- a/poky/documentation/bsp-guide/bsp.rst
+++ b/poky/documentation/bsp-guide/bsp.rst
@@ -1180,14 +1180,14 @@
:yocto_git:`Source Repositories <>`. To get examples of what you need
in your configuration file, locate a layer (e.g. "meta-ti") and
examine the
- :yocto_git:`local.conf </meta-ti/tree/conf/layer.conf>`
+ :yocto_git:`local.conf </meta-ti/tree/meta-ti-bsp/conf/layer.conf>`
file.
- *Create a Machine Configuration File:* Create a
``conf/machine/bsp_root_name.conf`` file. See
:yocto_git:`meta-yocto-bsp/conf/machine </poky/tree/meta-yocto-bsp/conf/machine>`
for sample ``bsp_root_name.conf`` files. There are other samples such as
- :yocto_git:`meta-ti </meta-ti/tree/conf/machine>`
+ :yocto_git:`meta-ti </meta-ti/tree/meta-ti-bsp/conf/machine>`
and
:yocto_git:`meta-freescale </meta-freescale/tree/conf/machine>`
from other vendors that have more specific machine and tuning
@@ -1210,7 +1210,7 @@
-------------------------------
The layer's ``conf`` directory contains the ``layer.conf`` configuration
-file. In this example, the ``conf/layer.conf`` is the following::
+file. In this example, the ``conf/layer.conf`` file is the following::
# We have a conf and classes directory, add to BBPATH
BBPATH .= ":${LAYERDIR}"
diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py
index 07a15ce..bd45a73 100644
--- a/poky/documentation/conf.py
+++ b/poky/documentation/conf.py
@@ -106,6 +106,7 @@
'oe_wiki': ('https://www.openembedded.org/wiki%s', None),
'oe_layerindex': ('https://layers.openembedded.org%s', None),
'oe_layer': ('https://layers.openembedded.org/layerindex/branch/master/layer%s', None),
+ 'wikipedia': ('https://en.wikipedia.org/wiki/%s', None),
}
# Intersphinx config to use cross reference with BitBake user manual
diff --git a/poky/documentation/dev-manual/common-tasks.rst b/poky/documentation/dev-manual/common-tasks.rst
index 53e7686..afea9ec 100644
--- a/poky/documentation/dev-manual/common-tasks.rst
+++ b/poky/documentation/dev-manual/common-tasks.rst
@@ -5092,9 +5092,9 @@
SOLIBS = ".so.*"
SOLIBSDEV = ".so"
- FILES_${PN} = "... ${libdir}/lib*${SOLIBS} ..."
+ FILES:${PN} = "... ${libdir}/lib*${SOLIBS} ..."
FILES_SOLIBSDEV ?= "... ${libdir}/lib*${SOLIBSDEV} ..."
- FILES_${PN}-dev = "... ${FILES_SOLIBSDEV} ..."
+ FILES:${PN}-dev = "... ${FILES_SOLIBSDEV} ..."
:term:`SOLIBS` defines a pattern that matches real shared object libraries.
:term:`SOLIBSDEV` matches the development form (unversioned symlink). These two
@@ -8902,21 +8902,21 @@
bitbake -c testimage image
-All test files reside in ``meta/lib/oeqa/runtime`` in the
+All test files reside in ``meta/lib/oeqa/runtime/cases`` in the
:term:`Source Directory`. A test name maps
directly to a Python module. Each test module may contain a number of
individual tests. Tests are usually grouped together by the area tested
-(e.g tests for systemd reside in ``meta/lib/oeqa/runtime/systemd.py``).
+(e.g tests for systemd reside in ``meta/lib/oeqa/runtime/cases/systemd.py``).
You can add tests to any layer provided you place them in the proper
area and you extend :term:`BBPATH` in
the ``local.conf`` file as normal. Be sure that tests reside in
-``layer/lib/oeqa/runtime``.
+``layer/lib/oeqa/runtime/cases``.
.. note::
Be sure that module names do not collide with module names used in
- the default set of test modules in ``meta/lib/oeqa/runtime``.
+ the default set of test modules in ``meta/lib/oeqa/runtime/cases``.
You can change the set of tests run by appending or overriding
:term:`TEST_SUITES` variable in
@@ -9009,7 +9009,7 @@
As mentioned previously, all new test files need to be in the proper
place for the build system to find them. New tests for additional
functionality outside of the core should be added to the layer that adds
-the functionality, in ``layer/lib/oeqa/runtime`` (as long as
+the functionality, in ``layer/lib/oeqa/runtime/cases`` (as long as
:term:`BBPATH` is extended in the
layer's ``layer.conf`` file as normal). Just remember the following:
@@ -10734,7 +10734,7 @@
command, see ``GIT-SEND-EMAIL(1)`` displayed using the
``man git-send-email`` command.
-The Yocto Project uses a `Patchwork instance <https://patchwork.openembedded.org/>`__
+The Yocto Project uses a `Patchwork instance <https://patchwork.yoctoproject.org/>`__
to track the status of patches submitted to the various mailing lists and to
support automated patch testing. Each submitted patch is checked for common
mistakes and deviations from the expected patch format and submitters are
@@ -11229,8 +11229,6 @@
- Compilation scripts and modifications to the source code must be
provided.
-- spdx files can be provided.
-
There are other requirements beyond the scope of these three and the
methods described in this section (e.g. the mechanism through which
source code is distributed).
@@ -11422,39 +11420,6 @@
your requirements to include the scripts to control compilation as well
as any modifications to the original source.
-Providing spdx files
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The spdx module has been integrated to a layer named meta-spdxscanner.
-meta-spdxscanner provides several kinds of scanner. If you want to enable
-this function, you have to follow the following steps:
-
-1. Add meta-spdxscanner layer into ``bblayers.conf``.
-
-2. Refer to the README in meta-spdxscanner to setup the environment (e.g,
- setup a fossology server) needed for the scanner.
-
-3. Meta-spdxscanner provides several methods within the bbclass to create spdx files.
- Please choose one that you want to use and enable the spdx task. You have to
- add some config options in ``local.conf`` file in your :term:`Build
- Directory`. Here is an example showing how to generate spdx files
- during BitBake using the fossology-python.bbclass::
-
- # Select fossology-python.bbclass.
- INHERIT += "fossology-python"
- # For fossology-python.bbclass, TOKEN is necessary, so, after setup a
- # Fossology server, you have to create a token.
- TOKEN = "eyJ0eXAiO..."
- # The fossology server is necessary for fossology-python.bbclass.
- FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo"
- # If you want to upload the source code to a special folder:
- FOLDER_NAME = "xxxx" //Optional
- # If you don't want to put spdx files in tmp/deploy/spdx, you can enable:
- SPDX_DEPLOY_DIR = "${DEPLOY_DIR}" //Optional
-
-For more usage information refer to :yocto_git:`the meta-spdxscanner repository
-</meta-spdxscanner/>`.
-
Compliance Limitations with Executables Built from Static Libraries
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -11495,12 +11460,12 @@
Checking for Vulnerabilities
============================
-Vulnerabilities in images
--------------------------
+Vulnerabilities in Poky and OE-Core
+-----------------------------------
The Yocto Project has an infrastructure to track and address unfixed
known security vulnerabilities, as tracked by the public
-`Common Vulnerabilities and Exposures (CVE) <https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures>`__
+:wikipedia:`Common Vulnerabilities and Exposures (CVE) <Common_Vulnerabilities_and_Exposures>`
database.
The Yocto Project maintains a `list of known vulnerabilities
@@ -11509,14 +11474,78 @@
unpatched CVEs and the status of patches. Such information is available for
the current development version and for each supported release.
-To know which packages are vulnerable to known security vulnerabilities
-in the specific image you are building, add the following setting to your
-configuration::
+Security is a process, not a product, and thus at any time, a number of security
+issues may be impacting Poky and OE-Core. It is up to the maintainers, users,
+contributors and anyone interested in the issues to investigate and possibly fix them by
+updating software components to newer versions or by applying patches to address them.
+It is recommended to work with Poky and OE-Core upstream maintainers and submit
+patches to fix them, see ":ref:`dev-manual/common-tasks:submitting a change to the yocto project`" for details.
+
+Vulnerability check at build time
+---------------------------------
+
+To enable a check for CVE security vulnerabilities using :ref:`cve-check <ref-classes-cve-check>` in the specific image
+or target you are building, add the following setting to your configuration::
INHERIT += "cve-check"
-This way, at build time, BitBake will warn you about known CVEs
-as in the example below::
+The CVE database contains some old incomplete entries which have been
+deemed not to impact Poky or OE-Core. These CVE entries can be excluded from the
+check using build configuration::
+
+ include conf/distro/include/cve-extra-exclusions.inc
+
+With this CVE check enabled, BitBake build will try to map each compiled software component
+recipe name and version information to the CVE database and generate recipe and
+image specific reports. These reports will contain:
+
+- metadata about the software component like names and versions
+
+- metadata about the CVE issue such as description and NVD link
+
+- for each software component, a list of CVEs which are possibly impacting this version
+
+- status of each CVE: ``Patched``, ``Unpatched`` or ``Ignored``
+
+The status ``Patched`` means that a patch file to address the security issue has been
+applied. ``Unpatched`` status means that no patches to address the issue have been
+applied and that the issue needs to be investigated. ``Ignored`` means that after
+analysis, it has been deemed to ignore the issue as it for example affects
+the software component on a different operating system platform.
+
+After a build with CVE check enabled, reports for each compiled source recipe will be
+found in ``build/tmp/deploy/cve``.
+
+For example the CVE check report for the ``flex-native`` recipe looks like::
+
+ $ cat poky/build/tmp/deploy/cve/flex-native
+ LAYER: meta
+ PACKAGE NAME: flex-native
+ PACKAGE VERSION: 2.6.4
+ CVE: CVE-2016-6354
+ CVE STATUS: Patched
+ CVE SUMMARY: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
+ CVSS v2 BASE SCORE: 7.5
+ CVSS v3 BASE SCORE: 9.8
+ VECTOR: NETWORK
+ MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6354
+
+ LAYER: meta
+ PACKAGE NAME: flex-native
+ PACKAGE VERSION: 2.6.4
+ CVE: CVE-2019-6293
+ CVE STATUS: Ignored
+ CVE SUMMARY: An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.
+ CVSS v2 BASE SCORE: 4.3
+ CVSS v3 BASE SCORE: 5.5
+ VECTOR: NETWORK
+ MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6293
+
+For images, a summary of all recipes included in the image and their CVEs is also
+generated in textual and JSON formats. These ``.cve`` and ``.json`` reports can be found
+in the ``tmp/deploy/images`` directory for each compiled image.
+
+At build time CVE check will also throw warnings about ``Unpatched`` CVEs::
WARNING: flex-2.6.4-r0 do_cve_check: Found unpatched CVE (CVE-2019-6293), for more information check /poky/build/tmp/work/core2-64-poky-linux/flex/2.6.4-r0/temp/cve.log
WARNING: libarchive-3.5.1-r0 do_cve_check: Found unpatched CVE (CVE-2021-36976), for more information check /poky/build/tmp/work/core2-64-poky-linux/libarchive/3.5.1-r0/temp/cve.log
@@ -11525,21 +11554,46 @@
bitbake -c cve_check flex libarchive
-Note that OpenEmbedded-Core keeps a list of known unfixed CVE issues which can
-be ignored. You can pass this list to the check as follows::
+Fixing CVE product name and version mappings
+--------------------------------------------
- bitbake -c cve_check libarchive -R conf/distro/include/cve-extra-exclusions.inc
+By default, :ref:`cve-check <ref-classes-cve-check>` uses the recipe name :term:`BPN` as CVE
+product name when querying the CVE database. If this mapping contains false positives, e.g.
+some reported CVEs are not for the software component in question, or false negatives like
+some CVEs are not found to impact the recipe when they should, then the problems can be
+in the recipe name to CVE product mapping. These mapping issues can be fixed by setting
+the :term:`CVE_PRODUCT` variable inside the recipe. This defines the name of the software component in the
+upstream `NIST CVE database <https://nvd.nist.gov/>`__.
-Enabling vulnerabily tracking in recipes
-----------------------------------------
+The variable supports using vendor and product names like this::
-The :term:`CVE_PRODUCT` variable defines the name used to match the recipe name
-against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
+ CVE_PRODUCT = "flex_project:flex"
-Editing recipes to fix vulnerabilities
---------------------------------------
+In this example the vendor name used in the CVE database is ``flex_project`` and the
+product is ``flex``. With this setting the ``flex`` recipe only maps to this specific
+product and not products from other vendors with same name ``flex``.
-To fix a given known vulnerability, you need to add a patch file to your recipe. Here's
+Similarly, when the recipe version :term:`PV` is not compatible with software versions used by
+the upstream software component releases and the CVE database, these can be fixed using
+the :term:`CVE_VERSION` variable.
+
+Note that if the CVE entries in the NVD database contain bugs or have missing or incomplete
+information, it is recommended to fix the information there directly instead of working
+around the issues possibly for a long time in Poky and OE-Core side recipes. Feedback to
+NVD about CVE entries can be provided through the `NVD contact form <https://nvd.nist.gov/info/contact-form>`__.
+
+Fixing vulnerabilities in recipes
+---------------------------------
+
+If a CVE security issue impacts a software component, it can be fixed by updating to a newer
+version of the software component or by applying a patch. For Poky and OE-Core master branches, updating
+to a newer software component release with fixes is the best option, but patches can be applied
+if releases are not yet available.
+
+For stable branches, it is preferred to apply patches for the issues. For some software
+components minor version updates can also be applied if they are backwards compatible.
+
+Here is an example of fixing CVE security issues with patch files,
an example from the :oe_layerindex:`ffmpeg recipe</layerindex/recipe/47350>`::
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
@@ -11551,31 +11605,21 @@
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
-The :ref:`cve-check <ref-classes-cve-check>` class defines two ways of
-supplying a patch for a given CVE. The first
-way is to use a patch filename that matches the below pattern::
+A good practice is to include the CVE identifier in both the patch file name
+and inside the patch file commit message using the format::
- cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
+ CVE: CVE-2020-22033
-As shown in the example above, multiple CVE IDs can appear in a patch filename,
-but the :ref:`cve-check <ref-classes-cve-check>` class will only consider
-the last CVE ID in the filename as patched.
+CVE checker will then capture this information and change the CVE status to ``Patched``
+in the generated reports.
-The second way to recognize a patched CVE ID is when a line matching the
-below pattern is found in any patch file provided by the recipe::
+If analysis shows that the CVE issue does not impact the recipe due to configuration, platform,
+version or other reasons, the CVE can be marked as ``Ignored`` using the :term:`CVE_CHECK_IGNORE` variable.
+As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those
+issues in the CVE database directly.
- cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
-
-This allows a single patch file to address multiple CVE IDs at the same time.
-
-Of course, another way to fix vulnerabilities is to upgrade to a version
-of the package which is not impacted, typically a more recent one.
-The NIST database knows which versions are vulnerable and which ones
-are not.
-
-Last but not least, you can choose to ignore vulnerabilities through
-the :term:`CVE_CHECK_SKIP_RECIPE` and :term:`CVE_CHECK_IGNORE`
-variables.
+Recipes can be completely skipped by CVE check by including the recipe name in
+the :term:`CVE_CHECK_SKIP_RECIPE` variable.
Implementation details
----------------------
@@ -11592,24 +11636,110 @@
Then, the code looks up all the CVE IDs in the NIST database for all the
products defined in :term:`CVE_PRODUCT`. Then, for each found CVE:
- - If the package name (:term:`PN`) is part of
- :term:`CVE_CHECK_SKIP_RECIPE`, it is considered as patched.
+- If the package name (:term:`PN`) is part of
+ :term:`CVE_CHECK_SKIP_RECIPE`, it is considered as ``Patched``.
- - If the CVE ID is part of :term:`CVE_CHECK_IGNORE`, it is
- considered as patched too.
+- If the CVE ID is part of :term:`CVE_CHECK_IGNORE`, it is
+ set as ``Ignored``.
- - If the CVE ID is part of the patched CVE for the recipe, it is
- already considered as patched.
+- If the CVE ID is part of the patched CVE for the recipe, it is
+ already considered as ``Patched``.
- - Otherwise, the code checks whether the recipe version (:term:`PV`)
+- Otherwise, the code checks whether the recipe version (:term:`PV`)
is within the range of versions impacted by the CVE. If so, the CVE
- is considered as unpatched.
+ is considered as ``Unpatched``.
The CVE database is stored in :term:`DL_DIR` and can be inspected using
``sqlite3`` command as follows::
sqlite3 downloads/CVE_CHECK/nvdcve_1.1.db .dump | grep CVE-2021-37462
+When analyzing CVEs, it is recommended to:
+
+- study the latest information in `CVE database <https://nvd.nist.gov/vuln/search>`__.
+
+- check how upstream developers of the software component addressed the issue, e.g.
+ what patch was applied, which upstream release contains the fix.
+
+- check what other Linux distributions like `Debian <https://security-tracker.debian.org/tracker/>`__
+ did to analyze and address the issue.
+
+- follow security notices from other Linux distributions.
+
+- follow public `open source security mailing lists <https://oss-security.openwall.org/wiki/mailing-lists>`__ for
+ discussions and advance notifications of CVE bugs and software releases with fixes.
+
+Creating a Software Bill of Materials
+=====================================
+
+Once you are able to build an image for your project, once the licenses for
+each software component are all identified (see
+":ref:`dev-manual/common-tasks:working with licenses`") and once vulnerability
+fixes are applied (see ":ref:`dev-manual/common-tasks:checking
+for vulnerabilities`"), the OpenEmbedded build system can generate
+a description of all the components you used, their licenses, their dependencies,
+the changes that were applied and the known vulnerabilities that were fixed.
+
+This description is generated in the form of a *Software Bill of Materials*
+(:term:`SBOM`), using the :term:`SPDX` standard.
+
+When you release software, this is the most standard way to provide information
+about the Software Supply Chain of your software image and SDK. The
+:term:`SBOM` tooling is often used to ensure open source license compliance by
+providing the license texts used in the product which legal departments and end
+users can read in standardized format.
+
+:term:`SBOM` information is also critical to performing vulnerability exposure
+assessments, as all the components used in the Software Supply Chain are listed.
+
+The OpenEmbedded build system doesn't generate such information by default.
+To make this happen, you must inherit the
+:ref:`create-spdx <ref-classes-create-spdx>` class from a configuration file::
+
+ INHERIT += "create-spdx"
+
+You then get :term:`SPDX` output in JSON format as an
+``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the
+:term:`Build Directory`.
+
+This is a toplevel file accompanied by an ``IMAGE-MACHINE.spdx.index.json``
+containing an index of JSON :term:`SPDX` files for individual recipes, together
+with an ``IMAGE-MACHINE.spdx.tar.zst`` compressed archive containing all such
+files.
+
+The :ref:`create-spdx <ref-classes-create-spdx>` class offers options to include
+more information in the output :term:`SPDX` data, such as making the generated
+files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of
+the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`),
+adding a description of the source files handled by the target recipes
+(:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source files
+themselves (:term:`SPDX_ARCHIVE_SOURCES`).
+
+Though the toplevel :term:`SPDX` output is available in
+``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary
+generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as:
+
+- The individual :term:`SPDX` JSON files in the ``IMAGE-MACHINE.spdx.tar.zst``
+ archive.
+
+- Compressed archives of the files in the generated target packages,
+ in ``packages/packagename.tar.zst`` (when :term:`SPDX_ARCHIVE_PACKAGED`
+ is set).
+
+- Compressed archives of the source files used to build the host tools
+ and the target packages in ``recipes/recipe-packagename.tar.zst``
+ (when :term:`SPDX_ARCHIVE_SOURCES` is set). Those are needed to fulfill
+ "source code access" license requirements.
+
+See the `tools page <https://spdx.dev/resources/tools/>`__ on the :term:`SPDX`
+project website for a list of tools to consume and transform the :term:`SPDX`
+data generated by the OpenEmbedded build system.
+
+See also Joshua Watt's
+`Automated SBoM generation with OpenEmbedded and the Yocto Project <https://youtu.be/Q5UQUM6zxVU>`__
+presentation at FOSDEM 2023.
+
+
Using the Error Reporting Tool
==============================
diff --git a/poky/documentation/kernel-dev/faq.rst b/poky/documentation/kernel-dev/faq.rst
index e40e3ff..76923f6 100644
--- a/poky/documentation/kernel-dev/faq.rst
+++ b/poky/documentation/kernel-dev/faq.rst
@@ -36,7 +36,7 @@
The kernel image (e.g. ``vmlinuz``) is provided by the
``kernel-image`` package. Image recipes depend on ``kernel-base``. To
specify whether or not the kernel image is installed in the generated
-root filesystem, override ``RDEPENDS:${KERNEL_PACKAGE_NAME}-base`` to include or not
+root filesystem, override ``RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base`` to include or not
include "kernel-image". See the
":ref:`dev-manual/common-tasks:appending other layers metadata with your layer`"
section in the
diff --git a/poky/documentation/migration-guides/migration-4.0.rst b/poky/documentation/migration-guides/migration-4.0.rst
index 02d3c3e..ab82280 100644
--- a/poky/documentation/migration-guides/migration-4.0.rst
+++ b/poky/documentation/migration-guides/migration-4.0.rst
@@ -265,3 +265,6 @@
when parsing recipes. Any code depending on the previous behaviour will no longer
work - change any such code to explicitly use appropriate path variables instead.
+- In order to exclude the kernel image from the image rootfs,
+ :term:`RRECOMMENDS`\ ``:${KERNEL_PACKAGE_NAME}-base`` should be set instead of
+ :term:`RDEPENDS`\ ``:${KERNEL_PACKAGE_NAME}-base``.
diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst
index 9f67daa..2294265 100644
--- a/poky/documentation/migration-guides/release-4.0.rst
+++ b/poky/documentation/migration-guides/release-4.0.rst
@@ -1,3 +1,5 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
Release 4.0 (kirkstone)
=======================
@@ -9,3 +11,7 @@
release-notes-4.0.2
release-notes-4.0.3
release-notes-4.0.4
+ release-notes-4.0.5
+ release-notes-4.0.6
+ release-notes-4.0.7
+ release-notes-4.0.8
diff --git a/poky/documentation/migration-guides/release-4.1.rst b/poky/documentation/migration-guides/release-4.1.rst
index 8ebf4a4..dbca7c7 100644
--- a/poky/documentation/migration-guides/release-4.1.rst
+++ b/poky/documentation/migration-guides/release-4.1.rst
@@ -1,3 +1,5 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
Release 4.1 (langdale)
======================
@@ -5,3 +7,6 @@
migration-4.1
release-notes-4.1
+ release-notes-4.1.1
+ release-notes-4.1.2
+ release-notes-4.1.3
diff --git a/poky/documentation/migration-guides/release-notes-4.0.5.rst b/poky/documentation/migration-guides/release-notes-4.0.5.rst
new file mode 100644
index 0000000..ea0280b
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.5.rst
@@ -0,0 +1,196 @@
+Release notes for Yocto-4.0.5 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- qemu: fix :cve:`2021-3750`, :cve:`2021-3611` and :cve:`2022-2962`
+- binutils : fix :cve:`2022-38126`, :cve:`2022-38127` and :cve:`2022-38128`
+- tff: fix :cve:`2022-2867`, :cve:`2022-2868` and :cve:`2022-2869`
+- inetutils: fix :cve:`2022-39028`
+- go: fix :cve:`2022-27664`
+
+Fixes in Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~
+
+- Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"
+- bind: upgrade to 9.18.7
+- binutils: stable 2.38 branch updates (dc2474e7)
+- bitbake: Fix npm to use https rather than http
+- bitbake: asyncrpc/client: Fix unix domain socket chdir race issues
+- bitbake: bitbake: Add copyright headers where missing
+- bitbake: gitsm: Error out if submodule refers to parent repo
+- bitbake: runqueue: Drop deadlock breaking force fail
+- bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
+- bitbake: runqueue: Improve deadlock warning messages
+- bitbake: siggen: Fix insufficent entropy in sigtask file names
+- bitbake: tests/fetch: Allow handling of a file:// url within a submodule
+- build-appliance-image: Update to kirkstone head revision (4a88ada)
+- busybox: add devmem 128-bit support
+- classes: files: Extend overlayfs-etc class
+- coreutils: add openssl PACKAGECONFIG
+- create-pull-request: don't switch the git remote protocol to git://
+- dev-manual: fix reference to BitBake user manual
+- expat: upgrade 2.4.8 -> 2.4.9
+- files: overlayfs-etc: refactor preinit template
+- gcc-cross-canadian: add default plugin linker
+- gcc: add arm-v9 support
+- git: upgrade 2.35.4 -> 2.35.5
+- glibc-locale: explicitly remove empty dirs in ${libdir}
+- glibc-tests: use += instead of :append
+- glibc: stable 2.35 branch updates.(8d125a1f)
+- go-native: switch from SRC_URI:append to SRC_URI +=
+- image_types_wic.bbclass: fix cross binutils dependency
+- kern-tools: allow 'y' or 'm' to avoid config audit warnings
+- kern-tools: fix queue processing in relative TOPDIR configurations
+- kernel-yocto: allow patch author date to be commit date
+- libpng: upgrade to 1.6.38
+- linux-firmware: package new Qualcomm firmware
+- linux-firmware: upgrade 20220708 -> 20220913
+- linux-libc-headers: switch from SRC_URI:append to SRC_URI +=
+- linux-yocto-dev: add qemuarm64
+- linux-yocto/5.10: update to v5.10.149
+- linux-yocto/5.15: cfg: fix ACPI warnings for -tiny
+- linux-yocto/5.15: update to v5.15.68
+- local.conf.sample: correct the location of public hashserv
+- ltp: Fix pread02 case trigger the glibc overflow detection
+- lttng-modules: Fix crash on powerpc64
+- lttng-tools: Disable on qemuriscv32
+- lttng-tools: Disable on riscv32
+- migration-guides: add 4.0.4 release notes
+- oeqa/runtime/dnf: fix typo
+- own-mirrors: add crate
+- perf: Fix for recent kernel upgrades
+- poky.conf: bump version for 4.0.5
+- poky.yaml.in: update version requirements
+- python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=
+- python3: upgrade 3.10.4 -> 3.10.7
+- qemu: Backport patches from upstream to support float128 on qemu-ppc64
+- rpm: Remove -Wimplicit-function-declaration warnings
+- rpm: update to 4.17.1
+- rsync: update to 3.2.5
+- stress-cpu: disable float128 math on powerpc64 to avoid SIGILL
+- tune-neoversen2: support tune-neoversen2 base on armv9a
+- tzdata: update to 2022d
+- u-boot: switch from append to += in SRC_URI
+- uninative: Upgrade to 3.7 to work with glibc 2.36
+- vim: Upgrade to 9.0.0598
+- webkitgtk: Update to 2.36.7
+
+
+Known Issues in Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- There are recent CVEs in key components such as openssl. They are not included in this release as it was built before the issues were known and fixes were available but these are now available on the kirkstone branch.
+
+
+Contributors to Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adrian Freihofer
+- Alexander Kanavin
+- Alexandre Belloni
+- Bhabu Bindu
+- Bruce Ashfield
+- Chen Qi
+- Daniel McGregor
+- Denys Dmytriyenko
+- Dmitry Baryshkov
+- Florin Diaconescu
+- He Zhe
+- Joshua Watt
+- Khem Raj
+- Martin Jansa
+- Michael Halstead
+- Michael Opdenacker
+- Mikko Rapeli
+- Mingli Yu
+- Neil Horman
+- Pavel Zhukov
+- Richard Purdie
+- Robert Joslyn
+- Ross Burton
+- Ruiqiang Hao
+- Samuli Piippo
+- Steve Sakoman
+- Sundeep KOKKONDA
+- Teoh Jay Shen
+- Tim Orling
+- Virendra Thakur
+- Vyacheslav Yurkov
+- Xiangyu Chen
+- Yash Shinde
+- pgowda
+- Wang Mingyu
+
+
+Repositories / Downloads for Yocto-4.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </poky/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`2e79b199114b25d81bfaa029ccfb17676946d20d </poky/commit/?id=2e79b199114b25d81bfaa029ccfb17676946d20d>`
+- Release Artefact: poky-2e79b199114b25d81bfaa029ccfb17676946d20d
+- sha: 7bcf3f901d4c5677fc95944ab096e9e306f4c758a658dde5befd16861ad2b8ea
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/poky-2e79b199114b25d81bfaa029ccfb17676946d20d.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/poky-2e79b199114b25d81bfaa029ccfb17676946d20d.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.5 </openembedded-core/log/?h=yocto-4.0.5>`
+- Git Revision: :oe_git:`fbdf93f43ff4b876487e1f26752598ec8abcb46e </openembedded-core/commit/?id=fbdf93f43ff4b876487e1f26752598ec8abcb46e>`
+- Release Artefact: oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e
+- sha: 2d9b5a8e9355b633bb57633cc8c2d319ba13fe4721f79204e61116b3faa6cbf1
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/oecore-fbdf93f43ff4b876487e1f26752598ec8abcb46e.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </meta-mingw/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </meta-gplv2/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.5 </bitbake/log/?h=yocto-4.0.5>`
+- Git Revision: :oe_git:`c90d57497b9bcd237c3ae810ee8edb5b0d2d575a </bitbake/commit/?id=c90d57497b9bcd237c3ae810ee8edb5b0d2d575a>`
+- Release Artefact: bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a
+- sha: 5698d548ce179036e46a24f80b213124c8825a4f443fa1d6be7ab0f70b01a9ff
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.5/bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.5/bitbake-c90d57497b9bcd237c3ae810ee8edb5b0d2d575a.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.5 </yocto-docs/log/?h=yocto-4.0.5>`
+- Git Revision: :yocto_git:`8c2f9f54e29781f4ee72e81eeaa12ceaa82dc2d3 </yocto-docs/commit/?id=8c2f9f54e29781f4ee72e81eeaa12ceaa82dc2d3>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.6.rst b/poky/documentation/migration-guides/release-notes-4.0.6.rst
new file mode 100644
index 0000000..76d23fc
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.6.rst
@@ -0,0 +1,313 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.6 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- bash: Fix :cve:`2022-3715`
+- curl: Fix :cve:`2022-32221`, :cve:`2022-42915` and :cve:`2022-42916`
+- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
+- dropbear: Fix :cve:`2021-36369`
+- ffmpeg: Fix :cve:`2022-3964`, :cve:`2022-3965`
+- go: Fix :cve:`2022-2880`
+- grub2: Fix :cve:`2022-2601`, :cve:`2022-3775` and :cve:`2022-28736`
+- libarchive: Fix :cve:`2022-36227`
+- libpam: Fix :cve:`2022-28321`
+- libsndfile1: Fix :cve:`2021-4156`
+- lighttpd: Fix :cve:`2022-41556`
+- openssl: Fix :cve:`2022-3358`
+- pixman: Fix :cve:`2022-44638`
+- python3-mako: Fix :cve:`2022-40023`
+- python3: Fix :cve:`2022-42919`
+- qemu: Fix :cve:`2022-3165`
+- sysstat: Fix :cve:`2022-39377`
+- systemd: Fix :cve:`2022-3821`
+- tiff: Fix :cve:`2022-2953`, :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598` and :cve:`2022-3970`
+- vim: Fix :cve:`2022-3352`, :cve:`2022-3705` and :cve:`2022-4141`
+- wayland: Fix :cve:`2021-3782`
+- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
+
+
+Fixes in Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~
+
+- archiver: avoid using machine variable as it breaks multiconfig
+- babeltrace: upgrade to 1.5.11
+- bind: upgrade to 9.18.8
+- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
+- bitbake: gitsm: Fix regression in gitsm submodule path parsing
+- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
+- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
+- bluez5: add dbus to RDEPENDS
+- build-appliance-image: Update to kirkstone head revision
+- buildtools-tarball: export certificates to python and curl
+- cargo_common.bbclass: Fix typos
+- classes: make TOOLCHAIN more permissive for kernel
+- cmake-native: Fix host tool contamination (Bug: 14951)
+- common-tasks.rst: fix oeqa runtime test path
+- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
+- create-spdx: Remove ";name=..." for downloadLocation
+- create-spdx: default share_src for shared sources
+- cve-update-db-native: add timeout to urlopen() calls
+- dbus: upgrade to 1.14.4
+- dhcpcd: fix to work with systemd
+- expat: upgrade to 2.5.0
+- externalsrc.bbclass: Remove a trailing slash from ${B}
+- externalsrc.bbclass: fix git repo detection
+- externalsrc: git submodule--helper list unsupported
+- gcc-shared-source: Fix source date epoch handling
+- gcc-source: Drop gengtype manipulation
+- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
+- gcc-source: Fix gengtypes race
+- gdk-pixbuf: upgrade to 2.42.10
+- get_module_deps3.py: Check attribute '__file__'
+- glib-2.0: fix rare GFileInfo test case failure
+- glibc-locale: Do not INHIBIT_DEFAULT_DEPS
+- gnomebase.bbclass: return the whole version for tarball directory if it is a number
+- gnutls: Unified package names to lower-case
+- groff: submit patches upstream
+- gstreamer1.0-libav: fix errors with ffmpeg 5.x
+- gstreamer1.0: upgrade to 1.20.4
+- ifupdown: upgrade to 0.8.39
+- insane.bbclass: Allow hashlib version that only accepts on parameter
+- iso-codes: upgrade to 4.12.0
+- kea: submit patch upstream (fix-multilib-conflict.patch)
+- kern-tools: fix relative path processing
+- kern-tools: integrate ZFS speedup patch
+- kernel-yocto: improve fatal error messages of symbol_why.py
+- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
+- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
+- kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
+- libcap: upgrade to 2.66
+- libepoxy: convert to git
+- libepoxy: update to 1.5.10
+- libffi: submit patch upstream (0001-arm-sysv-reverted-clang-VFP-mitigation.patch )
+- libffi: upgrade to 3.4.4
+- libical: upgrade to 3.0.16
+- libksba: upgrade to 1.6.2
+- libuv: fixup SRC_URI
+- libxcrypt: upgrade to 4.4.30
+- lighttpd: upgrade to 1.4.67
+- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
+- linux-firmware: don't put the firmware into the sysroot
+- linux-firmware: package amdgpu firmware
+- linux-firmware: split rtl8761 firmware
+- linux-firmware: upgrade to 20221109
+- linux-yocto/5.10: update genericx86* machines to v5.10.149
+- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
+- linux-yocto/5.15: update genericx86* machines to v5.15.72
+- linux-yocto/5.15: update to v5.15.78
+- ltp: backport clock_gettime04 fix from upstream
+- lttng-modules: upgrade to 2.13.7
+- lttng-tools: Upgrade to 2.13.8
+- lttng-tools: submit determinism.patch upstream
+- lttng-ust: upgrade to 2.13.5
+- meson: make wrapper options sub-command specific
+- meta-selftest/staticids: add render group for systemd
+- mirrors.bbclass: update CPAN_MIRROR
+- mirrors.bbclass: use shallow tarball for binutils-native
+- mobile-broadband-provider-info: upgrade 20220725 -> 20221107
+- mtd-utils: upgrade 2.1.4 -> 2.1.5
+- numactl: upgrade to 2.0.16
+- oe/packagemanager/rpm: don't leak file objects
+- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
+- oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo
+- oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
+- openssl: Fix SSL_CERT_FILE to match ca-certs location
+- openssl: upgrade to 3.0.7
+- openssl: export necessary env vars in SDK
+- opkg-utils: use a git clone, not a dynamic snapshot
+- opkg: Set correct info_dir and status_file in opkg.conf
+- overlayfs: Allow not used mount points
+- ovmf: correct patches status
+- package: Fix handling of minidebuginfo with newer binutils
+- perf: Depend on native setuptools3
+- poky.conf: bump version for 4.0.6
+- psplash: add psplash-default in rdepends
+- psplash: consider the situation of psplash not exist for systemd
+- python3: advance to version 3.10.8
+- qemu-helper-native: Correctly pass program name as argv[0]
+- qemu-helper-native: Re-write bridge helper as C program
+- qemu-native: Add PACKAGECONFIG option for jack
+- qemu: add io_uring PACKAGECONFIG
+- quilt: backport a patch to address grep 3.8 failures
+- resolvconf: make it work
+- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
+- runqemu: Do not perturb script environment
+- runqemu: Fix gl-es argument from causing other arguments to be ignored
+- sanity: Drop data finalize call
+- sanity: check for GNU tar specifically
+- scripts/oe-check-sstate: cleanup
+- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
+- scripts: convert-overrides: Allow command-line customizations
+- socat: upgrade to 1.7.4.4
+- SPDX and CVE documentation updates
+- sstate: Allow optimisation of do_deploy_archives task dependencies
+- sstatesig: emit more helpful error message when not finding sstate manifest
+- sstatesig: skip the rm_work task signature
+- sudo: upgrade to 1.9.12p1
+- systemd: Consider PACKAGECONFIG in RRECOMMENDS
+- systemd: add group render to udev package
+- tcl: correct patch status
+- tiff: refresh with devtool
+- tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
+- u-boot: Remove duplicate inherit of cml1
+- uboot-sign: Fix using wrong KEY_REQ_ARGS
+- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
+- valgrind: remove most hidden tests for arm64
+- vim: Upgrade to 9.0.0947
+- vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
+- wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
+- wic: make ext2/3/4 images reproducible
+- wic: swap partitions are not added to fstab
+- wpebackend-fdo: upgrade to 1.14.0
+- xserver-xorg: move some recommended dependencies in required
+- xwayland: upgrade to 22.1.5
+
+
+Known Issues in Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alex Kiernan
+- Alexander Kanavin
+- Alexey Smirnov
+- Bartosz Golaszewski
+- Bernhard Rosenkränzer
+- Bhabu Bindu
+- Bruce Ashfield
+- Chee Yang Lee
+- Chen Qi
+- Christian Eggers
+- Claus Stovgaard
+- Diego Sueiro
+- Dmitry Baryshkov
+- Ed Tanous
+- Enrico Jörns
+- Etienne Cordonnier
+- Frank de Brabander
+- Harald Seiler
+- Hitendra Prajapati
+- Jan-Simon Moeller
+- Jeremy Puhlman
+- Joe Slater
+- John Edward Broadbent
+- Jose Quaresma
+- Joshua Watt
+- Kai Kang
+- Keiya Nobuta
+- Khem Raj
+- Konrad Weihmann
+- Leon Anavi
+- Liam Beguin
+- Marek Vasut
+- Mark Hatle
+- Martin Jansa
+- Michael Opdenacker
+- Mikko Rapeli
+- Narpat Mali
+- Nathan Rossi
+- Niko Mauno
+- Pavel Zhukov
+- Peter Kjellerstedt
+- Peter Marko
+- Polampalli, Archana
+- Qiu, Zheng
+- Ravula Adhitya Siddartha
+- Richard Purdie
+- Ross Burton
+- Sakib Sajal
+- Sean Anderson
+- Sergei Zhmylev
+- Steve Sakoman
+- Teoh Jay Shen
+- Thomas Perrot
+- Tim Orling
+- Vincent Davis Jr
+- Vivek Kumbhar
+- Vyacheslav Yurkov
+- Wang Mingyu
+- Xiangyu Chen
+- Zheng Qiu
+- Ciaran Courtney
+- Wang Mingyu
+
+
+Repositories / Downloads for Yocto-4.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </poky/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`c4e08719a782fd4119eaf643907b80cebf57f88f </poky/commit/?id=c4e08719a782fd4119eaf643907b80cebf57f88f>`
+- Release Artefact: poky-c4e08719a782fd4119eaf643907b80cebf57f88f
+- sha: 2eb3b323dd2ccd25f9442bfbcbde82bc081fad5afd146a8e6dde439db24a99d4
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/poky-c4e08719a782fd4119eaf643907b80cebf57f88f.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.6 </openembedded-core/log/?h=yocto-4.0.6>`
+- Git Revision: :oe_git:`45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2 </openembedded-core/commit/?id=45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2>`
+- Release Artefact: oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2
+- sha: de8b443365927befe67cc443b60db57563ff0726377223f836a3f3971cf405ec
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/oecore-45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </meta-mingw/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </meta-gplv2/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.6 </bitbake/log/?h=yocto-4.0.6>`
+- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>`
+- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509
+- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.6/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.6 </yocto-docs/log/?h=yocto-4.0.6>`
+- Git Revision: :yocto_git:`c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f </yocto-docs/commit/?id=c10d65ef3bbdf4fe3abc03e3aef3d4ca8c2ad87f>`
+
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.7.rst b/poky/documentation/migration-guides/release-notes-4.0.7.rst
new file mode 100644
index 0000000..9e8ad51
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.7.rst
@@ -0,0 +1,242 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.7 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- binutils: Fix :cve:`2022-4285`
+- curl: Fix :cve:`2022-43551` and `CVE-2022-43552 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552>`__
+- ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341`
+- go: Fix :cve:`2022-41715` and :cve:`2022-41717`
+- libX11: Fix :cve:`2022-3554` and :cve:`2022-3555`
+- libarchive: Fix :cve:`2022-36227`
+- libksba: Fix :cve:`2022-47629`
+- libpng: Fix :cve:`2019-6129`
+- libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304`
+- openssl: Fix :cve:`2022-3996`
+- python3: Fix :cve:`2022-45061`
+- python3-git: Fix :cve:`2022-24439`
+- python3-setuptools: Fix :cve:`2022-40897`
+- python3-wheel: Fix :cve:`2022-40898`
+- qemu: Fix :cve:`2022-4144`
+- sqlite: Fix :cve:`2022-46908`
+- systemd: Fix :cve:`2022-45873`
+- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088`
+- webkitgtk: Fix :cve:`2022-32886`, `CVE-2022-32891 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891>`__ and :cve:`2022-32912`
+
+
+Fixes in Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~
+
+- Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
+- at: Change when files are copied
+- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
+- base.bbclass: Fix way to check ccache path
+- bc: extend to nativesdk
+- bind: upgrade to 9.18.10
+- busybox: always start do_compile with orig config files
+- busybox: rm temporary files if do_compile was interrupted
+- cairo: fix CVE patches assigned wrong CVE number
+- cairo: update patch for :cve:`2019-6461` with upstream solution
+- classes/create-spdx: Add SPDX_PRETTY option
+- classes: image: Set empty weak default IMAGE_LINGUAS
+- combo-layer: add sync-revs command
+- combo-layer: dont use bb.utils.rename
+- combo-layer: remove unused import
+- curl: Correct LICENSE from MIT-open-group to curl
+- cve-check: write the cve manifest to IMGDEPLOYDIR
+- cve-update-db-native: avoid incomplete updates
+- cve-update-db-native: show IP on failure
+- dbus: Add missing CVE product name
+- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
+- devtool: process local files only for the main branch
+- dhcpcd: backport two patches to fix runtime error
+- docs: kernel-dev: faq: update tip on how to not include kernel in image
+- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
+- efibootmgr: update compilation with musl
+- externalsrc: fix lookup for .gitmodules
+- ffmpeg: refresh patches to apply cleanly
+- freetype:update mirror site.
+- gcc: Refactor linker patches and fix linker on arm with usrmerge
+- glibc: stable 2.35 branch updates.
+- go-crosssdk: avoid host contamination by GOCACHE
+- gstreamer1.0: Fix race conditions in gstbin tests
+- gstreamer1.0: upgrade to 1.20.5
+- gtk-icon-cache: Fix GTKIC_CMD if-else condition
+- harfbuzz: remove bindir only if it exists
+- kernel-fitimage: Adjust order of dtb/dtbo files
+- kernel-fitimage: Allow user to select dtb when multiple dtb exists
+- kernel.bbclass: remove empty module directories to prevent QA issues
+- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
+- lib/oe/reproducible: Use git log without gpg signature
+- libepoxy: remove upstreamed patch
+- libnewt: update 0.52.21 -> 0.52.23
+- libseccomp: fix typo in DESCRIPTION
+- libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
+- libxml2: fix test data checksums
+- linux-firmware: upgrade 20221109 -> 20221214
+- linux-yocto/5.10: update to v5.10.152
+- linux-yocto/5.10: update to v5.10.154
+- linux-yocto/5.10: update to v5.10.160
+- linux-yocto/5.15: fix perf build with clang
+- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
+- linux-yocto/5.15: ltp and squashfs fixes
+- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
+- linux-yocto/5.15: update to v5.15.84
+- lsof: add update-alternatives logic
+- lttng-modules: update 2.13.7 -> 2.13.8
+- manuals: add 4.0.5 and 4.0.6 release notes
+- manuals: document SPDX_PRETTY variable
+- mpfr: upgrade 4.1.0 -> 4.1.1
+- oeqa/concurrencytest: Add number of failures to summary output
+- oeqa/rpm.py: Increase timeout and add debug output
+- oeqa/selftest/externalsrc: add test for srctree_hash_files
+- openssh: remove RRECOMMENDS to rng-tools for sshd package
+- poky.conf: bump version for 4.0.7
+- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
+- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
+- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
+- ruby: merge .inc into .bb
+- ruby: update 3.1.2 -> 3.1.3
+- selftest/virgl: use pkg-config from the host
+- tiff: Add packageconfig knob for webp
+- toolchain-scripts: compatibility with unbound variable protection
+- tzdata: update 2022d -> 2022g
+- valgrind: skip the boost_thread test on arm
+- xserver-xorg: upgrade 21.1.4 -> 21.1.6
+- xwayland: libxshmfence is needed when dri3 is enabled
+- xwayland: upgrade 22.1.5 -> 22.1.7
+- yocto-check-layer: Allow OE-Core to be tested
+
+
+Known Issues in Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alejandro Hernandez Samaniego
+- Alex Kiernan
+- Alex Stewart
+- Alexander Kanavin
+- Antonin Godard
+- Benoît Mauduit
+- Bhabu Bindu
+- Bruce Ashfield
+- Carlos Alberto Lopez Perez
+- Changqing Li
+- Chen Qi
+- Daniel Gomez
+- Florin Diaconescu
+- He Zhe
+- Hitendra Prajapati
+- Jagadeesh Krishnanjanappa
+- Jan Kircher
+- Jermain Horsman
+- Jose Quaresma
+- Joshua Watt
+- KARN JYE LAU
+- Kai Kang
+- Khem Raj
+- Luis
+- Marta Rybczynska
+- Martin Jansa
+- Mathieu Dubois-Briand
+- Michael Opdenacker
+- Narpat Mali
+- Ovidiu Panait
+- Pavel Zhukov
+- Peter Marko
+- Petr Kubizňák
+- Quentin Schulz
+- Randy MacLeod
+- Ranjitsinh Rathod
+- Richard Purdie
+- Robert Andersson
+- Ross Burton
+- Sandeep Gundlupet Raju
+- Saul Wold
+- Steve Sakoman
+- Vivek Kumbhar
+- Wang Mingyu
+- Xiangyu Chen
+- Yash Shinde
+- Yogita Urade
+
+
+Repositories / Downloads for Yocto-4.0.7
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </poky/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`65dafea22018052fe7b2e17e6e4d7eb754224d38 </poky/commit/?id=65dafea22018052fe7b2e17e6e4d7eb754224d38>`
+- Release Artefact: poky-65dafea22018052fe7b2e17e6e4d7eb754224d38
+- sha: 6b1b67600b84503e2d5d29bcd6038547339f4f9413b830cd2408df825eda642d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/poky-65dafea22018052fe7b2e17e6e4d7eb754224d38.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.7 </openembedded-core/log/?h=yocto-4.0.7>`
+- Git Revision: :oe_git:`a8c82902384f7430519a31732a4bb631f21693ac </openembedded-core/commit/?id=a8c82902384f7430519a31732a4bb631f21693ac>`
+- Release Artefact: oecore-a8c82902384f7430519a31732a4bb631f21693ac
+- sha: 6f2dbc4ea1e388620ef77ac3a7bbb2b5956bb8bf9349b0c16cd7610e9996f5ea
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/oecore-a8c82902384f7430519a31732a4bb631f21693ac.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </meta-mingw/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </meta-gplv2/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.7 </bitbake/log/?h=yocto-4.0.7>`
+- Git Revision: :oe_git:`7e268c107bb0240d583d2c34e24a71e373382509 </bitbake/commit/?id=7e268c107bb0240d583d2c34e24a71e373382509>`
+- Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509
+- sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.7/bitbake-7e268c107bb0240d583d2c34e24a71e373382509.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.7 </yocto-docs/log/?h=yocto-4.0.7>`
+- Git Revision: :yocto_git:`5883e897c34f25401b358a597fb6e18d80f7f90b </yocto-docs/commit/?id=5883e897c34f25401b358a597fb6e18d80f7f90b>`
+
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.8.rst b/poky/documentation/migration-guides/release-notes-4.0.8.rst
new file mode 100644
index 0000000..223b74f
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.8.rst
@@ -0,0 +1,217 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.8 (Kirkstone)
+-----------------------------------------
+
+Security Fixes in Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- apr-util: Fix :cve:`2022-25147`
+- apr: Fix :cve:`2022-24963`, :cve:`2022-28331` and :cve:`2021-35940`
+- bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
+- git: Ignore :cve:`2022-41953`
+- git: Fix :cve:`2022-23521` and :cve:`2022-41903`
+- libgit2: Fix :cve:`2023-22742`
+- ppp: Fix :cve:`2022-4603`
+- python3-certifi: Fix :cve:`2022-23491`
+- sudo: Fix :cve:`2023-22809`
+- tar: Fix :cve:`2022-48303`
+
+
+Fixes in Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~
+
+- core-image.bbclass: Fix missing leading whitespace with ':append'
+- populate_sdk_ext.bbclass: Fix missing leading whitespace with ':append'
+- ptest-packagelists.inc: Fix missing leading whitespace with ':append'
+- apr-util: upgrade to 1.6.3
+- apr: upgrade to 1.7.2
+- apt: fix do_package_qa failure
+- bind: upgrade to 9.18.11
+- bitbake: bb/utils: include SSL certificate paths in export_proxies
+- bitbake: bitbake-diffsigs: Make PEP8 compliant
+- bitbake: bitbake-diffsigs: break on first dependent task difference
+- bitbake: fetch2/git: Clarify the meaning of namespace
+- bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
+- bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV
+- bitbake: siggen: Fix inefficient string concatenation
+- bitbake: utils/ply: Update md5 to better report errors with hashlib
+- bootchart2: Fix usrmerge support
+- bsp-guide: fix broken git URLs and missing word
+- build-appliance-image: Update to kirkstone head revision
+- buildtools-tarball: set pkg-config search path
+- classes/fs-uuid: Fix command output decoding issue
+- dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
+- dev-manual: fix old override syntax
+- devshell: Do not add scripts/git-intercept to PATH
+- devtool: fix devtool finish when gitmodules file is empty
+- diffutils: upgrade to 3.9
+- gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
+- git: upgrade to 2.35.7
+- glslang: branch rename master -> main
+- httpserver: add error handler that write to the logger
+- image.bbclass: print all QA functions exceptions
+- kernel/linux-kernel-base: Fix kernel build artefact determinism issues
+- libc-locale: Fix on target locale generation
+- libgit2: upgrade to 1.4.5
+- libjpeg-turbo: upgrade to 2.1.5
+- libtirpc: Check if file exists before operating on it
+- libusb1: Link with latomic only if compiler has no atomic builtins
+- libusb1: Strip trailing whitespaces
+- linux-firmware: upgrade to 20230117
+- linux-yocto/5.15: update to v5.15.91
+- lsof: fix old override syntax
+- lttng-modules: Fix for 5.10.163 kernel version
+- lttng-tools: upgrade to 2.13.9
+- make-mod-scripts: Ensure kernel build output is deterministic
+- manuals: update patchwork instance URL
+- meta: remove True option to getVar and getVarFlag calls (again)
+- migration-guides: add release-notes for 4.0.7
+- native: Drop special variable handling
+- numactl: skip test case when target platform doesn't have 2 CPU node
+- oeqa context.py: fix --target-ip comment to include ssh port number
+- oeqa dump.py: add error counter and stop after 5 failures
+- oeqa qemurunner.py: add timeout to QMP calls
+- oeqa qemurunner.py: try to avoid reading one character at a time
+- oeqa qemurunner: read more data at a time from serial
+- oeqa ssh.py: add connection keep alive options to ssh client
+- oeqa ssh.py: move output prints to new line
+- oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
+- oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail
+- oeqa/selftest/locales: Add selftest for locale generation/presence
+- poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
+- poky.conf: bump version for 4.0.8
+- profile-manual: update WireShark hyperlinks
+- python3-pytest: depend on python3-tomli instead of python3-toml
+- qemu: fix compile error
+- quilt: fix intermittent failure in faildiff.test
+- quilt: use upstreamed faildiff.test fix
+- recipe_sanity: fix old override syntax
+- ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
+- scons.bbclass: Make MAXLINELENGTH overridable
+- scons: Pass MAXLINELENGTH to scons invocation
+- sdkext/cases/devtool: pass a logger to HTTPService
+- spirv-headers: set correct branch name
+- sudo: upgrade to 1.9.12p2
+- system-requirements.rst: add Fedora 36 and AlmaLinux 8.7 to list of supported distros
+- testimage: Fix error message to reflect new syntax
+- update-alternatives: fix typos
+- vulkan-samples: branch rename master -> main
+
+
+Known Issues in Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alejandro Hernandez Samaniego
+- Alexander Kanavin
+- Alexandre Belloni
+- Armin Kuster
+- Arnout Vandecappelle
+- Bruce Ashfield
+- Changqing Li
+- Chee Yang Lee
+- Etienne Cordonnier
+- Harald Seiler
+- Kai Kang
+- Khem Raj
+- Lee Chee Yang
+- Louis Rannou
+- Marek Vasut
+- Marius Kriegerowski
+- Mark Hatle
+- Martin Jansa
+- Mauro Queiros
+- Michael Opdenacker
+- Mikko Rapeli
+- Mingli Yu
+- Narpat Mali
+- Niko Mauno
+- Pawel Zalewski
+- Peter Kjellerstedt
+- Richard Purdie
+- Rodolfo Quesada Zumbado
+- Ross Burton
+- Sakib Sajal
+- Schmidt, Adriaan
+- Steve Sakoman
+- Thomas Roos
+- Ulrich Ölmann
+- Xiangyu Chen
+
+
+Repositories / Downloads for Yocto-4.0.8
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </poky/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`a361fb3df9c87cf12963a9d785a9f99faa839222 </poky/commit/?id=a361fb3df9c87cf12963a9d785a9f99faa839222>`
+- Release Artefact: poky-a361fb3df9c87cf12963a9d785a9f99faa839222
+- sha: af4e8d64be27d3a408357c49b7952ce04c6d8bb0b9d7b50c48848d9355de7fc2
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/poky-a361fb3df9c87cf12963a9d785a9f99faa839222.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/poky-a361fb3df9c87cf12963a9d785a9f99faa839222.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.8 </openembedded-core/log/?h=yocto-4.0.8>`
+- Git Revision: :oe_git:`b20e2134daec33fbb8ce358d984751d887752bd5 </openembedded-core/commit/?id=b20e2134daec33fbb8ce358d984751d887752bd5>`
+- Release Artefact: oecore-b20e2134daec33fbb8ce358d984751d887752bd5
+- sha: 63cce6f1caf8428eefc1471351ab024affc8a41d8d7777f525e3aa9ea454d2cd
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/oecore-b20e2134daec33fbb8ce358d984751d887752bd5.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/oecore-b20e2134daec33fbb8ce358d984751d887752bd5.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </meta-mingw/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </meta-gplv2/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.8 </bitbake/log/?h=yocto-4.0.8>`
+- Git Revision: :oe_git:`9bbdedc0ba7ca819b898e2a29a151d6a2014ca11 </bitbake/commit/?id=9bbdedc0ba7ca819b898e2a29a151d6a2014ca11>`
+- Release Artefact: bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11
+- sha: 8e724411f4df00737e81b33eb568f1f97d2a00d5364342c0a212c46abb7b005b
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.8/bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.8/bitbake-9bbdedc0ba7ca819b898e2a29a151d6a2014ca11.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.8 </yocto-docs/log/?h=yocto-4.0.8>`
+- Git Revision: :yocto_git:`16ecbe028f2b9cc021267817a5413054e070b563 </yocto-docs/commit/?id=16ecbe028f2b9cc021267817a5413054e070b563>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.1.1.rst b/poky/documentation/migration-guides/release-notes-4.1.1.rst
new file mode 100644
index 0000000..4f31fbf
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.1.rst
@@ -0,0 +1,319 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.1.1 (Langdale)
+----------------------------------------
+
+Security Fixes in Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- curl: Fix :cve:`2022-32221`, :cve:`2022-35260`, :cve:`2022-42915` and :cve:`2022-42916`
+- libx11: Fix :cve:`2022-3554`
+- lighttpd: Fix :cve:`2022-41556`
+- openssl: Fix :cve:`2022-3358`, :cve:`2022-3602` and :cve:`2022-3786`
+- pixman: Fix :cve:`2022-44638`
+- qemu: Fix :cve:`2022-3165`
+- sudo: Fix :cve:`2022-43995`
+- tiff: Fix :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570` and :cve:`2022-3598`
+- xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
+- xserver-xorg: Ignore :cve:`2022-3553`
+
+
+Fixes in Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~
+
+- Add 4.1 migration guide & release notes
+- bitbake: asyncrpc: serv: correct closed client socket detection
+- bitbake: bitbake-user-manual: details about variable flags starting with underscore
+- bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
+- bitbake: bitbake: user-manual: inform about spaces in :remove
+- bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables
+- bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
+- bitbake: tests/fetch: Allow handling of a file:// url within a submodule
+- bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests
+- bitbake: utils/ply: Update md5 to better report errors with hashlib
+- bluez5: add dbus to :term:`RDEPENDS`
+- build-appliance-image: Update to langdale head revision
+- buildconf: compare abspath
+- buildtools-tarball: export certificates to python and curl
+- cmake-native: Fix host tool contamination
+- create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
+- create-spdx: Remove ";name=..." for downloadLocation
+- cve-update-db-native: add timeout to urlopen() calls
+- dev-manual: common-tasks.rst: add reference to "do_clean" task
+- dev-manual: common-tasks.rst: add reference to "do_listtasks" task
+- docs: add support for langdale (4.1) release
+- dropbear: add pam to :term:`PACKAGECONFIG`
+- externalsrc.bbclass: fix git repo detection
+- externalsrc.bbclass: Remove a trailing slash from ${B}
+- externalsrc: move back to classes
+- gcc: Allow -Wno-error=poison-system-directories to take effect
+- glib-2.0: fix rare GFileInfo test case failure
+- gnutls: Unified package names to lower-case
+- gnutls: upgrade 3.7.7 -> 3.7.8
+- grub: disable build on armv7ve/a with hardfp
+- gstreamer1.0-libav: fix errors with ffmpeg 5.x
+- ifupdown: upgrade 0.8.37 -> 0.8.39
+- insane.bbclass: Allow hashlib version that only accepts on parameter
+- install-buildtools: support buildtools-make-tarball and update to 4.1
+- kern-tools: fix relative path processing
+- kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
+- kernel-yocto: improve fatal error messages of symbol_why.py
+- kernel: Clear :term:`SYSROOT_DIRS` instead of replacing sysroot_stage_all
+- libcap: upgrade 2.65 -> 2.66
+- libical: upgrade 3.0.14 -> 3.0.15
+- libksba: upgrade 1.6.0 -> 1.6.2
+- libsdl2: upgrade 2.24.0 -> 2.24.1
+- lighttpd: upgrade 1.4.66 -> 1.4.67
+- linux-firmware: package amdgpu firmware
+- linux-firmware: split rtl8761 firmware
+- linux-yocto/5.15: update to v5.15.72
+- linux-yocto/5.19: update to v5.19.14
+- linux-yocto: add efi entry for machine features
+- lttng-modules: upgrade 2.13.4 -> 2.13.5
+- lttng-ust: upgrade 2.13.4 -> 2.13.5
+- manuals: add reference to "do_configure" task
+- manuals: add reference to the "do_compile" task
+- manuals: add reference to the "do_install" task
+- manuals: add reference to the "do_kernel_configcheck" task
+- manuals: add reference to the "do_populate_sdk" task
+- manuals: add references to "do_package_write_*" tasks
+- manuals: add references to "do_populate_sysroot" task
+- manuals: add references to the "do_build" task
+- manuals: add references to the "do_bundle_initramfs" task
+- manuals: add references to the "do_cleanall" task
+- manuals: add references to the "do_deploy" task
+- manuals: add references to the "do_devshell" task
+- manuals: add references to the "do_fetch" task
+- manuals: add references to the "do_image" task
+- manuals: add references to the "do_kernel_configme" task
+- manuals: add references to the "do_package" task
+- manuals: add references to the "do_package_qa" task
+- manuals: add references to the "do_patch" task
+- manuals: add references to the "do_rootfs" task
+- manuals: add references to the "do_unpack" task
+- manuals: fix misc typos
+- manuals: improve initramfs details
+- manuals: updates for building on Windows (WSL 2)
+- mesa: only apply patch to fix ALWAYS_INLINE for native
+- mesa: update 22.2.0 -> 22.2.2
+- meson: make wrapper options sub-command specific
+- meson: upgrade 0.63.2 -> 0.63.3
+- migration guides: 3.4: remove spurious space in example
+- migration guides: add release notes for 4.0.4
+- migration-general: add section on using buildhistory
+- migration-guides/release-notes-4.1.rst: add more known issues
+- migration-guides/release-notes-4.1.rst: update Repositories / Downloads
+- migration-guides: add known issues for 4.1
+- migration-guides: add reference to the "do_shared_workdir" task
+- migration-guides: use contributor real name
+- migration-guides: use contributor real name
+- mirrors.bbclass: use shallow tarball for binutils-native
+- mtools: upgrade 4.0.40 -> 4.0.41
+- numactl: upgrade 2.0.15 -> 2.0.16
+- oe/packagemanager/rpm: don't leak file objects
+- openssl: export necessary env vars in SDK
+- openssl: Fix SSL_CERT_FILE to match ca-certs location
+- openssl: Upgrade 3.0.5 -> 3.0.7
+- opkg-utils: use a git clone, not a dynamic snapshot
+- overlayfs: Allow not used mount points
+- overview-manual: concepts.rst: add reference to "do_packagedata" task
+- overview-manual: concepts.rst: add reference to "do_populate_sdk_ext" task
+- overview-manual: concepts.rst: fix formating and add references
+- own-mirrors: add crate
+- pango: upgrade 1.50.9 -> 1.50.10
+- perf: Depend on native setuptools3
+- poky.conf: bump version for 4.1.1
+- poky.conf: remove Ubuntu 21.10
+- populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner
+- psplash: add psplash-default in rdepends
+- qemu-native: Add :term:`PACKAGECONFIG` option for jack
+- quilt: backport a patch to address grep 3.8 failures
+- ref-manual/faq.rst: update references to products built with OE / Yocto Project
+- ref-manual/variables.rst: clarify sentence
+- ref-manual: add a note to ssh-server-dropbear feature
+- ref-manual: add :term:`CVE_CHECK_SHOW_WARNINGS`
+- ref-manual: add :term:`CVE_DB_UPDATE_INTERVAL`
+- ref-manual: add :term:`DEV_PKG_DEPENDENCY`
+- ref-manual: add :term:`DISABLE_STATIC`
+- ref-manual: add :term:`FIT_PAD_ALG`
+- ref-manual: add :term:`KERNEL_DEPLOY_DEPEND`
+- ref-manual: add missing features
+- ref-manual: add :term:`MOUNT_BASE` variable
+- ref-manual: add overlayfs class variables
+- ref-manual: add :term:`OVERLAYFS_ETC_EXPOSE_LOWER`
+- ref-manual: add :term:`OVERLAYFS_QA_SKIP`
+- ref-manual: add previous overlayfs-etc variables
+- ref-manual: add pypi class
+- ref-manual: add :term:`SDK_TOOLCHAIN_LANGS`
+- ref-manual: add section for create-spdx class
+- ref-manual: add serial-autologin-root to :term:`IMAGE_FEATURES` documentation
+- ref-manual: add :term:`UBOOT_MKIMAGE_KERNEL_TYPE`
+- ref-manual: add :term:`WATCHDOG_TIMEOUT` to variable glossary
+- ref-manual: add :term:`WIRELESS_DAEMON`
+- ref-manual: classes.rst: add links to all references to a class
+- ref-manual: complementary package installation recommends
+- ref-manual: correct default for :term:`BUILDHISTORY_COMMIT`
+- ref-manual: document new github-releases class
+- ref-manual: expand documentation on image-buildinfo class
+- ref-manual: faq.rst: reorganize into subsections, contents at top
+- ref-manual: remove reference to largefile in :term:`DISTRO_FEATURES`
+- ref-manual: remove reference to testimage-auto class
+- ref-manual: system-requirements: Ubuntu 22.04 now supported
+- ref-manual: tasks.rst: add reference to the "do_image_complete" task
+- ref-manual: tasks.rst: add reference to the "do_kernel_checkout" task
+- ref-manual: tasks.rst: add reference to the "do_kernel_metadata" task
+- ref-manual: tasks.rst: add reference to the "do_validate_branches" task
+- ref-manual: tasks.rst: add references to the "do_cleansstate" task
+- ref-manual: update buildpaths QA check documentation
+- ref-manual: update pypi documentation for :term:`CVE_PRODUCT` default in 4.1
+- ref-manual: variables.rst: add reference to "do_populate_lic" task
+- release-notes-4.1.rst remove bitbake-layers subcommand argument
+- runqemu: Do not perturb script environment
+- runqemu: Fix gl-es argument from causing other arguments to be ignored
+- rust-target-config: match riscv target names with what rust expects
+- rust: install rustfmt for riscv32 as well
+- sanity: check for GNU tar specifically
+- scripts/oe-check-sstate: cleanup
+- scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
+- sdk-manual: correct the bitbake target for a unified sysroot build
+- shadow: update 4.12.1 -> 4.12.3
+- systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
+- test-manual: fix typo in machine name
+- tiff: fix a typo for :cve:`2022-2953`.patch
+- u-boot: Add savedefconfig task
+- u-boot: Remove duplicate inherit of cml1
+- uboot-sign: Fix using wrong KEY_REQ_ARGS
+- Update documentation for classes split
+- vim: upgrade to 9.0.0820
+- vulkan-samples: add lfs=0 to :term:`SRC_URI` to avoid git smudge errors in do_unpack
+- wic: honor the :term:`SOURCE_DATE_EPOCH` in case of updated fstab
+- wic: swap partitions are not added to fstab
+- wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
+- xserver-xorg: move some recommended dependencies in required
+- zlib: do out-of-tree builds
+- zlib: upgrade 1.2.12 -> 1.2.13
+- zlib: use .gz archive and set a PREMIRROR
+
+
+Known Issues in Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+
+Contributors to Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adrian Freihofer
+- Alex Kiernan
+- Alexander Kanavin
+- Bartosz Golaszewski
+- Bernhard Rosenkränzer
+- Bruce Ashfield
+- Chen Qi
+- Christian Eggers
+- Claus Stovgaard
+- Ed Tanous
+- Etienne Cordonnier
+- Frank de Brabander
+- Hitendra Prajapati
+- Jan-Simon Moeller
+- Jeremy Puhlman
+- Johan Korsnes
+- Jon Mason
+- Jose Quaresma
+- Joshua Watt
+- Justin Bronder
+- Kai Kang
+- Keiya Nobuta
+- Khem Raj
+- Lee Chee Yang
+- Liam Beguin
+- Luca Boccassi
+- Mark Asselstine
+- Mark Hatle
+- Markus Volk
+- Martin Jansa
+- Michael Opdenacker
+- Ming Liu
+- Mingli Yu
+- Paul Eggleton
+- Peter Kjellerstedt
+- Qiu, Zheng
+- Quentin Schulz
+- Richard Purdie
+- Robert Joslyn
+- Ross Burton
+- Sean Anderson
+- Sergei Zhmylev
+- Steve Sakoman
+- Takayasu Ito
+- Teoh Jay Shen
+- Thomas Perrot
+- Tim Orling
+- Vincent Davis Jr
+- Vyacheslav Yurkov
+- Ciaran Courtney
+- Wang Mingyu
+
+
+Repositories / Downloads for Yocto-4.1.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`langdale </poky/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.1 </poky/log/?h=yocto-4.1.1>`
+- Git Revision: :yocto_git:`d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff </poky/commit/?id=d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff>`
+- Release Artefact: poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff
+- sha: e92b694fbb74a26c7a875936dfeef4a13902f24b06127ee52f4d1c1e4b03ec24
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/poky-d3cda9a3e0837eb2ac5482f5f2bd8e55e874feff.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>`
+- Tag: :oe_git:`yocto-4.1.1 </openembedded-core/log/?h=yocto-4.1.1>`
+- Git Revision: :oe_git:`9237ffc4feee2dd6ff5bdd672072509ef9e82f6d </openembedded-core/commit/?id=9237ffc4feee2dd6ff5bdd672072509ef9e82f6d>`
+- Release Artefact: oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d
+- sha: d73198aef576f0fca0d746f9d805b1762c19c31786bc3f7d7326dfb2ed6fc1be
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/oecore-9237ffc4feee2dd6ff5bdd672072509ef9e82f6d.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.1 </meta-mingw/log/?h=yocto-4.1.1>`
+- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>`
+- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c
+- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>`
+- Tag: :oe_git:`yocto-4.1.1 </bitbake/log/?h=yocto-4.1.1>`
+- Git Revision: :oe_git:`138dd7883ee2c521900b29985b6d24a23d96563c </bitbake/commit/?id=138dd7883ee2c521900b29985b6d24a23d96563c>`
+- Release Artefact: bitbake-138dd7883ee2c521900b29985b6d24a23d96563c
+- sha: 5dc5aff4b4a801253c627cdaab6b1a0ceee2c531f1a6b166d85d1265a35d4be5
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/bitbake-138dd7883ee2c521900b29985b6d24a23d96563c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.1/bitbake-138dd7883ee2c521900b29985b6d24a23d96563c.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.1 </yocto-docs/log/?h=yocto-4.1.1>`
+- Git Revision: :yocto_git:`8e0841c3418caa227c66a60327db09dfbe72054a </yocto-docs/commit/?id=8e0841c3418caa227c66a60327db09dfbe72054a>`
+
+
diff --git a/poky/documentation/migration-guides/release-notes-4.1.2.rst b/poky/documentation/migration-guides/release-notes-4.1.2.rst
new file mode 100644
index 0000000..ee5d4cc
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.2.rst
@@ -0,0 +1,286 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.1.2 (Langdale)
+----------------------------------------
+
+Security Fixes in Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- sudo: Fix :cve:`2022-43995`
+- binutils: Fix :cve:`2022-4285`
+- cairo: update patch for :cve:`2019-6461` with upstream solution
+- expat: Fix :cve:`2022-43680`
+- ffmpeg: Fix :cve:`2022-3964` and :cve:`2022-3965`
+- grub: Fix :cve:`2022-28736`
+- libarchive: Fix :cve:`2022-36227`
+- libpam: Fix :cve:`2022-28321`
+- libpng: Fix :cve:`2019-6129`
+- ruby: Fix :cve:`2022-28738` and :cve:`2022-28739`
+- tiff: Fix :cve:`2022-3970`
+- vim: Fix :cve:`2022-4141`
+
+
+Fixes in Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~
+
+- Expand create-spdx class documentation
+- Expand cve-check class documentation
+- archiver: avoid using machine variable as it breaks multiconfig
+- babeltrace: Upgrade to 1.5.11
+- backport SPDX documentation and vulnerability improvements
+- baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
+- bc: extend to nativesdk
+- bind: Upgrade to 9.18.9
+- bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
+- bitbake: gitsm: Fix regression in gitsm submodule path parsing
+- bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
+- bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
+- build-appliance-image: Update to langdale head revision
+- cargo_common.bbclass: Fix typos
+- classes: make TOOLCHAIN more permissive for kernel
+- cmake: Upgrade to 3.24.2
+- combo-layer: add sync-revs command
+- combo-layer: dont use bb.utils.rename
+- combo-layer: remove unused import
+- common-tasks.rst: fix oeqa runtime test path
+- create-spdx: default share_src for shared sources
+- curl: Correct LICENSE from MIT-open-group to curl
+- dbus: Add missing CVE product name
+- devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
+- dhcpcd: fix to work with systemd
+- docs: kernel-dev: faq: update tip on how to not include kernel in image
+- docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
+- expat: upgrade to 2.5.0
+- externalsrc: fix lookup for .gitmodules
+- ffmpeg: Upgrade to 5.1.2
+- gcc-shared-source: Fix source date epoch handling
+- gcc-source: Drop gengtype manipulation
+- gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
+- gcc-source: Fix gengtypes race
+- gdk-pixbuf: Upgrade to 2.42.10
+- get_module_deps3.py: Check attribute '__file__'
+- glibc-tests: correctly pull in the actual tests when installing -ptest package
+- gnomebase.bbclass: return the whole version for tarball directory if it is a number
+- go-crosssdk: avoid host contamination by GOCACHE
+- go: Update reproducibility patch to fix panic errors
+- go: submit patch upstream
+- go: Upgrade to 1.19.3
+- gptfdisk: remove warning message from target system
+- groff: submit patches upstream
+- gstreamer1.0: Upgrade to 1.20.5
+- help2man: Upgrade to 1.49.3
+- insane: add codeload.github.com to src-uri-bad checkz
+- inetutils: Upgrade to 2.4
+- iso-codes: Upgrade to 4.12.0
+- kbd: Don't build tests
+- kea: submit patch upstream
+- kern-tools: integrate ZFS speedup patch
+- kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
+- kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
+- kernel.bbclass: remove empty module directories to prevent QA issues
+- lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
+- libdrm: Remove libdrm-kms package
+- libepoxy: convert to git
+- libepoxy: remove upstreamed patch
+- libepoxy: Upgrade to 1.5.10
+- libffi: submit patch upstream
+- libffi: Upgrade to 3.4.4
+- libical: Upgrade to 3.0.16
+- libnewt: Upgrade to 0.52.23
+- libsdl2: Upgrade to 2.24.2
+- libpng: Upgrade to 1.6.39
+- libuv: fixup SRC_URI
+- libxcrypt-compat: Upgrade to 4.4.33
+- libxcrypt: Upgrade to 4.4.30
+- libxml2: fix test data checksums
+- linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
+- linux-firmware: don't put the firmware into the sysroot
+- linux-firmware: Upgrade to 20221109
+- linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
+- linux-yocto/5.15: update genericx86* machines to v5.15.72
+- linux-yocto/5.15: Upgrade to v5.15.78
+- linux-yocto/5.19: cfg: intel and vesa updates
+- linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings
+- linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure
+- linux-yocto/5.19: security.cfg: remove configs which have been dropped
+- linux-yocto/5.19: update genericx86* machines to v5.19.14
+- linux-yocto/5.19: Upgrade to v5.19.17
+- lsof: add update-alternatives logic
+- lttng-modules: Upgrade to 2.13.7
+- lttng-tools: submit determinism.patch upstream
+- manuals: add 4.0.5 and 4.0.6 release notes
+- mesa: do not rely on native llvm-config in target sysroot
+- mesa: Upgrade to 22.2.3
+- meta-selftest/staticids: add render group for systemd
+- mirrors.bbclass: update CPAN_MIRROR
+- mobile-broadband-provider-info: Upgrade to 20221107
+- mpfr: Upgrade to 4.1.1
+- mtd-utils: Upgrade to 2.1.5
+- oeqa/concurrencytest: Add number of failures to summary output
+- oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
+- oeqa/selftest/externalsrc: add test for srctree_hash_files
+- oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
+- openssh: remove RRECOMMENDS to rng-tools for sshd package
+- opkg: Set correct info_dir and status_file in opkg.conf
+- opkg: Upgrade to 0.6.1
+- ovmf: correct patches status
+- package: Fix handling of minidebuginfo with newer binutils
+- pango: Make it build with ptest disabled
+- pango: replace a recipe fix with an upstream submitted patch
+- pango: Upgrade to 1.50.11
+- poky.conf: bump version for 4.1.2
+- psplash: consider the situation of psplash not exist for systemd
+- python3-mako: Upgrade to 1.2.3
+- qemu-helper-native: Correctly pass program name as argv[0]
+- qemu-helper-native: Re-write bridge helper as C program
+- qemu: Ensure libpng dependency is deterministic
+- qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
+- resolvconf: make it work
+- rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
+- rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
+- ruby: merge .inc into .bb
+- ruby: Upgrade to 3.1.3
+- rust: submit a rewritten version of crossbeam_atomic.patch upstream
+- sanity: Drop data finalize call
+- scripts: convert-overrides: Allow command-line customizations
+- selftest: add a copy of previous mtd-utils version to meta-selftest
+- socat: Upgrade to 1.7.4.4
+- sstate: Allow optimisation of do_deploy_archives task dependencies
+- sstatesig: emit more helpful error message when not finding sstate manifest
+- sstatesig: skip the rm_work task signature
+- sudo: Upgrade to 1.9.12p1
+- sysstat: Upgrade to 12.6.1
+- systemd: Consider PACKAGECONFIG in RRECOMMENDS
+- systemd: Make importd depend on glib-2.0 again
+- systemd: add group render to udev package
+- systemd: Upgrade to 251.8
+- tcl: correct patch status
+- tzdata: Upgrade to 2022g
+- vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
+- valgrind: skip the boost_thread test on arm
+- vim: Upgrade to 9.0.0947
+- wic: make ext2/3/4 images reproducible
+- xwayland: libxshmfence is needed when dri3 is enabled
+- xwayland: Upgrade to 22.1.5
+- yocto-check-layer: Allow OE-Core to be tested
+
+
+Known Issues in Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Alejandro Hernandez Samaniego
+- Alex Kiernan
+- Alex Stewart
+- Alexander Kanavin
+- Alexey Smirnov
+- Bruce Ashfield
+- Carlos Alberto Lopez Perez
+- Chen Qi
+- Diego Sueiro
+- Dmitry Baryshkov
+- Enrico Jörns
+- Harald Seiler
+- Hitendra Prajapati
+- Jagadeesh Krishnanjanappa
+- Jose Quaresma
+- Joshua Watt
+- Kai Kang
+- Konrad Weihmann
+- Leon Anavi
+- Marek Vasut
+- Martin Jansa
+- Mathieu Dubois-Briand
+- Michael Opdenacker
+- Mikko Rapeli
+- Narpat Mali
+- Nathan Rossi
+- Niko Mauno
+- Ola x Nilsson
+- Ovidiu Panait
+- Pavel Zhukov
+- Peter Bergin
+- Peter Kjellerstedt
+- Peter Marko
+- Polampalli, Archana
+- Qiu, Zheng
+- Quentin Schulz
+- Randy MacLeod
+- Ranjitsinh Rathod
+- Ravula Adhitya Siddartha
+- Richard Purdie
+- Robert Andersson
+- Ross Burton
+- Ryan Eatmon
+- Sakib Sajal
+- Sandeep Gundlupet Raju
+- Sergei Zhmylev
+- Steve Sakoman
+- Tim Orling
+- Wang Mingyu
+- Xiangyu Chen
+- pgowda
+
+Repositories / Downloads for Yocto-4.1.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`langdale </poky/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.2 </poky/log/?h=yocto-4.1.2>`
+- Git Revision: :yocto_git:`74c92e38c701e268406bb656b45ccd68471c217e </poky/commit/?id=74c92e38c701e268406bb656b45ccd68471c217e>`
+- Release Artefact: poky-74c92e38c701e268406bb656b45ccd68471c217e
+- sha: 06a2b304d0e928b62d81087797ae86115efe925c506bcb40c7d4747e14790bb0
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/poky-74c92e38c701e268406bb656b45ccd68471c217e.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/poky-74c92e38c701e268406bb656b45ccd68471c217e.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>`
+- Tag: :oe_git:`yocto-4.1.2 </openembedded-core/log/?h=yocto-4.1.2>`
+- Git Revision: :oe_git:`670f4f103b25897524d115c1f290ecae441fe4bd </openembedded-core/commit/?id=670f4f103b25897524d115c1f290ecae441fe4bd>`
+- Release Artefact: oecore-670f4f103b25897524d115c1f290ecae441fe4bd
+- sha: 09d77700e84efc738aef5713c5e86f19fa092f876d44b870789155cc1625ef04
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/oecore-670f4f103b25897524d115c1f290ecae441fe4bd.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/oecore-670f4f103b25897524d115c1f290ecae441fe4bd.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.2 </meta-mingw/log/?h=yocto-4.1.2>`
+- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>`
+- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c
+- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>`
+- Tag: :oe_git:`yocto-4.1.2 </bitbake/log/?h=yocto-4.1.2>`
+- Git Revision: :oe_git:`f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4 </bitbake/commit/?id=f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4>`
+- Release Artefact: bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4
+- sha: 7faf97eca78afd3994e4e126e5f5908617408c340c6eff8cd7047e0b961e2d10
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.2/bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.2/bitbake-f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.2 </yocto-docs/log/?h=yocto-4.1.2>`
+- Git Revision: :yocto_git:`30f5f9ece260fd600f0c0fa32fc2f1fc61cf7d1b </yocto-docs/commit/?id=30f5f9ece260fd600f0c0fa32fc2f1fc61cf7d1b>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.1.3.rst b/poky/documentation/migration-guides/release-notes-4.1.3.rst
new file mode 100644
index 0000000..16e0a40
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.3.rst
@@ -0,0 +1,317 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.1.3 (Langdale)
+----------------------------------------
+
+Security Fixes in Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- apr-util: Fix :cve:`2022-25147`
+- apr: Fix :cve:`2022-24963` and :cve:`2022-28331`
+- bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
+- curl: Fix :cve:`2022-43551` and :cve:`2022-43552`
+- dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
+- git: Fix :cve:`2022-23521`, :cve:`2022-39253`, :cve:`2022-39260` and :cve:`2022-41903`
+- git: Ignore :cve:`2022-41953`
+- go: Fix :cve:`2022-41717` and :cve:`2022-41720`
+- grub2: Fix :cve:`2022-2601` and :cve:`2022-3775`
+- less: Fix :cve:`2022-46663`
+- libarchive: Fix :cve:`2022-36227`
+- libksba: Fix :cve:`2022-47629`
+- openssl: Fix :cve:`2022-3996`
+- pkgconf: Fix :cve:`2023-24056`
+- ppp: Fix :cve:`2022-4603`
+- sudo: Fix :cve:`2023-22809`
+- tar: Fix :cve:`2022-48303`
+- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054`, :cve:`2023-0288`, :cve:`2023-0433` and :cve:`2023-0512`
+- xserver-xorg: Fix `CVE-2023-0494 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494>`__
+- xwayland: Fix `CVE-2023-0494 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494>`__
+
+
+Fixes in Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~
+
+- apr-util: Upgrade to 1.6.3
+- apr: Upgrade to 1.7.2
+- apt: fix do_package_qa failure
+- at: Change when files are copied
+- base.bbclass: Fix way to check ccache path
+- bblayers/makesetup: skip git repos that are submodules
+- bblayers/setupwriters/oe-setup-layers: create dir if not exists
+- bind: Upgrade to 9.18.11
+- bitbake-layers: fix a typo
+- bitbake: bb/utils: include SSL certificate paths in export_proxies
+- bitbake: fetch2/git: Clarify the meaning of namespace
+- bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
+- bitbake: process: log odd unlink events with bitbake.sock
+- bitbake: server/process: Add bitbake.sock race handling
+- bitbake: siggen: Fix inefficient string concatenation
+- bootchart2: Fix usrmerge support
+- bsp-guide: fix broken git URLs and missing word
+- build-appliance-image: Update to langdale head revision
+- buildtools-tarball: set pkg-config search path
+- busybox: Fix depmod patch
+- busybox: always start do_compile with orig config files
+- busybox: rm temporary files if do_compile was interrupted
+- cairo: fix CVE patches assigned wrong CVE number
+- classes/fs-uuid: Fix command output decoding issue
+- classes/populate_sdk_base: Append cleandirs
+- classes: image: Set empty weak default IMAGE_LINGUAS
+- cml1: remove redundant addtask
+- core-image.bbclass: Fix missing leading whitespace with ':append'
+- createrepo-c: Include missing rpm/rpmstring.h
+- curl: don't enable debug builds
+- curl: fix dependencies when building with ldap/ldaps
+- cve-check: write the cve manifest to IMGDEPLOYDIR
+- cve-update-db-native: avoid incomplete updates
+- cve-update-db-native: show IP on failure
+- dbus: Upgrade to 1.14.6
+- dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
+- dev-manual: fix old override syntax
+- devshell: Do not add scripts/git-intercept to PATH
+- devtool: fix devtool finish when gitmodules file is empty
+- devtool: process local files only for the main branch
+- dhcpcd: backport two patches to fix runtime error
+- dhcpcd: fix dhcpcd start failure on qemuppc64
+- diffutils: Upgrade to 3.9
+- ffmpeg: fix configure failure on noexec /tmp host
+- gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
+- git: Upgrade to 2.37.6
+- glslang: branch rename master -> main
+- go: Upgrade to 1.19.4
+- gstreamer1.0 : Revert "disable flaky gstbin:test_watch_for_state_change test" and Fix race conditions in gstbin tests with upstream solution
+- harfbuzz: remove bindir only if it exists
+- httpserver: add error handler that write to the logger
+- image.bbclass: print all QA functions exceptions
+- kernel-fitimage: Adjust order of dtb/dtbo files
+- kernel-fitimage: Allow user to select dtb when multiple dtb exists
+- kernel-yocto: fix kernel-meta data detection
+- kernel/linux-kernel-base: Fix kernel build artefact determinism issues
+- lib/buildstats: handle tasks that never finished
+- lib/oe/reproducible: Use git log without gpg signature
+- libarchive: Upgrade to 3.6.2
+- libc-locale: Fix on target locale generation
+- libgit2: Upgrade to 1.5.1
+- libjpeg-turbo: Upgrade to 2.1.5.1
+- libksba: Upgrade to 1.6.3
+- libpng: Enable NEON for aarch64 to enensure consistency with arm32.
+- librsvg: Only enable the Vala bindings if GObject Introspection is enabled
+- librsvg: enable vapi build
+- libseccomp: fix for the ptest result format
+- libseccomp: fix typo in DESCRIPTION
+- libssh2: Clean up ptest patch/coverage
+- libtirpc: Check if file exists before operating on it
+- libusb1: Link with latomic only if compiler has no atomic builtins
+- libusb1: Strip trailing whitespaces
+- linux-firmware: add yamato fw files to qcom-adreno-a2xx package
+- linux-firmware: properly set license for all Qualcomm firmware
+- linux-firmware: Upgrade to 20230210
+- linux-yocto/5.15: fix perf build with clang
+- linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
+- linux-yocto/5.15: ltp and squashfs fixes
+- linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
+- linux-yocto/5.15: Upgrade to v5.15.91
+- linux-yocto/5.19: fix perf build with clang
+- linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy
+- lsof: fix old override syntax
+- lttng-modules: Fix for 5.10.163 kernel version
+- lttng-modules: fix for kernel 6.2+
+- lttng-modules: Upgrade to 2.13.8
+- lttng-tools: Upgrade to 2.13.9
+- make-mod-scripts: Ensure kernel build output is deterministic
+- manuals: update patchwork instance URL
+- mesa-gl: gallium is required when enabling x11
+- meta: remove True option to getVar and getVarFlag calls (again)
+- migration-guides: add release-notes for 4.0.7
+- native: Drop special variable handling
+- numactl: skip test case when target platform doesn't have 2 CPU node
+- oeqa context.py: fix --target-ip comment to include ssh port number
+- oeqa dump.py: add error counter and stop after 5 failures
+- oeqa qemurunner.py: add timeout to QMP calls
+- oeqa qemurunner.py: try to avoid reading one character at a time
+- oeqa qemurunner: read more data at a time from serial
+- oeqa ssh.py: add connection keep alive options to ssh client
+- oeqa ssh.py: fix hangs in run()
+- oeqa ssh.py: move output prints to new line
+- oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
+- oeqa/rpm.py: Increase timeout and add debug output
+- oeqa/selftest/debuginfod: improve testcase
+- oeqa/selftest/locales: Add selftest for locale generation/presence
+- oeqa/selftest/resulttooltests: fix minor typo
+- openssl: Upgrade to 3.0.8
+- opkg: ensure opkg uses private gpg.conf when applying keys.
+- pango: Upgrade to 1.50.12
+- perf: Enable debug/source packaging
+- pkgconf: Upgrade to 1.9.4
+- poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
+- poky.conf: bump version for 4.1.3
+- populate_sdk_ext.bbclass: Fix missing leading whitespace with ':append'
+- profile-manual: update WireShark hyperlinks
+- ptest-packagelists.inc: Fix missing leading whitespace with ':append'
+- python3-pytest: depend on python3-tomli instead of python3-toml
+- quilt: fix intermittent failure in faildiff.test
+- quilt: use upstreamed faildiff.test fix
+- recipe_sanity: fix old override syntax
+- ref-manual: Fix invalid feature name
+- ref-manual: update DEV_PKG_DEPENDENCY in variables
+- ref-manual: variables.rst: fix broken hyperlink
+- rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
+- runqemu: kill qemu if it hangs
+- rust: Do not use default compiler flags defined in CC crate
+- scons.bbclass: Make MAXLINELENGTH overridable
+- scons: Pass MAXLINELENGTH to scons invocation
+- sdkext/cases/devtool: pass a logger to HTTPService
+- selftest/virgl: use pkg-config from the host
+- spirv-headers/spirv-tools: set correct branch name
+- sstate.bbclass: Fetch non-existing local .sig files if needed
+- sstatesig: Improve output hash calculation
+- sudo: Upgrade to 1.9.12p2
+- system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros
+- testimage: Fix error message to reflect new syntax
+- tiff: Add packageconfig knob for webp
+- toolchain-scripts: compatibility with unbound variable protection
+- uninative: Upgrade to 3.8.1 to include libgcc
+- update-alternatives: fix typos
+- vim: Upgrade to 9.0.1293
+- vulkan-samples: branch rename master -> main
+- wic: Fix usage of fstype=none in wic
+- wireless-regdb: Upgrade to 2023.02.13
+- xserver-xorg: Upgrade to 21.1.7
+- xwayland: Upgrade to 22.1.8
+
+
+Known Issues in Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adrian Freihofer
+- Alejandro Hernandez Samaniego
+- Alex Kiernan
+- Alexander Kanavin
+- Alexis Lothoré
+- Anton Antonov
+- Antonin Godard
+- Armin Kuster
+- Arnout Vandecappelle
+- Benoît Mauduit
+- Bruce Ashfield
+- Carlos Alberto Lopez Perez
+- Changqing Li
+- Charlie Johnston
+- Chee Yang Lee
+- Chen Qi
+- Dmitry Baryshkov
+- Enguerrand de Ribaucourt
+- Etienne Cordonnier
+- Fawzi KHABER
+- Federico Pellegrin
+- Frank de Brabander
+- Harald Seiler
+- He Zhe
+- Jan Kircher
+- Jermain Horsman
+- Jose Quaresma
+- Joshua Watt
+- Kai Kang
+- Khem Raj
+- Lei Maohui
+- Louis Rannou
+- Luis
+- Marek Vasut
+- Markus Volk
+- Marta Rybczynska
+- Martin Jansa
+- Mateusz Marciniec
+- Mauro Queiros
+- Michael Halstead
+- Michael Opdenacker
+- Mikko Rapeli
+- Mingli Yu
+- Narpat Mali
+- Niko Mauno
+- Pavel Zhukov
+- Pawel Zalewski
+- Peter Kjellerstedt
+- Petr Kubizňák
+- Quentin Schulz
+- Randy MacLeod
+- Richard Purdie
+- Robert Joslyn
+- Rodolfo Quesada Zumbado
+- Ross Burton
+- Sakib Sajal
+- Sandeep Gundlupet Raju
+- Saul Wold
+- Siddharth Doshi
+- Steve Sakoman
+- Thomas Roos
+- Tobias Hagelborn
+- Ulrich Ölmann
+- Vivek Kumbhar
+- Wang Mingyu
+- Xiangyu Chen
+
+
+Repositories / Downloads for Yocto-4.1.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`langdale </poky/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.3 </poky/log/?h=yocto-4.1.3>`
+- Git Revision: :yocto_git:`91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f </poky/commit/?id=91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f>`
+- Release Artefact: poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f
+- sha: 94e4615eba651fe705436b29b854458be050cc39db936295f9d5eb7e85d3eff1
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/poky-91d0157d6daf4ea61d6b4e090c0b682d3f3ca60f.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`langdale </openembedded-core/log/?h=langdale>`
+- Tag: :oe_git:`yocto-4.1.3 </openembedded-core/log/?h=yocto-4.1.3>`
+- Git Revision: :oe_git:`b995ea45773211bd7bdd60eabcc9bbffda6beb5c </openembedded-core/commit/?id=b995ea45773211bd7bdd60eabcc9bbffda6beb5c>`
+- Release Artefact: oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c
+- sha: 952e19361f205ee91b74e5caaa835d58fa6dd0d92ddaed50d4cd3f3fa56fab63
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/oecore-b995ea45773211bd7bdd60eabcc9bbffda6beb5c.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`langdale </meta-mingw/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.3 </meta-mingw/log/?h=yocto-4.1.3>`
+- Git Revision: :yocto_git:`b0067202db8573df3d23d199f82987cebe1bee2c </meta-mingw/commit/?id=b0067202db8573df3d23d199f82987cebe1bee2c>`
+- Release Artefact: meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c
+- sha: 704f2940322b81ce774e9cbd27c3cfa843111d497dc7b1eeaa39cd694d9a2366
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/meta-mingw-b0067202db8573df3d23d199f82987cebe1bee2c.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.2 </bitbake/log/?h=2.2>`
+- Tag: :oe_git:`yocto-4.1.3 </bitbake/log/?h=yocto-4.1.3>`
+- Git Revision: :oe_git:`592ee222a1c6da42925fb56801f226884b6724ec </bitbake/commit/?id=592ee222a1c6da42925fb56801f226884b6724ec>`
+- Release Artefact: bitbake-592ee222a1c6da42925fb56801f226884b6724ec
+- sha: 79c32f2ca66596132e32a45654ce0e9dd42b6b39186eff3540a9d6b499fe952c
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.1.3/bitbake-592ee222a1c6da42925fb56801f226884b6724ec.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.1.3/bitbake-592ee222a1c6da42925fb56801f226884b6724ec.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`langdale </yocto-docs/log/?h=langdale>`
+- Tag: :yocto_git:`yocto-4.1.3 </yocto-docs/log/?h=yocto-4.1.3>`
+- Git Revision: :yocto_git:`3de2ad1f8ff87aeec30088779267880306a0f31a </yocto-docs/commit/?id=3de2ad1f8ff87aeec30088779267880306a0f31a>`
+
diff --git a/poky/documentation/overview-manual/yp-intro.rst b/poky/documentation/overview-manual/yp-intro.rst
index 8b476f4..8a57117 100644
--- a/poky/documentation/overview-manual/yp-intro.rst
+++ b/poky/documentation/overview-manual/yp-intro.rst
@@ -361,7 +361,7 @@
of the :oe_layerindex:`OpenEmbedded Layer Index <>`, which
is a website that indexes OpenEmbedded-Core layers.
-- *Patchwork:* `Patchwork <http://jk.ozlabs.org/projects/patchwork/>`__
+- *Patchwork:* `Patchwork <https://patchwork.yoctoproject.org/>`__
is a fork of a project originally started by
`OzLabs <https://ozlabs.org/>`__. The project is a web-based tracking
system designed to streamline the process of bringing contributions
diff --git a/poky/documentation/profile-manual/usage.rst b/poky/documentation/profile-manual/usage.rst
index 49f8af4..5493a2b 100644
--- a/poky/documentation/profile-manual/usage.rst
+++ b/poky/documentation/profile-manual/usage.rst
@@ -1738,7 +1738,7 @@
The tool is pretty self-explanatory, but for more detailed information
on navigating through the data, see the `kernelshark
-website <https://rostedt.homelinux.com/kernelshark/>`__.
+website <https://kernelshark.org/Documentation.html>`__.
ftrace Documentation
--------------------
@@ -1767,8 +1767,8 @@
- `trace-cmd: A front-end for
Ftrace <https://lwn.net/Articles/410200/>`__
-There's more detailed documentation kernelshark usage here:
-`KernelShark <https://rostedt.homelinux.com/kernelshark/>`__
+See also `KernelShark's documentation <https://kernelshark.org/Documentation.html>`__
+for further usage details.
An amusing yet useful README (a tracing mini-HOWTO) can be found in
``/sys/kernel/debug/tracing/README``.
diff --git a/poky/documentation/ref-manual/classes.rst b/poky/documentation/ref-manual/classes.rst
index 1880e44..03995e9 100644
--- a/poky/documentation/ref-manual/classes.rst
+++ b/poky/documentation/ref-manual/classes.rst
@@ -373,8 +373,26 @@
``create-spdx.bbclass``
=======================
-The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for automatically creating
-SPDX SBoM documents based upon image and SDK contents.
+The :ref:`create-spdx <ref-classes-create-spdx>` class provides support for
+automatically creating :term:`SPDX` :term:`SBOM` documents based upon image
+and SDK contents.
+
+This class is meant to be inherited globally from a configuration file::
+
+ INHERIT += "create-spdx"
+
+The toplevel :term:`SPDX` output file is generated in JSON format as a
+``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the
+:term:`Build Directory`. There are other related files in the same directory,
+as well as in ``tmp/deploy/spdx``.
+
+The exact behaviour of this class, and the amount of output can be controlled
+by the :term:`SPDX_PRETTY`, :term:`SPDX_ARCHIVE_PACKAGED`,
+:term:`SPDX_ARCHIVE_SOURCES` and :term:`SPDX_INCLUDE_SOURCES` variables.
+
+See the description of these variables and the
+":ref:`dev-manual/common-tasks:creating a software bill of materials`"
+section in the Yocto Project Development Manual for more details.
.. _ref-classes-cross:
@@ -412,13 +430,61 @@
=====================
The :ref:`cve-check <ref-classes-cve-check>` class looks for known CVEs (Common Vulnerabilities
-and Exposures) while building an image. This class is meant to be
+and Exposures) while building with BitBake. This class is meant to be
inherited globally from a configuration file::
INHERIT += "cve-check"
+To filter out obsolete CVE database entries which are known not to impact software from Poky and OE-Core,
+add following line to the build configuration file::
+
+ include cve-extra-exclusions.inc
+
You can also look for vulnerabilities in specific packages by passing
-``-c cve_check`` to BitBake. You will find details in the
+``-c cve_check`` to BitBake.
+
+After building the software with Bitbake, CVE check output reports are available in ``tmp/deploy/cve``
+and image specific summaries in ``tmp/deploy/images/*.cve`` or ``tmp/deploy/images/*.json`` files.
+
+When building, the CVE checker will emit build time warnings for any detected
+issues which are in the state ``Unpatched``, meaning that CVE issue seems to affect the software component
+and version being compiled and no patches to address the issue are applied. Other states
+for detected CVE issues are: ``Patched`` meaning that a patch to address the issue is already
+applied, and ``Ignored`` meaning that the issue can be ignored.
+
+The ``Patched`` state of a CVE issue is detected from patch files with the format
+``CVE-ID.patch``, e.g. ``CVE-2019-20633.patch``, in the :term:`SRC_URI` and using
+CVE metadata of format ``CVE: CVE-ID`` in the commit message of the patch file.
+
+If the recipe lists the ``CVE-ID`` in :term:`CVE_CHECK_IGNORE` variable, then the CVE state is reported
+as ``Ignored``. Multiple CVEs can be listed separated by spaces. Example::
+
+ CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"
+
+If CVE check reports that a recipe contains false positives or false negatives, these may be
+fixed in recipes by adjusting the CVE product name using :term:`CVE_PRODUCT` and :term:`CVE_VERSION` variables.
+:term:`CVE_PRODUCT` defaults to the plain recipe name :term:`BPN` which can be adjusted to one or more CVE
+database vendor and product pairs using the syntax::
+
+ CVE_PRODUCT = "flex_project:flex"
+
+where ``flex_project`` is the CVE database vendor name and ``flex`` is the product name. Similarly
+if the default recipe version :term:`PV` does not match the version numbers of the software component
+in upstream releases or the CVE database, then the :term:`CVE_VERSION` variable can be used to set the
+CVE database compatible version number, for example::
+
+ CVE_VERSION = "2.39"
+
+Any bugs or missing or incomplete information in the CVE database entries should be fixed in the CVE database
+via the `NVD feedback form <https://nvd.nist.gov/info/contact-form>`__.
+
+Users should note that security is a process, not a product, and thus also CVE checking, analyzing results,
+patching and updating the software should be done as a regular process. The data and assumptions
+required for CVE checker to reliably detect issues are frequently broken in various ways.
+These can only be detected by reviewing the details of the issues and iterating over the generated reports,
+and following what happens in other Linux distributions and in the greater open source community.
+
+You will find some more details in the
":ref:`dev-manual/common-tasks:checking for vulnerabilities`"
section in the Development Tasks Manual.
diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst
index a5b01e8..9345543 100644
--- a/poky/documentation/ref-manual/features.rst
+++ b/poky/documentation/ref-manual/features.rst
@@ -296,11 +296,11 @@
forced in ``/etc/passwd`` and ``/etc/shadow`` if such files exist.
.. note::
- ``empty-root-passwd`` doesn't set an empty root password by itself.
+ ``empty-root-password`` doesn't set an empty root password by itself.
You get an initial empty root password thanks to the
:oe_git:`base-passwd </openembedded-core/tree/meta/recipes-core/base-passwd/>`
and :oe_git:`shadow </openembedded-core/tree/meta/recipes-extended/shadow/>`
- recipes, and the presence of ``empty-root-passwd`` or ``debug-tweaks``
+ recipes, and the presence of ``empty-root-password`` or ``debug-tweaks``
just disables the mechanism which forces an non-empty password for the
root user.
diff --git a/poky/documentation/ref-manual/system-requirements.rst b/poky/documentation/ref-manual/system-requirements.rst
index 2a6d444..7756284 100644
--- a/poky/documentation/ref-manual/system-requirements.rst
+++ b/poky/documentation/ref-manual/system-requirements.rst
@@ -47,14 +47,22 @@
- Fedora 35
+- Fedora 36
+
- AlmaLinux 8.5
+- AlmaLinux 8.7
+
+- AlmaLinux 9.1
+
- Debian GNU/Linux 10.x (Buster)
- Debian GNU/Linux 11.x (Bullseye)
- OpenSUSE Leap 15.3
+- OpenSUSE Leap 15.4
+
.. note::
- While the Yocto Project Team attempts to ensure all Yocto Project
diff --git a/poky/documentation/ref-manual/terms.rst b/poky/documentation/ref-manual/terms.rst
index 1e3f718..7e5295a 100644
--- a/poky/documentation/ref-manual/terms.rst
+++ b/poky/documentation/ref-manual/terms.rst
@@ -323,6 +323,23 @@
:term:`build host<Build Host>` and other components, that can
work on specific hardware.
+ :term:`SBOM`
+ This term means *Software Bill of Materials*. When you distribute
+ software, it offers a description of all the components you used,
+ their corresponding licenses, their dependencies, the changes that were
+ applied and the known vulnerabilities that were fixed.
+
+ This can be used by the recipients of the software to assess
+ their exposure to license compliance and security vulnerability issues.
+
+ See the :wikipedia:`Software Supply Chain <Software_supply_chain>`
+ article on Wikipedia for more details.
+
+ The OpenEmbedded Build System can generate such documentation for your
+ project, in :term:`SPDX` format, based on all the metadata it used to
+ build the software images. See the ":ref:`dev-manual/common-tasks:creating
+ a software bill of materials`" section of the Development Tasks manual.
+
:term:`Source Directory`
This term refers to the directory structure
created as a result of creating a local copy of the ``poky`` Git
@@ -383,6 +400,17 @@
":ref:`overview-manual/development-environment:repositories, tags, and branches`"
section in the Yocto Project Overview and Concepts Manual.
+ :term:`SPDX`
+ This term means *Software Package Data Exchange*, and is used as a open
+ standard for providing a *Software Bill of Materials* (:term:`SBOM`).
+ This standard is developed through a `Linux Foundation project
+ <https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to
+ provide an :term:`SBOM` associated to each a software image.
+
+ For details, see Wikipedia's :wikipedia:`SPDX page <Software_Package_Data_Exchange>`
+ and the ":ref:`dev-manual/common-tasks:creating a software bill of materials`"
+ section of the Development Tasks manual.
+
:term:`Sysroot`
When cross-compiling, the target file system may be differently laid
out and contain different things compared to the host system. The concept
diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst
index 71e8c27..2f12677 100644
--- a/poky/documentation/ref-manual/variables.rst
+++ b/poky/documentation/ref-manual/variables.rst
@@ -1508,6 +1508,18 @@
CVE_PRODUCT = "vendor:package"
+ :term:`CVE_VERSION`
+ In a recipe, defines the version used to match the recipe version
+ against the version in the `NIST CVE database <https://nvd.nist.gov/>`__
+ when usign :ref:`cve-check <ref-classes-cve-check>`.
+
+ The default is ${:term:`PV`} but if recipes use custom version numbers
+ which do not map to upstream software component release versions and the versions
+ used in the CVE database, then this variable can be used to set the
+ version number for :ref:`cve-check <ref-classes-cve-check>`. Example::
+
+ CVE_VERSION = "2.39"
+
:term:`CVSDIR`
The directory in which files checked out under the CVS system are
stored.
@@ -1832,9 +1844,9 @@
variable.
:term:`DEV_PKG_DEPENDENCY`
- Provides an easy way for recipes to disable or adjust the runtime
- dependency (:term:`RDEPENDS`) of the ``${PN}-dev`` package on the main
- (``${PN}``) package, particularly where the main package may be empty.
+ Provides an easy way for recipes to disable or adjust the runtime recommendation
+ (:term:`RRECOMMENDS`) of the ``${PN}-dev`` package on the main
+ (``${PN}``) package.
:term:`DISABLE_STATIC`
Used in order to disable static linking by default (in order to save
@@ -7278,6 +7290,88 @@
You can specify only a single URL in :term:`SOURCE_MIRROR_URL`.
+ :term:`SPDX_ARCHIVE_PACKAGED`
+ This option allows to add to :term:`SPDX` output compressed archives
+ of the files in the generated target packages.
+
+ Such archives are available in
+ ``tmp/deploy/spdx/MACHINE/packages/packagename.tar.zst``
+ under the :term:`Build Directory`.
+
+ Enable this option as follows::
+
+ SPDX_ARCHIVE_PACKAGED = "1"
+
+ According to our tests on release 4.1 "langdale", building
+ ``core-image-minimal`` for the ``qemux86-64`` machine, enabling this
+ option multiplied the size of the ``tmp/deploy/spdx`` directory by a
+ factor of 13 (+1.6 GiB for this image), compared to just using the
+ :ref:`create-spdx <ref-classes-create-spdx>` class with no option.
+
+ Note that this option doesn't increase the size of :term:`SPDX`
+ files in ``tmp/deploy/images/MACHINE``.
+
+ :term:`SPDX_ARCHIVE_SOURCES`
+ This option allows to add to :term:`SPDX` output compressed archives
+ of the sources for packages installed on the target. It currently
+ only works when :term:`SPDX_INCLUDE_SOURCES` is set.
+
+ This is one way of fulfilling "source code access" license
+ requirements.
+
+ Such source archives are available in
+ ``tmp/deploy/spdx/MACHINE/recipes/recipe-packagename.tar.zst``
+ under the :term:`Build Directory`.
+
+ Enable this option as follows::
+
+ SPDX_INCLUDE_SOURCES = "1"
+ SPDX_ARCHIVE_SOURCES = "1"
+
+ According to our tests on release 4.1 "langdale", building
+ ``core-image-minimal`` for the ``qemux86-64`` machine, enabling
+ these options multiplied the size of the ``tmp/deploy/spdx``
+ directory by a factor of 11 (+1.4 GiB for this image),
+ compared to just using the :ref:`create-spdx <ref-classes-create-spdx>`
+ class with no option.
+
+ Note that using this option only marginally increases the size
+ of the :term:`SPDX` output in ``tmp/deploy/images/MACHINE/``
+ (+ 0.07\% with the tested image), compared to just enabling
+ :term:`SPDX_INCLUDE_SOURCES`.
+
+ :term:`SPDX_INCLUDE_SOURCES`
+ This option allows to add a description of the source files used to build
+ the host tools and the target packages, to the ``spdx.json`` files in
+ ``tmp/deploy/spdx/MACHINE/recipes/`` under the :term:`Build Directory`.
+ As a consequence, the ``spdx.json`` files under the ``by-namespace`` and
+ ``packages`` subdirectories in ``tmp/deploy/spdx/MACHINE`` are also
+ modified to include references to such source file descriptions.
+
+ Enable this option as follows::
+
+ SPDX_INCLUDE_SOURCES = "1"
+
+ According to our tests on release 4.1 "langdale", building
+ ``core-image-minimal`` for the ``qemux86-64`` machine, enabling
+ this option multiplied the total size of the ``tmp/deploy/spdx``
+ directory by a factor of 3 (+291 MiB for this image),
+ and the size of the ``IMAGE-MACHINE.spdx.tar.zst`` in
+ ``tmp/deploy/images/MACHINE`` by a factor of 130 (+15 MiB for this
+ image), compared to just using the
+ :ref:`create-spdx <ref-classes-create-spdx>` class with no option.
+
+ :term:`SPDX_PRETTY`
+ This option makes the SPDX output more human-readable, using
+ identation and newlines, instead of the default output in a
+ single line::
+
+ SPDX_PRETTY = "1"
+
+ The generated SPDX files are approximately 20% bigger, but
+ this option is recommended if you want to inspect the SPDX
+ output files with a text editor.
+
:term:`SPDXLICENSEMAP`
Maps commonly used license names to their SPDX counterparts found in
``meta/files/common-licenses/``. For the default :term:`SPDXLICENSEMAP`
@@ -7451,7 +7545,7 @@
``SSTATE_EXCLUDEDEPS_SYSROOT`` is evaluated as two regular
expressions of recipe and dependency to ignore. An example
- is the rule in :oe_git:`meta/conf/layer.conf </meta/conf/layer.conf>`::
+ is the rule in :oe_git:`meta/conf/layer.conf </openembedded-core/tree/meta/conf/layer.conf>`::
# Nothing needs to depend on libc-initial
# base-passwd/shadow-sysroot don't need their dependencies
diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf
index 3e90766..3b0edd8 100644
--- a/poky/meta-poky/conf/distro/poky.conf
+++ b/poky/meta-poky/conf/distro/poky.conf
@@ -1,7 +1,7 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
#DISTRO_VERSION = "4.1+snapshot-${METADATA_REVISION}"
-DISTRO_VERSION = "4.1"
+DISTRO_VERSION = "4.1.4"
DISTRO_CODENAME = "langdale"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
@@ -41,10 +41,13 @@
ubuntu-22.04 \n \
fedora-34 \n \
fedora-35 \n \
+ fedora-36 \n \
debian-10 \n \
debian-11 \n \
opensuseleap-15.3 \n \
+ opensuseleap-15.4 \n \
almalinux-8.5 \n \
+ almalinux-8.7 \n \
"
# add poky sanity bbclass
INHERIT += "poky-sanity"
diff --git a/poky/meta-selftest/files/static-group b/poky/meta-selftest/files/static-group
index b2e0e2f..cbec6f1 100644
--- a/poky/meta-selftest/files/static-group
+++ b/poky/meta-selftest/files/static-group
@@ -23,3 +23,5 @@
weston-launch:x:524:
weston:x:525:
wayland:x:526:
+render:x:527:
+sgx:x:528:
diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch
similarity index 100%
rename from poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch
rename to poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch
diff --git a/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest_git.bb b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest_git.bb
new file mode 100644
index 0000000..ca2141c
--- /dev/null
+++ b/poky/meta-selftest/recipes-devtools/mtd/mtd-utils-selftest_git.bb
@@ -0,0 +1,77 @@
+SUMMARY = "Tools for managing memory technology devices"
+HOMEPAGE = "http://www.linux-mtd.infradead.org/"
+DESCRIPTION = "mtd-utils tool is a generic Linux subsystem for memory devices, especially Flash devices."
+SECTION = "base"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
+ file://include/common.h;beginline=1;endline=17;md5=ba05b07912a44ea2bf81ce409380049c"
+
+inherit autotools pkgconfig update-alternatives
+
+DEPENDS = "zlib e2fsprogs util-linux"
+RDEPENDS:mtd-utils-tests += "bash"
+
+PV = "2.1.4"
+
+SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c"
+SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \
+ file://0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch \
+ "
+
+S = "${WORKDIR}/git"
+
+# xattr support creates an additional compile-time dependency on acl because
+# the sys/acl.h header is needed. libacl is not needed and thus enabling xattr
+# regardless whether acl is enabled or disabled in the distro should be okay.
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)} lzo jffs ubifs"
+PACKAGECONFIG[lzo] = "--with-lzo,--without-lzo,lzo"
+PACKAGECONFIG[xattr] = "--with-xattr,--without-xattr,acl"
+PACKAGECONFIG[crypto] = "--with-crypto,--without-crypto,openssl"
+PACKAGECONFIG[jffs] = "--with-jffs,--without-jffs"
+PACKAGECONFIG[ubifs] = "--with-ubifs,--without-ubifs"
+PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd"
+
+CPPFLAGS:append:riscv64 = " -pthread -D_REENTRANT"
+
+EXTRA_OEMAKE = "'CC=${CC}' 'RANLIB=${RANLIB}' 'AR=${AR}' 'CFLAGS=${CFLAGS} ${@bb.utils.contains('PACKAGECONFIG', 'xattr', '', '-DWITHOUT_XATTR', d)} -I${S}/include' 'BUILDDIR=${S}'"
+
+# Use higher priority than corresponding BusyBox-provided applets
+ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE:${PN} = "flashcp flash_eraseall flash_lock flash_unlock nanddump nandwrite"
+ALTERNATIVE:${PN}-ubifs = "ubiattach ubidetach ubimkvol ubirename ubirmvol ubirsvol ubiupdatevol"
+
+ALTERNATIVE_LINK_NAME[nandwrite] = "${sbindir}/nandwrite"
+ALTERNATIVE_LINK_NAME[nanddump] = "${sbindir}/nanddump"
+ALTERNATIVE_LINK_NAME[ubiattach] = "${sbindir}/ubiattach"
+ALTERNATIVE_LINK_NAME[ubidetach] = "${sbindir}/ubidetach"
+ALTERNATIVE_LINK_NAME[ubimkvol] = "${sbindir}/ubimkvol"
+ALTERNATIVE_LINK_NAME[ubirename] = "${sbindir}/ubirename"
+ALTERNATIVE_LINK_NAME[ubirmvol] = "${sbindir}/ubirmvol"
+ALTERNATIVE_LINK_NAME[ubirsvol] = "${sbindir}/ubirsvol"
+ALTERNATIVE_LINK_NAME[ubiupdatevol] = "${sbindir}/ubiupdatevol"
+ALTERNATIVE_LINK_NAME[flash_eraseall] = "${sbindir}/flash_eraseall"
+ALTERNATIVE_LINK_NAME[flash_lock] = "${sbindir}/flash_lock"
+ALTERNATIVE_LINK_NAME[flash_unlock] = "${sbindir}/flash_unlock"
+ALTERNATIVE_LINK_NAME[flashcp] = "${sbindir}/flashcp"
+
+do_install () {
+ oe_runmake install DESTDIR=${D} SBINDIR=${sbindir} MANDIR=${mandir} INCLUDEDIR=${includedir}
+}
+
+PACKAGES =+ "mtd-utils-misc mtd-utils-tests"
+PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "jffs", "mtd-utils-jffs2", "", d)}"
+PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "ubifs", "mtd-utils-ubifs", "", d)}"
+
+FILES:mtd-utils-jffs2 = "${sbindir}/mkfs.jffs2 ${sbindir}/jffs2dump ${sbindir}/jffs2reader ${sbindir}/sumtool"
+FILES:mtd-utils-ubifs = "${sbindir}/mkfs.ubifs ${sbindir}/ubi*"
+FILES:mtd-utils-misc = "${sbindir}/nftl* ${sbindir}/ftl* ${sbindir}/rfd* ${sbindir}/doc* ${sbindir}/serve_image ${sbindir}/recv_image"
+FILES:mtd-utils-tests = "${libexecdir}/mtd-utils/*"
+
+BBCLASSEXTEND = "native nativesdk"
+
+# git/.compr.c.dep:46: warning: NUL character seen; rest of line ignored
+# git/.compr.c.dep:47: *** missing separator. Stop.
+PARALLEL_MAKE = ""
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3 b/poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3
new file mode 100644
index 0000000..0f30e9e
--- /dev/null
+++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-local/file3
@@ -0,0 +1 @@
+The third file.
diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb b/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb
index 463cfe0..d0fd697 100644
--- a/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb
+++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-local_6.03.bb
@@ -7,9 +7,12 @@
file://file1 \
file://file2"
+SRC_URI:append:class-native = " file://file3"
+
SRC_URI[md5sum] = "92a253df9211e9c20172796ecf388f13"
SRC_URI[sha256sum] = "26d3986d2bea109d5dc0e4f8c4822a459276cf021125e8c9f23c3cca5d8c850e"
S = "${WORKDIR}/syslinux-${PV}"
EXCLUDE_FROM_WORLD = "1"
+BBCLASSEXTEND = "native"
diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb
index 3f7123c..e767619 100644
--- a/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb
+++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly.bb
@@ -4,4 +4,7 @@
SRC_URI = "file://file1 \
file://file2"
+SRC_URI:append:class-native = " file://file3"
+
EXCLUDE_FROM_WORLD = "1"
+BBCLASSEXTEND = "native"
diff --git a/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3 b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3
new file mode 100644
index 0000000..0f30e9e
--- /dev/null
+++ b/poky/meta-selftest/recipes-test/devtool/devtool-test-localonly/file3
@@ -0,0 +1 @@
+The third file.
diff --git a/poky/meta-selftest/recipes-test/packagenameconflict/packagenameconflict.bb b/poky/meta-selftest/recipes-test/packagenameconflict/packagenameconflict.bb
new file mode 100644
index 0000000..5d19a4d
--- /dev/null
+++ b/poky/meta-selftest/recipes-test/packagenameconflict/packagenameconflict.bb
@@ -0,0 +1,10 @@
+SUMMARY = "Test case that tries to rename a package to an existing one and fails"
+DESCRIPTION = "This generates a packaging error when a package is renamed to a pre-existing name"
+LICENSE = "MIT"
+
+# Add a new package ${PN}-renametest
+PACKAGES += "${PN}-renametest"
+# ... and try to rename the ${PN}-dev to the new ${PN}-renametest (conflict)
+PKG:${PN}-dev = "${PN}-renametest"
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend
index a5c0ecd..3ad175d 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.15.bbappend
@@ -7,8 +7,8 @@
KMACHINE:genericx86-64 ?= "common-pc-64"
KMACHINE:beaglebone-yocto ?= "beaglebone"
-SRCREV_machine:genericx86 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec"
-SRCREV_machine:genericx86-64 ?= "a40d2daf2795d89e3ef8af0413b25190558831ec"
+SRCREV_machine:genericx86 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c"
+SRCREV_machine:genericx86-64 ?= "0b628306d1f9ea28c0e86369ce9bb87a47893c9c"
SRCREV_machine:edgerouter ?= "90f1ee6589264545f548d731c2480b08a007230f"
SRCREV_machine:beaglebone-yocto ?= "9aabbaa89fcb21af7028e814c1f5b61171314d5a"
@@ -17,7 +17,7 @@
COMPATIBLE_MACHINE:edgerouter = "edgerouter"
COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
-LINUX_VERSION:genericx86 = "5.15.54"
-LINUX_VERSION:genericx86-64 = "5.15.54"
+LINUX_VERSION:genericx86 = "5.15.72"
+LINUX_VERSION:genericx86-64 = "5.15.72"
LINUX_VERSION:edgerouter = "5.15.54"
LINUX_VERSION:beaglebone-yocto = "5.15.54"
diff --git a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend
index ff5070b..950bf0a 100644
--- a/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend
+++ b/poky/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.19.bbappend
@@ -7,8 +7,8 @@
KMACHINE:genericx86-64 ?= "common-pc-64"
KMACHINE:beaglebone-yocto ?= "beaglebone"
-SRCREV_machine:genericx86 ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12"
-SRCREV_machine:genericx86-64 ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12"
+SRCREV_machine:genericx86 ?= "23ee2ef634b3fb51be429623fa1927b1d5c3e95c"
+SRCREV_machine:genericx86-64 ?= "23ee2ef634b3fb51be429623fa1927b1d5c3e95c"
SRCREV_machine:edgerouter ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12"
SRCREV_machine:beaglebone-yocto ?= "43e6ab6ed043f4bc8e7cffbb08af86af0bdb5e12"
@@ -17,7 +17,7 @@
COMPATIBLE_MACHINE:edgerouter = "edgerouter"
COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
-LINUX_VERSION:genericx86 = "5.19"
-LINUX_VERSION:genericx86-64 = "5.19"
+LINUX_VERSION:genericx86 = "5.19.14"
+LINUX_VERSION:genericx86-64 = "5.19.14"
LINUX_VERSION:edgerouter = "5.19"
LINUX_VERSION:beaglebone-yocto = "5.19"
diff --git a/poky/meta/classes-global/base.bbclass b/poky/meta/classes-global/base.bbclass
index 8203f54..2d0e355 100644
--- a/poky/meta/classes-global/base.bbclass
+++ b/poky/meta/classes-global/base.bbclass
@@ -139,7 +139,7 @@
# /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc)
# would return /usr/local/bin/ccache/gcc, but what we need is
# /usr/bin/gcc, this code can check and fix that.
- if "ccache" in srctool:
+ if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache':
srctool = bb.utils.which(path, tool, executable=True, direction=1)
if srctool:
os.symlink(srctool, desttool)
diff --git a/poky/meta/classes-global/devshell.bbclass b/poky/meta/classes-global/devshell.bbclass
index 03af56b..4c23049 100644
--- a/poky/meta/classes-global/devshell.bbclass
+++ b/poky/meta/classes-global/devshell.bbclass
@@ -8,8 +8,6 @@
DEVSHELL = "${SHELL}"
-PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:"
-
python do_devshell () {
if d.getVarFlag("do_devshell", "manualfakeroot"):
d.prependVar("DEVSHELL", "pseudo ")
diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass
index dc46857..df2c40c 100644
--- a/poky/meta/classes-global/insane.bbclass
+++ b/poky/meta/classes-global/insane.bbclass
@@ -1346,7 +1346,7 @@
for url in d.getVar("SRC_URI").split():
# Search for github and gitlab URLs that pull unstable archives (comment for future greppers)
- if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url):
+ if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url) or "//codeload.github.com/" in url:
oe.qa.handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol" % pn, d)
python do_qa_unpack() {
diff --git a/poky/meta/classes-global/mirrors.bbclass b/poky/meta/classes-global/mirrors.bbclass
index 9643b31..d641c39 100644
--- a/poky/meta/classes-global/mirrors.bbclass
+++ b/poky/meta/classes-global/mirrors.bbclass
@@ -67,8 +67,7 @@
https?://.*/.* http://sources.openembedded.org/ \
ftp://.*/.* http://sources.openembedded.org/ \
npm://.*/?.* http://sources.openembedded.org/ \
-${CPAN_MIRROR} http://cpan.metacpan.org/ \
-${CPAN_MIRROR} http://search.cpan.org/CPAN/ \
+${CPAN_MIRROR} https://cpan.metacpan.org/ \
https?://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \
https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \
"
@@ -90,6 +89,7 @@
BB_GIT_SHALLOW:pn-binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "1"
BB_GIT_SHALLOW:pn-binutils-cross-testsuite = "1"
BB_GIT_SHALLOW:pn-binutils-crosssdk-${SDK_SYS} = "1"
+BB_GIT_SHALLOW:pn-binutils-native = "1"
BB_GIT_SHALLOW:pn-glibc = "1"
PREMIRRORS += "git://sourceware.org/git/glibc.git https://downloads.yoctoproject.org/mirror/sources/ \
git://sourceware.org/git/binutils-gdb.git https://downloads.yoctoproject.org/mirror/sources/"
diff --git a/poky/meta/classes-global/package.bbclass b/poky/meta/classes-global/package.bbclass
index 2d985d8..a47da14 100644
--- a/poky/meta/classes-global/package.bbclass
+++ b/poky/meta/classes-global/package.bbclass
@@ -490,16 +490,31 @@
bb.debug(1, 'ELF file {} has no debuginfo, skipping minidebuginfo injection'.format(file))
return
+ # minidebuginfo does not make sense to apply to ELF objects other than
+ # executables and shared libraries, skip applying the minidebuginfo
+ # generation for objects like kernel modules.
+ for line in subprocess.check_output([readelf, '-h', debugfile], universal_newlines=True).splitlines():
+ if not line.strip().startswith("Type:"):
+ continue
+ elftype = line.split(":")[1].strip()
+ if not any(elftype.startswith(i) for i in ["EXEC", "DYN"]):
+ bb.debug(1, 'ELF file {} is not executable/shared, skipping minidebuginfo injection'.format(file))
+ return
+ break
+
# Find non-allocated PROGBITS, NOTE, and NOBITS sections in the debuginfo.
# We will exclude all of these from minidebuginfo to save space.
remove_section_names = []
for line in subprocess.check_output([readelf, '-W', '-S', debugfile], universal_newlines=True).splitlines():
- fields = line.split()
- if len(fields) < 8:
+ # strip the leading " [ 1]" section index to allow splitting on space
+ if ']' not in line:
+ continue
+ fields = line[line.index(']') + 1:].split()
+ if len(fields) < 7:
continue
name = fields[0]
type = fields[1]
- flags = fields[7]
+ flags = fields[6]
# .debug_ sections will be removed by objcopy -S so no need to explicitly remove them
if name.startswith('.debug_'):
continue
@@ -2434,6 +2449,15 @@
bb.build.exec_func("package_convert_pr_autoinc", d)
+ # Check for conflict between renamed packages and existing ones
+ # for each package in PACKAGES, check if it will be renamed to an existing one
+ for p in packages:
+ localdata = bb.data.createCopy(d)
+ localdata.setVar('OVERRIDES', p)
+ rename = localdata.getVar('PKG')
+ if (rename != None) and rename in packages:
+ bb.fatal('package "%s" is renamed to "%s" using PKG:%s, but package name already exists'%(p,rename,p))
+
###########################################################################
# Optimisations
###########################################################################
diff --git a/poky/meta/classes-global/sanity.bbclass b/poky/meta/classes-global/sanity.bbclass
index 15067e7..8cf4203 100644
--- a/poky/meta/classes-global/sanity.bbclass
+++ b/poky/meta/classes-global/sanity.bbclass
@@ -504,6 +504,14 @@
version = result.split()[3]
if bb.utils.vercmp_string_op(version, "1.28", "<"):
return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n"
+
+ try:
+ result = subprocess.check_output(["tar", "--help"], stderr=subprocess.STDOUT).decode('utf-8')
+ if "--xattrs" not in result:
+ return "Your tar doesn't support --xattrs, please use GNU tar.\n"
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute tar --help, exit code %d\n%s\n" % (e.returncode, e.output)
+
return None
# We use git parameters and functionality only found in 1.7.8 or later
@@ -997,13 +1005,6 @@
if status.messages != "":
raise_sanity_error(sanity_data.expand(status.messages), sanity_data, status.network_error)
-# Create a copy of the datastore and finalise it to ensure appends and
-# overrides are set - the datastore has yet to be finalised at ConfigParsed
-def copy_data(e):
- sanity_data = bb.data.createCopy(e.data)
- sanity_data.finalize()
- return sanity_data
-
addhandler config_reparse_eventhandler
config_reparse_eventhandler[eventmask] = "bb.event.ConfigParsed"
python config_reparse_eventhandler() {
@@ -1014,13 +1015,13 @@
check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck bb.event.NetworkTest"
python check_sanity_eventhandler() {
if bb.event.getName(e) == "SanityCheck":
- sanity_data = copy_data(e)
+ sanity_data = bb.data.createCopy(e.data)
check_sanity(sanity_data)
if e.generateevents:
sanity_data.setVar("SANITY_USE_EVENTS", "1")
bb.event.fire(bb.event.SanityCheckPassed(), e.data)
elif bb.event.getName(e) == "NetworkTest":
- sanity_data = copy_data(e)
+ sanity_data = bb.data.createCopy(e.data)
if e.generateevents:
sanity_data.setVar("SANITY_USE_EVENTS", "1")
bb.event.fire(bb.event.NetworkTestFailed() if check_connectivity(sanity_data) else bb.event.NetworkTestPassed(), e.data)
diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass
index 2c8e7b8..2dd880b 100644
--- a/poky/meta/classes-global/sstate.bbclass
+++ b/poky/meta/classes-global/sstate.bbclass
@@ -365,8 +365,9 @@
d.setVar("SSTATE_CURRTASK", ss['task'])
sstatefetch = d.getVar('SSTATE_PKGNAME')
sstatepkg = d.getVar('SSTATE_PKG')
+ verify_sig = bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False)
- if not os.path.exists(sstatepkg):
+ if not os.path.exists(sstatepkg) or (verify_sig and not os.path.exists(sstatepkg + '.sig')):
pstaging_fetch(sstatefetch, d)
if not os.path.isfile(sstatepkg):
@@ -377,7 +378,7 @@
d.setVar('SSTATE_INSTDIR', sstateinst)
- if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False):
+ if verify_sig:
if not os.path.isfile(sstatepkg + '.sig'):
bb.warn("No signature file for sstate package %s, skipping acceleration..." % sstatepkg)
return False
@@ -1097,7 +1098,7 @@
logit("Considering setscene task: %s" % (str(taskdependees[task])), log)
- directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx"]
+ directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_deploy_archives"]
def isNativeCross(x):
return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross")
diff --git a/poky/meta/classes-global/staging.bbclass b/poky/meta/classes-global/staging.bbclass
index 5a1f43d..a058d34 100644
--- a/poky/meta/classes-global/staging.bbclass
+++ b/poky/meta/classes-global/staging.bbclass
@@ -275,6 +275,10 @@
pn = d.getVar("PN")
stagingdir = d.getVar("STAGING_DIR")
sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
+ # only needed by multilib cross-canadian since it redefines RECIPE_SYSROOT
+ manifestprefix = d.getVar("RECIPE_SYSROOT_MANIFEST_SUBDIR")
+ if manifestprefix:
+ sharedmanifests = sharedmanifests + "/" + manifestprefix
recipesysroot = d.getVar("RECIPE_SYSROOT")
recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
diff --git a/poky/meta/classes-recipe/baremetal-image.bbclass b/poky/meta/classes-recipe/baremetal-image.bbclass
index d3377a9..513155e 100644
--- a/poky/meta/classes-recipe/baremetal-image.bbclass
+++ b/poky/meta/classes-recipe/baremetal-image.bbclass
@@ -15,15 +15,6 @@
#
# See meta-skeleton for a working example.
-## Emulate image.bbclass
-# Handle inherits of any of the image classes we need
-IMAGE_CLASSES ??= ""
-IMGCLASSES = " ${IMAGE_CLASSES}"
-inherit ${IMGCLASSES}
-# Set defaults to satisfy IMAGE_FEATURES check
-IMAGE_FEATURES ?= ""
-IMAGE_FEATURES[type] = "list"
-IMAGE_FEATURES[validitems] += ""
# Toolchain should be baremetal or newlib based.
# TCLIBC="baremetal" or TCLIBC="newlib"
@@ -110,6 +101,17 @@
CFLAGS:append:qemuriscv64 = " -mcmodel=medany"
+## Emulate image.bbclass
+# Handle inherits of any of the image classes we need
+IMAGE_CLASSES ??= ""
+IMGCLASSES = " ${IMAGE_CLASSES}"
+inherit ${IMGCLASSES}
+# Set defaults to satisfy IMAGE_FEATURES check
+IMAGE_FEATURES ?= ""
+IMAGE_FEATURES[type] = "list"
+IMAGE_FEATURES[validitems] += ""
+
+
# This next part is necessary to trick the build system into thinking
# its building an image recipe so it generates the qemuboot.conf
addtask do_rootfs before do_image after do_install
diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass
index d1e8351..b27eb2f 100644
--- a/poky/meta/classes-recipe/cargo.bbclass
+++ b/poky/meta/classes-recipe/cargo.bbclass
@@ -39,7 +39,7 @@
RUSTFLAGS ??= ""
BUILD_MODE = "${@['--release', ''][d.getVar('DEBUG_BUILD') == '1']}"
-CARGO_BUILD_FLAGS = "-v --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}"
+CARGO_BUILD_FLAGS = "-v --offline --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}"
# This is based on the content of CARGO_BUILD_FLAGS and generally will need to
# change if CARGO_BUILD_FLAGS changes.
diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass
index dea0fbe..f503a00 100644
--- a/poky/meta/classes-recipe/cargo_common.bbclass
+++ b/poky/meta/classes-recipe/cargo_common.bbclass
@@ -56,7 +56,7 @@
[source.crates-io]
replace-with = "bitbake"
- local-registry = "/nonexistant"
+ local-registry = "/nonexistent"
EOF
fi
@@ -103,7 +103,7 @@
cat <<- EOF >> ${CARGO_HOME}/config
[build]
- # Use out of tree build destination to avoid poluting the source tree
+ # Use out of tree build destination to avoid polluting the source tree
target-dir = "${B}/target"
EOF
fi
diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass
index b790913..a09a042 100644
--- a/poky/meta/classes-recipe/cml1.bbclass
+++ b/poky/meta/classes-recipe/cml1.bbclass
@@ -21,7 +21,6 @@
}
EXPORT_FUNCTIONS do_configure
-addtask configure after do_unpack do_patch before do_compile
inherit terminal
diff --git a/poky/meta/classes-recipe/core-image.bbclass b/poky/meta/classes-recipe/core-image.bbclass
index 90d9eb9..40fc15c 100644
--- a/poky/meta/classes-recipe/core-image.bbclass
+++ b/poky/meta/classes-recipe/core-image.bbclass
@@ -65,7 +65,7 @@
# Do not install openssh complementary packages if either packagegroup-core-ssh-dropbear or dropbear
# is installed # to avoid openssh-dropbear conflict
# see [Yocto #14858] for more information
-PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}"
+PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', ' openssh', '' , d)}"
# IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2'
# An error exception would be raised if both image features foo and bar1(or bar2) are included
diff --git a/poky/meta/classes-recipe/fs-uuid.bbclass b/poky/meta/classes-recipe/fs-uuid.bbclass
index a9e7eb8..e215f06 100644
--- a/poky/meta/classes-recipe/fs-uuid.bbclass
+++ b/poky/meta/classes-recipe/fs-uuid.bbclass
@@ -10,7 +10,7 @@
def get_rootfs_uuid(d):
import subprocess
rootfs = d.getVar('ROOTFS')
- output = subprocess.check_output(['tune2fs', '-l', rootfs])
+ output = subprocess.check_output(['tune2fs', '-l', rootfs], text=True)
for line in output.split('\n'):
if line.startswith('Filesystem UUID:'):
uuid = line.split()[-1]
diff --git a/poky/meta/classes-recipe/gnomebase.bbclass b/poky/meta/classes-recipe/gnomebase.bbclass
index 805daaf..5e72f54 100644
--- a/poky/meta/classes-recipe/gnomebase.bbclass
+++ b/poky/meta/classes-recipe/gnomebase.bbclass
@@ -5,7 +5,7 @@
#
def gnome_verdir(v):
- return ".".join(v.split(".")[:-1])
+ return ".".join(v.split(".")[:-1]) or v
GNOME_COMPRESS_TYPE ?= "xz"
diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass
index e387645..14528e6 100644
--- a/poky/meta/classes-recipe/image.bbclass
+++ b/poky/meta/classes-recipe/image.bbclass
@@ -182,8 +182,7 @@
IMAGE_POSTPROCESS_COMMAND ?= ""
-# some default locales
-IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
+IMAGE_LINGUAS ??= ""
LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}"
@@ -319,7 +318,7 @@
except oe.utils.ImageQAFailed as e:
qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description)
except Exception as e:
- qamsg = qamsg + '\tImage QA function %s failed\n' % cmd
+ qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e)
if qamsg:
imgname = d.getVar('IMAGE_NAME')
@@ -446,7 +445,7 @@
localdata.delVar('DATE')
localdata.delVar('TMPDIR')
localdata.delVar('IMAGE_VERSION_SUFFIX')
- vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude', True) or '').split()
+ vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude') or '').split()
for dep in vardepsexclude:
localdata.delVar(dep)
diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass
index 764e6a5..e4939af 100644
--- a/poky/meta/classes-recipe/image_types.bbclass
+++ b/poky/meta/classes-recipe/image_types.bbclass
@@ -157,11 +157,7 @@
UBI_IMGTYPE ?= "ubifs"
write_ubi_config() {
- if [ -z "$1" ]; then
- local vname=""
- else
- local vname="_$1"
- fi
+ local vname="$1"
cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg
[ubifs]
@@ -183,7 +179,12 @@
bbfatal "MKUBIFS_ARGS and UBINIZE_ARGS have to be set, see http://www.linux-mtd.infradead.org/faq/ubifs.html for details"
fi
- write_ubi_config "$3"
+ if [ -z "$3" ]; then
+ local vname=""
+ else
+ local vname="_$3"
+ fi
+ write_ubi_config "${vname}"
if [ -n "$vname" ]; then
mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
@@ -208,7 +209,10 @@
fi
}
+MULTIUBI_ARGS = "MKUBIFS_ARGS UBINIZE_ARGS"
+
IMAGE_CMD:multiubi () {
+ ${@' '.join(['%s_%s="%s";' % (arg, name, d.getVar('%s_%s' % (arg, name))) for arg in d.getVar('MULTIUBI_ARGS').split() for name in d.getVar('MULTIUBI_BUILD').split()])}
# Split MKUBIFS_ARGS_<name> and UBINIZE_ARGS_<name>
for name in ${MULTIUBI_BUILD}; do
eval local mkubifs_args=\"\$MKUBIFS_ARGS_${name}\"
diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass
index 6f5d3bd..1531ae6 100644
--- a/poky/meta/classes-recipe/kernel-arch.bbclass
+++ b/poky/meta/classes-recipe/kernel-arch.bbclass
@@ -70,5 +70,5 @@
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
-TOOLCHAIN = "gcc"
+TOOLCHAIN ?= "gcc"
diff --git a/poky/meta/classes-recipe/kernel-fitimage.bbclass b/poky/meta/classes-recipe/kernel-fitimage.bbclass
index 107914e..f6d82ce 100644
--- a/poky/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/poky/meta/classes-recipe/kernel-fitimage.bbclass
@@ -73,6 +73,9 @@
FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
+# Allow user to select the default DTB for FIT image when multiple dtb's exists.
+FIT_CONF_DEFAULT_DTB ?= ""
+
# Keys used to sign individually image nodes.
# The keys to sign image nodes must be different from those used to sign
# configuration nodes, otherwise the "required" property, from
@@ -375,6 +378,7 @@
bootscr_line=""
setup_line=""
default_line=""
+ default_dtb_image="${FIT_CONF_DEFAULT_DTB}"
# conf node name is selected based on dtb ID if it is present,
# otherwise its selected based on kernel ID
@@ -417,7 +421,17 @@
# default node is selected based on dtb ID if it is present,
# otherwise its selected based on kernel ID
if [ -n "$dtb_image" ]; then
- default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
+ # Select default node as user specified dtb when
+ # multiple dtb exists.
+ if [ -n "$default_dtb_image" ]; then
+ if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then
+ default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";"
+ else
+ bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image"
+ fi
+ else
+ default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
+ fi
else
default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
fi
@@ -496,7 +510,7 @@
ramdiskcount=$3
setupcount=""
bootscr_id=""
- rm -f $1 arch/${ARCH}/boot/$2
+ rm -f $1 ${KERNEL_OUTPUT_DIR}/$2
if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
bbfatal "Keys used to sign images and configuration nodes must be different."
@@ -529,9 +543,9 @@
continue
fi
- DTB_PATH="arch/${ARCH}/boot/dts/$DTB"
+ DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB"
if [ ! -e "$DTB_PATH" ]; then
- DTB_PATH="arch/${ARCH}/boot/$DTB"
+ DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
fi
DTB=$(echo "$DTB" | tr '/' '_')
@@ -546,10 +560,11 @@
if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
dtbcount=1
- for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
+ for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \
+ $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do
DTB=$(echo "$DTB" | tr '/' '_')
- # Skip DTB if we've picked it up previously
+ # Skip DTB/DTBO if we've picked it up previously
echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
DTBS="$DTBS $DTB"
@@ -574,9 +589,9 @@
#
# Step 4: Prepare a setup section. (For x86)
#
- if [ -e arch/${ARCH}/boot/setup.bin ]; then
+ if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then
setupcount=1
- fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin
+ fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin
fi
#
@@ -650,7 +665,7 @@
${UBOOT_MKIMAGE} \
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-f $1 \
- arch/${ARCH}/boot/$2
+ ${KERNEL_OUTPUT_DIR}/$2
#
# Step 8: Sign the image and add public key to U-Boot dtb
@@ -667,7 +682,7 @@
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-F -k "${UBOOT_SIGN_KEYDIR}" \
$add_key_to_u_boot \
- -r arch/${ARCH}/boot/$2 \
+ -r ${KERNEL_OUTPUT_DIR}/$2 \
${UBOOT_MKIMAGE_SIGN_ARGS}
fi
}
@@ -770,7 +785,7 @@
if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
- install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
+ install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
fi
diff --git a/poky/meta/classes-recipe/kernel-yocto.bbclass b/poky/meta/classes-recipe/kernel-yocto.bbclass
index 8eda0dc..7de99cf 100644
--- a/poky/meta/classes-recipe/kernel-yocto.bbclass
+++ b/poky/meta/classes-recipe/kernel-yocto.bbclass
@@ -212,7 +212,7 @@
# SRC_URI. If they were supplied, we convert them into include directives
# for the update part of the process
for f in ${feat_dirs}; do
- if [ -d "${WORKDIR}/$f/meta" ]; then
+ if [ -d "${WORKDIR}/$f/kernel-meta" ]; then
includes="$includes -I${WORKDIR}/$f/kernel-meta"
elif [ -d "${WORKDIR}/../oe-local-files/$f" ]; then
includes="$includes -I${WORKDIR}/../oe-local-files/$f"
@@ -506,7 +506,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--blame', c], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
outfile = d.getVar( 'CONFIG_ANALYSIS_FILE' )
@@ -514,7 +514,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--summary', '--extended', '--sanity', c], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
outfile = d.getVar( 'CONFIG_AUDIT_FILE' )
@@ -575,7 +575,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--mismatches', extra_params], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
if analysis:
outfile = "{}/{}/cfg/mismatch.txt".format( s, kmeta )
@@ -597,7 +597,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--invalid', extra_params], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
if analysis:
outfile = "{}/{}/cfg/invalid.txt".format(s,kmeta)
@@ -616,7 +616,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--sanity'], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
if analysis:
outfile = "{}/{}/cfg/redefinition.txt".format(s,kmeta)
diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass
index e4e69e0..01f866f 100644
--- a/poky/meta/classes-recipe/kernel.bbclass
+++ b/poky/meta/classes-recipe/kernel.bbclass
@@ -210,9 +210,6 @@
export OS = "${TARGET_OS}"
export CROSS_COMPILE = "${TARGET_PREFIX}"
-export KBUILD_BUILD_VERSION = "1"
-export KBUILD_BUILD_USER ?= "oe-user"
-export KBUILD_BUILD_HOST ?= "oe-host"
KERNEL_RELEASE ?= "${KERNEL_VERSION}"
@@ -367,6 +364,10 @@
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
+ else
+ ts=`LC_ALL=C date`
+ export KBUILD_BUILD_TIMESTAMP="$ts"
+ bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
# The $use_alternate_initrd is only set from
# do_bundle_initramfs() This variable is specifically for the
@@ -412,6 +413,10 @@
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
+ else
+ ts=`LC_ALL=C date`
+ export KBUILD_BUILD_TIMESTAMP="$ts"
+ bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then
oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS}
@@ -442,8 +447,8 @@
oe_runmake DEPMOD=echo MODLIB=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION} INSTALL_FW_PATH=${D}${nonarch_base_libdir}/firmware modules_install
rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
- # If the kernel/ directory is empty remove it to prevent QA issues
- rmdir --ignore-fail-on-non-empty "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel"
+ # Remove empty module directories to prevent QA issues
+ find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete
else
bbnote "no modules to install"
fi
@@ -591,12 +596,26 @@
cp tools/objtool/objtool ${kerneldir}/tools/objtool/
fi
fi
+
+ # When building with CONFIG_MODVERSIONS=y and CONFIG_RANDSTRUCT=y we need
+ # to copy the build assets generated for the randstruct seed to
+ # STAGING_KERNEL_BUILDDIR, otherwise the out-of-tree modules build will
+ # generate those assets which will result in a different
+ # RANDSTRUCT_HASHED_SEED
+ if [ -d scripts/basic ]; then
+ mkdir -p ${kerneldir}/scripts
+ cp -r scripts/basic ${kerneldir}/scripts
+ fi
+
+ if [ -d scripts/gcc-plugins ]; then
+ mkdir -p ${kerneldir}/scripts
+ cp -r scripts/gcc-plugins ${kerneldir}/scripts
+ fi
+
}
# We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware
-sysroot_stage_all () {
- :
-}
+SYSROOT_DIRS = ""
KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig"
@@ -641,7 +660,7 @@
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-inherit cml1
+inherit cml1 pkgconfig
# Need LD, HOSTLDFLAGS and more for config operations
KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}"
diff --git a/poky/meta/classes-recipe/libc-package.bbclass b/poky/meta/classes-recipe/libc-package.bbclass
index de3d422..8a99f73 100644
--- a/poky/meta/classes-recipe/libc-package.bbclass
+++ b/poky/meta/classes-recipe/libc-package.bbclass
@@ -51,6 +51,7 @@
OVERRIDES:append = ":${TARGET_ARCH}-${TARGET_OS}"
locale_base_postinst_ontarget() {
+mkdir ${libdir}/locale
localedef --inputfile=${datadir}/i18n/locales/%s --charmap=%s %s
}
diff --git a/poky/meta/classes-recipe/license_image.bbclass b/poky/meta/classes-recipe/license_image.bbclass
index b60d6e4..8560c27 100644
--- a/poky/meta/classes-recipe/license_image.bbclass
+++ b/poky/meta/classes-recipe/license_image.bbclass
@@ -235,7 +235,7 @@
deploy = {}
# Get all the dependencies for the current task (rootfs).
taskdata = d.getVar("BB_TASKDEPDATA", False)
- pn = d.getVar("PN", True)
+ pn = d.getVar("PN")
depends = list(set([dep[0] for dep
in list(taskdata.values())
if not dep[0].endswith("-native") and not dep[0] == pn]))
diff --git a/poky/meta/classes-recipe/linux-kernel-base.bbclass b/poky/meta/classes-recipe/linux-kernel-base.bbclass
index cb2212c..65cc48f 100644
--- a/poky/meta/classes-recipe/linux-kernel-base.bbclass
+++ b/poky/meta/classes-recipe/linux-kernel-base.bbclass
@@ -43,5 +43,9 @@
suffix = ""
return " ".join(map(lambda s: "kernel-module-%s%s" % (s.lower().replace('_', '-').replace('@', '+'), suffix), s.split()))
+export KBUILD_BUILD_VERSION = "1"
+export KBUILD_BUILD_USER ?= "oe-user"
+export KBUILD_BUILD_HOST ?= "oe-host"
+
# that's all
diff --git a/poky/meta/classes-recipe/native.bbclass b/poky/meta/classes-recipe/native.bbclass
index 61ad053..1e94585 100644
--- a/poky/meta/classes-recipe/native.bbclass
+++ b/poky/meta/classes-recipe/native.bbclass
@@ -161,7 +161,7 @@
newdeps.append(dep.replace(pn, bpn) + "-native")
else:
newdeps.append(dep)
- d.setVar(varname, " ".join(newdeps), parsing=True)
+ d.setVar(varname, " ".join(newdeps))
map_dependencies("DEPENDS", e.data, selfref=False)
for pkg in e.data.getVar("PACKAGES", False).split():
diff --git a/poky/meta/classes-recipe/overlayfs.bbclass b/poky/meta/classes-recipe/overlayfs.bbclass
index bdc6dd9..53d65d7 100644
--- a/poky/meta/classes-recipe/overlayfs.bbclass
+++ b/poky/meta/classes-recipe/overlayfs.bbclass
@@ -102,7 +102,11 @@
overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT")
for mountPoint in overlayMountPoints:
bb.debug(1, "Process variable flag %s" % mountPoint)
- for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+ lowerList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+ if not lowerList:
+ bb.note("No mount points defined for %s flag, skipping" % (mountPoint))
+ continue
+ for lower in lowerList.split():
bb.debug(1, "Prepare mount unit for %s with data mount point %s" %
(lower, d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint)))
prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower)
diff --git a/poky/meta/classes-recipe/populate_sdk_base.bbclass b/poky/meta/classes-recipe/populate_sdk_base.bbclass
index 64a4a58..6286d64 100644
--- a/poky/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/poky/meta/classes-recipe/populate_sdk_base.bbclass
@@ -74,6 +74,8 @@
SDK_ARCHIVE_TYPE ?= "tar.xz"
SDK_XZ_COMPRESSION_LEVEL ?= "-9"
SDK_XZ_OPTIONS ?= "${XZ_DEFAULTS} ${SDK_XZ_COMPRESSION_LEVEL}"
+SDK_ZIP_OPTIONS ?= "-y"
+
# To support different sdk type according to SDK_ARCHIVE_TYPE, now support zip and tar.xz
python () {
@@ -81,7 +83,7 @@
d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native')
# SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR}
# recommand to cd into input dir first to avoid archive with buildpath
- d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .')
+ d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .')
else:
d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native')
d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}')
@@ -205,7 +207,7 @@
}
SSTATETASKS += "do_populate_sdk"
SSTATE_SKIP_CREATION:task-populate-sdk = '1'
-do_populate_sdk[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk[cleandirs] += "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-inputdirs] = "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-outputdirs] = "${SDK_DEPLOY}"
do_populate_sdk[stamp-extra-info] = "${MACHINE_ARCH}${SDKMACHINE}"
diff --git a/poky/meta/classes-recipe/populate_sdk_ext.bbclass b/poky/meta/classes-recipe/populate_sdk_ext.bbclass
index 925cb31..1b47fbe 100644
--- a/poky/meta/classes-recipe/populate_sdk_ext.bbclass
+++ b/poky/meta/classes-recipe/populate_sdk_ext.bbclass
@@ -120,7 +120,7 @@
f.write("%s %s %s\n" % (info[1], info[2], info[3]))
}
-SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = "write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; "
+SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = " write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; "
SDK_TITLE:task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} Extensible SDK"
@@ -720,7 +720,7 @@
# A bit of another hack, but we need this in the path only for devtool
# so put it at the end of $PATH.
- echo "export PATH=$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH" >> $env_setup_script
+ echo "export PATH=\"$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH\"" >> $env_setup_script
echo "printf 'SDK environment now set up; additionally you may now run devtool to perform development tasks.\nRun devtool --help for further details.\n'" >> $env_setup_script
diff --git a/poky/meta/classes-recipe/qemuboot.bbclass b/poky/meta/classes-recipe/qemuboot.bbclass
index 018c000..5a0e50c 100644
--- a/poky/meta/classes-recipe/qemuboot.bbclass
+++ b/poky/meta/classes-recipe/qemuboot.bbclass
@@ -13,6 +13,7 @@
# QB_OPT_APPEND: options to append to qemu, e.g., "-device usb-mouse"
#
# QB_DEFAULT_KERNEL: default kernel to boot, e.g., "bzImage"
+# e.g., "bzImage-initramfs-qemux86-64.bin" if INITRAMFS_IMAGE_BUNDLE is set to 1.
#
# QB_DEFAULT_FSTYPE: default FSTYPE to boot, e.g., "ext4"
#
@@ -93,7 +94,7 @@
QB_MEM ?= "-m 256"
QB_SMP ?= ""
QB_SERIAL_OPT ?= "-serial mon:stdio -serial null"
-QB_DEFAULT_KERNEL ?= "${KERNEL_IMAGETYPE}"
+QB_DEFAULT_KERNEL ?= "${@bb.utils.contains("INITRAMFS_IMAGE_BUNDLE", "1", "${KERNEL_IMAGETYPE}-${INITRAMFS_LINK_NAME}.bin", "${KERNEL_IMAGETYPE}", d)}"
QB_DEFAULT_FSTYPE ?= "ext4"
QB_RNG ?= "-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0"
QB_OPT_APPEND ?= ""
diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass
index 93bf6c8..5e70007 100644
--- a/poky/meta/classes-recipe/rust-common.bbclass
+++ b/poky/meta/classes-recipe/rust-common.bbclass
@@ -94,7 +94,7 @@
# Rust additionally will use two additional cases:
# - undecorated (e.g. CC) - equivalent to TARGET
# - triple suffix (e.g. CC:x86_64_unknown_linux_gnu) - both
-# see: https://github.com/alexcrichton/gcc-rs
+# see: https://github.com/rust-lang/cc-rs
# The way that Rust's internal triples and Yocto triples are mapped together
# its likely best to not use the triple suffix due to potential confusion.
@@ -125,12 +125,22 @@
shift
extras="$1"
shift
+ crate_cc_extras="$1"
+ shift
cat <<- EOF > "${file}"
#!/usr/bin/env python3
import os, sys
orig_binary = "$@"
extras = "${extras}"
+
+ # Apply a required subset of CC crate compiler flags
+ # when we build a target recipe for a non-bare-metal target.
+ # https://github.com/rust-lang/cc-rs/blob/main/src/lib.rs#L1614
+ if "CRATE_CC_NO_DEFAULTS" in os.environ.keys() and \
+ "TARGET" in os.environ.keys() and not "-none-" in os.environ["TARGET"]:
+ orig_binary += "${crate_cc_extras}"
+
binary = orig_binary.split()[0]
args = orig_binary.split() + sys.argv[1:]
if extras:
@@ -154,22 +164,22 @@
mkdir -p "${WRAPPER_DIR}"
# Yocto Build / Rust Host C compiler
- create_wrapper_rust "${RUST_BUILD_CC}" "" "${BUILD_CC}"
+ create_wrapper_rust "${RUST_BUILD_CC}" "" "${CRATE_CC_FLAGS}" "${BUILD_CC}"
# Yocto Build / Rust Host C++ compiler
- create_wrapper_rust "${RUST_BUILD_CXX}" "" "${BUILD_CXX}"
+ create_wrapper_rust "${RUST_BUILD_CXX}" "" "${CRATE_CC_FLAGS}" "${BUILD_CXX}"
# Yocto Build / Rust Host linker
- create_wrapper_rust "${RUST_BUILD_CCLD}" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}"
+ create_wrapper_rust "${RUST_BUILD_CCLD}" "" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}"
# Yocto Build / Rust Host archiver
- create_wrapper_rust "${RUST_BUILD_AR}" "" "${BUILD_AR}"
+ create_wrapper_rust "${RUST_BUILD_AR}" "" "" "${BUILD_AR}"
# Yocto Target / Rust Target C compiler
- create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}"
+ create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}"
# Yocto Target / Rust Target C++ compiler
- create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}"
+ create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}"
# Yocto Target / Rust Target linker
- create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}"
+ create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}"
# Yocto Target / Rust Target archiver
- create_wrapper_rust "${RUST_TARGET_AR}" "" "${WRAPPER_TARGET_AR}"
+ create_wrapper_rust "${RUST_TARGET_AR}" "" "" "${WRAPPER_TARGET_AR}"
}
diff --git a/poky/meta/classes-recipe/rust-target-config.bbclass b/poky/meta/classes-recipe/rust-target-config.bbclass
index 9e1d81b..876fe8f 100644
--- a/poky/meta/classes-recipe/rust-target-config.bbclass
+++ b/poky/meta/classes-recipe/rust-target-config.bbclass
@@ -114,7 +114,7 @@
# TARGET_FPU can be hard or soft. +soft-float tell llvm to use soft float
# ABI. There is no option for hard.
- fpu = d.getVar('TARGET_FPU', True)
+ fpu = d.getVar('TARGET_FPU')
return ["+soft-float"] if fpu == "soft" else []
def llvm_features(d):
@@ -231,19 +231,19 @@
TARGET_C_INT_WIDTH[powerpc64le] = "64"
MAX_ATOMIC_WIDTH[powerpc64le] = "64"
-## riscv32-unknown-linux-{gnu, musl}
-DATA_LAYOUT[riscv32] = "e-m:e-p:32:32-i64:64-n32-S128"
-TARGET_ENDIAN[riscv32] = "little"
-TARGET_POINTER_WIDTH[riscv32] = "32"
-TARGET_C_INT_WIDTH[riscv32] = "32"
-MAX_ATOMIC_WIDTH[riscv32] = "32"
+## riscv32gc-unknown-linux-{gnu, musl}
+DATA_LAYOUT[riscv32gc] = "e-m:e-p:32:32-i64:64-n32-S128"
+TARGET_ENDIAN[riscv32gc] = "little"
+TARGET_POINTER_WIDTH[riscv32gc] = "32"
+TARGET_C_INT_WIDTH[riscv32gc] = "32"
+MAX_ATOMIC_WIDTH[riscv32gc] = "32"
-## riscv64-unknown-linux-{gnu, musl}
-DATA_LAYOUT[riscv64] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128"
-TARGET_ENDIAN[riscv64] = "little"
-TARGET_POINTER_WIDTH[riscv64] = "64"
-TARGET_C_INT_WIDTH[riscv64] = "64"
-MAX_ATOMIC_WIDTH[riscv64] = "64"
+## riscv64gc-unknown-linux-{gnu, musl}
+DATA_LAYOUT[riscv64gc] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128"
+TARGET_ENDIAN[riscv64gc] = "little"
+TARGET_POINTER_WIDTH[riscv64gc] = "64"
+TARGET_C_INT_WIDTH[riscv64gc] = "64"
+MAX_ATOMIC_WIDTH[riscv64gc] = "64"
# Convert a normal arch (HOST_ARCH, TARGET_ARCH, BUILD_ARCH, etc) to something
# rust's internals won't choke on.
@@ -258,9 +258,21 @@
return "arm"
elif arch == "powerpc64le":
return "powerpc64"
+ elif arch == "riscv32gc":
+ return "riscv32"
+ elif arch == "riscv64gc":
+ return "riscv64"
else:
return arch
+# Convert a rust target string to a llvm-compatible triplet
+def rust_sys_to_llvm_target(sys):
+ if sys.startswith('riscv32gc-'):
+ return sys.replace('riscv32gc-', 'riscv32-', 1)
+ if sys.startswith('riscv64gc-'):
+ return sys.replace('riscv64gc-', 'riscv64-', 1)
+ return sys
+
# generates our target CPU value
def llvm_cpu(d):
cpu = d.getVar('PACKAGE_ARCH')
@@ -334,7 +346,7 @@
# build tspec
tspec = {}
- tspec['llvm-target'] = rustsys
+ tspec['llvm-target'] = rust_sys_to_llvm_target(rustsys)
tspec['data-layout'] = d.getVarFlag('DATA_LAYOUT', arch_abi)
if tspec['data-layout'] is None:
bb.fatal("No rust target defined for %s" % arch_abi)
@@ -389,3 +401,19 @@
addtask rust_gen_targets after do_patch before do_compile
do_rust_gen_targets[dirs] += "${RUST_TARGETS_DIR}"
+# For building target C dependecies use only compiler parameters defined in OE
+# and ignore the CC crate defaults which conflicts with OE ones in some cases.
+# https://github.com/rust-lang/cc-rs#external-configuration-via-environment-variables
+# Some CC crate compiler flags are still required.
+# We apply them conditionally in rust wrappers.
+
+CRATE_CC_FLAGS:class-native = ""
+CRATE_CC_FLAGS:class-nativesdk = ""
+CRATE_CC_FLAGS:class-target = " -ffunction-sections -fdata-sections -fPIC"
+
+do_compile:prepend:class-target() {
+ export CRATE_CC_NO_DEFAULTS=1
+}
+do_install:prepend:class-target() {
+ export CRATE_CC_NO_DEFAULTS=1
+}
diff --git a/poky/meta/classes-recipe/scons.bbclass b/poky/meta/classes-recipe/scons.bbclass
index 5f0d4a9..d20a78d 100644
--- a/poky/meta/classes-recipe/scons.bbclass
+++ b/poky/meta/classes-recipe/scons.bbclass
@@ -9,7 +9,9 @@
DEPENDS += "python3-scons-native"
EXTRA_OESCONS ?= ""
-
+# This value below is derived from $(getconf ARG_MAX)
+SCONS_MAXLINELENGTH ?= "MAXLINELENGTH=2097152"
+EXTRA_OESCONS:append = " ${SCONS_MAXLINELENGTH}"
do_configure() {
if [ -n "${CONFIGURESTAMPFILE}" -a "${S}" = "${B}" ]; then
if [ -e "${CONFIGURESTAMPFILE}" -a "`cat ${CONFIGURESTAMPFILE}`" != "${BB_TASKHASH}" -a "${CLEANBROKEN}" != "1" ]; then
@@ -31,4 +33,8 @@
die "scons install execution failed."
}
+do_configure[vardepsexclude] = "SCONS_MAXLINELENGTH"
+do_compile[vardepsexclude] = "SCONS_MAXLINELENGTH"
+do_install[vardepsexclude] = "SCONS_MAXLINELENGTH"
+
EXPORT_FUNCTIONS do_compile do_install
diff --git a/poky/meta/classes-recipe/systemd.bbclass b/poky/meta/classes-recipe/systemd.bbclass
index f6564c2..ce188a8 100644
--- a/poky/meta/classes-recipe/systemd.bbclass
+++ b/poky/meta/classes-recipe/systemd.bbclass
@@ -152,6 +152,7 @@
def systemd_check_services():
searchpaths = [oe.path.join(d.getVar("sysconfdir"), "systemd", "system"),]
searchpaths.append(d.getVar("systemd_system_unitdir"))
+ searchpaths.append(d.getVar("systemd_user_unitdir"))
systemd_packages = d.getVar('SYSTEMD_PACKAGES')
keys = 'Also'
diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass
index 5cc408b..b48cd96 100644
--- a/poky/meta/classes-recipe/testimage.bbclass
+++ b/poky/meta/classes-recipe/testimage.bbclass
@@ -98,7 +98,7 @@
TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/"
-TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR"
+TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME"
testimage_dump_target () {
top -bn1
@@ -236,7 +236,7 @@
with open(tdname, "r") as f:
td = json.load(f)
except FileNotFoundError as err:
- bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err))
+ bb.fatal('File %s not found (%s).\nHave you built the image with IMAGE_CLASSES += "testimage" in the conf/local.conf?' % (tdname, err))
# Some variables need to be updates (mostly paths) with the
# ones of the current environment because some tests require them.
diff --git a/poky/meta/classes-recipe/toolchain-scripts.bbclass b/poky/meta/classes-recipe/toolchain-scripts.bbclass
index 3cc823f..6bfe0b6 100644
--- a/poky/meta/classes-recipe/toolchain-scripts.bbclass
+++ b/poky/meta/classes-recipe/toolchain-scripts.bbclass
@@ -37,7 +37,7 @@
echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script
echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script
echo '# Only disable this check if you are absolutely know what you are doing!' >> $script
- echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script
+ echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script
echo " echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script
echo " echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script
echo ' echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script
@@ -53,7 +53,7 @@
for i in ${CANADIANEXTRAOS}; do
EXTRAPATH="$EXTRAPATH:$sdkpathnative$bindir/${TARGET_ARCH}${TARGET_VENDOR}-$i"
done
- echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':$PATH' >> $script
+ echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':"$PATH"' >> $script
echo 'export PKG_CONFIG_SYSROOT_DIR=$SDKTARGETSYSROOT' >> $script
echo 'export PKG_CONFIG_PATH=$SDKTARGETSYSROOT'"$libdir"'/pkgconfig:$SDKTARGETSYSROOT'"$prefix"'/share/pkgconfig' >> $script
echo 'export CONFIG_SITE=${SDKPATH}/site-config-'"${multimach_target_sys}" >> $script
diff --git a/poky/meta/classes-recipe/uboot-sign.bbclass b/poky/meta/classes-recipe/uboot-sign.bbclass
index debbf23..4b5912a 100644
--- a/poky/meta/classes-recipe/uboot-sign.bbclass
+++ b/poky/meta/classes-recipe/uboot-sign.bbclass
@@ -298,7 +298,7 @@
"${UBOOT_FIT_SIGN_NUMBITS}"
echo "Generating certificate for signing U-Boot fitImage"
- openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
+ openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
-key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
-out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
fi
diff --git a/poky/meta/classes-recipe/update-alternatives.bbclass b/poky/meta/classes-recipe/update-alternatives.bbclass
index 970d9bc..f34cc6b 100644
--- a/poky/meta/classes-recipe/update-alternatives.bbclass
+++ b/poky/meta/classes-recipe/update-alternatives.bbclass
@@ -5,7 +5,7 @@
#
# This class is used to help the alternatives system which is useful when
-# multiple sources provide same command. You can use update-alternatives
+# multiple sources provide the same command. You can use update-alternatives
# command directly in your recipe, but in most cases this class simplifies
# that job.
#
@@ -35,7 +35,7 @@
# A non-default link to create for a target
# ALTERNATIVE_TARGET[name] = "target"
#
-# This is the name of the binary as it's been install by do_install
+# This is the name of the binary as it's been installed by do_install
# i.e. ALTERNATIVE_TARGET[sh] = "/bin/bash"
#
# A package specific link for a target
@@ -68,7 +68,7 @@
# We need special processing for vardeps because it can not work on
# modified flag values. So we aggregate the flags into a new variable
-# and include that vairable in the set.
+# and include that variable in the set.
UPDALTVARS = "ALTERNATIVE ALTERNATIVE_LINK_NAME ALTERNATIVE_TARGET ALTERNATIVE_PRIORITY"
PACKAGE_WRITE_DEPS += "virtual/update-alternatives-native"
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass
index 0710c1e..4049694 100644
--- a/poky/meta/classes/archiver.bbclass
+++ b/poky/meta/classes/archiver.bbclass
@@ -465,7 +465,7 @@
pn = d.getVar('PN')
return pn.startswith('gcc-source') or \
bb.data.inherits_class('kernel', d) or \
- (bb.data.inherits_class('kernelsrc', d) and d.getVar('S') == d.getVar('STAGING_KERNEL_DIR'))
+ (bb.data.inherits_class('kernelsrc', d) and d.expand("${TMPDIR}/work-shared") in d.getVar('S'))
# Run do_unpack and do_patch
python do_unpack_and_patch() {
diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass
index 47dd12c..f0513af 100644
--- a/poky/meta/classes/create-spdx.bbclass
+++ b/poky/meta/classes/create-spdx.bbclass
@@ -21,7 +21,6 @@
SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
SPDX_INCLUDE_SOURCES ??= "0"
-SPDX_INCLUDE_PACKAGED ??= "0"
SPDX_ARCHIVE_SOURCES ??= "0"
SPDX_ARCHIVE_PACKAGED ??= "0"
@@ -431,7 +430,6 @@
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_workdir = Path(d.getVar("SPDXWORK"))
- include_packaged = d.getVar("SPDX_INCLUDE_PACKAGED") == "1"
include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
@@ -459,6 +457,7 @@
for s in d.getVar('SRC_URI').split():
if not s.startswith("file://"):
+ s = s.split(';')[0]
recipe.downloadLocation = s
break
else:
@@ -796,6 +795,7 @@
bb.build.exec_func('do_unpack', d)
# Copy source of kernel to spdx_workdir
if is_work_shared_spdx(d):
+ share_src = d.getVar('WORKDIR')
d.setVar('WORKDIR', spdx_workdir)
d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
@@ -803,8 +803,8 @@
if bb.data.inherits_class('kernel',d):
share_src = d.getVar('STAGING_KERNEL_DIR')
cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
- cmd_copy_kernel_result = os.popen(cmd_copy_share).read()
- bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result)
+ cmd_copy_shared_res = os.popen(cmd_copy_share).read()
+ bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
git_path = src_dir + "/.git"
if os.path.exists(git_path):
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 4b4ea78..5e2da56 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -48,8 +48,8 @@
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
+CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
@@ -202,7 +202,7 @@
recipies.add(pkg_data["PN"])
bb.note("Writing rootfs CVE manifest")
- deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+ deploy_dir = d.getVar("IMGDEPLOYDIR")
link_name = d.getVar("IMAGE_LINK_NAME")
json_data = {"version":"1", "package": []}
@@ -260,7 +260,7 @@
"""
Connect to the NVD database and find unpatched cves.
"""
- from oe.cve_check import Version
+ from oe.cve_check import Version, convert_cve_version
pn = d.getVar("PN")
real_pv = d.getVar("PV")
@@ -324,6 +324,9 @@
if cve in cve_ignore:
ignored = True
+ version_start = convert_cve_version(version_start)
+ version_end = convert_cve_version(version_end)
+
if (operator_start == '=' and pv == version_start) or version_start == '-':
vulnerable = True
else:
diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass
index 06a9548..26c5803 100644
--- a/poky/meta/classes/externalsrc.bbclass
+++ b/poky/meta/classes/externalsrc.bbclass
@@ -61,7 +61,7 @@
if externalsrcbuild:
d.setVar('B', externalsrcbuild)
else:
- d.setVar('B', '${WORKDIR}/${BPN}-${PV}/')
+ d.setVar('B', '${WORKDIR}/${BPN}-${PV}')
local_srcuri = []
fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d)
@@ -212,8 +212,8 @@
try:
git_dir = os.path.join(s_dir,
subprocess.check_output(['git', '-C', s_dir, 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
- top_git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'],
- stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
+ top_git_dir = os.path.join(d.getVar("TOPDIR"),
+ subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
if git_dir == top_git_dir:
git_dir = None
except subprocess.CalledProcessError:
@@ -230,7 +230,7 @@
env['GIT_INDEX_FILE'] = tmp_index.name
subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env)
git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8")
- if os.path.exists(".gitmodules"):
+ if os.path.exists(os.path.join(s_dir, ".gitmodules")) and os.path.getsize(os.path.join(s_dir, ".gitmodules")) > 0:
submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass
index 10a4ef9..8a1a51a 100644
--- a/poky/meta/classes/multilib.bbclass
+++ b/poky/meta/classes/multilib.bbclass
@@ -51,6 +51,7 @@
e.data.setVar("RECIPE_SYSROOT", "${WORKDIR}/recipe-sysroot")
e.data.setVar("STAGING_DIR_TARGET", "${WORKDIR}/recipe-sysroot")
e.data.setVar("STAGING_DIR_HOST", "${WORKDIR}/recipe-sysroot")
+ e.data.setVar("RECIPE_SYSROOT_MANIFEST_SUBDIR", "nativesdk-" + variant)
e.data.setVar("MLPREFIX", variant + "-")
override = ":virtclass-multilib-" + variant
e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override)
diff --git a/poky/meta/classes/recipe_sanity.bbclass b/poky/meta/classes/recipe_sanity.bbclass
index 1c2e24c..a5cc431 100644
--- a/poky/meta/classes/recipe_sanity.bbclass
+++ b/poky/meta/classes/recipe_sanity.bbclass
@@ -16,7 +16,7 @@
for var in d.getVar("__recipe_sanity_badruntimevars").split():
val = d.getVar(var, False)
if val and val != cfgdata.get(var):
- __note("%s should be %s_${PN}" % (var, var), d)
+ __note("%s should be %s:${PN}" % (var, var), d)
__recipe_sanity_reqvars = "DESCRIPTION"
__recipe_sanity_reqdiffvars = ""
diff --git a/poky/meta/classes/report-error.bbclass b/poky/meta/classes/report-error.bbclass
index 2f692fb..2b2ad56 100644
--- a/poky/meta/classes/report-error.bbclass
+++ b/poky/meta/classes/report-error.bbclass
@@ -107,6 +107,31 @@
errorreport_savedata(e, jsondata, "error-report.txt")
bb.utils.unlockfile(lock)
+ elif isinstance(e, bb.event.NoProvider):
+ bb.utils.mkdirhier(logpath)
+ data = {}
+ machine = e.data.getVar("MACHINE")
+ data['machine'] = machine
+ data['build_sys'] = e.data.getVar("BUILD_SYS")
+ data['nativelsb'] = nativelsb()
+ data['distro'] = e.data.getVar("DISTRO")
+ data['target_sys'] = e.data.getVar("TARGET_SYS")
+ data['failures'] = []
+ data['component'] = str(e._item)
+ data['branch_commit'] = str(oe.buildcfg.detect_branch(e.data)) + ": " + str(oe.buildcfg.detect_revision(e.data))
+ data['bitbake_version'] = e.data.getVar("BB_VERSION")
+ data['layer_version'] = get_layers_branch_rev(e.data)
+ data['local_conf'] = get_conf_data(e, 'local.conf')
+ data['auto_conf'] = get_conf_data(e, 'auto.conf')
+ taskdata={}
+ taskdata['log'] = str(e)
+ taskdata['package'] = str(e._item)
+ taskdata['task'] = "Nothing provides " + "'" + str(e._item) + "'"
+ data['failures'].append(taskdata)
+ lock = bb.utils.lockfile(datafile + '.lock')
+ errorreport_savedata(e, data, "error-report.txt")
+ bb.utils.unlockfile(lock)
+
elif isinstance(e, bb.event.BuildCompleted):
lock = bb.utils.lockfile(datafile + '.lock')
jsondata = json.loads(errorreport_getdata(e))
@@ -120,4 +145,4 @@
}
addhandler errorreport_handler
-errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed"
+errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed bb.event.NoProvider"
diff --git a/poky/meta/classes/rm_work.bbclass b/poky/meta/classes/rm_work.bbclass
index c493eff..8b5fe1b 100644
--- a/poky/meta/classes/rm_work.bbclass
+++ b/poky/meta/classes/rm_work.bbclass
@@ -33,6 +33,13 @@
BB_TASK_IONICE_LEVEL:task-rm_work = "3.0"
do_rm_work () {
+ # Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH
+ # Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function
+ RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)"
+ if [ -z "${RM_BIN}" ]; then
+ bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data."
+ fi
+
# If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe.
for p in ${RM_WORK_EXCLUDE}; do
if [ "$p" = "${PN}" ]; then
@@ -79,7 +86,7 @@
# sstate version since otherwise we'd need to leave 'plaindirs' around
# such as 'packages' and 'packages-split' and these can be large. No end
# of chain tasks depend directly on do_package anymore.
- rm -f -- $i;
+ "${RM_BIN}" -f -- $i;
;;
*_setscene*)
# Skip stamps which are already setscene versions
@@ -96,7 +103,7 @@
;;
esac
done
- rm -f -- $i
+ "${RM_BIN}" -f -- $i
esac
done
@@ -106,12 +113,14 @@
# Retain only logs and other files in temp, safely ignore
# failures of removing pseudo folers on NFS2/3 server.
if [ $dir = 'pseudo' ]; then
- rm -rf -- $dir 2> /dev/null || true
+ "${RM_BIN}" -rf -- $dir 2> /dev/null || true
elif ! echo "$excludes" | grep -q -w "$dir"; then
- rm -rf -- $dir
+ "${RM_BIN}" -rf -- $dir
fi
done
}
+do_rm_work[vardepsexclude] += "SSTATETASKS"
+
do_rm_work_all () {
:
}
@@ -178,7 +187,7 @@
# other recipes and thus will typically run much later than completion of
# work in the recipe itself.
# In practice, addtask() here merely updates the dependencies.
- bb.build.addtask('do_rm_work', 'do_build', ' '.join(deps), d)
+ bb.build.addtask('do_rm_work', 'do_rm_work_all do_build', ' '.join(deps), d)
# Always update do_build_without_rm_work dependencies.
bb.build.addtask('do_build_without_rm_work', '', ' '.join(deps), d)
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index 62cdd9a..a1f0f62 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -676,7 +676,7 @@
export PERL_HASH_SEED = "0"
export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}"
# A SOURCE_DATE_EPOCH of '0' might be misinterpreted as no SDE
-export SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400"
+SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400"
REPRODUCIBLE_TIMESTAMP_ROOTFS ??= "1520598896"
##################################################################
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
index 8b5f8d4..f5d6867 100644
--- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -78,9 +78,34 @@
CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887"
# 2020
CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
+# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_CHECK_IGNORE += "CVE-2020-27784"
+
# 2021
CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
+CVE_CHECK_IGNORE += "CVE-2021-3669"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_IGNORE += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
+CVE_CHECK_IGNORE += "CVE-2021-4218"
+
# 2022
CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
@@ -90,6 +115,193 @@
CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
CVE-2022-29582 CVE-2022-29968"
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
+CVE_CHECK_IGNORE += "CVE-2022-0480"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
+# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
+# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
+# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
+CVE_CHECK_IGNORE += "CVE-2022-1184"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_IGNORE += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
+# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
+# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
+# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
+# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
+CVE_CHECK_IGNORE += "CVE-2022-2308"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
+CVE_CHECK_IGNORE += "CVE-2022-2327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
+# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
+# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
+# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
+# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
+# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
+CVE_CHECK_IGNORE += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
+# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
+# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
+CVE_CHECK_IGNORE += "CVE-2022-2785"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
+# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
+# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
+# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
+CVE_CHECK_IGNORE += "CVE-2022-3176"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
+# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
+# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
+# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
+CVE_CHECK_IGNORE += "CVE-2022-3526"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_IGNORE += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_IGNORE += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
+# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
+# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
+CVE_CHECK_IGNORE += "CVE-2022-3624"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
+# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
+# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
+# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
+# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
+# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
+# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
+CVE_CHECK_IGNORE += "CVE-2022-3625"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_IGNORE += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
+# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
+# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
+# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
+CVE_CHECK_IGNORE += "CVE-2022-3630"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_IGNORE += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_IGNORE += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
+# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
+# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
+# The vulnerability has been introduced and patched in rc1 of v5.19.
+CVE_CHECK_IGNORE += "CVE-2022-3636"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_IGNORE += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_IGNORE += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_IGNORE += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_IGNORE += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_IGNORE += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_IGNORE += "CVE-2022-33742"
+
+
+# Wrong CPE in NVD database
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
+# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
+CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index 56088e4..99929ac 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -103,7 +103,7 @@
"
PTESTS_SLOW:remove:riscv64 = "valgrind-ptest"
-PTESTS_PROBLEMS:append:riscv64 = "valgrind-ptest"
+PTESTS_PROBLEMS:append:riscv64 = " valgrind-ptest"
# ruby-ptest \ # Timeout
# lz4-ptest \ # Needs a rewrite
diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc
index 7012db4..8a5cab5 100644
--- a/poky/meta/conf/distro/include/yocto-uninative.inc
+++ b/poky/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.36"
-UNINATIVE_VERSION = "3.7"
+UNINATIVE_MAXGLIBCVERSION = "2.37"
+UNINATIVE_VERSION = "3.9"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "6a29bcae4b5b716d2d520e18800b33943b65f8a835eac1ff8793fc5ee65b4be6"
-UNINATIVE_CHECKSUM[i686] ?= "3f6d52e64996570c716108d49f8108baccf499a283bbefae438c7266b7a93305"
-UNINATIVE_CHECKSUM[x86_64] ?= "b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570"
+UNINATIVE_CHECKSUM[aarch64] ?= "de35708c95c34573af140da910132c3291ba4fd26ebf7b74b755ada432cdf07b"
+UNINATIVE_CHECKSUM[i686] ?= "adac07b08adb88eb26fc7fd87fee0cec9d5be167bf7c5ffd3a549a2a6699c29c"
+UNINATIVE_CHECKSUM[x86_64] ?= "3dd82c3fbdb59e87bf091c3eef555a05fae528eeda3083828f76cd4deaceca8b"
diff --git a/poky/meta/lib/bblayers/buildconf.py b/poky/meta/lib/bblayers/buildconf.py
index e07fc53..ccab332 100644
--- a/poky/meta/lib/bblayers/buildconf.py
+++ b/poky/meta/lib/bblayers/buildconf.py
@@ -64,7 +64,7 @@
oecore = None
for l in layers:
- if l[0] == os.path.abspath(args.layerpath):
+ if os.path.abspath(l[0]) == os.path.abspath(args.layerpath):
targetlayer = l[0]
if l[1] == 'meta':
oecore = os.path.dirname(l[0])
diff --git a/poky/meta/lib/bblayers/makesetup.py b/poky/meta/lib/bblayers/makesetup.py
index 22f89d8..5fb6f14 100644
--- a/poky/meta/lib/bblayers/makesetup.py
+++ b/poky/meta/lib/bblayers/makesetup.py
@@ -45,8 +45,15 @@
return ""
return describe.strip()
+ def _is_submodule(self, repo_path):
+ # This is slightly brittle: git does not offer a way to tell whether
+ # a given repo dir is a submodule checkout, so we need to rely on .git
+ # being a file (rather than a dir like it is in standalone checkouts).
+ # The file typically contains a gitdir pointer to elsewhere.
+ return os.path.isfile(os.path.join(repo_path,".git"))
+
def make_repo_config(self, destdir):
- """ This is a helper function for the writer plugins that discovers currently confugured layers.
+ """ This is a helper function for the writer plugins that discovers currently configured layers.
The writers do not have to use it, but it can save a bit of work and avoid duplicated code, hence it is
available here. """
repos = {}
@@ -63,6 +70,9 @@
logger.error("Layer {name} in {path} has uncommitted modifications or is not in a git repository.".format(name=l_name,path=l_path))
return
repo_path = self._get_repo_path(l_path)
+
+ if self._is_submodule(repo_path):
+ continue
if repo_path not in repos.keys():
repos[repo_path] = {'path':os.path.basename(repo_path),'git-remote':{'rev':l_rev, 'branch':l_branch, 'remotes':self._get_remotes(repo_path), 'describe':self._get_describe(repo_path)}}
if repo_path == destdir_repo:
diff --git a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py
index f6a484b..d5bc19a 100644
--- a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py
+++ b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py
@@ -33,6 +33,8 @@
def do_write(self, parent, args):
""" Writes out a python script and a json config that replicate the directory structure and revisions of the layers in a current build. """
+ if not os.path.exists(args.destdir):
+ os.makedirs(args.destdir)
repos = parent.make_repo_config(args.destdir)
json = {"version":"1.0","sources":repos}
if not repos:
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py
index 4f1d80f..dbaa0b3 100644
--- a/poky/meta/lib/oe/cve_check.py
+++ b/poky/meta/lib/oe/cve_check.py
@@ -179,3 +179,42 @@
if os.path.exists(os.path.realpath(link_path)):
os.remove(link_path)
os.symlink(os.path.basename(target_path), link_path)
+
+
+def convert_cve_version(version):
+ """
+ This function converts from CVE format to Yocto version format.
+ eg 8.3_p1 -> 8.3p1, 6.2_rc1 -> 6.2-rc1
+
+ Unless it is redefined using CVE_VERSION in the recipe,
+ cve_check uses the version in the name of the recipe (${PV})
+ to check vulnerabilities against a CVE in the database downloaded from NVD.
+
+ When the version has an update, i.e.
+ "p1" in OpenSSH 8.3p1,
+ "-rc1" in linux kernel 6.2-rc1,
+ the database stores the version as version_update (8.3_p1, 6.2_rc1).
+ Therefore, we must transform this version before comparing to the
+ recipe version.
+
+ In this case, the parameter of the function is 8.3_p1.
+ If the version uses the Release Candidate format, "rc",
+ this function replaces the '_' by '-'.
+ If the version uses the Update format, "p",
+ this function removes the '_' completely.
+ """
+ import re
+
+ matches = re.match('^([0-9.]+)_((p|rc)[0-9]+)$', version)
+
+ if not matches:
+ return version
+
+ version = matches.group(1)
+ update = matches.group(2)
+
+ if matches.group(3) == "rc":
+ return version + '-' + update
+
+ return version + update
+
diff --git a/poky/meta/lib/oe/gpg_sign.py b/poky/meta/lib/oe/gpg_sign.py
index 613dab8..ede6186 100644
--- a/poky/meta/lib/oe/gpg_sign.py
+++ b/poky/meta/lib/oe/gpg_sign.py
@@ -5,11 +5,12 @@
#
"""Helper module for GPG signing"""
-import os
import bb
-import subprocess
+import os
import shlex
+import subprocess
+import tempfile
class LocalSigner(object):
"""Class for handling local (on the build host) signing"""
@@ -73,8 +74,6 @@
cmd += ['--homedir', self.gpg_path]
if armor:
cmd += ['--armor']
- if output_suffix:
- cmd += ['-o', input_file + "." + output_suffix]
if use_sha256:
cmd += ['--digest-algo', "SHA256"]
@@ -83,19 +82,27 @@
if self.gpg_version > (2,1,):
cmd += ['--pinentry-mode', 'loopback']
- cmd += [input_file]
-
try:
if passphrase_file:
with open(passphrase_file) as fobj:
passphrase = fobj.readline();
- job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
- (_, stderr) = job.communicate(passphrase.encode("utf-8"))
+ if not output_suffix:
+ output_suffix = 'asc' if armor else 'sig'
+ output_file = input_file + "." + output_suffix
+ with tempfile.TemporaryDirectory(dir=os.path.dirname(output_file)) as tmp_dir:
+ tmp_file = os.path.join(tmp_dir, os.path.basename(output_file))
+ cmd += ['-o', tmp_file]
- if job.returncode:
- bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8")))
+ cmd += [input_file]
+ job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
+ (_, stderr) = job.communicate(passphrase.encode("utf-8"))
+
+ if job.returncode:
+ bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8")))
+
+ os.rename(tmp_file, output_file)
except IOError as e:
bb.error("IO error (%s): %s" % (e.errno, e.strerror))
raise Exception("Failed to sign '%s'" % input_file)
diff --git a/poky/meta/lib/oe/overlayfs.py b/poky/meta/lib/oe/overlayfs.py
index 8d7a047..8b88900 100644
--- a/poky/meta/lib/oe/overlayfs.py
+++ b/poky/meta/lib/oe/overlayfs.py
@@ -40,7 +40,11 @@
bb.fatal("Missing required mount point for OVERLAYFS_MOUNT_POINT[%s] in your MACHINE configuration" % mountPoint)
for mountPoint in overlayMountPoints:
- for path in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+ mountPointList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+ if not mountPointList:
+ bb.debug(1, "No mount points defined for %s flag, don't add to file list", mountPoint)
+ continue
+ for path in mountPointList.split():
fileList.append(mountUnitName(path))
fileList.append(helperUnitName(path))
diff --git a/poky/meta/lib/oe/package_manager/deb/__init__.py b/poky/meta/lib/oe/package_manager/deb/__init__.py
index c672454..0c23c88 100644
--- a/poky/meta/lib/oe/package_manager/deb/__init__.py
+++ b/poky/meta/lib/oe/package_manager/deb/__init__.py
@@ -82,15 +82,15 @@
return
oe.utils.multiprocess_launch(create_index, index_cmds, self.d)
- if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
- signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
+ if self.d.getVar('PACKAGE_FEED_SIGN') == '1':
+ signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND'))
else:
signer = None
if signer:
for f in index_sign_files:
signer.detach_sign(f,
- self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
- self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
+ self.d.getVar('PACKAGE_FEED_GPG_NAME'),
+ self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE'),
output_suffix="gpg",
use_sha256=True)
diff --git a/poky/meta/lib/oe/reproducible.py b/poky/meta/lib/oe/reproducible.py
index 04a1810..9ac75c0 100644
--- a/poky/meta/lib/oe/reproducible.py
+++ b/poky/meta/lib/oe/reproducible.py
@@ -115,7 +115,8 @@
return None
bb.debug(1, "git repository: %s" % gitpath)
- p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE)
+ p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'],
+ check=True, stdout=subprocess.PIPE)
return int(p.stdout.decode('utf-8'))
def get_source_date_epoch_from_youngest_file(d, sourcedir):
diff --git a/poky/meta/lib/oe/rust.py b/poky/meta/lib/oe/rust.py
index 1dc9cf1..185553e 100644
--- a/poky/meta/lib/oe/rust.py
+++ b/poky/meta/lib/oe/rust.py
@@ -8,4 +8,6 @@
def arch_to_rust_arch(arch):
if arch == "ppc64le":
return "powerpc64le"
+ if arch in ('riscv32', 'riscv64'):
+ return arch + 'gc'
return arch
diff --git a/poky/meta/lib/oe/sstatesig.py b/poky/meta/lib/oe/sstatesig.py
index fad10af..fb4abe8 100644
--- a/poky/meta/lib/oe/sstatesig.py
+++ b/poky/meta/lib/oe/sstatesig.py
@@ -32,6 +32,12 @@
depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep)
mc, _ = bb.runqueue.split_mc(fn)
+ # We can skip the rm_work task signature to avoid running the task
+ # when we remove some tasks from the dependencie chain
+ # i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work
+ if task == "do_rm_work":
+ return False
+
# Keep all dependencies between SPDX tasks in the signature. SPDX documents
# are linked together by hashes, which means if a dependent document changes,
# all downstream documents must be re-written (even if they are "safe"
@@ -463,11 +469,15 @@
pkgarchs.append('allarch')
pkgarchs.append('${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}')
+ searched_manifests = []
+
for pkgarch in pkgarchs:
manifest = d2.expand("${SSTATE_MANIFESTS}/manifest-%s-%s.%s" % (pkgarch, taskdata, taskname))
if os.path.exists(manifest):
return manifest, d2
- bb.fatal("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant))
+ searched_manifests.append(manifest)
+ bb.fatal("The sstate manifest for task '%s:%s' (multilib variant '%s') could not be found.\nThe pkgarchs considered were: %s.\nBut none of these manifests exists:\n %s"
+ % (taskdata, taskname, variant, d2.expand(", ".join(pkgarchs)),"\n ".join(searched_manifests)))
return None, d2
def OEOuthashBasic(path, sigfile, task, d):
@@ -652,6 +662,10 @@
if f == 'fixmepath':
continue
process(os.path.join(root, f))
+
+ for dir in dirs:
+ if os.path.islink(os.path.join(root, dir)):
+ process(os.path.join(root, dir))
finally:
os.chdir(prev_dir)
diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py
index f956a77..4ab0cdd 100644
--- a/poky/meta/lib/oeqa/core/target/ssh.py
+++ b/poky/meta/lib/oeqa/core/target/ssh.py
@@ -34,6 +34,8 @@
self.timeout = timeout
self.user = user
ssh_options = [
+ '-o', 'ServerAliveCountMax=2',
+ '-o', 'ServerAliveInterval=30',
'-o', 'UserKnownHostsFile=/dev/null',
'-o', 'StrictHostKeyChecking=no',
'-o', 'LogLevel=ERROR'
@@ -224,27 +226,33 @@
def run():
nonlocal output
nonlocal process
+ output_raw = b''
starttime = time.time()
process = subprocess.Popen(command, **options)
if timeout:
endtime = starttime + timeout
eof = False
+ os.set_blocking(process.stdout.fileno(), False)
while time.time() < endtime and not eof:
- logger.debug('time: %s, endtime: %s' % (time.time(), endtime))
try:
+ logger.debug('Waiting for process output: time: %s, endtime: %s' % (time.time(), endtime))
if select.select([process.stdout], [], [], 5)[0] != []:
- reader = codecs.getreader('utf-8')(process.stdout, 'ignore')
- data = reader.read(1024, 4096)
+ # wait a bit for more data, tries to avoid reading single characters
+ time.sleep(0.2)
+ data = process.stdout.read()
if not data:
- process.stdout.close()
eof = True
else:
- output += data
- logger.debug('Partial data from SSH call: %s' % data)
+ output_raw += data
+ # ignore errors to capture as much as possible
+ logger.debug('Partial data from SSH call:\n%s' % data.decode('utf-8', errors='ignore'))
endtime = time.time() + timeout
except InterruptedError:
+ logger.debug('InterruptedError')
continue
+ process.stdout.close()
+
# process hasn't returned yet
if not eof:
process.terminate()
@@ -252,16 +260,30 @@
try:
process.kill()
except OSError:
+ logger.debug('OSError when killing process')
pass
endtime = time.time() - starttime
lastline = ("\nProcess killed - no output for %d seconds. Total"
" running time: %d seconds." % (timeout, endtime))
- logger.debug('Received data from SSH call %s ' % lastline)
+ logger.debug('Received data from SSH call:\n%s ' % lastline)
output += lastline
else:
- output = process.communicate()[0].decode('utf-8', errors='ignore')
- logger.debug('Data from SSH call: %s' % output.rstrip())
+ output_raw = process.communicate()[0]
+
+ output = output_raw.decode('utf-8', errors='ignore')
+ logger.debug('Data from SSH call:\n%s' % output.rstrip())
+
+ # timout or not, make sure process exits and is not hanging
+ if process.returncode == None:
+ try:
+ process.wait(timeout=5)
+ except TimeoutExpired:
+ try:
+ process.kill()
+ except OSError:
+ logger.debug('OSError')
+ pass
options = {
"stdout": subprocess.PIPE,
@@ -290,4 +312,5 @@
process.kill()
logger.debug('Something went wrong, killing SSH process')
raise
- return (process.wait(), output.rstrip())
+
+ return (process.returncode, output.rstrip())
diff --git a/poky/meta/lib/oeqa/core/utils/concurrencytest.py b/poky/meta/lib/oeqa/core/utils/concurrencytest.py
index 383479c..4f77589 100644
--- a/poky/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/poky/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -59,6 +59,7 @@
self.outputbuf = output
self.finalresult = finalresult
self.finalresult.buffer = True
+ self.target = target
def _add_result_with_semaphore(self, method, test, *args, **kwargs):
self.semaphore.acquire()
@@ -67,13 +68,14 @@
self.result.starttime[test.id()] = self._test_start.timestamp()
self.result.threadprogress[self.threadnum].append(test.id())
totalprogress = sum(len(x) for x in self.result.threadprogress.values())
- self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % (
+ self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s failed) (%s)" % (
self.threadnum,
len(self.result.threadprogress[self.threadnum]),
self.totalinprocess,
totalprogress,
self.totaltests,
"{0:.2f}".format(time.time()-self._test_start.timestamp()),
+ self.target.failed_tests,
test.id())
finally:
self.semaphore.release()
diff --git a/poky/meta/lib/oeqa/runtime/cases/apt.py b/poky/meta/lib/oeqa/runtime/cases/apt.py
index 4e09374..8000645 100644
--- a/poky/meta/lib/oeqa/runtime/cases/apt.py
+++ b/poky/meta/lib/oeqa/runtime/cases/apt.py
@@ -39,9 +39,9 @@
self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s/all ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
def setup_source_config_for_package_install_signed(self):
- apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
+ apt_get_source_server = 'http://%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
apt_get_sourceslist_dir = '/etc/apt/'
- self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
+ self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's|\[trusted=yes\] http://bogus_ip:bogus_port|%s|g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
def cleanup_source_config_for_package_install(self):
apt_get_sourceslist_dir = '/etc/apt/'
diff --git a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
index bd3b46d..3728855 100644
--- a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
+++ b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
@@ -29,7 +29,10 @@
@OEHasPackage(['autoconf'])
def test_cpio(self):
self.project.download_archive()
- self.project.run_configure('--disable-maintainer-mode',
- 'sed -i -e "/char \*program_name/d" src/global.c;')
+ self.project.run_configure('--disable-maintainer-mode')
+ # This sed is needed until
+ # https://git.savannah.gnu.org/cgit/cpio.git/commit/src/global.c?id=641d3f489cf6238bb916368d4ba0d9325a235afb
+ # is in a release.
+ self.project._run(r'sed -i -e "/char \*program_name/d" %s/src/global.c' % self.project.targetdir)
self.project.run_make()
self.project.run_install()
diff --git a/poky/meta/lib/oeqa/runtime/cases/dnf.py b/poky/meta/lib/oeqa/runtime/cases/dnf.py
index 410d456..3ccb18c 100644
--- a/poky/meta/lib/oeqa/runtime/cases/dnf.py
+++ b/poky/meta/lib/oeqa/runtime/cases/dnf.py
@@ -147,29 +147,21 @@
rootpath = '/home/root/chroot/test'
#Copy necessary files to avoid errors with not yet installed tools on
#installroot directory.
- self.target.run('mkdir -p %s/etc' % rootpath, 1500)
- self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath), 1500)
- self.target.run('ln -sf -r %s/usr/bin %s/bin' % (rootpath, rootpath), 1500)
- self.target.run('ln -sf -r %s/usr/sbin %s/sbin' % (rootpath, rootpath), 1500)
- self.target.run('mkdir -p %s/dev' % rootpath, 1500)
+ self.target.run('mkdir -p %s/etc' % rootpath)
+ self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath))
+ self.target.run('ln -sf usr/bin %s/bin' % (rootpath))
+ self.target.run('ln -sf usr/sbin %s/sbin' % (rootpath))
+ self.target.run('mkdir -p %s/dev' % rootpath)
#Handle different architectures lib dirs
- self.target.run('mkdir -p %s/usr/lib' % rootpath, 1500)
- self.target.run('mkdir -p %s/usr/libx32' % rootpath, 1500)
- self.target.run('mkdir -p %s/usr/lib64' % rootpath, 1500)
- self.target.run('cp /lib/libtinfo.so.5 %s/usr/lib' % rootpath, 1500)
- self.target.run('cp /libx32/libtinfo.so.5 %s/usr/libx32' % rootpath, 1500)
- self.target.run('cp /lib64/libtinfo.so.5 %s/usr/lib64' % rootpath, 1500)
- self.target.run('ln -sf -r %s/lib %s/usr/lib' % (rootpath,rootpath), 1500)
- self.target.run('ln -sf -r %s/libx32 %s/usr/libx32' % (rootpath,rootpath), 1500)
- self.target.run('ln -sf -r %s/lib64 %s/usr/lib64' % (rootpath,rootpath), 1500)
- self.target.run('cp -r /etc/rpm %s/etc' % rootpath, 1500)
- self.target.run('cp -r /etc/dnf %s/etc' % rootpath, 1500)
- self.target.run('cp /bin/sh %s/bin' % rootpath, 1500)
- self.target.run('mount -o bind /dev %s/dev/' % rootpath, 1500)
+ self.target.run("for l in /lib*; do mkdir -p %s/usr/$l; ln -s usr/$l %s/$l; done" % (rootpath, rootpath))
+ self.target.run('cp -r /etc/rpm %s/etc' % rootpath)
+ self.target.run('cp -r /etc/dnf %s/etc' % rootpath)
+ self.target.run('cp /bin/busybox %s/bin/sh' % rootpath)
+ self.target.run('mount -o bind /dev %s/dev/' % rootpath)
self.dnf_with_repo('install --installroot=%s -v -y --rpmverbosity=debug busybox' % rootpath)
- status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath, 1500)
+ status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath)
self.assertEqual(0, status, output)
- status, output = self.target.run('test -e %s/bin/busybox' % rootpath, 1500)
+ status, output = self.target.run('test -e %s/bin/busybox' % rootpath)
self.assertEqual(0, status, output)
@OETestDepends(['dnf.DnfRepoTest.test_dnf_makecache'])
diff --git a/poky/meta/lib/oeqa/runtime/cases/ping.py b/poky/meta/lib/oeqa/runtime/cases/ping.py
index 967b441..f72460e 100644
--- a/poky/meta/lib/oeqa/runtime/cases/ping.py
+++ b/poky/meta/lib/oeqa/runtime/cases/ping.py
@@ -5,6 +5,7 @@
#
from subprocess import Popen, PIPE
+from time import sleep
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.oetimeout import OETimeout
@@ -16,6 +17,7 @@
def test_ping(self):
output = ''
count = 0
+ self.assertNotEqual(len(self.target.ip), 0, msg="No target IP address set")
try:
while count < 5:
cmd = 'ping -c 1 %s' % self.target.ip
@@ -25,6 +27,7 @@
count += 1
else:
count = 0
+ sleep(1)
except OEQATimeoutError:
self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output))
msg = ('Expected 5 consecutive, got %d.\n'
diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py
index e3cd818..fa86eb0 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py
@@ -51,21 +51,20 @@
msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output)
self.assertEqual(status, 0, msg=msg)
- def check_no_process_for_user(u):
- _, output = self.target.run(self.tc.target_cmds['ps'])
- if u + ' ' in output:
- return False
- else:
- return True
+ def wait_for_no_process_for_user(u, timeout = 120):
+ timeout_at = time.time() + timeout
+ while time.time() < timeout_at:
+ _, output = self.target.run(self.tc.target_cmds['ps'])
+ if u + ' ' not in output:
+ return
+ time.sleep(1)
+ user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
+ msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
+ assertTrue(True, msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
- timeout = time.time() + 30
- while time.time() < timeout:
- if check_no_process_for_user(u):
- break
- else:
- time.sleep(1)
+ wait_for_no_process_for_user(u)
status, output = self.target.run('userdel -r %s' % u)
msg = 'Failed to erase user: %s' % output
self.assertTrue(status == 0, msg=msg)
diff --git a/poky/meta/lib/oeqa/runtime/cases/rtc.py b/poky/meta/lib/oeqa/runtime/cases/rtc.py
index b2159b1..6e45c5d 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rtc.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rtc.py
@@ -5,6 +5,7 @@
#
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
+from oeqa.core.decorator.data import skipIfFeature
from oeqa.runtime.decorator.package import OEHasPackage
import re
@@ -21,12 +22,14 @@
self.logger.debug('Starting systemd-timesyncd daemon')
self.target.run('systemctl enable --now --runtime systemd-timesyncd')
+ @skipIfFeature('read-only-rootfs',
+ 'Test does not work with read-only-rootfs in IMAGE_FEATURES')
@OETestDepends(['ssh.SSHTest.test_ssh'])
@OEHasPackage(['coreutils', 'busybox'])
def test_rtc(self):
(status, output) = self.target.run('hwclock -r')
self.assertEqual(status, 0, msg='Failed to get RTC time, output: %s' % output)
-
+
(status, current_datetime) = self.target.run('date +"%m%d%H%M%Y"')
self.assertEqual(status, 0, msg='Failed to get system current date & time, output: %s' % current_datetime)
@@ -37,7 +40,6 @@
(status, output) = self.target.run('date %s' % current_datetime)
self.assertEqual(status, 0, msg='Failed to reset system date & time, output: %s' % output)
-
+
(status, output) = self.target.run('hwclock -w')
self.assertEqual(status, 0, msg='Failed to reset RTC time, output: %s' % output)
-
diff --git a/poky/meta/lib/oeqa/runtime/cases/systemd.py b/poky/meta/lib/oeqa/runtime/cases/systemd.py
index 720b4b5..37f2954 100644
--- a/poky/meta/lib/oeqa/runtime/cases/systemd.py
+++ b/poky/meta/lib/oeqa/runtime/cases/systemd.py
@@ -154,7 +154,7 @@
"""
# The expression chain that uniquely identifies the time boot message.
- expr_items=['Startup finished', 'kernel', 'userspace','\.$']
+ expr_items=['Startup finished', 'kernel', 'userspace', r'\.$']
try:
output = self.journalctl(args='-o cat --reverse')
except AssertionError:
diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py
index 8092dd0..0c5d186 100644
--- a/poky/meta/lib/oeqa/runtime/context.py
+++ b/poky/meta/lib/oeqa/runtime/context.py
@@ -67,11 +67,11 @@
% self.default_target_type)
runtime_group.add_argument('--target-ip', action='store',
default=self.default_target_ip,
- help="IP address of device under test, default: %s" \
+ help="IP address and optionally ssh port (default 22) of device under test, for example '192.168.0.7:22'. Default: %s" \
% self.default_target_ip)
runtime_group.add_argument('--server-ip', action='store',
default=self.default_target_ip,
- help="IP address of device under test, default: %s" \
+ help="IP address of the test host from test target machine, default: %s" \
% self.default_server_ip)
runtime_group.add_argument('--host-dumper-dir', action='store',
diff --git a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py
index ee515be..147ee3e 100644
--- a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -35,7 +35,7 @@
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
- log = self._run("meson -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
+ log = self._run("meson --warnlevel 1 -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
# Check that Meson thinks we're doing a cross build and not a native
self.assertIn("Build type: cross build", log)
self._run("ninja -C {build} -v".format(**dirs))
diff --git a/poky/meta/lib/oeqa/sdkext/cases/devtool.py b/poky/meta/lib/oeqa/sdkext/cases/devtool.py
index a5c6a76..5ffb732 100644
--- a/poky/meta/lib/oeqa/sdkext/cases/devtool.py
+++ b/poky/meta/lib/oeqa/sdkext/cases/devtool.py
@@ -112,7 +112,7 @@
cmd = 'oe-publish-sdk %s %s' % (tcname_new, self.publish_dir)
subprocess.check_output(cmd, shell=True)
- self.http_service = HTTPService(self.publish_dir)
+ self.http_service = HTTPService(self.publish_dir, logger=self.logger)
self.http_service.start()
self.http_url = "http://127.0.0.1:%d" % self.http_service.port
diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
index ac47af1..9534c97 100644
--- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -54,6 +54,25 @@
self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+ def test_convert_cve_version(self):
+ from oe.cve_check import convert_cve_version
+
+ # Default format
+ self.assertEqual(convert_cve_version("8.3"), "8.3")
+ self.assertEqual(convert_cve_version(""), "")
+
+ # OpenSSL format version
+ self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t")
+
+ # OpenSSH format
+ self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1")
+ self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22")
+
+ # Linux kernel format
+ self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8")
+ self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31")
+
+
def test_recipe_report_json(self):
config = """
INHERIT += "cve-check"
diff --git a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py
index 3c40119..37f5176 100644
--- a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py
+++ b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py
@@ -12,6 +12,36 @@
class Debuginfod(OESelftestTestCase):
+
+ def wait_for_debuginfod(self, port):
+ """
+ debuginfod takes time to scan the packages and requesting too early may
+ result in a test failure if the right packages haven't been scanned yet.
+
+ Request the metrics endpoint periodically and wait for there to be no
+ busy scanning threads.
+
+ Returns True if debuginfod is ready, False if we timed out
+ """
+ import time, urllib
+
+ # Wait a minute
+ countdown = 6
+ delay = 10
+
+ while countdown:
+ time.sleep(delay)
+ try:
+ with urllib.request.urlopen("http://localhost:%d/metrics" % port) as f:
+ lines = f.read().decode("ascii").splitlines()
+ if "thread_busy{role=\"scan\"} 0" in lines:
+ return True
+ except urllib.error.URLError as e:
+ self.logger.error(e)
+ countdown -= 1
+ return False
+
+
def test_debuginfod(self):
self.write_config(
"""
@@ -25,29 +55,50 @@
cmd = [
os.path.join(native_sysroot, "usr", "bin", "debuginfod"),
"--verbose",
+ # In-memory database, this is a one-shot test
"--database=:memory:",
+ # Don't use all the host cores
+ "--concurrency=8",
+ "--connection-pool=8",
+ # Disable rescanning, this is a one-shot test
+ "--rescan-time=0",
+ "--groom-time=0",
get_bb_var("DEPLOY_DIR"),
]
- for format in get_bb_var("PACKAGE_CLASSES").split():
- if format == "package_deb":
- cmd.append("--scan-deb-dir")
- elif format == "package_ipk":
- cmd.append("--scan-deb-dir")
- elif format == "package_rpm":
- cmd.append("--scan-rpm-dir")
+
+ format = get_bb_var("PACKAGE_CLASSES").split()[0]
+ if format == "package_deb":
+ cmd.append("--scan-deb-dir")
+ elif format == "package_ipk":
+ cmd.append("--scan-deb-dir")
+ elif format == "package_rpm":
+ cmd.append("--scan-rpm-dir")
+ else:
+ self.fail("Unknown package class %s" % format)
+
# Find a free port
with socketserver.TCPServer(("localhost", 0), None) as s:
port = s.server_address[1]
cmd.append("--port=%d" % port)
try:
- debuginfod = subprocess.Popen(cmd)
+ # Remove DEBUGINFOD_URLS from the environment so we don't try
+ # looking in the distro debuginfod
+ env = os.environ.copy()
+ if "DEBUGINFOD_URLS" in env:
+ del env["DEBUGINFOD_URLS"]
+
+ self.logger.info(f"Starting server {cmd}")
+ debuginfod = subprocess.Popen(cmd, env=env)
with runqemu("core-image-minimal", runqemuparams="nographic") as qemu:
+ self.assertTrue(self.wait_for_debuginfod(port))
+
cmd = (
"DEBUGINFOD_URLS=http://%s:%d/ debuginfod-find debuginfo /usr/bin/debuginfod"
% (qemu.server_ip, port)
)
+ self.logger.info(f"Starting client {cmd}")
status, output = qemu.run_serial(cmd)
# This should be more comprehensive
self.assertIn("/.cache/debuginfod_client/", output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index 142932e..877d77d 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -276,6 +276,7 @@
cls.sstate_conf = 'SSTATE_DIR = "%s"\n' % cls.devtool_sstate
cls.sstate_conf += ('SSTATE_MIRRORS += "file://.* file:///%s/PATH"\n'
% cls.original_sstate)
+ cls.sstate_conf += ('BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"\n')
@classmethod
def tearDownClass(cls):
@@ -954,7 +955,7 @@
def test_devtool_update_recipe_git(self):
# Check preconditions
- testrecipe = 'mtd-utils'
+ testrecipe = 'mtd-utils-selftest'
bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe)
recipefile = bb_vars['FILE']
src_uri = bb_vars['SRC_URI']
@@ -1075,7 +1076,7 @@
def test_devtool_update_recipe_append_git(self):
# Check preconditions
- testrecipe = 'mtd-utils'
+ testrecipe = 'mtd-utils-selftest'
bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe)
recipefile = bb_vars['FILE']
src_uri = bb_vars['SRC_URI']
diff --git a/poky/meta/lib/oeqa/selftest/cases/externalsrc.py b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py
new file mode 100644
index 0000000..1d800dc
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py
@@ -0,0 +1,44 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+import shutil
+import tempfile
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import get_bb_var, runCmd
+
+class ExternalSrc(OESelftestTestCase):
+ # test that srctree_hash_files does not crash
+ # we should be actually checking do_compile[file-checksums] but oeqa currently does not support it
+ # so we check only that a recipe with externalsrc can be parsed
+ def test_externalsrc_srctree_hash_files(self):
+ test_recipe = "git-submodule-test"
+ git_url = "git://git.yoctoproject.org/git-submodule-test"
+ externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name
+
+ self.write_config(
+ """
+INHERIT += "externalsrc"
+EXTERNALSRC:pn-%s = "%s"
+""" % (test_recipe, externalsrc_dir)
+ )
+
+ # test with git without submodules
+ runCmd('git clone %s %s' % (git_url, externalsrc_dir))
+ os.unlink(externalsrc_dir + "/.gitmodules")
+ open(".gitmodules", 'w').close() # local file .gitmodules in cwd should not affect externalsrc parsing
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
+ os.unlink(".gitmodules")
+
+ # test with git with submodules
+ runCmd('git checkout .gitmodules', cwd=externalsrc_dir)
+ runCmd('git submodule update --init --recursive', cwd=externalsrc_dir)
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
+
+ # test without git
+ shutil.rmtree(os.path.join(externalsrc_dir, ".git"))
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
diff --git a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py
index 5897a39..2d0b805 100644
--- a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py
+++ b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py
@@ -28,6 +28,7 @@
SRC_URI = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e"
""" % (urllib.parse.quote(lic_path), urllib.parse.quote(lic_path)))
result = bitbake(bitbake_cmd)
+ self.delete_recipeinc('emptytest')
# Verify that changing a license file that has an absolute path causes
@@ -53,5 +54,6 @@
f.write("data")
result = bitbake(bitbake_cmd, ignore_status=True)
+ self.delete_recipeinc('emptytest')
if error_msg not in result.output:
raise AssertionError(result.output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/locales.py b/poky/meta/lib/oeqa/selftest/cases/locales.py
new file mode 100644
index 0000000..433991a
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/locales.py
@@ -0,0 +1,45 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.core.decorator import OETestTag
+from oeqa.utils.commands import bitbake, runqemu
+
+class LocalesTest(OESelftestTestCase):
+
+ @OETestTag("runqemu")
+ def test_locales_on(self):
+ """
+ Summary: Test the locales are generated
+ Expected: 1. Check the locale exist in the locale-archive
+ 2. Check the locale exist for the glibc
+ 3. Check the locale can be generated
+ Product: oe-core
+ Author: Louis Rannou <lrannou@baylibre.com>
+ AutomatedBy: Louis Rannou <lrannou@baylibre.com>
+ """
+
+ features = []
+ features.append('EXTRA_IMAGE_FEATURES = "empty-root-password allow-empty-password allow-root-login"')
+ features.append('IMAGE_INSTALL:append = " glibc-utils localedef"')
+ features.append('GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8"')
+ features.append('IMAGE_LINGUAS:append = " en-us fr-fr"')
+ features.append('ENABLE_BINARY_LOCALE_GENERATION = "1"')
+ self.write_config("\n".join(features))
+
+ # Build a core-image-minimal
+ bitbake('core-image-minimal')
+
+ with runqemu("core-image-minimal", ssh=False, runqemuparams='nographic') as qemu:
+ cmd = "locale -a"
+ status, output = qemu.run_serial(cmd)
+ # output must includes fr_FR or fr_FR.UTF-8
+ self.assertEqual(status, 1, msg='locale test command failed: output: %s' % output)
+ self.assertIn("fr_FR", output, msg='locale -a test failed: output: %s' % output)
+
+ cmd = "localedef --list-archive -v"
+ status, output = qemu.run_serial(cmd)
+ # output must includes fr_FR.utf8
+ self.assertEqual(status, 1, msg='localedef test command failed: output: %s' % output)
+ self.assertIn("fr_FR.utf8", output, msg='localedef test failed: output: %s' % output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/package.py b/poky/meta/lib/oeqa/selftest/cases/package.py
index 2d1b48a..cc09a14 100644
--- a/poky/meta/lib/oeqa/selftest/cases/package.py
+++ b/poky/meta/lib/oeqa/selftest/cases/package.py
@@ -89,6 +89,13 @@
self.assertEqual(status - 100, sort, "%s %s (%d) failed" % (ver1, ver2, sort))
class PackageTests(OESelftestTestCase):
+ # Verify that a recipe cannot rename a package into an existing one
+ def test_package_name_conflict(self):
+ res = bitbake("packagenameconflict", ignore_status=True)
+ self.assertNotEqual(res.status, 0)
+ err = "package name already exists"
+ self.assertTrue(err in res.output)
+
# Verify that a recipe which sets up hardlink files has those preserved into split packages
# Also test file sparseness is preserved
def test_preserve_sparse_hardlinks(self):
diff --git a/poky/meta/lib/oeqa/selftest/cases/prservice.py b/poky/meta/lib/oeqa/selftest/cases/prservice.py
index cb95503..9fe3b80 100644
--- a/poky/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/poky/meta/lib/oeqa/selftest/cases/prservice.py
@@ -77,7 +77,7 @@
exported_db_path = os.path.join(self.builddir, 'export.inc')
export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True)
self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output)
- self.assertTrue(os.path.exists(exported_db_path))
+ self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output))
if replace_current_db:
current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3')
diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
index 25b06cd..b193f0f 100644
--- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -581,7 +581,10 @@
commonlicdir = get_bb_var('COMMON_LICENSE_DIR')
- d = bb.tinfoil.TinfoilDataStoreConnector
+ class DataConnectorCopy(bb.tinfoil.TinfoilDataStoreConnector):
+ pass
+
+ d = DataConnectorCopy
d.getVar = Mock(return_value=commonlicdir)
srctree = tempfile.mkdtemp(prefix='recipetoolqa')
diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
index f4dd779..cd7aa8a 100644
--- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -292,9 +292,13 @@
self.copy_file(d.reference, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.reference)]))
self.copy_file(d.test, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.test)]))
- if result.missing or result.different:
- fails.append("The following %s packages are missing or different and not in exclusion list: %s" %
- (c, '\n'.join(r.test for r in (result.missing + result.different))))
+ if result.different:
+ fails.append("The following %s packages are different and not in exclusion list:\n%s" %
+ (c, '\n'.join(r.test for r in (result.different))))
+
+ if result.missing and len(self.sstate_targets) == 0:
+ fails.append("The following %s packages are missing and not in exclusion list:\n%s" %
+ (c, '\n'.join(r.test for r in (result.missing))))
# Clean up empty directories
if self.save_results:
diff --git a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py
index c2e76f1..efdfd98 100644
--- a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py
+++ b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py
@@ -71,7 +71,7 @@
self.assertTrue('target_result1' in results['runtime/mydistro/qemux86/image'], msg="Pair not correct:%s" % results)
self.assertTrue('target_result3' in results['runtime/mydistro/qemux86-64/image'], msg="Pair not correct:%s" % results)
- def test_regrresion_can_get_regression_result(self):
+ def test_regression_can_get_regression_result(self):
base_result_data = {'result': {'test1': {'status': 'PASSED'},
'test2': {'status': 'PASSED'},
'test3': {'status': 'FAILED'},
diff --git a/poky/meta/lib/oeqa/selftest/cases/runqemu.py b/poky/meta/lib/oeqa/selftest/cases/runqemu.py
index c1d277a..d3eeee3 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runqemu.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runqemu.py
@@ -4,13 +4,13 @@
# SPDX-License-Identifier: MIT
#
+import os
import re
-import tempfile
import time
import oe.types
from oeqa.core.decorator import OETestTag
from oeqa.selftest.case import OESelftestTestCase
-from oeqa.utils.commands import bitbake, runqemu, get_bb_var, runCmd
+from oeqa.utils.commands import bitbake, runqemu, get_bb_var
@OETestTag("runqemu")
class RunqemuTests(OESelftestTestCase):
@@ -57,14 +57,16 @@
cmd = "%s %s ext4" % (self.cmd_common, self.machine)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('rootfs.ext4', f.read(), "Failed: %s" % cmd)
+ regexp = r'\nROOTFS: .*\.ext4]\n'
+ self.assertRegex(f.read(), regexp, "Failed to find '%s' in '%s' after running '%s'" % (regexp, qemu.qemurunnerlog, cmd))
def test_boot_machine_iso(self):
"""Test runqemu machine iso"""
cmd = "%s %s iso" % (self.cmd_common, self.machine)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('media=cdrom', f.read(), "Failed: %s" % cmd)
+ text_in = 'media=cdrom'
+ self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd))
def test_boot_recipe_image(self):
"""Test runqemu recipe-image"""
@@ -79,14 +81,16 @@
cmd = "%s %s wic.vmdk" % (self.cmd_common, self.recipe)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('format=vmdk', f.read(), "Failed: %s" % cmd)
+ text_in = 'format=vmdk'
+ self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd))
def test_boot_recipe_image_vdi(self):
"""Test runqemu recipe-image vdi"""
cmd = "%s %s wic.vdi" % (self.cmd_common, self.recipe)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('format=vdi', f.read(), "Failed: %s" % cmd)
+ text_in = 'format=vdi'
+ self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd))
def test_boot_deploy(self):
"""Test runqemu deploy_dir_image"""
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index fe83b24..533b5d7 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -254,7 +254,8 @@
import subprocess, os
distro = oe.lsb.distro_identifier()
- if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or distro.startswith('almalinux')):
+ if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or
+ distro.startswith('almalinux') or distro.startswith('rocky')):
self.skipTest('virgl headless cannot be tested with %s' %(distro))
render_hint = """If /dev/dri/renderD* is absent due to lack of suitable GPU, 'modprobe vgem' will create one suitable for mesa llvmpipe software renderer."""
@@ -265,7 +266,7 @@
except FileNotFoundError:
self.fail("/dev/dri directory does not exist; no render nodes available on this machine. %s" %(render_hint))
try:
- dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True)
+ dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True)
except subprocess.CalledProcessError as e:
self.fail("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.")
qemu_distrofeatures = get_bb_var('DISTRO_FEATURES', 'qemu-system-native')
diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py
index 0a66615..dd13c20 100644
--- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py
+++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py
@@ -66,6 +66,20 @@
localdata.setVar('PN', 'hello')
self.assertEqual('hello', localdata.getVar('BPN'))
+ # The config_data API tp parse_recipe_file is used by:
+ # layerindex-web layerindex/update_layer.py
+ def test_parse_recipe_custom_data(self):
+ with bb.tinfoil.Tinfoil() as tinfoil:
+ tinfoil.prepare(config_only=False, quiet=2)
+ localdata = bb.data.createCopy(tinfoil.config_data)
+ localdata.setVar("TESTVAR", "testval")
+ testrecipe = 'mdadm'
+ best = tinfoil.find_best_provider(testrecipe)
+ if not best:
+ self.fail('Unable to find recipe providing %s' % testrecipe)
+ rd = tinfoil.parse_recipe_file(best[3], config_data=localdata)
+ self.assertEqual("testval", rd.getVar('TESTVAR'))
+
def test_list_recipes(self):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=False, quiet=2)
diff --git a/poky/meta/lib/oeqa/selftest/context.py b/poky/meta/lib/oeqa/selftest/context.py
index 78c7a46..0e3244a 100644
--- a/poky/meta/lib/oeqa/selftest/context.py
+++ b/poky/meta/lib/oeqa/selftest/context.py
@@ -86,17 +86,27 @@
oe.path.copytree(builddir + "/cache", newbuilddir + "/cache")
oe.path.copytree(selftestdir, newselftestdir)
+ subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
+
+ # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow
+ subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True)
+
+ # Relative paths in BBLAYERS only works when the new build dir share the same ascending node
+ if self.newbuilddir:
+ bblayers = subprocess.check_output("bitbake-getvar --value BBLAYERS | tail -1", cwd=builddir, shell=True, text=True)
+ if '..' in bblayers:
+ bblayers_abspath = [os.path.abspath(path) for path in bblayers.split()]
+ with open("%s/conf/bblayers.conf" % newbuilddir, "a") as f:
+ newbblayers = "# new bblayers to be used by selftest in the new build dir '%s'\n" % newbuilddir
+ newbblayers += 'BBLAYERS = "%s"\n' % ' '.join(bblayers_abspath)
+ f.write(newbblayers)
+
for e in os.environ:
if builddir + "/" in os.environ[e]:
os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
if os.environ[e].endswith(builddir):
os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
- subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
-
- # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow
- subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True)
-
os.chdir(newbuilddir)
def patch_test(t):
diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py
index 1fdff82..f5f2ce2 100644
--- a/poky/meta/lib/oeqa/targetcontrol.py
+++ b/poky/meta/lib/oeqa/targetcontrol.py
@@ -7,18 +7,14 @@
# This module is used by testimage.bbclass for setting up and controlling a target machine.
import os
-import shutil
import subprocess
import bb
-import traceback
-import sys
import logging
from oeqa.utils.sshcontrol import SSHControl
from oeqa.utils.qemurunner import QemuRunner
from oeqa.utils.qemutinyrunner import QemuTinyRunner
from oeqa.utils.dump import TargetDumper
from oeqa.utils.dump import MonitorDumper
-from oeqa.controllers.testtargetloader import TestTargetLoader
from abc import ABCMeta, abstractmethod
class BaseTarget(object, metaclass=ABCMeta):
@@ -145,7 +141,7 @@
boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")),
use_kvm = use_kvm,
dump_dir = dump_dir,
- dump_host_cmds = d.getVar("testimage_dump_host"),
+ dump_host_cmds = dump_host_cmds,
logger = logger,
tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"),
serial_ports = len(d.getVar("SERIAL_CONSOLES").split()))
@@ -205,7 +201,7 @@
self.server_ip = self.runner.server_ip
self.connection = SSHControl(ip=self.ip, logfile=self.sshlog)
else:
- raise RuntimError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn)
+ raise RuntimeError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn)
def run_serial(self, command, timeout=60):
return self.runner.run_serial(command, timeout=timeout)
diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py
index f733fcd..473aa38 100644
--- a/poky/meta/lib/oeqa/utils/commands.py
+++ b/poky/meta/lib/oeqa/utils/commands.py
@@ -8,11 +8,8 @@
# This module is mainly used by scripts/oe-selftest and modules under meta/oeqa/selftest
# It provides a class and methods for running commands on the host in a convienent way for tests.
-
-
import os
import sys
-import signal
import subprocess
import threading
import time
@@ -21,6 +18,7 @@
from oeqa.utils import ftools
import re
import contextlib
+import errno
# Export test doesn't require bb
try:
import bb
@@ -85,7 +83,7 @@
except OSError as ex:
# It's not an error when the command does not consume all
# of our data. subprocess.communicate() also ignores that.
- if ex.errno != EPIPE:
+ if ex.errno != errno.EPIPE:
raise
# We write in a separate thread because then we can read
diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py
index bcee03b..d420b49 100644
--- a/poky/meta/lib/oeqa/utils/dump.py
+++ b/poky/meta/lib/oeqa/utils/dump.py
@@ -93,37 +93,55 @@
self._write_dump(cmd.split()[0], result.output)
class TargetDumper(BaseDumper):
- """ Class to get dumps from target, it only works with QemuRunner """
+ """ Class to get dumps from target, it only works with QemuRunner.
+ Will give up permanently after 5 errors from running commands over
+ serial console. This helps to end testing when target is really dead, hanging
+ or unresponsive.
+ """
def __init__(self, cmds, parent_dir, runner):
super(TargetDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+ self.errors = 0
def dump_target(self, dump_dir=""):
+ if self.errors >= 5:
+ print("Too many errors when dumping data from target, assuming it is dead! Will not dump data anymore!")
+ return
if dump_dir:
self.dump_dir = dump_dir
for cmd in self.cmds:
# We can continue with the testing if serial commands fail
try:
(status, output) = self.runner.run_serial(cmd)
+ if status == 0:
+ self.errors = self.errors + 1
self._write_dump(cmd.split()[0], output)
except:
+ self.errors = self.errors + 1
print("Tried to dump info from target but "
"serial console failed")
print("Failed CMD: %s" % (cmd))
class MonitorDumper(BaseDumper):
- """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner """
+ """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner
+ Will stop completely if there are more than 5 errors when dumping monitor data.
+ This helps to end testing when target is really dead, hanging or unresponsive.
+ """
def __init__(self, cmds, parent_dir, runner):
super(MonitorDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+ self.errors = 0
def dump_monitor(self, dump_dir=""):
if self.runner is None:
return
if dump_dir:
self.dump_dir = dump_dir
+ if self.errors >= 5:
+ print("Too many errors when dumping data from qemu monitor, assuming it is dead! Will not dump data anymore!")
+ return
for cmd in self.cmds:
cmd_name = cmd.split()[0]
try:
@@ -137,4 +155,5 @@
output = self.runner.run_monitor(cmd_name)
self._write_dump(cmd_name, output)
except Exception as e:
+ self.errors = self.errors + 1
print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e))
diff --git a/poky/meta/lib/oeqa/utils/httpserver.py b/poky/meta/lib/oeqa/utils/httpserver.py
index 8ce1dd4..5860b0a 100644
--- a/poky/meta/lib/oeqa/utils/httpserver.py
+++ b/poky/meta/lib/oeqa/utils/httpserver.py
@@ -40,6 +40,12 @@
self.port = self.server.server_port
self.process = multiprocessing.Process(target=self.server.server_start, args=[self.root_dir, self.logger])
+ def handle_error(self, request, client_address):
+ import traceback
+ exception = traceback.format_exc()
+ self.logger.warn("Exception when handling %s: %s" % (request, exception))
+ self.server.handle_error = handle_error
+
# The signal handler from testimage.bbclass can cause deadlocks here
# if the HTTPServer is terminated before it can restore the standard
#signal behaviour
diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py
index 6a85f57..a455b3b 100644
--- a/poky/meta/lib/oeqa/utils/qemurunner.py
+++ b/poky/meta/lib/oeqa/utils/qemurunner.py
@@ -198,7 +198,7 @@
qmp_file = "." + next(tempfile._get_candidate_names())
qmp_param = ' -S -qmp unix:./%s,server,wait' % (qmp_file)
qmp_port = self.tmpdir + "/" + qmp_file
- # Create a second socket connection for debugging use,
+ # Create a second socket connection for debugging use,
# note this will NOT cause qemu to block waiting for the connection
qmp_file2 = "." + next(tempfile._get_candidate_names())
qmp_param += ' -qmp unix:./%s,server,nowait' % (qmp_file2)
@@ -346,6 +346,8 @@
return False
try:
+ # set timeout value for all QMP calls
+ self.qmp.settimeout(self.runqemutime)
self.qmp.connect()
connect_time = time.time()
self.logger.info("QMP connected to QEMU at %s and took %s seconds" %
@@ -463,6 +465,8 @@
socklist.remove(self.server_socket)
self.logger.debug("Connection from %s:%s" % addr)
else:
+ # try to avoid reading only a single character at a time
+ time.sleep(0.1)
data = data + sock.recv(1024)
if data:
bootlog += data
@@ -507,7 +511,7 @@
(status, output) = self.run_serial(self.boot_patterns['send_login_user'], raw=True, timeout=120)
if re.search(self.boot_patterns['search_login_succeeded'], output):
self.logged = True
- self.logger.debug("Logged as root in serial console")
+ self.logger.debug("Logged in as %s in serial console" % self.boot_patterns['send_login_user'].replace("\n", ""))
if netconf:
# configure guest networking
cmd = "ifconfig eth0 %s netmask %s up\n" % (self.ip, self.netmask)
@@ -518,7 +522,7 @@
self.logger.debug("Couldn't configure guest networking")
else:
self.logger.warning("Couldn't login into serial console"
- " as root using blank password")
+ " as %s using blank password" % self.boot_patterns['send_login_user'].replace("\n", ""))
self.logger.warning("The output:\n%s" % output)
except:
self.logger.warning("Serial console failed while trying to login")
@@ -538,10 +542,13 @@
except OSError as e:
if e.errno != errno.ESRCH:
raise
- endtime = time.time() + self.runqemutime
- while self.runqemu.poll() is None and time.time() < endtime:
- time.sleep(1)
- if self.runqemu.poll() is None:
+ try:
+ outs, errs = self.runqemu.communicate(timeout = self.runqemutime)
+ if outs:
+ self.logger.info("Output from runqemu:\n%s", outs.decode("utf-8"))
+ if errs:
+ self.logger.info("Stderr from runqemu:\n%s", errs.decode("utf-8"))
+ except TimeoutExpired:
self.logger.debug("Sending SIGKILL to runqemu")
os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL)
if not self.runqemu.stdout.closed:
@@ -618,6 +625,7 @@
def run_monitor(self, command, args=None, timeout=60):
if hasattr(self, 'qmp') and self.qmp:
+ self.qmp.settimeout(timeout)
if args is not None:
return self.qmp.cmd(command, args)
else:
@@ -645,6 +653,8 @@
except InterruptedError:
continue
if sread:
+ # try to avoid reading single character at a time
+ time.sleep(0.1)
answer = self.server_socket.recv(1024)
if answer:
data += answer.decode('utf-8')
diff --git a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
new file mode 100644
index 0000000..efa00a3
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
@@ -0,0 +1,115 @@
+From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001
+From: Zhang Boyang <zhangboyang.id@gmail.com>
+Date: Fri, 5 Aug 2022 00:51:20 +0800
+Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
+
+The length of memory allocation and file read may overflow. This patch
+fixes the problem by using safemath macros.
+
+There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
+if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
+It is safe replacement for such code. It has safemath-like prototype.
+
+This patch also introduces grub_cast(value, pointer), it casts value to
+typeof(*pointer) then store the value to *pointer. It returns true when
+overflow occurs or false if there is no overflow. The semantics of arguments
+and return value are designed to be consistent with other safemath macros.
+
+Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+
+---
+ grub-core/font/font.c | 17 +++++++++++++----
+ include/grub/bitmap.h | 18 ++++++++++++++++++
+ include/grub/safemath.h | 2 ++
+ 3 files changed, 33 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index d09bb38..876b5b6 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
+ grub_int16_t xoff;
+ grub_int16_t yoff;
+ grub_int16_t dwidth;
+- int len;
++ grub_ssize_t len;
++ grub_size_t sz;
+
+ if (index_entry->glyph)
+ /* Return cached glyph. */
+@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
+ return 0;
+ }
+
+- len = (width * height + 7) / 8;
+- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
+- if (!glyph)
++ /* Calculate real struct size of current glyph. */
++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
++ grub_add (sizeof (struct grub_font_glyph), len, &sz))
++ {
++ remove_font (font);
++ return 0;
++ }
++
++ /* Allocate and initialize the glyph struct. */
++ glyph = grub_malloc (sz);
++ if (glyph == NULL)
+ {
+ remove_font (font);
+ return 0;
+diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
+index 5728f8c..0d9603f 100644
+--- a/include/grub/bitmap.h
++++ b/include/grub/bitmap.h
+@@ -23,6 +23,7 @@
+ #include <grub/symbol.h>
+ #include <grub/types.h>
+ #include <grub/video.h>
++#include <grub/safemath.h>
+
+ struct grub_video_bitmap
+ {
+@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap)
+ return bitmap->mode_info.height;
+ }
+
++/*
++ * Calculate and store the size of data buffer of 1bit bitmap in result.
++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
++ * Return true when overflow occurs or false if there is no overflow.
++ * This function is intentionally implemented as a macro instead of
++ * an inline function. Although a bit awkward, it preserves data types for
++ * safemath macros and reduces macro side effects as much as possible.
++ *
++ * XXX: Will report false overflow if width * height > UINT64_MAX.
++ */
++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \
++({ \
++ grub_uint64_t _bitmap_pixels; \
++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \
++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \
++})
++
+ void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap,
+ struct grub_video_mode_info *mode_info);
+
+diff --git a/include/grub/safemath.h b/include/grub/safemath.h
+index c17b89b..bb0f826 100644
+--- a/include/grub/safemath.h
++++ b/include/grub/safemath.h
+@@ -30,6 +30,8 @@
+ #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
+ #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+
++#define grub_cast(a, res) grub_add ((a), 0, (res))
++
+ #else
+ #error gcc 5.1 or newer or clang 3.8 or newer is required
+ #endif
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch
new file mode 100644
index 0000000..727c509
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch
@@ -0,0 +1,85 @@
+From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001
+From: Zhang Boyang <zhangboyang.id@gmail.com>
+Date: Fri, 5 Aug 2022 01:58:27 +0800
+Subject: [PATCH] font: Fix several integer overflows in
+ grub_font_construct_glyph()
+
+This patch fixes several integer overflows in grub_font_construct_glyph().
+Glyphs of invalid size, zero or leading to an overflow, are rejected.
+The inconsistency between "glyph" and "max_glyph_size" when grub_malloc()
+returns NULL is fixed too.
+
+Fixes: CVE-2022-2601
+
+Reported-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e]
+CVE: CVE-2022-2601
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+
+---
+ grub-core/font/font.c | 29 +++++++++++++++++------------
+ 1 file changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 876b5b6..0ff5525 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font,
+ struct grub_video_signed_rect bounds;
+ static struct grub_font_glyph *glyph = 0;
+ static grub_size_t max_glyph_size = 0;
++ grub_size_t cur_glyph_size;
+
+ ensure_comb_space (glyph_id);
+
+@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font,
+ if (!glyph_id->ncomb && !glyph_id->attributes)
+ return main_glyph;
+
+- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT)
++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) ||
++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size))
++ return main_glyph;
++
++ if (max_glyph_size < cur_glyph_size)
+ {
+ grub_free (glyph);
+- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2;
+- if (max_glyph_size < 8)
+- max_glyph_size = 8;
+- glyph = grub_malloc (max_glyph_size);
++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size))
++ max_glyph_size = 0;
++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL;
+ }
+ if (!glyph)
+ {
++ max_glyph_size = 0;
+ grub_errno = GRUB_ERR_NONE;
+ return main_glyph;
+ }
+
+- grub_memset (glyph, 0, sizeof (*glyph)
+- + (bounds.width * bounds.height
+- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT);
++ grub_memset (glyph, 0, cur_glyph_size);
+
+ glyph->font = main_glyph->font;
+- glyph->width = bounds.width;
+- glyph->height = bounds.height;
+- glyph->offset_x = bounds.x;
+- glyph->offset_y = bounds.y;
++ if (bounds.width == 0 || bounds.height == 0 ||
++ grub_cast (bounds.width, &glyph->width) ||
++ grub_cast (bounds.height, &glyph->height) ||
++ grub_cast (bounds.x, &glyph->offset_x) ||
++ grub_cast (bounds.y, &glyph->offset_y))
++ return main_glyph;
+
+ if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR)
+ grub_font_blit_glyph_mirror (glyph, main_glyph,
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch
new file mode 100644
index 0000000..5741e53
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch
@@ -0,0 +1,86 @@
+From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Apr 2022 11:48:58 +0100
+Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex()
+
+This ports the EFI chainloader to use grub_loader_set_ex() in order to fix
+a use-after-free bug that occurs when grub_cmd_chainloader() is executed
+more than once before a boot attempt is performed.
+
+Fixes: CVE-2022-28736
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-28736
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/loader/efi/chainloader.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index d1602c89b..7557eb269 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+");
+
+ static grub_dl_t my_mod;
+
+-static grub_efi_handle_t image_handle;
+-
+ static grub_err_t
+-grub_chainloader_unload (void)
++grub_chainloader_unload (void *context)
+ {
++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
+ grub_efi_loaded_image_t *loaded_image;
+ grub_efi_boot_services_t *b;
+
+@@ -64,8 +63,9 @@ grub_chainloader_unload (void)
+ }
+
+ static grub_err_t
+-grub_chainloader_boot (void)
++grub_chainloader_boot (void *context)
+ {
++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
+ grub_efi_boot_services_t *b;
+ grub_efi_status_t status;
+ grub_efi_uintn_t exit_data_size;
+@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ grub_efi_physical_address_t address = 0;
+ grub_efi_uintn_t pages = 0;
+ grub_efi_char16_t *cmdline = NULL;
++ grub_efi_handle_t image_handle = NULL;
+
+ if (argc == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ efi_call_2 (b->free_pages, address, pages);
+ grub_free (file_path);
+
+- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0);
+ return 0;
+
+ fail:
+@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ efi_call_2 (b->free_pages, address, pages);
+
+ if (image_handle != NULL)
+- {
+- efi_call_1 (b->unload_image, image_handle);
+- image_handle = NULL;
+- }
++ efi_call_1 (b->unload_image, image_handle);
+
+ grub_dl_unref (my_mod);
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch
new file mode 100644
index 0000000..853efd0
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch
@@ -0,0 +1,95 @@
+From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001
+From: Zhang Boyang <zhangboyang.id@gmail.com>
+Date: Mon, 24 Oct 2022 08:05:35 +0800
+Subject: [PATCH] font: Fix an integer underflow in blit_comb()
+
+The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may
+evaluate to a very big invalid value even if both ctx.bounds.height and
+combining_glyphs[i]->height are small integers. For example, if
+ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this
+expression evaluates to 2147483647 (expected -1). This is because
+coordinates are allowed to be negative but ctx.bounds.height is an
+unsigned int. So, the subtraction operates on unsigned ints and
+underflows to a very big value. The division makes things even worse.
+The quotient is still an invalid value even if converted back to int.
+
+This patch fixes the problem by casting ctx.bounds.height to int. As
+a result the subtraction will operate on int and grub_uint16_t which
+will be promoted to an int. So, the underflow will no longer happen. Other
+uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int,
+to ensure coordinates are always calculated on signed integers.
+
+Fixes: CVE-2022-3775
+
+Reported-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af]
+CVE: CVE-2022-3775
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+
+---
+ grub-core/font/font.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 0ff5525..7b1cbde 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+ ctx.bounds.height = main_glyph->height;
+
+ above_rightx = main_glyph->offset_x + main_glyph->width;
+- above_righty = ctx.bounds.y + ctx.bounds.height;
++ above_righty = ctx.bounds.y + (int) ctx.bounds.height;
+
+ above_leftx = main_glyph->offset_x;
+- above_lefty = ctx.bounds.y + ctx.bounds.height;
++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height;
+
+- below_rightx = ctx.bounds.x + ctx.bounds.width;
++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width;
+ below_righty = ctx.bounds.y;
+
+ comb = grub_unicode_get_comb (glyph_id);
+@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+
+ if (!combining_glyphs[i])
+ continue;
+- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
+ /* CGJ is to avoid diacritics reordering. */
+ if (comb[i].code
+ == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER)
+@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+ case GRUB_UNICODE_COMB_OVERLAY:
+ do_blit (combining_glyphs[i],
+ targetx,
+- (ctx.bounds.height - combining_glyphs[i]->height) / 2
+- - (ctx.bounds.height + ctx.bounds.y), &ctx);
++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2
++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx);
+ if (min_devwidth < combining_glyphs[i]->width)
+ min_devwidth = combining_glyphs[i]->width;
+ break;
+@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+ /* Fallthrough. */
+ case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
+ do_blit (combining_glyphs[i], targetx,
+- -(ctx.bounds.height + ctx.bounds.y + space
++ -((int) ctx.bounds.height + ctx.bounds.y + space
+ + combining_glyphs[i]->height), &ctx);
+ if (min_devwidth < combining_glyphs[i]->width)
+ min_devwidth = combining_glyphs[i]->width;
+@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+
+ case GRUB_UNICODE_COMB_HEBREW_DAGESH:
+ do_blit (combining_glyphs[i], targetx,
+- -(ctx.bounds.height / 2 + ctx.bounds.y
++ -((int) ctx.bounds.height / 2 + ctx.bounds.y
+ + combining_glyphs[i]->height / 2), &ctx);
+ if (min_devwidth < combining_glyphs[i]->width)
+ min_devwidth = combining_glyphs[i]->width;
diff --git a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch
new file mode 100644
index 0000000..a2c0530
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch
@@ -0,0 +1,168 @@
+From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Apr 2022 10:58:28 +0100
+Subject: [PATCH] commands/boot: Add API to pass context to loader
+
+Loaders rely on global variables for saving context which is consumed
+in the boot hook and freed in the unload hook. In the case where a loader
+command is executed twice, calling grub_loader_set() a second time executes
+the unload hook, but in some cases this runs when the loader's global
+context has already been updated, resulting in the updated context being
+freed and potential use-after-free bugs when the boot hook is subsequently
+called.
+
+This adds a new API, grub_loader_set_ex(), which allows a loader to specify
+context that is passed to its boot and unload hooks. This is an alternative
+to requiring that loaders call grub_loader_unset() before mutating their
+global context.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++-----
+ include/grub/loader.h | 5 +++
+ 2 files changed, 63 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
+index bbca81e94..61514788e 100644
+--- a/grub-core/commands/boot.c
++++ b/grub-core/commands/boot.c
+@@ -27,10 +27,20 @@
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+-static grub_err_t (*grub_loader_boot_func) (void);
+-static grub_err_t (*grub_loader_unload_func) (void);
++static grub_err_t (*grub_loader_boot_func) (void *context);
++static grub_err_t (*grub_loader_unload_func) (void *context);
++static void *grub_loader_context;
+ static int grub_loader_flags;
+
++struct grub_simple_loader_hooks
++{
++ grub_err_t (*boot) (void);
++ grub_err_t (*unload) (void);
++};
++
++/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
++static struct grub_simple_loader_hooks simple_loader_hooks;
++
+ struct grub_preboot
+ {
+ grub_err_t (*preboot_func) (int);
+@@ -44,6 +54,29 @@ static int grub_loader_loaded;
+ static struct grub_preboot *preboots_head = 0,
+ *preboots_tail = 0;
+
++static grub_err_t
++grub_simple_boot_hook (void *context)
++{
++ struct grub_simple_loader_hooks *hooks;
++
++ hooks = (struct grub_simple_loader_hooks *) context;
++ return hooks->boot ();
++}
++
++static grub_err_t
++grub_simple_unload_hook (void *context)
++{
++ struct grub_simple_loader_hooks *hooks;
++ grub_err_t ret;
++
++ hooks = (struct grub_simple_loader_hooks *) context;
++
++ ret = hooks->unload ();
++ grub_memset (hooks, 0, sizeof (*hooks));
++
++ return ret;
++}
++
+ int
+ grub_loader_is_loaded (void)
+ {
+@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
+ }
+
+ void
+-grub_loader_set (grub_err_t (*boot) (void),
+- grub_err_t (*unload) (void),
+- int flags)
++grub_loader_set_ex (grub_err_t (*boot) (void *context),
++ grub_err_t (*unload) (void *context),
++ void *context,
++ int flags)
+ {
+ if (grub_loader_loaded && grub_loader_unload_func)
+- grub_loader_unload_func ();
++ grub_loader_unload_func (grub_loader_context);
+
+ grub_loader_boot_func = boot;
+ grub_loader_unload_func = unload;
++ grub_loader_context = context;
+ grub_loader_flags = flags;
+
+ grub_loader_loaded = 1;
+ }
+
++void
++grub_loader_set (grub_err_t (*boot) (void),
++ grub_err_t (*unload) (void),
++ int flags)
++{
++ grub_loader_set_ex (grub_simple_boot_hook,
++ grub_simple_unload_hook,
++ &simple_loader_hooks,
++ flags);
++
++ simple_loader_hooks.boot = boot;
++ simple_loader_hooks.unload = unload;
++}
++
+ void
+ grub_loader_unset(void)
+ {
+ if (grub_loader_loaded && grub_loader_unload_func)
+- grub_loader_unload_func ();
++ grub_loader_unload_func (grub_loader_context);
+
+ grub_loader_boot_func = 0;
+ grub_loader_unload_func = 0;
++ grub_loader_context = 0;
+
+ grub_loader_loaded = 0;
+ }
+@@ -158,7 +208,7 @@ grub_loader_boot (void)
+ return err;
+ }
+ }
+- err = (grub_loader_boot_func) ();
++ err = (grub_loader_boot_func) (grub_loader_context);
+
+ for (cur = preboots_tail; cur; cur = cur->prev)
+ if (! err)
+diff --git a/include/grub/loader.h b/include/grub/loader.h
+index b20864282..97f231054 100644
+--- a/include/grub/loader.h
++++ b/include/grub/loader.h
+@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
+ grub_err_t (*unload) (void),
+ int flags);
+
++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context),
++ grub_err_t (*unload) (void *context),
++ void *context,
++ int flags);
++
+ /* Unset current loader, if any. */
+ void EXPORT_FUNC (grub_loader_unset) (void);
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch
new file mode 100644
index 0000000..a43025d
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch
@@ -0,0 +1,129 @@
+From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Apr 2022 10:02:04 +0100
+Subject: [PATCH] loader/efi/chainloader: Simplify the loader state
+
+The chainloader command retains the source buffer and device path passed
+to LoadImage(), requiring the unload hook passed to grub_loader_set() to
+free them. It isn't required to retain this state though - they aren't
+required by StartImage() or anything else in the boot hook, so clean them
+up before grub_cmd_chainloader() finishes.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++-------------
+ 1 file changed, 21 insertions(+), 17 deletions(-)
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index 2bd80f4db..d1602c89b 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+");
+
+ static grub_dl_t my_mod;
+
+-static grub_efi_physical_address_t address;
+-static grub_efi_uintn_t pages;
+-static grub_efi_device_path_t *file_path;
+ static grub_efi_handle_t image_handle;
+-static grub_efi_char16_t *cmdline;
+
+ static grub_err_t
+ grub_chainloader_unload (void)
+ {
++ grub_efi_loaded_image_t *loaded_image;
+ grub_efi_boot_services_t *b;
+
++ loaded_image = grub_efi_get_loaded_image (image_handle);
++ if (loaded_image != NULL)
++ grub_free (loaded_image->load_options);
++
+ b = grub_efi_system_table->boot_services;
+ efi_call_1 (b->unload_image, image_handle);
+- efi_call_2 (b->free_pages, address, pages);
+-
+- grub_free (file_path);
+- grub_free (cmdline);
+- cmdline = 0;
+- file_path = 0;
+
+ grub_dl_unref (my_mod);
+ return GRUB_ERR_NONE;
+@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
+ char *dir_start;
+ char *dir_end;
+ grub_size_t size;
+- grub_efi_device_path_t *d;
++ grub_efi_device_path_t *d, *file_path;
+
+ dir_start = grub_strchr (filename, ')');
+ if (! dir_start)
+@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ grub_efi_status_t status;
+ grub_efi_boot_services_t *b;
+ grub_device_t dev = 0;
+- grub_efi_device_path_t *dp = 0;
++ grub_efi_device_path_t *dp = NULL, *file_path = NULL;
+ grub_efi_loaded_image_t *loaded_image;
+ char *filename;
+ void *boot_image = 0;
+ grub_efi_handle_t dev_handle = 0;
++ grub_efi_physical_address_t address = 0;
++ grub_efi_uintn_t pages = 0;
++ grub_efi_char16_t *cmdline = NULL;
+
+ if (argc == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+
+ grub_dl_ref (my_mod);
+
+- /* Initialize some global variables. */
+- address = 0;
+- image_handle = 0;
+- file_path = 0;
+-
+ b = grub_efi_system_table->boot_services;
+
+ file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
+@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ grub_file_close (file);
+ grub_device_close (dev);
+
++ /* We're finished with the source image buffer and file path now. */
++ efi_call_2 (b->free_pages, address, pages);
++ grub_free (file_path);
++
+ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+ return 0;
+
+@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ if (file)
+ grub_file_close (file);
+
++ grub_free (cmdline);
+ grub_free (file_path);
+
+ if (address)
+ efi_call_2 (b->free_pages, address, pages);
+
++ if (image_handle != NULL)
++ {
++ efi_call_1 (b->unload_image, image_handle);
++ image_handle = NULL;
++ }
++
+ grub_dl_unref (my_mod);
+
+ return grub_errno;
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index 2545b99..bf7aba6 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -34,6 +34,12 @@
file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \
file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \
file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \
+ file://loader-efi-chainloader-Simplify-the-loader-state.patch \
+ file://commands-boot-Add-API-to-pass-context-to-loader.patch \
+ file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\
+ file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \
+ file://CVE-2022-2601.patch \
+ file://CVE-2022-3775.patch \
"
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
@@ -50,8 +56,8 @@
# Grub doesn't support hard float toolchain and won't be able to forcefully
# disable it on some of the target CPUs. See 'configure.ac' for
# supported/unsupported CPUs in hardfp.
-COMPATIBLE_HOST:armv7a = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}"
-COMPATIBLE_HOST:armv7ve = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}"
+COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}"
+COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}"
# configure.ac has code to set this automagically from the target tuple
# but the OE freeform one (core2-foo-bar-linux) don't work with that.
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc
index 5705e58..4a8d93f 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc
@@ -32,7 +32,7 @@
}
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-
+UBOOT_ARCH_DIR = "${@'arm' if d.getVar('UBOOT_ARCH').startswith('arm') else d.getVar('UBOOT_ARCH')}"
do_compile () {
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then
sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk
@@ -336,7 +336,7 @@
if [ -n "${UBOOT_DTB}" ]
then
- install -m 644 ${B}/arch/${UBOOT_ARCH}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
+ install -m 644 ${B}/arch/${UBOOT_ARCH_DIR}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
fi
}
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb
similarity index 95%
rename from poky/meta/recipes-connectivity/bind/bind_9.18.7.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.18.11.bb
index 4ab1148..55a06ea 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb
@@ -4,7 +4,7 @@
SECTION = "console/network"
LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d8cf7bd9c4fd5471a588e7e66e672408"
DEPENDS = "openssl libcap zlib libuv"
@@ -20,7 +20,7 @@
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981"
+SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index f07e318..a8eaba1 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -68,6 +68,8 @@
--without-zsh-completion-dir \
"
+CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\""
+
# bluez5 builds a large number of useful utilities but does not
# install them. Specify which ones we want put into ${PN}-noinst-tools.
NOINST_TOOLS_READLINE ??= ""
diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
index ab6ffe9..579fa95 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
+++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -13,8 +13,13 @@
SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
+ file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
+ file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \
+ file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \
+ file://0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch \
file://dhcpcd.service \
file://dhcpcd@.service \
+ file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
"
SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c"
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
new file mode 100644
index 0000000..6f90c88
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
@@ -0,0 +1,82 @@
+From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 9 Nov 2022 16:33:18 +0800
+Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd
+
+systemd's resolvconf implementation ignores the protocol part.
+See https://github.com/systemd/systemd/issues/25032.
+
+When using 'dhcp server + dns server + dhcpcd + systemd', we
+get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra',
+yet systemd's resolvconf treats it as eth0. This will delete the
+DNS information set by 'resolvconf -a eth0.dhcp'.
+
+Fortunately, 20-resolv.conf has the ability to build the resolv.conf
+file contents itself. We can just pass the generated contents to
+systemd's resolvconf. This way, the DNS information is not incorrectly
+deleted. Also, it does not cause behavior regression for dhcpcd
+in other cases.
+
+Upstream-Status: Inappropriate [OE Specific]
+This patch has been rejected by dhcpcd upstream.
+See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ hooks/20-resolv.conf | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf
+index 504a6c53..eb6e5845 100644
+--- a/hooks/20-resolv.conf
++++ b/hooks/20-resolv.conf
+@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming"
+ NL="
+ "
+ : ${resolvconf:=resolvconf}
++resolvconf_from_systemd=false
+ if type "$resolvconf" >/dev/null 2>&1; then
+ have_resolvconf=true
++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then
++ resolvconf_from_systemd=true
++ fi
+ else
+ have_resolvconf=false
+ fi
+@@ -69,8 +73,13 @@ build_resolv_conf()
+ else
+ echo "# /etc/resolv.conf.tail can replace this line" >> "$cf"
+ fi
+- if change_file /etc/resolv.conf "$cf"; then
+- chmod 644 /etc/resolv.conf
++ if $resolvconf_from_systemd; then
++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
++ "$resolvconf" -a "$ifname" <"$cf"
++ else
++ if change_file /etc/resolv.conf "$cf"; then
++ chmod 644 /etc/resolv.conf
++ fi
+ fi
+ rm -f "$cf"
+ }
+@@ -170,7 +179,7 @@ add_resolv_conf()
+ for x in ${new_domain_name_servers}; do
+ conf="${conf}nameserver $x$NL"
+ done
+- if $have_resolvconf; then
++ if $have_resolvconf && ! $resolvconf_from_systemd; then
+ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
+ printf %s "$conf" | "$resolvconf" -a "$ifname"
+ return $?
+@@ -186,7 +195,7 @@ add_resolv_conf()
+
+ remove_resolv_conf()
+ {
+- if $have_resolvconf; then
++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then
+ "$resolvconf" -d "$ifname" -f
+ else
+ if [ -e "$resolv_conf_dir/$ifname" ]; then
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
new file mode 100644
index 0000000..12998aa
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
@@ -0,0 +1,46 @@
+From 4915a7e52fcea8fe283a842890a1e726b1e26b10 Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@fujitsu.com>
+Date: Fri, 10 Mar 2023 03:48:46 +0000
+Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib.
+
+Error: Transaction test error:
+ file /usr/share/man/man8/dhcpcd.8 conflicts between attempted
+ installs of dhcpcd-doc-9.4.1-r0.cortexa57 and
+ lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon
+
+The differences between the two files are as follows:
+@@ -821,7 +821,7 @@
+ If you always use the same options, put them here.
+ .It Pa /usr/libexec/dhcpcd-run-hooks
+ Bourne shell script that is run to configure or de-configure an interface.
+-.It Pa /usr/lib64/dhcpcd/dev
++.It Pa /usr/lib/dhcpcd/dev
+ Linux
+ .Pa /dev
+ management modules.
+
+It is just a man file, there is no necessary to manage multiple
+versions.
+
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
+---
+ src/dhcpcd.8.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in
+index bc6b3b5..791f2ba 100644
+--- a/src/dhcpcd.8.in
++++ b/src/dhcpcd.8.in
+@@ -821,7 +821,7 @@ Configuration file for dhcpcd.
+ If you always use the same options, put them here.
+ .It Pa @SCRIPT@
+ Bourne shell script that is run to configure or de-configure an interface.
+-.It Pa @LIBDIR@/dhcpcd/dev
++.It Pa /usr/<libdir>/dhcpcd/dev
+ Linux
+ .Pa /dev
+ management modules.
+--
+2.34.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
new file mode 100644
index 0000000..68ab934
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
@@ -0,0 +1,30 @@
+From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Fri, 26 Aug 2022 09:08:36 +0100
+Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc
+
+Fixes #120
+
+Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index b238644b..479a1d82 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_getpid
+ SECCOMP_ALLOW(__NR_getpid),
+ #endif
++#ifdef __NR_getrandom
++ SECCOMP_ALLOW(__NR_getrandom),
++#endif
+ #ifdef __NR_getsockopt
+ /* For route socket overflow */
+ SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET),
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
new file mode 100644
index 0000000..1c514f9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
@@ -0,0 +1,34 @@
+From 7a2d9767585ed2c407d4985bd2d81552034fb90a Mon Sep 17 00:00:00 2001
+From: CHEN Xiangyu <xiangyu.chen@aol.com>
+Date: Thu, 9 Feb 2023 18:41:52 +0800
+Subject: [PATCH] privsep-linux: fix SECCOMP_AUDIT_ARCH missing ppc64le (#181)
+
+when dhcpcd running on ppc64le platform, it would be killed by SIGSYS.
+
+Upstream-Status: Backport [7a2d9767585ed2c407d4985bd2d81552034fb90a]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ src/privsep-linux.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 7372d26b..6a301950 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -232,7 +232,11 @@ ps_root_sendnetlink(struct dhcpcd_ctx *ctx, int protocol, struct msghdr *msg)
+ #elif defined(__or1k__)
+ # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_OPENRISC
+ #elif defined(__powerpc64__)
+-# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++# if (BYTE_ORDER == LITTLE_ENDIAN)
++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE
++# else
++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++# endif
+ #elif defined(__powerpc__)
+ # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC
+ #elif defined(__riscv)
+--
+2.34.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
new file mode 100644
index 0000000..c5d2cba
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
@@ -0,0 +1,31 @@
+From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Fri, 26 Aug 2022 09:24:50 +0100
+Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well
+
+Allows newer glibc variants to work apparently.
+As reported in #84 and #89.
+
+Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 479a1d82..6327b1bc 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_nanosleep
+ SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */
+ #endif
++#ifdef __NR_newfstatat
++ SECCOMP_ALLOW(__NR_newfstatat),
++#endif
+ #ifdef __NR_ppoll
+ SECCOMP_ALLOW(__NR_ppoll),
+ #endif
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
deleted file mode 100644
index 3b07515..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001
-From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
-Date: Sat, 3 Sep 2022 16:58:16 +0200
-Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt
-
-Fix telnetd crash if the first two bytes of a new connection
-are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
-
-The problem was reported in:
-<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>.
-
-* NEWS: Mention fix.
-* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and
-zero slctab[SLC_EL].sptr.
-
-CVE: CVE-2022-39028
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- telnetd/state.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/telnetd/state.c b/telnetd/state.c
-index ffc6cba..c2d760f 100644
---- a/telnetd/state.c
-+++ b/telnetd/state.c
-@@ -312,15 +312,21 @@ telrcv (void)
- case EC:
- case EL:
- {
-- cc_t ch;
-+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
-
- DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
- ptyflush (); /* half-hearted */
- init_termbuf ();
- if (c == EC)
-- ch = *slctab[SLC_EC].sptr;
-+ {
-+ if (slctab[SLC_EC].sptr)
-+ ch = *slctab[SLC_EC].sptr;
-+ }
- else
-- ch = *slctab[SLC_EL].sptr;
-+ {
-+ if (slctab[SLC_EL].sptr)
-+ ch = *slctab[SLC_EL].sptr;
-+ }
- if (ch != (cc_t) (_POSIX_VDISABLE))
- pty_output_byte ((unsigned char) ch);
- break;
---
-2.37.3
-
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
similarity index 98%
rename from poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb
rename to poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index 2fce843..6519331 100644
--- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -10,7 +10,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
-SRC_URI[sha256sum] = "0b01bb08e29623c4e3b940f233c961451d9af8c5066301add76a52a95d51772c"
+SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2"
SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
file://inetutils-1.8-0003-wchar.patch \
@@ -21,7 +21,6 @@
file://tftpd.xinetd.inetutils \
file://inetutils-1.9-PATH_PROCNET_DEV.patch \
file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
- file://CVE-2022-39028.patch \
"
inherit autotools gettext update-alternatives texinfo
diff --git a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
index 78f475a..451b409 100644
--- a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
+++ b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
@@ -12,7 +12,7 @@
Because they are all commented out, replace the expanded libdir path with
'$libdir' in the config files to avoid conflict.
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb
index 4c1b8ee..27e7927 100644
--- a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb
+++ b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d"
SRCREV = "0c1fa696aa502eb749c2c4735005f41ba00a27b8"
-SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https"
+SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 2cc92b7..e802bce 100644
--- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -5,8 +5,8 @@
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5"
-PV = "20220725"
+SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f"
+PV = "20221107"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb
index b63ea2b..689952e 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb
@@ -52,15 +52,12 @@
inherit autotools-brokensep ptest
-PACKAGECONFIG ??= "rng-tools"
+PACKAGECONFIG ??= ""
PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
-# Add RRECOMMENDS to rng-tools for sshd package
-PACKAGECONFIG[rng-tools] = ""
-
EXTRA_AUTORECONF += "--exclude=aclocal"
# login path is hardcoded in sshd
@@ -160,10 +157,6 @@
RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RRECOMMENDS:${PN}-sshd:append:class-target = "\
- ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
-"
-
# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
new file mode 100644
index 0000000..3b94c48
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
@@ -0,0 +1,225 @@
+From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 8 Mar 2023 15:28:20 +1100
+Subject: [PATCH] x509: excessive resource use verifying policy constraints
+
+A security vulnerability has been identified in all supported versions
+of OpenSSL related to the verification of X.509 certificate chains
+that include policy constraints. Attackers may be able to exploit this
+vulnerability by creating a malicious certificate chain that triggers
+exponential use of computational resources, leading to a denial-of-service
+(DoS) attack on affected systems.
+
+Fixes CVE-2023-0464
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/20568)
+
+Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1]
+CVE: CVE-2023-0464
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ crypto/x509/pcy_local.h | 8 +++++++-
+ crypto/x509/pcy_node.c | 12 +++++++++---
+ crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++----------
+ 3 files changed, 42 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
+index 18b53cc..cba107c 100644
+--- a/crypto/x509/pcy_local.h
++++ b/crypto/x509/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+
+ struct X509_POLICY_TREE_st {
++ /* The number of nodes in the tree */
++ size_t node_count;
++ /* The maximum number of nodes in the tree */
++ size_t node_maximum;
++
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree);
++ X509_POLICY_TREE *tree,
++ int extra_data);
+ void ossl_policy_node_free(X509_POLICY_NODE *node);
+ int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
+ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
+index 9d9a7ea..450f95a 100644
+--- a/crypto/x509/pcy_node.c
++++ b/crypto/x509/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree)
++ X509_POLICY_TREE *tree,
++ int extra_data)
+ {
+ X509_POLICY_NODE *node;
+
++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
++ return NULL;
++
+ node = OPENSSL_zalloc(sizeof(*node));
+ if (node == NULL) {
+ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ node->data = data;
+ node->parent = parent;
+- if (level) {
++ if (level != NULL) {
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (level->anyPolicy)
+ goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
+- if (tree) {
++ if (extra_data) {
+ if (tree->extra_data == NULL)
+ tree->extra_data = sk_X509_POLICY_DATA_new_null();
+ if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
++ tree->node_count++;
+ if (parent)
+ parent->nchild++;
+
+diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
+index fa45da5..f953a05 100644
+--- a/crypto/x509/pcy_tree.c
++++ b/crypto/x509/pcy_tree.c
+@@ -14,6 +14,17 @@
+
+ #include "pcy_local.h"
+
++/*
++ * If the maximum number of nodes in the policy tree isn't defined, set it to
++ * a generous default of 1000 nodes.
++ *
++ * Defining this to be zero means unlimited policy tree growth which opens the
++ * door on CVE-2023-0464.
++ */
++#ifndef OPENSSL_POLICY_TREE_NODES_MAX
++# define OPENSSL_POLICY_TREE_NODES_MAX 1000
++#endif
++
+ static void expected_print(BIO *channel,
+ X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
+ int indent)
+@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ return X509_PCY_TREE_INTERNAL;
+ }
+
++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
++
+ /*
+ * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+ *
+@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ if ((data = ossl_policy_data_new(NULL,
+ OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+ goto bad_tree;
+- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ goto bad_tree;
+ }
+@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ * Return value: 1 on success, 0 otherwise
+ */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+- X509_POLICY_DATA *data)
++ X509_POLICY_DATA *data,
++ X509_POLICY_TREE *tree)
+ {
+ X509_POLICY_LEVEL *last = curr - 1;
+ int i, matched = 0;
+@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+ if (ossl_policy_node_match(last, node, data->valid_policy)) {
+- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
+ return 0;
+ matched = 1;
+ }
+ }
+ if (!matched && last->anyPolicy) {
+- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ }
+ return 1;
+@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ * Return value: 1 on success, 0 otherwise.
+ */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+- const X509_POLICY_CACHE *cache)
++ const X509_POLICY_CACHE *cache,
++ X509_POLICY_TREE *tree)
+ {
+ int i;
+
+@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+ /* Look for matching nodes in previous level */
+- if (!tree_link_matching_nodes(curr, data))
++ if (!tree_link_matching_nodes(curr, data, tree))
+ return 0;
+ }
+ return 1;
+@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ return 0;
+ }
+@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+ /* Finally add link to anyPolicy */
+ if (last->anyPolicy &&
+ ossl_policy_level_add_node(curr, cache->anyPolicy,
+- last->anyPolicy, NULL) == NULL)
++ last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ return 1;
+ }
+@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+ | POLICY_DATA_FLAG_EXTRA_NODE;
+ node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
+- tree);
++ tree, 1);
+ }
+ if (!tree->user_policies) {
+ tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+
+ for (i = 1; i < tree->nlevel; i++, curr++) {
+ cache = ossl_policy_cache_set(curr->cert);
+- if (!tree_link_nodes(curr, cache))
++ if (!tree_link_nodes(curr, cache, tree))
+ return X509_PCY_TREE_INTERNAL;
+
+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+--
+2.35.7
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
new file mode 100644
index 0000000..57fd494
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
@@ -0,0 +1,56 @@
+From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 7 Mar 2023 16:52:55 +0000
+Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
+ certs
+
+Even though we check the leaf cert to confirm it is valid, we
+later ignored the invalid flag and did not notice that the leaf
+cert was bad.
+
+Fixes: CVE-2023-0465
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20587)
+
+Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb]
+CVE: CVE-2023-0465
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ crypto/x509/x509_vfy.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 9384f1d..a0282c3 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
+ goto memerr;
+ /* Invalid or inconsistent extensions */
+ if (ret == X509_PCY_TREE_INVALID) {
+- int i;
++ int i, cbcalled = 0;
+
+ /* Locate certificates with bad extensions and notify callback. */
+- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+ X509 *x = sk_X509_value(ctx->chain, i);
+
++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
++ cbcalled = 1;
+ CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
+ ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
+ }
++ if (!cbcalled) {
++ /* Should not be able to get here */
++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ /* The callback ignored the error so we return success */
+ return 1;
+ }
+ if (ret == X509_PCY_TREE_FAILURE) {
+--
+2.35.7
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
new file mode 100644
index 0000000..a16bfe4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
@@ -0,0 +1,50 @@
+From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 21 Mar 2023 16:15:47 +0100
+Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+The function was incorrectly documented as enabling policy checking.
+
+Fixes: CVE-2023-0466
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20563)
+
+Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908]
+CVE: CVE-2023-0466
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index 75a1677..43c1900 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -98,8 +98,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+ The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
+ and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
+
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
+--
+2.35.7
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 45fd1de..82f3e18 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -12,13 +12,16 @@
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2023-0464.patch \
+ file://CVE-2023-0465.patch \
+ file://CVE-2023-0466.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
new file mode 100644
index 0000000..4325b1d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
@@ -0,0 +1,48 @@
+From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Thu, 4 Aug 2022 12:23:08 +1000
+Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
+
+This fixes a potential vulnerability where data is written to spkt.buf
+and rpkt.buf without a check on the array index. To fix this, we
+check the array index (pkt->cnt) before storing the byte or
+incrementing the count. This also means we no longer have a potential
+signed integer overflow on the increment of pkt->cnt.
+
+Fortunately, pppdump is not used in the normal process of setting up a
+PPP connection, is not installed setuid-root, and is not invoked
+automatically in any scenario that I am aware of.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ pppdump/pppdump.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
+index 2b815fc9..b85a8627 100644
+--- a/pppdump/pppdump.c
++++ b/pppdump/pppdump.c
+@@ -297,6 +297,10 @@ dumpppp(f)
+ printf("%s aborted packet:\n ", dir);
+ q = " ";
+ }
++ if (pkt->cnt >= sizeof(pkt->buf)) {
++ printf("%s over-long packet truncated:\n ", dir);
++ q = " ";
++ }
+ nb = pkt->cnt;
+ p = pkt->buf;
+ pkt->cnt = 0;
+@@ -400,7 +404,8 @@ dumpppp(f)
+ c ^= 0x20;
+ pkt->esc = 0;
+ }
+- pkt->buf[pkt->cnt++] = c;
++ if (pkt->cnt < sizeof(pkt->buf))
++ pkt->buf[pkt->cnt++] = c;
+ break;
+ }
+ }
diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
index 700ece6..7e3ae43 100644
--- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
+++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
@@ -25,6 +25,7 @@
file://provider \
file://ppp@.service \
file://0001-ppp-fix-build-against-5.15-headers.patch \
+ file://CVE-2022-4603.patch \
"
SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d"
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
new file mode 100644
index 0000000..ab32f26
--- /dev/null
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
@@ -0,0 +1,37 @@
+From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Thu, 17 Nov 2022 17:26:30 +0800
+Subject: [PATCH] avoid using -m option for readlink
+
+Use a more widely used option '-f' instead of '-m' here to
+avoid dependency on coreutils.
+
+Looking at the git history of the resolvconf repo, the '-m'
+is deliberately used. And it wants to depend on coreutils.
+But in case of OE, the existence of /etc is ensured, and busybox
+readlink provides '-f' option, so we can just use '-f'. In this
+way, the coreutils dependency is not necessary any more.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ etc/resolvconf/update.d/libc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc
+index 1c4f6bc..f75d22c 100755
+--- a/etc/resolvconf/update.d/libc
++++ b/etc/resolvconf/update.d/libc
+@@ -57,7 +57,7 @@ fi
+ report_warning() { echo "$0: Warning: $*" >&2 ; }
+
+ resolv_conf_is_symlinked_to_dynamic_file() {
+- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
+ }
+
+ if ! resolv_conf_is_symlinked_to_dynamic_file ; then
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
index 94fd2c1..3f1b75d 100644
--- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
@@ -9,10 +9,11 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
AUTHOR = "Thomas Hood"
HOMEPAGE = "http://packages.debian.org/resolvconf"
-RDEPENDS:${PN} = "bash"
+RDEPENDS:${PN} = "bash sed util-linux-flock"
SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
file://99_resolvconf \
+ file://0001-avoid-using-m-option-for-readlink.patch \
"
SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1"
@@ -23,8 +24,6 @@
# so we check the latest upstream from a directory that does get updated
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/"
-inherit allarch
-
do_compile () {
:
}
@@ -39,12 +38,14 @@
fi
install -d ${D}${base_libdir}/${BPN}
install -d ${D}${sysconfdir}/${BPN}
+ install -d ${D}${nonarch_base_libdir}/${BPN}
ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
install -d ${D}${sysconfdir} ${D}${base_sbindir}
install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
cp -pPR etc/resolvconf ${D}${sysconfdir}/
chown -R root:root ${D}${sysconfdir}/
install -m 0755 bin/resolvconf ${D}${base_sbindir}/
+ install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN}
install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
install -d ${D}/${sysconfdir}/network/if-up.d
install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf
@@ -64,4 +65,4 @@
fi
}
-FILES:${PN} += "${base_libdir}/${BPN}"
+FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}"
diff --git a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch b/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
deleted file mode 100644
index fbfb081..0000000
--- a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d67d6b4f981db9612d808bd723176a1d2996d53a Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 17 Jan 2022 13:21:32 +0100
-Subject: [PATCH] configure.ac: check getprotobynumber_r with AC_TRY_LINK
-
-AC_TRY_COMPILE won't error out if the function is altogether absent
-(e.g. on linux musl C library), the test needs to link all the way.
-
-Upstream-Status: Submitted [via email to socat@dest-unreach.org]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index d4acc9e..973a7f2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -137,13 +137,13 @@ AC_MSG_RESULT($sc_cv_have_prototype_hstrerror)
- # getprotobynumber_r() is not standardized
- AC_MSG_CHECKING(for getprotobynumber_r() variant)
- AC_CACHE_VAL(sc_cv_getprotobynumber_r,
--[AC_TRY_COMPILE([#include <stddef.h>
-+[AC_TRY_LINK([#include <stddef.h>
- #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024,NULL);],
- [sc_cv_getprotobynumber_r=1; tmp_bynum_variant=Linux],
-- [AC_TRY_COMPILE([#include <stddef.h>
-+ [AC_TRY_LINK([#include <stddef.h>
- #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024);],
- [sc_cv_getprotobynumber_r=2; tmp_bynum_variant=Solaris],
-- [AC_TRY_COMPILE([#include <stddef.h>
-+ [AC_TRY_LINK([#include <stddef.h>
- #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL);],
- [sc_cv_getprotobynumber_r=3; tmp_bynum_variant=AIX],
-
diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
similarity index 89%
rename from poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb
rename to poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
index a4a0a89..5a37938 100644
--- a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb
+++ b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
@@ -9,11 +9,9 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
- file://0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch \
- "
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2"
-SRC_URI[sha256sum] = "d47318104415077635119dfee44bcfb41de3497374a9a001b1aff6e2f0858007"
+SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac"
inherit autotools
diff --git a/poky/meta/recipes-core/base-files/base-files/hosts b/poky/meta/recipes-core/base-files/base-files/hosts
index b94f414..10a5b6c 100644
--- a/poky/meta/recipes-core/base-files/base-files/hosts
+++ b/poky/meta/recipes-core/base-files/base-files/hosts
@@ -1,4 +1,4 @@
-127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc
index 5f1c473..f5d7c3f 100644
--- a/poky/meta/recipes-core/busybox/busybox.inc
+++ b/poky/meta/recipes-core/busybox/busybox.inc
@@ -34,6 +34,7 @@
INITSCRIPT_NAME:${PN}-httpd = "busybox-httpd"
INITSCRIPT_NAME:${PN}-hwclock = "hwclock.sh"
+INITSCRIPT_PARAMS:${PN}-hwclock = "start 40 S . stop 20 0 1 6 ."
INITSCRIPT_NAME:${PN}-mdev = "mdev"
INITSCRIPT_PARAMS:${PN}-mdev = "start 04 S ."
INITSCRIPT_NAME:${PN}-syslog = "syslog"
@@ -138,19 +139,26 @@
do_prepare_config
merge_config.sh -m .config ${@" ".join(find_cfgs(d))}
cml1_do_configure
+
+ # Save a copy of .config and autoconf.h.
+ cp .config .config.orig
+ cp include/autoconf.h include/autoconf.h.orig
}
do_compile() {
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
export KCONFIG_NOTIMESTAMP=1
+ # Ensure we start do_compile with the original .config and autoconf.h.
+ # These files should always have matching timestamps.
+ cp .config.orig .config
+ cp include/autoconf.h.orig include/autoconf.h
+
if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
+ # Guard againt interrupted do_compile: clean temporary files.
+ rm -f .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
+
# split the .config into two parts, and make two busybox binaries
- if [ -e .config.orig ]; then
- # Need to guard again an interrupted do_compile - restore any backup
- cp .config.orig .config
- fi
- cp .config .config.orig
oe_runmake busybox.cfg.suid
oe_runmake busybox.cfg.nosuid
@@ -187,15 +195,18 @@
bbfatal "busybox suid binary incorrectly provides /bin/sh"
fi
- # copy .config.orig back to .config, because the install process may check this file
- cp .config.orig .config
# cleanup
- rm .config.orig .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
+ rm .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
else
oe_runmake busybox_unstripped
cp busybox_unstripped busybox
oe_runmake busybox.links
fi
+
+ # restore original .config and autoconf.h, because the install process
+ # may check these files
+ cp .config.orig .config
+ cp include/autoconf.h.orig include/autoconf.h
}
do_install () {
diff --git a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch
index 354f83a..d76118f 100644
--- a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch
+++ b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch
@@ -21,7 +21,7 @@
/* Arbitrary. Was sb->st_size, but that breaks .gz etc */
size_t len = (64*1024*1024 - 4096);
-+ if (strstr(fname, ".debug") == NULL)
++ if (strstr(fname, ".debug") != NULL)
+ return TRUE;
+
if (strrstr(fname, ".ko") == NULL)
diff --git a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb
similarity index 95%
rename from poky/meta/recipes-core/dbus/dbus_1.14.0.bb
rename to poky/meta/recipes-core/dbus/dbus_1.14.6.bb
index 0046b9f..a6e18a9 100644
--- a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb
+++ b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb
@@ -6,16 +6,17 @@
inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome
LICENSE = "AFL-2.1 | GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
- file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8"
+LIC_FILES_CHKSUM = "file://COPYING;md5=6423dcd74d7be9715b0db247fd889da3 \
+ file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8 \
+ "
SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \
file://run-ptest \
file://tmpdir.patch \
file://dbus-1.init \
-"
+ "
-SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4"
+SRC_URI[sha256sum] = "fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b"
EXTRA_OECONF = "--disable-xml-docs \
--disable-doxygen-docs \
@@ -182,3 +183,5 @@
rm -rf ${D}${localstatedir}/run
}
BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT += "d-bus_project:d-bus"
diff --git a/poky/meta/recipes-core/expat/expat_2.4.9.bb b/poky/meta/recipes-core/expat/expat_2.5.0.bb
similarity index 91%
rename from poky/meta/recipes-core/expat/expat_2.4.9.bb
rename to poky/meta/recipes-core/expat/expat_2.5.0.bb
index 9561edd..aa8d439 100644
--- a/poky/meta/recipes-core/expat/expat_2.4.9.bb
+++ b/poky/meta/recipes-core/expat/expat_2.5.0.bb
@@ -15,7 +15,7 @@
GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
-SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a"
+SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67"
EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb
index c71c083..bb6ef06 100644
--- a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb
+++ b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb
@@ -16,7 +16,6 @@
d.setVar("PACKAGES", "${PN} ${PN}-ptest")
d.setVar("PROVIDES", "${PN} ${PN}-ptest")
- d.setVar("RPROVIDES", "${PN} ${PN}-ptest")
bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", "").strip()
d.setVar("BBCLASSEXTEND", bbclassextend)
@@ -29,6 +28,7 @@
RPROVIDES:${PN} = "${PN}"
RRECOMMENDS:${PN} = ""
RDEPENDS:${PN} = " glibc sed"
+RDEPENDS:${PN}-ptest = "${PN}"
DEPENDS += "sed"
export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/"
diff --git a/poky/meta/recipes-core/glibc/glibc.inc b/poky/meta/recipes-core/glibc/glibc.inc
index fdd241d..3b940b8 100644
--- a/poky/meta/recipes-core/glibc/glibc.inc
+++ b/poky/meta/recipes-core/glibc/glibc.inc
@@ -1,7 +1,9 @@
require glibc-common.inc
require glibc-ld.inc
-DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc-initial linux-libc-headers"
+DEPENDS = "virtual/${TARGET_PREFIX}gcc virtual/${TARGET_PREFIX}binutils${BUSUFFIX} libgcc-initial linux-libc-headers"
+BUSUFFIX= ""
+BUSUFFIX:class-nativesdk = "-crosssdk"
PROVIDES = "virtual/libc"
PROVIDES += "virtual/libintl virtual/libiconv"
diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
similarity index 97%
rename from poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
rename to poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
index 57d4152..7096bc9 100644
--- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
+++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
@@ -16,7 +16,7 @@
file://0001-ifupdown-skip-wrong-test-case.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \
"
-SRCREV = "2b4138f36ce3ba37186aa01b502273e0c39ab518"
+SRCREV = "be91dd267b4a8db502a6bbf5758563f7048b8078"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index f3f2bb2..3768133 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,8 +24,8 @@
inherit core-image setuptools3
-SRCREV ?= "4f942c272d4417b5b719df25b80a6a6b54669a73"
-SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
+SRCREV ?= "1516e498fed8eecdb76c60b2cea1f4c17bce9363"
+SRC_URI = "git://git.yoctoproject.org/poky;branch=langdale \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
file://README_VirtualBox_Guest_Additions.txt \
diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
index aa3ab6e..7662b8f 100644
--- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
+++ b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
@@ -18,6 +18,7 @@
SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683"
+EXTRA_OECONF = "--disable-tests"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb
similarity index 100%
rename from poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb
rename to poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
index 39ba263..61b0381 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -10,7 +10,7 @@
inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
-SRCREV = "50cf2b6dd4fdf04309445f2eec8de7051d953abf"
+SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175"
SRCBRANCH ?= "develop"
SRC_URI += "file://fix_cflags_handling.patch"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb
similarity index 100%
rename from poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb
rename to poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
new file mode 100644
index 0000000..346ec37
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
@@ -0,0 +1,624 @@
+From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 25 Aug 2022 17:43:08 +0200
+Subject: [PATCH] CVE-2022-40303
+
+Fix integer overflows with XML_PARSE_HUGE
+
+Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
+to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
+XML_MAX_HUGE_LENGTH (1 billion bytes).
+
+Move some the length checks to the end of the respective loop to make
+them strict.
+
+xmlParseEntityValue didn't have a length limitation at all. But without
+XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
+
+Thanks to Maddie Stone working with Google Project Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0]
+CVE: CVE-2022-40303
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ parser.c | 233 +++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 121 insertions(+), 112 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1bc3713..0f76577 100644
+--- a/parser.c
++++ b/parser.c
+@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt);
+ * *
+ ************************************************************************/
+
++#define XML_MAX_HUGE_LENGTH 1000000000
++
+ #define XML_PARSER_BIG_ENTITY 1000
+ #define XML_PARSER_LOT_ENTITY 5000
+
+@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
+ errmsg = "Malformed declaration expecting version";
+ break;
+ case XML_ERR_NAME_TOO_LONG:
+- errmsg = "Name too long use XML_PARSE_HUGE option";
++ errmsg = "Name too long";
+ break;
+ #if 0
+ case:
+@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNameComplex++;
+@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3346,7 +3352,10 @@ const xmlChar *
+ xmlParseName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ GROW;
+
+@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
+ in++;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ size_t startPosition = 0;
+
+ #ifdef DEBUG
+@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */
+ (xmlIsNameChar(ctxt, c) && (c != ':'))) {
+ if (count++ > XML_PARSER_CHUNK_SIZE) {
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- return(NULL);
+- }
+ count = 0;
+ GROW;
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ if (c == 0) {
+@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3467,7 +3473,10 @@ static const xmlChar *
+ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in, *e;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNCName++;
+@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ goto complex;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ const xmlChar *cur = *str;
+ int len = 0, l;
+ int c;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseStringName++;
+@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ COPY_BUF(l,buffer,len,c);
+ cur += l;
+ c = CUR_SCHAR(cur, l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ *str = cur;
+ return(buffer);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNmToken++;
+@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((max > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ COPY_BUF(l,buffer,len,c);
+ NEXTL(l);
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ return(buffer);
+@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ }
+ if (len == 0)
+ return(NULL);
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+ return(NULL);
+ }
+@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int c, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlChar stop;
+ xmlChar *ret = NULL;
+ const xmlChar *cur = NULL;
+@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ GROW;
+ c = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
++ "entity value too long\n");
++ goto error;
++ }
+ }
+ buf[len] = 0;
+ if (ctxt->instate == XML_PARSER_EOF)
+@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ xmlChar *rep = NULL;
+ size_t len = 0;
+ size_t buf_size = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int c, l, in_space = 0;
+ xmlChar *current = NULL;
+ xmlEntityPtr ent;
+@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ while (((NXT(0) != limit) && /* checked */
+ (IS_CHAR(c)) && (c != '<')) &&
+ (ctxt->instate != XML_PARSER_EOF)) {
+- /*
+- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE
+- * special option is given
+- */
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+ if (c == '&') {
+ in_space = 0;
+ if (NXT(1) == '#') {
+@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ }
+ GROW;
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
++ "AttValue length too long\n");
++ goto mem_error;
++ }
+ }
+ if (ctxt->instate == XML_PARSER_EOF)
+ goto error;
+@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ } else
+ NEXT;
+
+- /*
+- * There we potentially risk an overflow, don't allow attribute value of
+- * length more than INT_MAX it is a very reasonable assumption !
+- */
+- if (len >= INT_MAX) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+-
+ if (attlen != NULL) *attlen = (int) len;
+ return(buf);
+
+@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int cur, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar stop;
+ int state = ctxt->instate;
+ int count = 0;
+@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
+- xmlFree(buf);
+- ctxt->instate = (xmlParserInputState) state;
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
++ xmlFree(buf);
++ ctxt->instate = (xmlParserInputState) state;
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = (xmlParserInputState) state;
+@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar cur;
+ xmlChar stop;
+ int count = 0;
+@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 1 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
+- xmlFree(buf);
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR;
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
++ xmlFree(buf);
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ if (cur != stop) {
+@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ int r, rl;
+ int cur, l;
+ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int inputid;
+
+ inputid = ctxt->input->id;
+@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ if ((r == '-') && (q == '-')) {
+ xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL);
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+- "Comment too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ if (len + 5 >= size) {
+ xmlChar *new_buf;
+ size_t new_size;
+@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
++ "Comment too big found", NULL);
++ xmlFree (buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ if (cur == 0) {
+@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t size = XML_PARSER_BUFFER_SIZE;
+ size_t len = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlParserInputState state;
+ const xmlChar *in;
+ size_t nbchar = 0;
+@@ -4966,8 +4983,7 @@ get_more:
+ buf[len] = 0;
+ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment too big found", NULL);
+ xmlFree (buf);
+@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t len = 0;
+ size_t size = XML_PARSER_BUFFER_SIZE;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int cur, l;
+ const xmlChar *target;
+ xmlParserInputState state;
+@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ return;
+ }
+ count = 0;
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ }
+ COPY_BUF(l,buf,len,cur);
+ NEXTL(l);
+@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
++ "PI %s too big found", target);
++ xmlFree(buf);
++ ctxt->instate = state;
++ return;
++ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ buf[len] = 0;
+ if (cur != '?') {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ const xmlChar *in = NULL, *start, *end, *last;
+ xmlChar *ret = NULL;
+ int line, col;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ GROW;
+ in = (xmlChar *) CUR_PTR;
+@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ start = in;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ if ((*in++ == 0x20) && (*in == 0x20)) break;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ last = last + delta;
+ }
+ end = ctxt->input->end;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+ }
+ }
+ }
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ col++;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ }
+ }
+ last = in;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ int s, sl;
+ int cur, l;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ /* Check 2.6.0 was NXT(0) not RAW */
+ if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) {
+@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
+- "CData section too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
+ if (tmp == NULL) {
+ xmlFree(buf);
+@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ }
+ NEXTL(l);
+ cur = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
++ "CData section too big found\n");
++ xmlFree(buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = XML_PARSER_CONTENT;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
new file mode 100644
index 0000000..b24be03
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
@@ -0,0 +1,106 @@
+From cde95d801abc9405ca821ad814c7730333328d96 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 31 Aug 2022 22:11:25 +0200
+Subject: [PATCH] CVE-2022-40304
+
+Fix dict corruption caused by entity reference cycles
+
+When an entity reference cycle is detected, the entity content is
+cleared by setting its first byte to zero. But the entity content might
+be allocated from a dict. In this case, the dict entry becomes corrupted
+leading to all kinds of logic errors, including memory errors like
+double-frees.
+
+Stop storing entity content, orig, ExternalID and SystemID in a dict.
+These values are unlikely to occur multiple times in a document, so they
+shouldn't have been stored in a dict in the first place.
+
+Thanks to Ned Williamson and Nathan Wachholz working with Google Project
+Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b]
+CVE: CVE-2022-40304
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ entities.c | 55 ++++++++++++++++--------------------------------------
+ 1 file changed, 16 insertions(+), 39 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 1a8f86f..ec1b9a7 100644
+--- a/entities.c
++++ b/entities.c
+@@ -112,36 +112,19 @@ xmlFreeEntity(xmlEntityPtr entity)
+ if ((entity->children) && (entity->owner == 1) &&
+ (entity == (xmlEntityPtr) entity->children->parent))
+ xmlFreeNodeList(entity->children);
+- if (dict != NULL) {
+- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name)))
+- xmlFree((char *) entity->name);
+- if ((entity->ExternalID != NULL) &&
+- (!xmlDictOwns(dict, entity->ExternalID)))
+- xmlFree((char *) entity->ExternalID);
+- if ((entity->SystemID != NULL) &&
+- (!xmlDictOwns(dict, entity->SystemID)))
+- xmlFree((char *) entity->SystemID);
+- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI)))
+- xmlFree((char *) entity->URI);
+- if ((entity->content != NULL)
+- && (!xmlDictOwns(dict, entity->content)))
+- xmlFree((char *) entity->content);
+- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig)))
+- xmlFree((char *) entity->orig);
+- } else {
+- if (entity->name != NULL)
+- xmlFree((char *) entity->name);
+- if (entity->ExternalID != NULL)
+- xmlFree((char *) entity->ExternalID);
+- if (entity->SystemID != NULL)
+- xmlFree((char *) entity->SystemID);
+- if (entity->URI != NULL)
+- xmlFree((char *) entity->URI);
+- if (entity->content != NULL)
+- xmlFree((char *) entity->content);
+- if (entity->orig != NULL)
+- xmlFree((char *) entity->orig);
+- }
++ if ((entity->name != NULL) &&
++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name))))
++ xmlFree((char *) entity->name);
++ if (entity->ExternalID != NULL)
++ xmlFree((char *) entity->ExternalID);
++ if (entity->SystemID != NULL)
++ xmlFree((char *) entity->SystemID);
++ if (entity->URI != NULL)
++ xmlFree((char *) entity->URI);
++ if (entity->content != NULL)
++ xmlFree((char *) entity->content);
++ if (entity->orig != NULL)
++ xmlFree((char *) entity->orig);
+ xmlFree(entity);
+ }
+
+@@ -177,18 +160,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type,
+ ret->SystemID = xmlStrdup(SystemID);
+ } else {
+ ret->name = xmlDictLookup(dict, name, -1);
+- if (ExternalID != NULL)
+- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1);
+- if (SystemID != NULL)
+- ret->SystemID = xmlDictLookup(dict, SystemID, -1);
++ ret->ExternalID = xmlStrdup(ExternalID);
++ ret->SystemID = xmlStrdup(SystemID);
+ }
+ if (content != NULL) {
+ ret->length = xmlStrlen(content);
+- if ((dict != NULL) && (ret->length < 5))
+- ret->content = (xmlChar *)
+- xmlDictLookup(dict, content, ret->length);
+- else
+- ret->content = xmlStrndup(content, ret->length);
++ ret->content = xmlStrndup(content, ret->length);
+ } else {
+ ret->length = 0;
+ ret->content = NULL;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
index a2ed8d7..947f5b1 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -13,7 +13,7 @@
inherit gnomebase
-SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testtar \
file://libxml-64bit.patch \
file://runtest.patch \
file://run-ptest \
@@ -23,10 +23,12 @@
file://remove-fuzz-from-ptests.patch \
file://libxml-m4-use-pkgconfig.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
+ file://CVE-2022-40303.patch \
+ file://CVE-2022-40304.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
-SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
+SRC_URI[testtar.sha256sum] = "9b2c865aba66c6429ca301a7ef048d7eca2cdb7a9106184416710853c7b37d0d"
BINCONFIG = "${bindir}/xml2-config"
diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb
index 6b59e49..70d740b 100644
--- a/poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -67,12 +67,17 @@
# Generate new (mini) sdk-environment-setup file
script=${1:-${SDK_OUTPUT}/${SDKPATH}/environment-setup-${SDK_SYS}}
touch $script
- echo 'export PATH=${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH' >> $script
+ echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script
echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script
if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
fi
+ echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script
+ echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script
+ echo 'unset HOST_PKG_PATH'
toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb
index 9b9dbbd..e042e67 100644
--- a/poky/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb
@@ -21,6 +21,8 @@
# Timeout for blocking socket operations, such as the connection attempt.
CVE_SOCKET_TIMEOUT ?= "60"
+CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
+
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -32,25 +34,15 @@
"""
import bb.utils
import bb.progress
- import sqlite3, urllib, urllib.parse, gzip
- from datetime import date
+ import shutil
bb.utils.export_proxies(d)
- YEAR_START = 2002
-
db_file = d.getVar("CVE_CHECK_DB_FILE")
db_dir = os.path.dirname(db_file)
+ db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
- cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
-
- if os.path.exists("{0}-journal".format(db_file)):
- # If a journal is present the last update might have been interrupted. In that case,
- # just wipe any leftovers and force the DB to be recreated.
- os.remove("{0}-journal".format(db_file))
-
- if os.path.exists(db_file):
- os.remove(db_file)
+ cleanup_db_download(db_file, db_tmp_file)
# The NVD database changes once a day, so no need to update more frequently
# Allow the user to force-update
@@ -68,9 +60,60 @@
pass
bb.utils.mkdirhier(db_dir)
+ if os.path.exists(db_file):
+ shutil.copy2(db_file, db_tmp_file)
+
+ if update_db_file(db_tmp_file, d) == True:
+ # Update downloaded correctly, can swap files
+ shutil.move(db_tmp_file, db_file)
+ else:
+ # Update failed, do not modify the database
+ bb.note("CVE database update failed")
+ os.remove(db_tmp_file)
+}
+
+do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[file-checksums] = ""
+do_fetch[vardeps] = ""
+
+def cleanup_db_download(db_file, db_tmp_file):
+ """
+ Cleanup the download space from possible failed downloads
+ """
+
+ # Clean up the updates done on the main file
+ # Remove it only if a journal file exists - it means a complete re-download
+ if os.path.exists("{0}-journal".format(db_file)):
+ # If a journal is present the last update might have been interrupted. In that case,
+ # just wipe any leftovers and force the DB to be recreated.
+ os.remove("{0}-journal".format(db_file))
+
+ if os.path.exists(db_file):
+ os.remove(db_file)
+
+ # Clean-up the temporary file downloads, we can remove both journal
+ # and the temporary database
+ if os.path.exists("{0}-journal".format(db_tmp_file)):
+ # If a journal is present the last update might have been interrupted. In that case,
+ # just wipe any leftovers and force the DB to be recreated.
+ os.remove("{0}-journal".format(db_tmp_file))
+
+ if os.path.exists(db_tmp_file):
+ os.remove(db_tmp_file)
+
+def update_db_file(db_tmp_file, d):
+ """
+ Update the given database file
+ """
+ import bb.utils, bb.progress
+ from datetime import date
+ import urllib, gzip, sqlite3
+
+ YEAR_START = 2002
+ cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
# Connect to database
- conn = sqlite3.connect(db_file)
+ conn = sqlite3.connect(db_tmp_file)
initialize_db(conn)
with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
@@ -87,8 +130,11 @@
response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
- bb.warn("Failed to fetch CVE data (%s)" % e.reason)
- return
+ bb.warn("Failed to fetch CVE data (%s)" % e)
+ import socket
+ result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP)
+ bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result)))
+ return False
if response:
for l in response.read().decode("utf-8").splitlines():
@@ -98,7 +144,7 @@
break
else:
bb.warn("Cannot parse CVE metadata, update failed")
- return
+ return False
# Compare with current db last modified date
cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
@@ -119,7 +165,7 @@
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
- return
+ return False
else:
bb.debug(2, "Already up to date (last modified %s)" % last_modified)
# Update success, set the date to cve_check file.
@@ -128,11 +174,7 @@
conn.commit()
conn.close()
-}
-
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
-do_fetch[file-checksums] = ""
-do_fetch[vardeps] = ""
+ return True
def initialize_db(conn):
with conn:
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 89d9ffa..0c3df4f 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -10,7 +10,7 @@
with the appropriate location before building.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [oe-core cross compile specific]
---
OvmfPkg/build.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index f6141c8..2293d7e 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -6,8 +6,13 @@
Prepend the build flags with those of bitbake. This is to build
using the bitbake native sysroot include and library directories.
+Note from Alex: this is not appropriate for upstream submission as
+the recipe already does lots of similar in-place fixups elsewhere, so
+this patch shold be converted to follow that pattern. We're not going
+to fight against how upstream wants to configure the build.
+
Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups]
---
BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/poky/meta/recipes-core/psplash/files/psplash-start.service b/poky/meta/recipes-core/psplash/files/psplash-start.service
index 36c2bb3..bec9368 100644
--- a/poky/meta/recipes-core/psplash/files/psplash-start.service
+++ b/poky/meta/recipes-core/psplash/files/psplash-start.service
@@ -2,6 +2,7 @@
Description=Start psplash boot splash screen
DefaultDependencies=no
RequiresMountsFor=/run
+ConditionFileIsExecutable=/usr/bin/psplash
[Service]
Type=notify
diff --git a/poky/meta/recipes-core/psplash/files/psplash-systemd.service b/poky/meta/recipes-core/psplash/files/psplash-systemd.service
index 082207f..e93e3de 100644
--- a/poky/meta/recipes-core/psplash/files/psplash-systemd.service
+++ b/poky/meta/recipes-core/psplash/files/psplash-systemd.service
@@ -4,6 +4,7 @@
After=psplash-start.service
Requires=psplash-start.service
RequiresMountsFor=/run
+ConditionFileIsExecutable=/usr/bin/psplash
[Service]
ExecStart=/usr/bin/psplash-systemd
diff --git a/poky/meta/recipes-core/systemd/systemd-boot_251.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_251.8.bb
similarity index 100%
rename from poky/meta/recipes-core/systemd/systemd-boot_251.4.bb
rename to poky/meta/recipes-core/systemd/systemd-boot_251.8.bb
diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc
index 71eb93f..3bb6b0e 100644
--- a/poky/meta/recipes-core/systemd/systemd.inc
+++ b/poky/meta/recipes-core/systemd/systemd.inc
@@ -14,7 +14,7 @@
LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
-SRCREV = "2a674b4b66af1a050a0362b646d2fca90c90112e"
+SRCREV = "ae8b249af4acb055f920134f2ac584c4cbc86e3b"
SRCBRANCH = "v251-stable"
SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \
"
diff --git a/poky/meta/recipes-core/systemd/systemd_251.4.bb b/poky/meta/recipes-core/systemd/systemd_251.8.bb
similarity index 98%
rename from poky/meta/recipes-core/systemd/systemd_251.4.bb
rename to poky/meta/recipes-core/systemd/systemd_251.8.bb
index 910ea71..991da07 100644
--- a/poky/meta/recipes-core/systemd/systemd_251.4.bb
+++ b/poky/meta/recipes-core/systemd/systemd_251.8.bb
@@ -144,7 +144,7 @@
PACKAGECONFIG[idn] = "-Didn=true,-Didn=false"
PACKAGECONFIG[ima] = "-Dima=true,-Dima=false"
# importd requires journal-upload/xz/zlib/bzip2/gcrypt
-PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false"
+PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false,glib-2.0"
# Update NAT firewall rules
PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables"
PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl"
@@ -217,7 +217,7 @@
rootlibexecdir = "${rootprefix}/lib"
EXTRA_OEMESON += "-Dnobody-user=nobody \
- -Dnobody-group=nobody \
+ -Dnobody-group=nogroup \
-Drootlibdir=${rootlibdir} \
-Drootprefix=${rootprefix} \
-Ddefault-locale=C \
@@ -395,11 +395,13 @@
SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service"
USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
+ udev \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
"
GROUPADD_PARAM:${PN} = "-r systemd-journal;"
+GROUPADD_PARAM:udev = "-r render;-r sgx;"
GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
@@ -437,9 +439,9 @@
${rootlibexecdir}/systemd/systemd-binfmt \
${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \
${systemd_system_unitdir}/systemd-binfmt.service"
-RRECOMMENDS:${PN}-binfmt = "kernel-module-binfmt-misc"
+RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}"
-RRECOMMENDS:${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps"
+RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}"
FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \
@@ -518,6 +520,8 @@
${bindir}/systemd-path \
${bindir}/systemd-run \
${bindir}/systemd-cat \
+ ${bindir}/systemd-creds \
+ ${bindir}/systemd-cryptenroll \
${bindir}/systemd-delta \
${bindir}/systemd-cgls \
${bindir}/systemd-cgtop \
diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
deleted file mode 100644
index ad5e59d..0000000
--- a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 30 Mar 2022 11:14:53 -0700
-Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
-
-The previous releases of zlib were not sensitive to incorrect CRC
-inputs with bits set above the low 32. This commit restores that
-behavior, so that applications with such bugs will continue to
-operate as before.
-
-Upstream-Status: Backport [https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2]
-Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
----
- crc32.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/crc32.c b/crc32.c
-index a1bdce5..451887b 100644
---- a/crc32.c
-+++ b/crc32.c
-@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
- #endif /* DYNAMIC_CRC_TABLE */
-
- /* Pre-condition the CRC */
-- crc ^= 0xffffffff;
-+ crc = (~crc) & 0xffffffff;
-
- /* Compute the CRC up to a word boundary. */
- while (len && ((z_size_t)buf & 7) != 0) {
-@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
- #endif /* DYNAMIC_CRC_TABLE */
-
- /* Pre-condition the CRC */
-- crc ^= 0xffffffff;
-+ crc = (~crc) & 0xffffffff;
-
- #ifdef W
-
-@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
- #ifdef DYNAMIC_CRC_TABLE
- once(&made, make_crc_table);
- #endif /* DYNAMIC_CRC_TABLE */
-- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
-+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
- }
-
- /* ========================================================================= */
-@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
- uLong crc2;
- uLong op;
- {
-- return multmodp(op, crc1) ^ crc2;
-+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
- }
diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
deleted file mode 100644
index 96ab563..0000000
--- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
-From: Mark Adler <fork@madler.net>
-Date: Sat, 30 Jul 2022 15:51:11 -0700
-Subject: [PATCH] Fix a bug when getting a gzip header extra field with inflate().
-
-If the extra field was larger than the space the user provided with
-inflateGetHeader(), and if multiple calls of inflate() delivered
-the extra header data, then there could be a buffer overflow of the
-provided space. This commit assures that provided space is not
-exceeded.
-
-CVE: CVE-2022-37434
-Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7be8c63..7a72897 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,9 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-+ len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
-- state->head->extra != Z_NULL) {
-- len = state->head->extra_len - state->length;
-+ state->head->extra != Z_NULL &&
-+ len < state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
---
-2.37.2
-
diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
deleted file mode 100644
index a0978c5..0000000
--- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
-From: Mark Adler <fork@madler.net>
-Date: Mon, 8 Aug 2022 10:50:09 -0700
-Subject: [PATCH] Fix extra field processing bug that dereferences NULL
- state->head.
-
-The recent commit to fix a gzip header extra field processing bug
-introduced the new bug fixed here.
-
-CVE: CVE-2022-37434
-Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- inflate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7a72897..2a3c4fe 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,10 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-- len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
- state->head->extra != Z_NULL &&
-- len < state->head->extra_max) {
-+ (len = state->head->extra_len - state->length) <
-+ state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
---
-2.37.2
-
diff --git a/poky/meta/recipes-core/zlib/zlib/cc.patch b/poky/meta/recipes-core/zlib/zlib/cc.patch
deleted file mode 100644
index 8fb974d..0000000
--- a/poky/meta/recipes-core/zlib/zlib/cc.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Mon, 28 Mar 2022 18:34:10 -0700
-Subject: [PATCH] Fix configure issue that discarded provided CC definition.
-
----
- configure | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/configure b/configure
-index 52ff4a04e..3fa3e8618 100755
---- a/configure
-+++ b/configure
-@@ -174,7 +174,10 @@ if test -z "$CC"; then
- else
- cc=${CROSS_PREFIX}cc
- fi
-+else
-+ cc=${CC}
- fi
-+
- cflags=${CFLAGS-"-O3"}
- # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
- case "$cc" in
diff --git a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch b/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch
deleted file mode 100644
index 2863906..0000000
--- a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Obey LDFLAGS for tests
-
-Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
---- zlib-1.2.8.orig/Makefile.in
-+++ zlib-1.2.8/Makefile.in
-@@ -26,7 +26,7 @@ CFLAGS=-O
-
- SFLAGS=-O
- LDFLAGS=
--TEST_LDFLAGS=-L. libz.a
-+TEST_LDFLAGS=-L. $(LDFLAGS)
- LDSHARED=$(CC)
- CPP=$(CC) -E
-
-@@ -176,22 +176,22 @@ placebo $(SHAREDLIBV): $(PIC_OBJS) libz.
- -@rmdir objs
-
- example$(EXE): example.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(STATICLIB)
-
- minigzip$(EXE): minigzip.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(STATICLIB)
-
- examplesh$(EXE): example.o $(SHAREDLIBV)
-- $(CC) $(CFLAGS) -o $@ example.o -L. $(SHAREDLIBV)
-+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(SHAREDLIBV)
-
- minigzipsh$(EXE): minigzip.o $(SHAREDLIBV)
-- $(CC) $(CFLAGS) -o $@ minigzip.o -L. $(SHAREDLIBV)
-+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(SHAREDLIBV)
-
- example64$(EXE): example64.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) $(STATICLIB)
-
- minigzip64$(EXE): minigzip64.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) $(STATICLIB)
-
- install-libs: $(LIBS)
- -@if [ ! -d $(DESTDIR)$(exec_prefix) ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi
diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb
similarity index 68%
rename from poky/meta/recipes-core/zlib/zlib_1.2.12.bb
rename to poky/meta/recipes-core/zlib/zlib_1.2.13.bb
index 2491cb9..ec977a3 100644
--- a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb
+++ b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb
@@ -8,17 +8,12 @@
# The source tarball needs to be .gz as only the .gz ends up in fossils/
SRC_URI = "https://zlib.net/${BP}.tar.gz \
- file://cc.patch \
- file://ldflags-tests.patch \
file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \
file://run-ptest \
- file://0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch \
- file://0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch \
- file://0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch \
"
UPSTREAM_CHECK_URI = "http://zlib.net/"
-SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9"
+SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30"
# When a new release is made the previous release is moved to fossils/, so add this
# to PREMIRRORS so it is also searched automatically.
@@ -30,9 +25,12 @@
inherit ptest
+B = "${WORKDIR}/build"
+
do_configure() {
- LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU
+ LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU
}
+do_configure[cleandirs] += "${B}"
do_compile() {
oe_runmake shared
diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
index 4b9f804..ef85750 100644
--- a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
+++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
@@ -38,8 +38,6 @@
# is considered stable, e.g. 1.0, 1.4, 1.8, 2.2, 2.6, etc. As there is no way
# to express 'divisible by 4 plus 2' in regex (that I know of), let's hardcode a few.
UPSTREAM_CHECK_REGEX = "[^\d\.](?P<pver>((2\.2)|(2\.6)|(3\.0)|(3\.4)|(3\.8)|(4\.2))(\.\d+)+)\.tar"
-# needs be marked as unknown until 2.6 is out
-UPSTREAM_VERSION_UNKNOWN = "1"
inherit cmake perlnative bash-completion useradd
@@ -126,6 +124,7 @@
do_install:append:class-nativesdk() {
customize_apt_conf_sample
+ rm -rf ${D}${localstatedir}/log
}
do_install:append:class-target() {
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc
index b040e57..419571d 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc
@@ -35,6 +35,7 @@
file://0014-CVE-2022-38128-1.patch \
file://0014-CVE-2022-38128-2.patch \
file://0014-CVE-2022-38128-3.patch \
+ file://0015-CVE-2022-4285.patch \
"
S = "${WORKDIR}/git"
# Already in 2.39 branch
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
index 4fe5520..9c825df 100644
--- a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
+++ b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
@@ -65,7 +65,7 @@
info.path = NULL;
info.len = info.alloc = 0;
- tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf",
-+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf",
++ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
(const char *) NULL);
if (!ldelf_parse_ld_so_conf (&info, tmppath))
{
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
new file mode 100644
index 0000000..46ec0b1
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
@@ -0,0 +1,37 @@
+From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 19 Oct 2022 15:09:12 +0100
+Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
+ containing corrupt symbol version information.
+
+ PR 29699
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+ of the section header is zero.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verref;
+ }
+- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++ if (amt == 0)
++ goto error_return_verref;
++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verref == NULL)
+ goto error_return_verref;
+
+--
+2.31.1
+
diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch b/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch
deleted file mode 100644
index 88597cf..0000000
--- a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6d1a1ff2de363b1b76c8c70f77ae56a4e4d4b56 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 5 Sep 2019 18:37:31 +0800
-Subject: [PATCH] bootchart2: support usrmerge
-
-Upstream-Status: Inappropriate [oe-specific]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 1cc2974..f988904 100644
---- a/Makefile
-+++ b/Makefile
-@@ -36,7 +36,7 @@ endif
- PY_SITEDIR ?= $(PY_LIBDIR)/site-packages
- LIBC_A_PATH = /usr$(LIBDIR)
- # Always lib, even on systems that otherwise use lib64
--SYSTEMD_UNIT_DIR = $(EARLY_PREFIX)/lib/systemd/system
-+SYSTEMD_UNIT_DIR ?= $(EARLY_PREFIX)/lib/systemd/system
- COLLECTOR = \
- collector/collector.o \
- collector/output.o \
-@@ -99,7 +99,7 @@ install-chroot:
- install -d $(DESTDIR)$(PKGLIBDIR)/tmpfs
-
- install-collector: all install-chroot
-- install -m 755 -D bootchartd $(DESTDIR)$(EARLY_PREFIX)/sbin/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX)
-+ install -m 755 -D bootchartd $(DESTDIR)${BASE_SBINDIR}/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX)
- install -m 644 -D bootchartd.conf $(DESTDIR)/etc/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX).conf
- install -m 755 -D bootchart-collector $(DESTDIR)$(PKGLIBDIR)/$(PROGRAM_PREFIX)bootchart$(PROGRAM_SUFFIX)-collector
-
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index b4d5b7c..297dbfb 100644
--- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -93,7 +93,6 @@
SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \
file://bootchartd_stop.sh \
file://0001-collector-Allocate-space-on-heap-for-chunks.patch \
- file://0001-bootchart2-support-usrmerge.patch \
file://0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch \
file://0001-Do-not-include-linux-fs.h.patch \
"
@@ -120,12 +119,11 @@
INITSCRIPT_NAME = "bootchartd_stop.sh"
INITSCRIPT_PARAMS = "start 99 2 3 4 5 ."
-EXTRA_OEMAKE = 'BASE_SBINDIR="${base_sbindir}"'
-
do_compile:prepend () {
export PY_LIBDIR="${libdir}/${PYTHON_DIR}"
export BINDIR="${bindir}"
- export LIBDIR="${base_libdir}"
+ export LIBDIR="/${baselib}"
+ export EARLY_PREFIX="${root_prefix}"
}
do_install () {
@@ -133,9 +131,8 @@
export PY_LIBDIR="${libdir}/${PYTHON_DIR}"
export BINDIR="${bindir}"
export DESTDIR="${D}"
- export LIBDIR="${base_libdir}"
- export PKGLIBDIR="${base_libdir}/bootchart"
- export SYSTEMD_UNIT_DIR="${systemd_system_unitdir}"
+ export LIBDIR="/${baselib}"
+ export EARLY_PREFIX="${root_prefix}"
oe_runmake install NO_PYTHON_COMPILE=1
install -d ${D}${sysconfdir}/init.d
diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb
similarity index 98%
rename from poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb
rename to poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb
index 722a486..bcc87eb 100644
--- a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb
+++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb
@@ -32,6 +32,7 @@
-DCMAKE_USE_SYSTEM_LIBRARY_EXPAT=0 \
-DENABLE_ACL=0 -DHAVE_ACL_LIBACL_H=0 \
-DHAVE_SYS_ACL_H=0 \
+ -DCURL_LIBRARIES=-lcurl \
"
do_configure () {
diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc
index d64afff..1ede8ee 100644
--- a/poky/meta/recipes-devtools/cmake/cmake.inc
+++ b/poky/meta/recipes-devtools/cmake/cmake.inc
@@ -21,7 +21,7 @@
file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \
"
-SRC_URI[sha256sum] = "c2b61f7cdecb1576cad25f918a8f42b8685d88a832fd4b62b9e0fa32e915a658"
+SRC_URI[sha256sum] = "0d9020f06f3ddf17fb537dc228e1a56c927ee506b486f55fe2dc19f69bf0c8db"
UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb
similarity index 100%
rename from poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb
rename to poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch
new file mode 100644
index 0000000..a249eaf
--- /dev/null
+++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch
@@ -0,0 +1,27 @@
+From 8defe6aaf91613c3fcb540df65a94cd56d377367 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 13 Jan 2023 13:21:51 -0800
+Subject: [PATCH 1/2] include rpm/rpmstring.h
+
+Its needed for rasprintf declaration
+
+Fixes
+src/xml_file.c:341:36: error: call to undeclared functi
+on 'rasprintf'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/createrepo_c/pull/340]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/xml_file.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/xml_file.c
++++ b/src/xml_file.c
+@@ -19,6 +19,7 @@
+
+ #include <glib.h>
+ #include <glib/gstdio.h>
++#include <rpm/rpmstring.h>
+ #include <assert.h>
+ #include "xml_file.h"
+ #include <errno.h>
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb
index d309bb8..053198c 100644
--- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb
+++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb
@@ -6,6 +6,7 @@
SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
+ file://0001-include-rpm-rpmstring.h.patch \
"
SRCREV = "af14e164a3e4ab9dfaef1212e852b9ecebc326a2"
diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch
new file mode 100644
index 0000000..f358081
--- /dev/null
+++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch
@@ -0,0 +1,27 @@
+From c640d9011a8330ebaad501784fb0ee1ce5e7a5ef Mon Sep 17 00:00:00 2001
+From: Rod Smith <rodsmith@rodsbooks.com>
+Date: Sat, 16 Apr 2022 09:32:04 -0400
+Subject: [PATCH] Updated guid.cc to deal with minor change in libuuid
+
+Upstream-Status: Backport [https://sourceforge.net/p/gptfdisk/code/ci/6a8416cbd12d55f882bb751993b94f72d338d96f/]
+Signed-off-by: Peter Bergin <peter@berginkonsult.se>
+---
+ guid.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/guid.cc b/guid.cc
+index 1e73ab7..d3e4fd5 100644
+--- a/guid.cc
++++ b/guid.cc
+@@ -141,7 +141,7 @@ void GUIDData::Zero(void) {
+ void GUIDData::Randomize(void) {
+ int i, uuidGenerated = 0;
+
+-#ifdef _UUID_UUID_H
++#if defined (_UUID_UUID_H) || defined (_UL_LIBUUID_UUID_H)
+ uuid_generate(uuidData);
+ ReverseBytes(&uuidData[0], 4);
+ ReverseBytes(&uuidData[4], 2);
+--
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb
index e473b9c..2c093c2 100644
--- a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb
+++ b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb
@@ -9,6 +9,7 @@
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${PV}/${BP}.tar.gz \
file://0001-gptcurses-correctly-include-curses.h.patch \
+ file://0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch \
"
SRC_URI[sha256sum] = "dafead2693faeb8e8b97832b23407f6ed5b3219bc1784f482dd855774e2d50c2"
diff --git a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc
index aac4b49..03f520b 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc
@@ -9,3 +9,13 @@
do_configure[depends] += "gcc-source-${PV}:do_preconfigure"
do_populate_lic[depends] += "gcc-source-${PV}:do_unpack"
+do_deploy_source_date_epoch[depends] += "gcc-source-${PV}:do_deploy_source_date_epoch"
+
+# Copy the SDE from the shared workdir to the recipe workdir
+do_deploy_source_date_epoch () {
+ sde_file=${SDE_FILE}
+ sde_file=${sde_file#${WORKDIR}/}
+ mkdir -p ${SDE_DEPLOYDIR} $(dirname ${SDE_FILE})
+ cp -p $(dirname ${S})/$sde_file ${SDE_DEPLOYDIR}
+ cp -p $(dirname ${S})/$sde_file ${SDE_FILE}
+}
diff --git a/poky/meta/recipes-devtools/gcc/gcc-source.inc b/poky/meta/recipes-devtools/gcc/gcc-source.inc
index 224b777..265bcf4 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-source.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-source.inc
@@ -17,6 +17,13 @@
INHIBIT_DEFAULT_DEPS = "1"
DEPENDS = ""
PACKAGES = ""
+TARGET_ARCH = "allarch"
+TARGET_AS_ARCH = "none"
+TARGET_CC_ARCH = "none"
+TARGET_LD_ARCH = "none"
+TARGET_OS = "linux"
+baselib = "lib"
+PACKAGE_ARCH = "all"
B = "${WORKDIR}/build"
@@ -25,8 +32,6 @@
import subprocess
cmd = d.expand('cd ${S} && PATH=${PATH} gnu-configize')
subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
- # See 0044-gengtypes.patch, we need to regenerate this file
- bb.utils.remove(d.expand("${S}/gcc/gengtype-lex.c"))
cmd = d.expand("sed -i 's/BUILD_INFO=info/BUILD_INFO=/' ${S}/gcc/configure")
subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
diff --git a/poky/meta/recipes-devtools/git/git_2.37.3.bb b/poky/meta/recipes-devtools/git/git_2.37.6.bb
similarity index 95%
rename from poky/meta/recipes-devtools/git/git_2.37.3.bb
rename to poky/meta/recipes-devtools/git/git_2.37.6.bb
index 2eed85e..302db21 100644
--- a/poky/meta/recipes-devtools/git/git_2.37.3.bb
+++ b/poky/meta/recipes-devtools/git/git_2.37.6.bb
@@ -31,6 +31,10 @@
# in mirrored git repos. Most OE users wouldn't build the docs and
# we don't see this as a major issue for our general users/usecases.
CVE_CHECK_IGNORE += "CVE-2022-24975"
+# This is specific to Git-for-Windows
+CVE_CHECK_IGNORE += "CVE-2022-41953"
+# specific to Git for Windows
+CVE_CHECK_IGNORE += "CVE-2023-22743"
PACKAGECONFIG ??= "expat curl"
PACKAGECONFIG[cvsserver] = ""
@@ -165,4 +169,4 @@
"
EXTRA_OEMAKE += "NO_GETTEXT=1"
-SRC_URI[tarball.sha256sum] = "181f65587155ea48c682f63135678ec53055adf1532428752912d356e46b64a8"
+SRC_URI[tarball.sha256sum] = "626e4c338f72b170e2b3afb1cb2161f6fbe4fb1d0749154f1ebfb5f0a57ec25f"
diff --git a/poky/meta/recipes-devtools/go/go-1.19.inc b/poky/meta/recipes-devtools/go/go-1.19.7.inc
similarity index 85%
rename from poky/meta/recipes-devtools/go/go-1.19.inc
rename to poky/meta/recipes-devtools/go/go-1.19.7.inc
index f733a80..7d76f34 100644
--- a/poky/meta/recipes-devtools/go/go-1.19.inc
+++ b/poky/meta/recipes-devtools/go/go-1.19.7.inc
@@ -14,6 +14,5 @@
file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://filter-build-paths.patch \
- file://stack-protector.patch \
"
-SRC_URI[main.sha256sum] = "9419cc70dc5a2523f29a77053cafff658ed21ef3561d9b6b020280ebceab28b9"
+SRC_URI[main.sha256sum] = "775bdf285ceaba940da8a2fe20122500efd7a0b65dbcee85247854a8d7402633"
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
similarity index 80%
rename from poky/meta/recipes-devtools/go/go-binary-native_1.19.bb
rename to poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
index ca424a6..0e2c8f1 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
@@ -7,9 +7,10 @@
PROVIDES = "go-native"
+# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "464b6b66591f6cf055bc5df90a9750bf5fbc9d038722bb84a9d56a2bea974be6"
-SRC_URI[go_linux_arm64.sha256sum] = "efa97fac9574fc6ef6c9ff3e3758fb85f1439b046573bf434cccb5e012bd00c8"
+SRC_URI[go_linux_amd64.sha256sum] = "7a75720c9b066ae1750f6bcc7052aba70fa3813f4223199ee2a2315fd3eb533d"
+SRC_URI[go_linux_arm64.sha256sum] = "071ea7bf386fdd08df524859b878d99fc359e491e7ad65c1c1cc55b67972c882"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb
rename to poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-cross_1.19.bb b/poky/meta/recipes-devtools/go/go-cross_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-cross_1.19.bb
rename to poky/meta/recipes-devtools/go/go-cross_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk.inc b/poky/meta/recipes-devtools/go/go-crosssdk.inc
index cd23cca..7669386 100644
--- a/poky/meta/recipes-devtools/go/go-crosssdk.inc
+++ b/poky/meta/recipes-devtools/go/go-crosssdk.inc
@@ -4,6 +4,8 @@
PN = "go-crosssdk-${SDK_SYS}"
PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
+export GOCACHE = "${B}/.cache"
+
do_configure[noexec] = "1"
do_compile() {
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb
rename to poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-native_1.19.bb b/poky/meta/recipes-devtools/go/go-native_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-native_1.19.bb
rename to poky/meta/recipes-devtools/go/go-native_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.19.bb b/poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-runtime_1.19.bb
rename to poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
index 8cbed93..43be5cd 100644
--- a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
+++ b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -1,4 +1,4 @@
-From a3db4da51df37d163ff9e8c1e1057280c648c545 Mon Sep 17 00:00:00 2001
+From fb22e586871cc6be0b7041e86d2daceee06ea568 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 28 Mar 2022 10:59:03 -0700
Subject: [PATCH] cmd/go: make content-based hash generation less pedantic
@@ -32,13 +32,13 @@
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
-index 529351d..df791b0 100644
+index 81ee859..2db3898 100644
--- a/src/cmd/go/internal/envcmd/env.go
+++ b/src/cmd/go/internal/envcmd/env.go
@@ -176,7 +176,7 @@ func ExtraEnvVars() []cfg.EnvVar {
func ExtraEnvVarsCostly() []cfg.EnvVar {
- var b work.Builder
- b.Init()
+ b := work.NewBuilder("")
+
- cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{})
+ cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}, false)
if err != nil {
@@ -74,7 +74,7 @@
+ cppflags, cflags, cxxflags, fflags, ldflags, _ := b.CFlags(p, true)
- ccExe := b.ccExe()
-+ ccExe := filterCompilerFlags(b.ccExe())
++ ccExe := filterCompilerFlags(b.ccExe(), true)
fmt.Fprintf(h, "CC=%q %q %q %q\n", ccExe, cppflags, cflags, ldflags)
// Include the C compiler tool ID so that if the C
// compiler changes we rebuild the package.
@@ -83,7 +83,7 @@
}
if len(p.CXXFiles)+len(p.SwigCXXFiles) > 0 {
- cxxExe := b.cxxExe()
-+ cxxExe := filterCompilerFlags(b.cxxExe())
++ cxxExe := filterCompilerFlags(b.cxxExe(), true)
fmt.Fprintf(h, "CXX=%q %q\n", cxxExe, cxxflags)
if cxxID, err := b.gccToolID(cxxExe[0], "c++"); err == nil {
fmt.Fprintf(h, "CXX ID=%q\n", cxxID)
@@ -91,7 +91,7 @@
}
if len(p.FFiles) > 0 {
- fcExe := b.fcExe()
-+ fcExe := filterCompilerFlags(b.fcExe())
++ fcExe := filterCompilerFlags(b.fcExe(), true)
fmt.Fprintf(h, "FC=%q %q\n", fcExe, fflags)
if fcID, err := b.gccToolID(fcExe[0], "f95"); err == nil {
fmt.Fprintf(h, "FC ID=%q\n", fcID)
@@ -104,20 +104,22 @@
}
// Configuration specific to compiler toolchain.
-@@ -2705,8 +2707,23 @@ func envList(key, def string) []string {
+@@ -2705,8 +2707,25 @@ func envList(key, def string) []string {
return args
}
+var filterFlags = os.Getenv("CGO_PEDANTIC") == ""
+
-+func filterCompilerFlags(flags []string) []string {
++func filterCompilerFlags(flags []string, keepfirst bool) []string {
+ var newflags []string
++ var realkeepfirst bool = keepfirst
+ if !filterFlags {
+ return flags
+ }
+ for _, flag := range flags {
-+ if strings.HasPrefix(flag, "-m") {
++ if strings.HasPrefix(flag, "-m") || realkeepfirst {
+ newflags = append(newflags, flag)
++ realkeepfirst = false
+ }
+ }
+ return newflags
@@ -129,21 +131,21 @@
defaults := "-g -O2"
if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil {
-@@ -2724,6 +2741,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
+@@ -2724,6 +2743,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
if ldflags, err = buildFlags("LDFLAGS", defaults, p.CgoLDFLAGS, checkLinkerFlags); err != nil {
return
}
+ if filtered {
-+ cppflags = filterCompilerFlags(cppflags)
-+ cflags = filterCompilerFlags(cflags)
-+ cxxflags = filterCompilerFlags(cxxflags)
-+ fflags = filterCompilerFlags(fflags)
-+ ldflags = filterCompilerFlags(ldflags)
++ cppflags = filterCompilerFlags(cppflags, false)
++ cflags = filterCompilerFlags(cflags, false)
++ cxxflags = filterCompilerFlags(cxxflags, false)
++ fflags = filterCompilerFlags(fflags, false)
++ ldflags = filterCompilerFlags(ldflags, false)
+ }
return
}
-@@ -2739,7 +2763,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
+@@ -2739,7 +2765,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgofiles, gccfiles, gxxfiles, mfiles, ffiles []string) (outGo, outObj []string, err error) {
p := a.Package
@@ -152,7 +154,7 @@
if err != nil {
return nil, nil, err
}
-@@ -3246,7 +3270,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
+@@ -3246,7 +3272,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
// Run SWIG on one SWIG input file.
func (b *Builder) swigOne(a *Action, p *load.Package, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) {
diff --git a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch
index a1aa37c..280f911 100644
--- a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch
+++ b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch
@@ -8,7 +8,8 @@
location. This codepath is hit for statically linked go binaries such as those
on mips/ppc.
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/golang/go/pull/56410]
+
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
diff --git a/poky/meta/recipes-devtools/go/go/stack-protector.patch b/poky/meta/recipes-devtools/go/go/stack-protector.patch
deleted file mode 100644
index cc92a44..0000000
--- a/poky/meta/recipes-devtools/go/go/stack-protector.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c537b87782293fe222f2ef5eb1ae818092118e97 Mon Sep 17 00:00:00 2001
-From: Ian Lance Taylor <iant@golang.org>
-Date: Sun, 07 Aug 2022 19:21:15 -0700
-Subject: [PATCH] runtime/cgo: add -fno-stack-protector to CFLAGS
-
-Some compilers default to having -fstack-protector on, which breaks
-when using internal linking because the linker doesn't know how to
-find the support functions.
-
-Fixes #52919
-Fixes #54313
-
-Change-Id: I6f51d5e906503f61fc768ad8e30c163bad135087
-Upstream-Status: Submitted [https://github.com/golang/go/issues/54313]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
-
-diff --git a/src/runtime/cgo/cgo.go b/src/runtime/cgo/cgo.go
-index 298aa63..4b7046e 100644
---- a/src/runtime/cgo/cgo.go
-+++ b/src/runtime/cgo/cgo.go
-@@ -23,7 +23,9 @@
- #cgo solaris LDFLAGS: -lxnet
- #cgo solaris LDFLAGS: -lsocket
-
--#cgo CFLAGS: -Wall -Werror
-+// We use -fno-stack-protector because internal linking won't find
-+// the support functions. See issues #52919 and #54313.
-+#cgo CFLAGS: -Wall -Werror -fno-stack-protector
-
- #cgo solaris CPPFLAGS: -D_POSIX_PTHREAD_SEMANTICS
-
diff --git a/poky/meta/recipes-devtools/go/go_1.19.bb b/poky/meta/recipes-devtools/go/go_1.19.7.bb
similarity index 66%
rename from poky/meta/recipes-devtools/go/go_1.19.bb
rename to poky/meta/recipes-devtools/go/go_1.19.7.bb
index 9897767..587ee55 100644
--- a/poky/meta/recipes-devtools/go/go_1.19.bb
+++ b/poky/meta/recipes-devtools/go/go_1.19.7.bb
@@ -12,7 +12,7 @@
# mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its
# variants.
python() {
- if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True):
- d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel")
+ if 'mips' in d.getVar('TARGET_ARCH') or 'riscv32' in d.getVar('TARGET_ARCH'):
+ d.appendVar('INSANE_SKIP:%s' % d.getVar('PN'), " textrel")
}
diff --git a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb
similarity index 88%
rename from poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb
rename to poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb
index 62e1f67..75931a5 100644
--- a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb
+++ b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464"
SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "9e2e0e213a7e0a36244eed6204d902b6504602a578b6ecd15268b1454deadd36"
+SRC_URI[sha256sum] = "4d7e4fdef2eca6afe07a2682151cea78781e0a4e8f9622142d9f70c083a2fd4f"
inherit autotools
diff --git a/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
new file mode 100644
index 0000000..dd9ebc8
--- /dev/null
+++ b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
@@ -0,0 +1,66 @@
+From 26a9647c832de15248ee649e5b77075521f3d4f0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Mar 2023 08:37:35 -0800
+Subject: [PATCH] libcomps: Use Py_hash_t instead of long in PyCOMPS_hash()
+
+This function is used as a hashfunc callback in
+_typeobject defined python3.11/cpython/object.h
+compilers detect the protype mismatch for function pointers
+with clang16+
+
+Fixes
+libcomps/src/python/src/pycomps_sequence.c:667:5: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (*)(PyObject *)' (aka 'long (*)(struct _object *)') [-Wincompatible-function-pointer-types]
+ &PyCOMPS_hash, /*tp_hash */
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/libcomps/pull/101]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libcomps/src/python/src/pycomps_hash.c | 4 ++--
+ libcomps/src/python/src/pycomps_hash.h | 2 +-
+ libcomps/src/python/src/pycomps_utils.h | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libcomps/src/python/src/pycomps_hash.c b/libcomps/src/python/src/pycomps_hash.c
+index 474afd5..4577769 100644
+--- a/libcomps/src/python/src/pycomps_hash.c
++++ b/libcomps/src/python/src/pycomps_hash.c
+@@ -20,9 +20,9 @@
+ #include "pycomps_hash.h"
+ #include "pycomps_utils.h"
+
+-long PyCOMPS_hash(PyObject *self) {
++Py_hash_t PyCOMPS_hash(PyObject *self) {
+ char *cstr = NULL;
+- long crc;
++ Py_hash_t crc;
+
+ cstr = comps_object_tostr(((PyCompsObject*)self)->c_obj);
+ crc = crc32(0, cstr, strlen(cstr));
+diff --git a/libcomps/src/python/src/pycomps_hash.h b/libcomps/src/python/src/pycomps_hash.h
+index b664cae..54e08d9 100644
+--- a/libcomps/src/python/src/pycomps_hash.h
++++ b/libcomps/src/python/src/pycomps_hash.h
+@@ -26,6 +26,6 @@
+ #include "pycomps_utils.h"
+
+
+-long PyCOMPS_hash(PyObject *self);
++Py_hash_t PyCOMPS_hash(PyObject *self);
+
+ #endif
+diff --git a/libcomps/src/python/src/pycomps_utils.h b/libcomps/src/python/src/pycomps_utils.h
+index ba9bc2f..b34e4dc 100644
+--- a/libcomps/src/python/src/pycomps_utils.h
++++ b/libcomps/src/python/src/pycomps_utils.h
+@@ -137,7 +137,7 @@ COMPS_Object* __pycomps_bytes_in(PyObject *pobj);
+ PyObject* __pycomps_str_out(COMPS_Object *obj);
+ PyObject *str_to_unicode(void* str);
+
+-long PyCOMPS_hash(PyObject *self);
++Py_hash_t PyCOMPS_hash(PyObject *self);
+
+ PyObject* PyCOMPSSeq_extra_get(PyObject *self, PyObject *key);
+
+--
+2.39.2
+
diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
index fa1fbc8..f8063d9 100644
--- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
+++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
@@ -5,6 +5,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \
+ file://0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch \
file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch
deleted file mode 100644
index 6f8a3dc..0000000
--- a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 2f7382b35d59fe08034603497e82ffb943fedef1 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 30 Jun 2021 15:31:16 +0200
-Subject: [PATCH] libdnf/dnf-context.cpp: do not try to access BDB database
-
-Upstream-Status: Inappropriate [upstream needs to rework this to support
-sqlite]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- libdnf/dnf-context.cpp | 14 --------------
- 1 file changed, 14 deletions(-)
-
-diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp
-index 86f71a79..9cdcf769 100644
---- a/libdnf/dnf-context.cpp
-+++ b/libdnf/dnf-context.cpp
-@@ -2264,20 +2264,6 @@ dnf_context_setup(DnfContext *context,
- !dnf_context_set_os_release(context, error))
- return FALSE;
-
-- /* setup a file monitor on the rpmdb, if we're operating on the native / */
-- if (g_strcmp0(priv->install_root, "/") == 0) {
-- rpmdb_path = g_build_filename(priv->install_root, "var/lib/rpm/Packages", NULL);
-- file_rpmdb = g_file_new_for_path(rpmdb_path);
-- priv->monitor_rpmdb = g_file_monitor_file(file_rpmdb,
-- G_FILE_MONITOR_NONE,
-- NULL,
-- error);
-- if (priv->monitor_rpmdb == NULL)
-- return FALSE;
-- g_signal_connect(priv->monitor_rpmdb, "changed",
-- G_CALLBACK(dnf_context_rpmdb_changed_cb), context);
-- }
--
- /* copy any vendor distributed cached metadata */
- if (!dnf_context_copy_vendor_cache(context, error))
- return FALSE;
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb
similarity index 92%
rename from poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb
rename to poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb
index da2550d..14d6a37 100644
--- a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb
+++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb
@@ -10,10 +10,9 @@
file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \
file://enable_test_data_dir_set.patch \
file://0001-drop-FindPythonInstDir.cmake.patch \
- file://0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch \
"
-SRCREV = "5c6d9cd6e5955e7038722f091396607c60fcbdd1"
+SRCREV = "93759bc5cac262906e52b6a173d7b157914ec29e"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/llvm/llvm/llvm-config b/poky/meta/recipes-devtools/llvm/llvm/llvm-config
index a45f38c..5e4ded2 100644
--- a/poky/meta/recipes-devtools/llvm/llvm/llvm-config
+++ b/poky/meta/recipes-devtools/llvm/llvm/llvm-config
@@ -29,6 +29,15 @@
--ldflags)
output="${output} ${LDFLAGS}"
;;
+ --shared-mode)
+ output="${output} shared"
+ ;;
+ --libs)
+ output="${output} -lLLVM"
+ ;;
+ --link-shared)
+ break
+ ;;
*)
remain="${remain} ${arg}"
;;
diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
index 0b2e754..a39d888 100644
--- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
@@ -57,3 +57,6 @@
}
BBCLASSEXTEND = "native nativesdk"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}-dev:${includedir}/luaconf.h"
diff --git a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch b/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch
deleted file mode 100644
index 7aaed8b..0000000
--- a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 18600f7a1cddf23aeabd188f86e66983f27ccfe3 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Fri, 23 Nov 2018 15:28:28 +0000
-Subject: [PATCH] meson: Disable rpath stripping at install time
-
-We need to allow our rpaths generated through the compiler flags to make it into
-our binaries. Therefore disable the meson manipulations of these unless there
-is a specific directive to do something differently in the project.
-
-RP 2018/11/23
-
-Upstream-Status: Submitted [https://github.com/mesonbuild/meson/issues/2567]
----
- mesonbuild/minstall.py | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
-index 7d0da13..17d50db 100644
---- a/mesonbuild/minstall.py
-+++ b/mesonbuild/minstall.py
-@@ -718,8 +718,11 @@ class Installer:
- if file_copied:
- self.did_install_something = True
- try:
-- self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path,
-- install_name_mappings, verbose=False)
-+ if install_rpath:
-+ self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path,
-+ install_name_mappings, verbose=False)
-+ else:
-+ print("RPATH changes at install time disabled")
- except SystemExit as e:
- if isinstance(e.code, int) and e.code == 0:
- pass
---
-2.20.1
-
diff --git a/poky/meta/recipes-devtools/meson/meson/meson-wrapper b/poky/meta/recipes-devtools/meson/meson/meson-wrapper
index c62007f..7455985 100755
--- a/poky/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/poky/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -5,7 +5,7 @@
fi
if [ -z "$SSL_CERT_DIR" ]; then
- export SSL_CERT_DIR="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/"
+ export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/etc/ssl/certs/"
fi
# If these are set to a cross-compile path, meson will get confused and try to
@@ -13,7 +13,19 @@
# config is already in meson.cross.
unset CC CXX CPP LD AR NM STRIP
+case "$1" in
+setup|configure|dist|install|introspect|init|test|wrap|subprojects|rewrite|compile|devenv|env2mfile|help) MESON_CMD="$1" ;;
+*) echo meson-wrapper: Implicit setup command assumed; MESON_CMD=setup ;;
+esac
+
+if [ "$MESON_CMD" = "setup" ]; then
+ MESON_SETUP_OPTS=" \
+ --cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \
+ --native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \
+ "
+ echo meson-wrapper: Running meson with setup options: \"$MESON_SETUP_OPTS\"
+fi
+
exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
- --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \
- --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \
- "$@"
+ "$@" \
+ $MESON_SETUP_OPTS
diff --git a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb
similarity index 97%
rename from poky/meta/recipes-devtools/meson/meson_0.63.2.bb
rename to poky/meta/recipes-devtools/meson/meson_0.63.3.bb
index 890faac..0d13448 100644
--- a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb
+++ b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb
@@ -12,13 +12,12 @@
file://meson-setup.py \
file://meson-wrapper \
file://0001-python-module-do-not-manipulate-the-environment-when.patch \
- file://disable-rpath-handling.patch \
file://0001-Make-CPU-family-warnings-fatal.patch \
file://0002-Support-building-allarch-recipes-again.patch \
file://0001-is_debianlike-always-return-False.patch \
file://0001-Check-for-clang-before-guessing-gcc-or-lcc.patch \
"
-SRC_URI[sha256sum] = "16222f17ef76be0542c91c07994f9676ae879f46fc21c0c786a21ef2cb518bbf"
+SRC_URI[sha256sum] = "519c0932e1a8b208741f0fdce90aa5c0b528dd297cf337009bf63539846ac056"
inherit python_setuptools_build_meta github-releases
diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 943666e..2d76991 100644
--- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -11,12 +11,10 @@
DEPENDS = "zlib e2fsprogs util-linux"
RDEPENDS:mtd-utils-tests += "bash"
-PV = "2.1.4"
+PV = "2.1.5"
-SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c"
-SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \
- file://0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch \
- "
+SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c"
+SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
index 8f46174..2d42fa5 100644
--- a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
+++ b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
@@ -1,4 +1,4 @@
-From 3a05dc2c0acff1713dd44cef5e9f328f0706eb3e Mon Sep 17 00:00:00 2001
+From c496cad7b7a84e599f521f289648373df9fad80f Mon Sep 17 00:00:00 2001
From: Ed Bartosh <ed.bartosh@linux.intel.com>
Date: Tue, 13 Jun 2017 14:55:52 +0300
Subject: [PATCH] Disabled reading host configs.
@@ -12,10 +12,10 @@
1 file changed, 8 deletions(-)
diff --git a/config.c b/config.c
-index 630f99d..07dbf53 100644
+index 8c5fa83..346048b 100644
--- a/config.c
+++ b/config.c
-@@ -834,14 +834,6 @@ void read_config(void)
+@@ -843,14 +843,6 @@ void read_config(void)
memcpy(devices, const_devices,
nr_const_devices*sizeof(struct device));
diff --git a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb
similarity index 93%
rename from poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb
rename to poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb
index 200c7c7..29e7427 100644
--- a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb
+++ b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb
@@ -24,7 +24,7 @@
glibc-gconv-ibm866 \
glibc-gconv-ibm869 \
"
-SRC_URI[sha256sum] = "a22fca42354011dd2293a7f51f228b46ebbd802e7740b0975912afecb79d5df4"
+SRC_URI[sha256sum] = "2542152264fb3eff7ed70662abf4f4eef8133bc37d0b7a686c240df2b5f80a13"
SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \
file://mtools-makeinfo.patch \
diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
new file mode 100644
index 0000000..f216950
--- /dev/null
+++ b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
@@ -0,0 +1,34 @@
+From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001
+From: Charlie Johnston <charlie.johnston@ni.com>
+Date: Fri, 30 Dec 2022 15:21:14 -0600
+Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls.
+
+The opkg-key script was always passing the --no-options
+flag to gpg, which uses /dev/null as the options file.
+As a result, the opkg gpg.conf file was not getting
+used. This change removes that flag so that gpg.conf
+in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/)
+will be used if present.
+
+Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b]
+Signed-off-by: Charlie Johnston <charlie.johnston@ni.com>
+---
+ utils/opkg-key | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/opkg-key b/utils/opkg-key
+index e395a59..8645ebc 100755
+--- a/utils/opkg-key
++++ b/utils/opkg-key
+@@ -53,7 +53,7 @@ else
+ exit 1
+ fi
+
+-GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR"
++GPG="$GPGCMD --homedir $GPGHOMEDIR"
+
+ # Gpg home dir isn't created automatically when --homedir option is used
+ if [ ! -e "$GPGHOMEDIR" ]; then
+--
+2.30.2
+
diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
similarity index 85%
rename from poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb
rename to poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
index 4cd589c..712f066 100644
--- a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb
+++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
@@ -15,10 +15,11 @@
SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
file://opkg.conf \
file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
+ file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "56844722eff237daf14aa6e681436f3245213c5590ed0cda37a79df637ff3a4c"
+SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a"
# This needs to be before ptest inherit, otherwise all ptest files end packaged
# in libopkg package if OPKGLIBDIR == libdir, because default
@@ -47,7 +48,9 @@
do_install:append () {
install -d ${D}${sysconfdir}/opkg
install -m 0644 ${WORKDIR}/opkg.conf ${D}${sysconfdir}/opkg/opkg.conf
- echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf
+ echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf
+ echo "option info_dir ${OPKGLIBDIR}/opkg/info" >>${D}${sysconfdir}/opkg/opkg.conf
+ echo "option status_file ${OPKGLIBDIR}/opkg/status" >>${D}${sysconfdir}/opkg/opkg.conf
# We need to create the lock directory
install -d ${D}${OPKGLIBDIR}/opkg
diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb
similarity index 96%
rename from poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb
rename to poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb
index 453da89..ab0f371 100644
--- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb
+++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb
@@ -20,7 +20,7 @@
file://pkg-config-native.in \
file://pkg-config-esdk.in \
"
-SRC_URI[sha256sum] = "5fb355b487d54fb6d341e4f18d4e2f7e813a6622cf03a9e87affa6a40565699d"
+SRC_URI[sha256sum] = "daccf1bbe5a30d149b556c7d2ffffeafd76d7b514e249271abdd501533c1d8ae"
inherit autotools
diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb
similarity index 85%
rename from poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb
rename to poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb
index e3774ee..12acfee 100644
--- a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb
@@ -8,7 +8,7 @@
inherit pypi python_setuptools_build_meta
-SRC_URI[sha256sum] = "3724869b363ba630a272a5f89f68c070352137b8fd1757650017b7e06fda163f"
+SRC_URI[sha256sum] = "7fde96466fcfeedb0eed94f187f20b23d85e4cb41444be0e542e2c8c65c396cd"
RDEPENDS:${PN} = "${PYTHON_PN}-html \
${PYTHON_PN}-markupsafe \
diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb
index 373f7f3..9710242 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb
@@ -26,7 +26,7 @@
${PYTHON_PN}-py \
${PYTHON_PN}-setuptools \
${PYTHON_PN}-six \
- ${PYTHON_PN}-toml \
+ ${PYTHON_PN}-tomli \
${PYTHON_PN}-wcwidth \
"
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
new file mode 100644
index 0000000..20a13da
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
@@ -0,0 +1,31 @@
+From 9e9f617a83f6593b476669030b0347d48e831c3f Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Mon, 9 Jan 2023 14:45:05 +0000
+Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
+ #3659.
+
+CVE: CVE-2022-40897
+
+Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ setuptools/package_index.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 270e7f3..e93fcc6 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -197,7 +197,7 @@ def unique_values(func):
+ return wrapper
+
+
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
index 1a639ea..d7cbb99 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
@@ -9,7 +9,9 @@
SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
SRC_URI += "file://0001-change-shebang-to-python3.patch \
- file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
+ file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \
+ file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \
+"
SRC_URI[sha256sum] = "101bf15ca723beef42c8db91a761f3748d4d697e17fae904db60c0b619d8d094"
diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
index 1f4c982..0ca687d 100644
--- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -56,7 +56,7 @@
try:
m = importlib.import_module(current_module)
# handle python packages which may not include all modules in the __init__
- if os.path.basename(m.__file__) == "__init__.py":
+ if hasattr(m, '__file__') and os.path.basename(m.__file__) == "__init__.py":
modulepath = os.path.dirname(m.__file__)
for i in os.listdir(modulepath):
if i.startswith("_") or not(i.endswith(".py")):
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index aa9e499..e297586 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -7,7 +7,7 @@
SRC_URI = "\
file://tunctl.c \
- file://qemu-oe-bridge-helper \
+ file://qemu-oe-bridge-helper.c \
"
S = "${WORKDIR}"
@@ -16,13 +16,13 @@
do_compile() {
${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl
+ ${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o qemu-oe-bridge-helper
}
do_install() {
install -d ${D}${bindir}
install tunctl ${D}${bindir}/
-
- install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/
+ install qemu-oe-bridge-helper ${D}${bindir}/
}
DEPENDS += "qemu-system-native"
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
deleted file mode 100755
index f057d4e..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
+++ /dev/null
@@ -1,25 +0,0 @@
-#! /bin/sh
-# Copyright 2020 Garmin Ltd. or its subsidiaries
-#
-# SPDX-License-Identifier: GPL-2.0
-#
-# Attempts to find and exec the host qemu-bridge-helper program
-
-# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it.
-if [ -n "$QEMU_BRIDGE_HELPER" ]; then
- exec "$QEMU_BRIDGE_HELPER" "$@"
-fi
-
-# Search common paths for the helper program
-BN="qemu-bridge-helper"
-PATHS="/usr/libexec/ /usr/lib/qemu/"
-
-for p in $PATHS; do
- if [ -e "$p/$BN" ]; then
- exec "$p/$BN" "$@"
- fi
-done
-
-echo "$BN not found!" > /dev/stderr
-exit 1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
new file mode 100644
index 0000000..9434e1d
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2022 Garmin Ltd. or its subsidiaries
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ *
+ * Attempts to find and exec the host qemu-bridge-helper program
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+void try_program(char const* path, char** args) {
+ if (access(path, X_OK) == 0) {
+ execv(path, args);
+ }
+}
+
+int main(int argc, char** argv) {
+ char* var;
+
+ var = getenv("QEMU_BRIDGE_HELPER");
+ if (var && var[0] != '\0') {
+ execvp(var, argv);
+ return 1;
+ }
+
+ try_program("/usr/libexec/qemu-bridge-helper", argv);
+ try_program("/usr/lib/qemu/qemu-bridge-helper", argv);
+
+ fprintf(stderr, "No bridge helper found\n");
+ return 1;
+}
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 612abd2..f323797 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -29,6 +29,8 @@
file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \
file://0001-net-tulip-Restrict-DMA-engine-to-memories.patch \
file://arm-cpreg-fix.patch \
+ file://CVE-2022-3165.patch \
+ file://CVE-2022-4144.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -147,6 +149,7 @@
PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+"
PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
+PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng"
PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr,"
PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
PACKAGECONFIG[uring] = "--enable-linux-io-uring,--disable-linux-io-uring,liburing"
@@ -198,6 +201,7 @@
PACKAGECONFIG[vde] = "--enable-vde,--disable-vde"
PACKAGECONFIG[slirp] = "--enable-slirp=internal,--disable-slirp"
PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi"
+PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
INSANE_SKIP:${PN} = "arch"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
new file mode 100644
index 0000000..3b4a669
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2022-3165
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From d307040b18bfcb1393b910f1bae753d5c12a4dc7 Mon Sep 17 00:00:00 2001
+From: Mauro Matteo Cascella <mcascell@redhat.com>
+Date: Sun, 25 Sep 2022 22:45:11 +0200
+Subject: [PATCH] ui/vnc-clipboard: fix integer underflow in
+ vnc_client_cut_text_ext
+
+Extended ClientCutText messages start with a 4-byte header. If len < 4,
+an integer underflow occurs in vnc_client_cut_text_ext. The result is
+used to decompress data in a while loop in inflate_buffer, leading to
+CPU consumption and denial of service. Prevent this by checking dlen in
+protocol_client_msg.
+
+Fixes: CVE-2022-3165
+Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support")
+Reported-by: TangPeng <tangpeng@qianxin.com>
+Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Message-Id: <20220925204511.1103214-1-mcascell@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ ui/vnc.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/ui/vnc.c b/ui/vnc.c
+index 6a05d06147..acb3629cd8 100644
+--- a/ui/vnc.c
++++ b/ui/vnc.c
+@@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+ if (len == 1) {
+ return 8;
+ }
++ uint32_t dlen = abs(read_s32(data, 4));
+ if (len == 8) {
+- uint32_t dlen = abs(read_s32(data, 4));
+ if (dlen > (1 << 20)) {
+ error_report("vnc: client_cut_text msg payload has %u bytes"
+ " which exceeds our limit of 1MB.", dlen);
+@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+ }
+
+ if (read_s32(data, 4) < 0) {
+- vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
+- read_u32(data, 8), data + 12);
++ if (dlen < 4) {
++ error_report("vnc: malformed payload (header less than 4 bytes)"
++ " in extended clipboard pseudo-encoding.");
++ vnc_client_error(vs);
++ break;
++ }
++ vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
+ break;
+ }
+ vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
+--
+GitLab
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
new file mode 100644
index 0000000..96052a1
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
@@ -0,0 +1,99 @@
+From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Mon, 28 Nov 2022 21:27:40 +0100
+Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt
+ (CVE-2022-4144)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Have qxl_get_check_slot_offset() return false if the requested
+buffer size does not fit within the slot memory region.
+
+Similarly qxl_phys2virt() now returns NULL in such case, and
+qxl_dirty_one_surface() aborts.
+
+This avoids buffer overrun in the host pointer returned by
+memory_region_get_ram_ptr().
+
+Fixes: CVE-2022-4144 (out-of-bounds read)
+Reported-by: Wenxu Yin (@awxylitol)
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
+
+CVE: CVE-2022-4144
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622]
+Comments: Deleted patch hunk in qxl.h,as it contains change
+in comments which is not present in current version of qemu
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20221128202741.4945-5-philmd@linaro.org>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ hw/display/qxl.c | 27 +++++++++++++++++++++++----
+ 1 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/qxl.c b/hw/display/qxl.c
+index 231d733250..0b21626aad 100644
+--- a/hw/display/qxl.c
++++ b/hw/display/qxl.c
+@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d)
+
+ /* can be also called from spice server thread context */
+ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+- uint32_t *s, uint64_t *o)
++ uint32_t *s, uint64_t *o,
++ size_t size_requested)
+ {
+ uint64_t phys = le64_to_cpu(pqxl);
+ uint32_t slot = (phys >> (64 - 8)) & 0xff;
+ uint64_t offset = phys & 0xffffffffffff;
++ uint64_t size_available;
+
+ if (slot >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
+@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ slot, offset, qxl->guest_slots[slot].size);
+ return false;
+ }
++ size_available = memory_region_size(qxl->guest_slots[slot].mr);
++ if (qxl->guest_slots[slot].offset + offset >= size_available) {
++ qxl_set_guest_bug(qxl,
++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n",
++ slot, qxl->guest_slots[slot].offset + offset,
++ size_available);
++ return false;
++ }
++ size_available -= qxl->guest_slots[slot].offset + offset;
++ if (size_requested > size_available) {
++ qxl_set_guest_bug(qxl,
++ "slot %d offset %"PRIu64" size %zu: "
++ "overrun by %"PRIu64" bytes\n",
++ slot, offset, size_requested,
++ size_requested - size_available);
++ return false;
++ }
+
+ *s = slot;
+ *o = offset;
+@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
+ offset = le64_to_cpu(pqxl) & 0xffffffffffff;
+ return (void *)(intptr_t)offset;
+ case MEMSLOT_GROUP_GUEST:
+- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
+ return NULL;
+ }
+ ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
+@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ uint32_t slot;
+ bool rc;
+
+- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
+- assert(rc == true);
+ size = (uint64_t)height * abs(stride);
++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size);
++ assert(rc == true);
+ trace_qxl_surfaces_dirty(qxl->id, offset, size);
+ qxl_set_dirty(qxl->guest_slots[slot].mr,
+ qxl->guest_slots[slot].offset + offset,
diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc
index 07611e6..fce8101 100644
--- a/poky/meta/recipes-devtools/quilt/quilt.inc
+++ b/poky/meta/recipes-devtools/quilt/quilt.inc
@@ -12,6 +12,8 @@
file://Makefile \
file://test.sh \
file://0001-tests-Allow-different-output-from-mv.patch \
+ file://fix-grep-3.8.patch \
+ file://faildiff-order.patch \
"
SRC_URI:append:class-target = " file://gnu_patch_test_fix_target.patch"
diff --git a/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch
new file mode 100644
index 0000000..f22065a
--- /dev/null
+++ b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4dfe7f9e702c85243a71e4de267a13e434b6d6c2 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Fri, 20 Jan 2023 12:56:08 +0100
+Subject: [PATCH] test: Fix a race condition
+
+The test suite does not differentiate between stdout and stderr. When
+messages are printed to both, the order in which they will reach us
+is apparently not guaranteed. Ideally this would be deterministic, but
+until then, explicitly test stdout and stderr separately in the test
+case itself. Otherwise the test suite fails randomly, which is a pain
+for distribution package maintainers.
+
+This fixes bug #63651 reported by Ross Burton:
+https://savannah.nongnu.org/bugs/index.php?63651
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+---
+ test/faildiff.test | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/test/faildiff.test b/test/faildiff.test
+index 5afb8e3..0444c15 100644
+--- a/test/faildiff.test
++++ b/test/faildiff.test
+@@ -27,8 +27,9 @@ What happens on binary files?
+ > File test.bin added to patch %{P}test.diff
+
+ $ printf "\\003\\000\\001" > test.bin
+- $ quilt diff -pab --no-index
++ $ quilt diff -pab --no-index 2>/dev/null
+ >~ (Files|Binary files) a/test\.bin and b/test\.bin differ
++ $ quilt diff -pab --no-index >/dev/null
+ > Diff failed on file 'test.bin', aborting
+ $ echo %{?}
+ > 1
+--
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
new file mode 100644
index 0000000..68a4b4c
--- /dev/null
+++ b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
@@ -0,0 +1,144 @@
+From f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Fri, 9 Sep 2022 10:10:37 +0200
+Subject: Avoid warnings with grep 3.8
+
+GNU grep version 3.8 became more strict about needless quoting in
+patterns. We have one occurrence of that in quilt, where "/"
+characters are being quoted by default. There are cases where they
+indeed need to be quoted (typically when used in a sed s/// command)
+but most of the time they do not, and this results in the following
+warning:
+
+grep: warning: stray \ before /
+
+So rename quote_bre() to quote_sed_re(), and introduce
+quote_grep_re() which does not quote "/".
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ quilt/diff.in | 2 +-
+ quilt/patches.in | 2 +-
+ quilt/scripts/patchfns.in | 20 +++++++++++++-------
+ quilt/upgrade.in | 4 ++--
+ 4 files changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/quilt/diff.in b/quilt/diff.in
+index e90dc33..07788ff 100644
+--- a/quilt/diff.in
++++ b/quilt/diff.in
+@@ -255,7 +255,7 @@ then
+ # Add all files in the snapshot into the file list (they may all
+ # have changed).
+ files=( $(find $QUILT_PC/$snap_subdir -type f \
+- | sed -e "s/^$(quote_bre $QUILT_PC/$snap_subdir/)//" \
++ | sed -e "s/^$(quote_sed_re $QUILT_PC/$snap_subdir/)//" \
+ | sort) )
+ printf "%s\n" "${files[@]}" >&4
+ unset files
+diff --git a/quilt/patches.in b/quilt/patches.in
+index bb17a46..eac45a9 100644
+--- a/quilt/patches.in
++++ b/quilt/patches.in
+@@ -60,7 +60,7 @@ scan_unapplied()
+ # Quote each file name only once
+ for file in "${opt_files[@]}"
+ do
+- files_bre[${#files_bre[@]}]=$(quote_bre "$file")
++ files_bre[${#files_bre[@]}]=$(quote_grep_re "$file")
+ done
+
+ # "Or" all files in a single pattern
+diff --git a/quilt/scripts/patchfns.in b/quilt/scripts/patchfns.in
+index c2d5f9d..1bd7233 100644
+--- a/quilt/scripts/patchfns.in
++++ b/quilt/scripts/patchfns.in
+@@ -78,8 +78,14 @@ array_join()
+ done
+ }
+
+-# Quote a string for use in a basic regular expression.
+-quote_bre()
++# Quote a string for use in a regular expression for a grep pattern.
++quote_grep_re()
++{
++ echo "$1" | sed -e 's:\([][^$.*\\]\):\\\1:g'
++}
++
++# Quote a string for use in a regular expression for a sed s/// command.
++quote_sed_re()
+ {
+ echo "$1" | sed -e 's:\([][^$/.*\\]\):\\\1:g'
+ }
+@@ -215,7 +221,7 @@ patch_in_series()
+
+ if [ -e "$SERIES" ]
+ then
+- grep -q "^$(quote_bre $patch)\([ \t]\|$\)" "$SERIES"
++ grep -q "^$(quote_grep_re $patch)\([ \t]\|$\)" "$SERIES"
+ else
+ return 1
+ fi
+@@ -365,7 +371,7 @@ is_applied()
+ {
+ local patch=$1
+ [ -e $DB ] || return 1
+- grep -q "^$(quote_bre $patch)\$" $DB
++ grep -q "^$(quote_grep_re $patch)\$" $DB
+ }
+
+ applied_patches()
+@@ -465,7 +471,7 @@ remove_from_db()
+ local tmpfile
+ if tmpfile=$(gen_tempfile)
+ then
+- grep -v "^$(quote_bre $patch)\$" $DB > $tmpfile
++ grep -v "^$(quote_grep_re $patch)\$" $DB > $tmpfile
+ cat $tmpfile > $DB
+ rm -f $tmpfile
+ [ -s $DB ] || rm -f $DB
+@@ -520,7 +526,7 @@ find_patch()
+ fi
+
+ local patch=${1#$SUBDIR_DOWN$QUILT_PATCHES/}
+- local bre=$(quote_bre "$patch")
++ local bre=$(quote_sed_re "$patch")
+ set -- $(sed -e "/^$bre\(\|\.patch\|\.diff\?\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|\.lz\)\([ "$'\t'"]\|$\)/!d" \
+ -e 's/[ '$'\t''].*//' "$SERIES")
+ if [ $# -eq 1 ]
+@@ -631,7 +637,7 @@ files_in_patch()
+ then
+ find "$path" -type f \
+ -a ! -path "$(quote_glob "$path")/.timestamp" |
+- sed -e "s/$(quote_bre "$path")\///"
++ sed -e "s/$(quote_sed_re "$path")\///"
+ fi
+ }
+
+diff --git a/quilt/upgrade.in b/quilt/upgrade.in
+index dbf7d05..866aa33 100644
+--- a/quilt/upgrade.in
++++ b/quilt/upgrade.in
+@@ -74,7 +74,7 @@ printf $"Converting meta-data to version %s\n" "$DB_VERSION"
+
+ for patch in $(applied_patches)
+ do
+- proper_name="$(grep "^$(quote_bre $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)"
++ proper_name="$(grep "^$(quote_grep_re $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)"
+ proper_name=${proper_name#$QUILT_PATCHES/}
+ proper_name=${proper_name%% *}
+ if [ -z "$proper_name" ]
+@@ -84,7 +84,7 @@ do
+ fi
+
+ if [ "$patch" != "$proper_name" -a -d $QUILT_PC/$patch ] \
+- && grep -q "^$(quote_bre $patch)\$" \
++ && grep -q "^$(quote_grep_re $patch)\$" \
+ $QUILT_PC/applied-patches
+ then
+ mv $QUILT_PC/$patch $QUILT_PC/$proper_name \
+--
+cgit v1.1
+
diff --git a/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
new file mode 100644
index 0000000..d0e6371
--- /dev/null
+++ b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
@@ -0,0 +1,35 @@
+From 6ef189c45b763aedac5ef57ed6a5fc125fa95b41 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Mar 2023 09:54:48 -0800
+Subject: [PATCH] python: Use Py_hash_t instead of long in hdr_hash
+
+Fixes
+python/header-py.c:744:2: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (PyObject *)' (aka 'long (struct _object *)') [-Wincompatible-function-pointer-types]
+| hdr_hash, /* tp_hash */
+| ^~~~~~~~
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2409]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ python/header-py.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/python/header-py.c b/python/header-py.c
+index 0aed0c9267..c15503f359 100644
+--- a/python/header-py.c
++++ b/python/header-py.c
+@@ -316,9 +316,9 @@ static PyObject * hdr_dsOfHeader(PyObject * s)
+ "(Oi)", s, RPMTAG_NEVR);
+ }
+
+-static long hdr_hash(PyObject * h)
++static Py_hash_t hdr_hash(PyObject * h)
+ {
+- return (long) h;
++ return (Py_hash_t) h;
+ }
+
+ static PyObject * hdr_reduce(hdrObject *s)
+--
+2.39.2
+
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb
index 5f3986d..db83a8c 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb
@@ -40,6 +40,7 @@
file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \
file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
file://fifofix.patch \
+ file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \
"
PE = "1"
diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc
deleted file mode 100644
index ebff5ef..0000000
--- a/poky/meta/recipes-devtools/ruby/ruby.inc
+++ /dev/null
@@ -1,39 +0,0 @@
-SUMMARY = "An interpreter of object-oriented scripting language"
-DESCRIPTION = "Ruby is an interpreted scripting language for quick \
-and easy object-oriented programming. It has many features to process \
-text files and to do system management tasks (as in Perl). \
-It is simple, straight-forward, and extensible. \
-"
-HOMEPAGE = "http://www.ruby-lang.org/"
-SECTION = "devel/ruby"
-LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \
- file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \
- file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \
- "
-
-DEPENDS = "zlib openssl libyaml gdbm readline libffi"
-DEPENDS:append:class-target = " ruby-native"
-
-SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
-SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
- file://0001-extmk-fix-cross-compilation-of-external-gems.patch \
- file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
- "
-UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
-
-inherit autotools ptest pkgconfig
-
-
-# This snippet lets compiled extensions which rely on external libraries,
-# such as zlib, compile properly. If we don't do this, then when extmk.rb
-# runs, it uses the native libraries instead of the target libraries, and so
-# none of the linking operations succeed -- which makes extconf.rb think
-# that the libraries aren't available and hence that the extension can't be
-# built.
-
-do_configure:prepend() {
- sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk
- rm -rf ${S}/ruby/
-}
diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
deleted file mode 100644
index 5d0f8fc..0000000
--- a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 222203297966f312109e8eaa2520f2cf2f59c09d Mon Sep 17 00:00:00 2001
-From: Alan Wu <XrXr@users.noreply.github.com>
-Date: Thu, 31 Mar 2022 17:26:28 -0400
-Subject: [PATCH] Remove dependency on libcapstone
-
-We have received reports of build failures due to this configuration
-check modifying compile flags. Since only YJIT devs use this library
-we can remove it to make Ruby easier to build for users.
-
-See: https://github.com/rbenv/ruby-build/discussions/1933
-
-Upstream-Status: Backport
----
- configure.ac | 9 ---------
- 1 file changed, 9 deletions(-)
-
-Index: ruby-3.1.2/configure.ac
-===================================================================
---- ruby-3.1.2.orig/configure.ac
-+++ ruby-3.1.2/configure.ac
-@@ -1244,15 +1244,6 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linki
- AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
- AC_CHECK_LIB(socket, shutdown) # SunOS/Solaris
-
--if pkg-config --exists capstone; then
-- CAPSTONE_CFLAGS=`pkg-config --cflags capstone`
-- CAPSTONE_LIB_L=`pkg-config --libs-only-L capstone`
-- LDFLAGS="$LDFLAGS $CAPSTONE_LIB_L"
-- CFLAGS="$CFLAGS $CAPSTONE_CFLAGS"
--fi
--
--AC_CHECK_LIB(capstone, cs_open) # Capstone disassembler for debugging YJIT
--
- dnl Checks for header files.
- AC_HEADER_DIRENT
- dnl AC_HEADER_STDC has been checked in AC_USE_SYSTEM_EXTENSIONS
diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
similarity index 68%
rename from poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb
rename to poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 387bfa9..c8454da 100644
--- a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb
+++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -1,8 +1,25 @@
-require ruby.inc
+SUMMARY = "An interpreter of object-oriented scripting language"
+DESCRIPTION = "Ruby is an interpreted scripting language for quick \
+and easy object-oriented programming. It has many features to process \
+text files and to do system management tasks (as in Perl). \
+It is simple, straight-forward, and extensible. \
+"
+HOMEPAGE = "http://www.ruby-lang.org/"
+SECTION = "devel/ruby"
+LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \
+ file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \
+ file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \
+ "
-DEPENDS:append:libc-musl = " libucontext"
+DEPENDS = "zlib openssl libyaml gdbm readline libffi"
+DEPENDS:append:class-target = " ruby-native"
-SRC_URI += " \
+SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
+SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
+ file://0001-extmk-fix-cross-compilation-of-external-gems.patch \
+ file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
file://remove_has_include_macros.patch \
file://run-ptest \
file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
@@ -12,10 +29,27 @@
file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \
file://0006-Make-gemspecs-reproducible.patch \
file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
- file://0001-Remove-dependency-on-libcapstone.patch \
"
+UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
-SRC_URI[sha256sum] = "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e"
+inherit autotools ptest pkgconfig
+
+
+# This snippet lets compiled extensions which rely on external libraries,
+# such as zlib, compile properly. If we don't do this, then when extmk.rb
+# runs, it uses the native libraries instead of the target libraries, and so
+# none of the linking operations succeed -- which makes extconf.rb think
+# that the libraries aren't available and hence that the extension can't be
+# built.
+
+do_configure:prepend() {
+ sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk
+ rm -rf ${S}/ruby/
+}
+
+DEPENDS:append:libc-musl = " libucontext"
+
+SRC_URI[sha256sum] = "5ea498a35f4cd15875200a52dde42b6eb179e1264e17d78732c3a57cd1c6ab9e"
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
index 7f72f33..b6b81d5 100644
--- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
+++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
@@ -1,7 +1,7 @@
[Unit]
Description=Run pending postinsts
DefaultDependencies=no
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service
Before=sysinit.target
[Service]
diff --git a/poky/meta/recipes-devtools/rust/rust.inc b/poky/meta/recipes-devtools/rust/rust.inc
index 9563010..7d87e8e 100644
--- a/poky/meta/recipes-devtools/rust/rust.inc
+++ b/poky/meta/recipes-devtools/rust/rust.inc
@@ -72,7 +72,7 @@
config = configparser.RawConfigParser()
# [target.ARCH-poky-linux]
- host_section = "target.{}".format(d.getVar('RUST_HOST_SYS', True))
+ host_section = "target.{}".format(d.getVar('RUST_HOST_SYS'))
config.add_section(host_section)
llvm_config_target = d.expand("${RUST_ALTERNATE_EXE_PATH}")
@@ -87,7 +87,7 @@
# If we don't do this rust-native will compile it's own llvm for BUILD.
# [target.${BUILD_ARCH}-unknown-linux-gnu]
- build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS', True))
+ build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS'))
if build_section != host_section:
config.add_section(build_section)
@@ -97,7 +97,7 @@
config.set(build_section, "cc", e(d.expand("${RUST_BUILD_CC}")))
config.set(build_section, "linker", e(d.expand("${RUST_BUILD_CCLD}")))
- target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS', True))
+ target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS'))
if target_section != host_section and target_section != build_section:
config.add_section(target_section)
@@ -143,26 +143,26 @@
config.set("build", "vendor", e(True))
if not "targets" in locals():
- targets = [d.getVar("RUST_TARGET_SYS", True)]
+ targets = [d.getVar("RUST_TARGET_SYS")]
config.set("build", "target", e(targets))
if not "hosts" in locals():
- hosts = [d.getVar("RUST_HOST_SYS", True)]
+ hosts = [d.getVar("RUST_HOST_SYS")]
config.set("build", "host", e(hosts))
# We can't use BUILD_SYS since that is something the rust snapshot knows
# nothing about when trying to build some stage0 tools (like fabricate)
- config.set("build", "build", e(d.getVar("RUST_BUILD_SYS", True)))
+ config.set("build", "build", e(d.getVar("RUST_BUILD_SYS")))
# [install]
config.add_section("install")
# ./x.py install doesn't have any notion of "destdir"
# but we can prepend ${D} to all the directories instead
- config.set("install", "prefix", e(d.getVar("D", True) + d.getVar("prefix", True)))
- config.set("install", "bindir", e(d.getVar("D", True) + d.getVar("bindir", True)))
- config.set("install", "libdir", e(d.getVar("D", True) + d.getVar("libdir", True)))
- config.set("install", "datadir", e(d.getVar("D", True) + d.getVar("datadir", True)))
- config.set("install", "mandir", e(d.getVar("D", True) + d.getVar("mandir", True)))
+ config.set("install", "prefix", e(d.getVar("D") + d.getVar("prefix")))
+ config.set("install", "bindir", e(d.getVar("D") + d.getVar("bindir")))
+ config.set("install", "libdir", e(d.getVar("D") + d.getVar("libdir")))
+ config.set("install", "datadir", e(d.getVar("D") + d.getVar("datadir")))
+ config.set("install", "mandir", e(d.getVar("D") + d.getVar("mandir")))
with open("config.toml", "w") as f:
f.write('changelog-seen = 2\n\n')
diff --git a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch
index 7097bb9..31a76d9 100644
--- a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch
+++ b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch
@@ -14,7 +14,7 @@
and compare against the architecture/processor, or replace -unknown with a glob
to create a patch that upstream might accept.
-Upstream-Status: Inappropriate [OE Specific tweak but could be rewritten]
+Upstream-Status: Submitted [https://github.com/crossbeam-rs/crossbeam/pull/922]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Index: rustc-1.63.0-src/vendor/crossbeam-utils/build.rs
diff --git a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb
index 1f9dbd3..dbf74ce 100644
--- a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb
+++ b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb
@@ -57,7 +57,6 @@
}
EXTRA_TOOLS ?= "cargo-clippy clippy-driver rustfmt"
-EXTRA_TOOLS:remove:riscv32 = "rustfmt"
rust_do_install:class-target() {
export PSEUDO_UNLOAD=1
rust_runx install
diff --git a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch
index 44b2ce0..5a10c93 100644
--- a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch
+++ b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [upstream does not support installed tests]
Index: unix/Makefile.in
===================================================================
diff --git a/poky/meta/recipes-devtools/vala/vala.inc b/poky/meta/recipes-devtools/vala/vala.inc
index 974baa3..162e99b 100644
--- a/poky/meta/recipes-devtools/vala/vala.inc
+++ b/poky/meta/recipes-devtools/vala/vala.inc
@@ -42,20 +42,23 @@
# Vapigen wrapper needs to be available system-wide, because it will be used
# to build vapi files from all other packages with vala support
do_install:append:class-target() {
- install -d ${D}${bindir}/
- install ${B}/vapigen-wrapper ${D}${bindir}/
+ install -d ${D}${bindir_crossscripts}/
+ install ${B}/vapigen-wrapper ${D}${bindir_crossscripts}/
}
# Put vapigen wrapper into target sysroot so that it can be used when building
# vapi files.
-SYSROOT_DIRS:append:class-target = " ${bindir}"
+SYSROOT_DIRS += "${bindir_crossscripts}"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}:${bindir}/vala-gen-introspect-0.56"
SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess"
vapigen_sysroot_preprocess() {
# Tweak the vapigen name in the vapigen pkgconfig file, so that it picks
# up our wrapper.
sed -i \
- -e "s|vapigen=.*|vapigen=${bindir}/vapigen-wrapper|" \
+ -e "s|vapigen=.*|vapigen=${bindir_crossscripts}/vapigen-wrapper|" \
${SYSROOT_DESTDIR}${libdir}/pkgconfig/vapigen-${SHRT_VER}.pc
}
@@ -64,5 +67,5 @@
PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess"
vala_package_preprocess () {
- sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir}/vapigen-wrapper
+ rm -rf ${PKGD}${bindir_crossscripts}
}
diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
index 887bfd2..432dcc9 100644
--- a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
+++ b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
@@ -1,3 +1,4 @@
+drd/tests/boost_thread
gdbserver_tests/hgtls
cachegrind/tests/ann1
callgrind/tests/simwork1
diff --git a/poky/meta/recipes-extended/at/at_3.2.5.bb b/poky/meta/recipes-extended/at/at_3.2.5.bb
index 87a4361..c0c876a 100644
--- a/poky/meta/recipes-extended/at/at_3.2.5.bb
+++ b/poky/meta/recipes-extended/at/at_3.2.5.bb
@@ -52,8 +52,10 @@
SYSTEMD_SERVICE:${PN} = "atd.service"
-do_configure:prepend() {
- cp -f ${WORKDIR}/posixtm.[ch] ${S}
+do_patch[postfuncs] += "copy_posix_files"
+
+copy_posix_files() {
+ cp -f ${WORKDIR}/posixtm.[ch] ${S}
}
do_install () {
diff --git a/poky/meta/recipes-extended/bc/bc_1.07.1.bb b/poky/meta/recipes-extended/bc/bc_1.07.1.bb
index 1bec76b..5a03751 100644
--- a/poky/meta/recipes-extended/bc/bc_1.07.1.bb
+++ b/poky/meta/recipes-extended/bc/bc_1.07.1.bb
@@ -32,4 +32,4 @@
ALTERNATIVE:${PN} = "bc dc"
ALTERNATIVE_PRIORITY = "100"
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
new file mode 100644
index 0000000..4b96e43
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
@@ -0,0 +1,39 @@
+From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001
+From: Stefano Babic <sbabic@denx.de>
+Date: Fri, 28 Jul 2017 13:20:52 +0200
+Subject: [PATCH] Wrong CRC with ASCII CRC for large files
+
+Due to signedness, the checksum is not computed when filesize is bigger
+a 2GB.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html]
+Signed-off-by: Stefano Babic <sbabic@denx.de>
+---
+ src/copyout.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..727aeca 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -34,13 +34,13 @@
+ compute and return a checksum for them. */
+
+ static uint32_t
+-read_for_checksum (int in_file_des, int file_size, char *file_name)
++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name)
+ {
+ uint32_t crc;
+ char buf[BUFSIZ];
+- int bytes_left;
+- int bytes_read;
+- int i;
++ unsigned int bytes_left;
++ unsigned int bytes_read;
++ unsigned int i;
+
+ crc = 0;
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
index e72a114..dd35410 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
@@ -10,6 +10,7 @@
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \
file://CVE-2021-38185.patch \
+ file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \
"
SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810"
diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb
index 786940a..a3db6eb 100644
--- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb
+++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb
@@ -9,7 +9,7 @@
EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
-SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \
+SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \
file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
file://0002-craklib-fix-testnum-and-teststr-failed.patch \
"
diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index 9c920bb..da320b1 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -47,6 +47,7 @@
PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
+PACKAGECONFIG[webif] = "--enable-webif,--disable-webif"
EXTRA_OECONF = " \
--enable-dbus \
@@ -66,7 +67,7 @@
EXTRA_AUTORECONF += "--exclude=autoheader"
do_install () {
- oe_runmake "DESTDIR=${D}" install
+ oe_runmake "BUILDROOT=${D}" install
# Remove /var/run from package as cupsd will populate it on startup
rm -fr ${D}/${localstatedir}/run
@@ -74,7 +75,7 @@
rmdir ${D}/${libexecdir}/${BPN}/driver
# Fix the pam configuration file permissions
- if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
+ if ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then
chmod 0644 ${D}${sysconfdir}/pam.d/cups
fi
@@ -92,7 +93,7 @@
fi
}
-PACKAGES =+ "${PN}-lib ${PN}-libimage"
+PACKAGES =+ "${PN}-lib ${PN}-libimage ${PN}-webif"
RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}"
FILES:${PN} += "${libexecdir}/cups/"
@@ -101,13 +102,10 @@
FILES:${PN}-libimage = "${libdir}/libcupsimage.so.*"
-#package the html for the webgui inside the main packages (~1MB uncompressed)
+# put the html for the web interface into its own PACKAGE
+FILES:${PN}-webif += "${datadir}/doc/cups/ ${datadir}/icons/"
+RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'webif', '${PN}-webif', '', d)}"
-FILES:${PN} += "${datadir}/doc/cups/images \
- ${datadir}/doc/cups/*html \
- ${datadir}/doc/cups/*.css \
- ${datadir}/icons/ \
- "
CONFFILES:${PN} += "${sysconfdir}/cups/cupsd.conf"
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/cups-config"
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index aac1c43..8b88c30 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From bd7fb8be2ae2d75347cf7733302d5093046ffa85 Mon Sep 17 00:00:00 2001
+From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -10,19 +10,21 @@
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
+
---
tests/Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 83a7c9d..04d51b5 100644
+index d98df82..757ea52 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,8 +21,10 @@ TESTS = \
+@@ -21,9 +21,11 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
+ timezone \
colors
+# Skipping this test since it requires valgrind
+# and thus is too heavy for diffutils package
@@ -30,6 +32,3 @@
XFAIL_TESTS = large-subopt
---
-2.21.0
-
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
deleted file mode 100644
index 4928e1e..0000000
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From f385ad6639380eb6dfa8b8eb4a5ba65dd12db744 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 25 Mar 2022 13:43:19 -0700
-Subject: [PATCH] mcontext is not a standard layout so glibc and musl differ
-
-This is already applied to libsigsegv upstream, hopefully next version
-of grep will update its internal copy and we can drop this patch
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=libsigsegv.git;a=commitdiff;h=a6ff69873110c0a8ba6f7fd90532dbc11224828c]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- lib/sigsegv.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/sigsegv.c b/lib/sigsegv.c
-index 998c827..b6f4841 100644
---- a/lib/sigsegv.c
-+++ b/lib/sigsegv.c
-@@ -219,8 +219,8 @@ int libsigsegv_version = LIBSIGSEGV_VERSION;
- # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gp_regs[1]
- # else /* 32-bit */
- /* both should be equivalent */
--# if 0
--# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1]
-+# if ! defined __GLIBC__
-+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_regs->gregs[1]
- # else
- # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1]
- # endif
---
-2.35.1
-
diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
similarity index 88%
rename from poky/meta/recipes-extended/diffutils/diffutils_3.8.bb
rename to poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
index 8889c83..2bb9e6f 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb
+++ b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
@@ -6,10 +6,9 @@
SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://run-ptest \
file://0001-Skip-strip-trailing-cr-test-case.patch \
- file://0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch \
"
-SRC_URI[sha256sum] = "a6bdd7d1b31266d11c4f4de6c1b748d4607ab0231af5188fc2533d0ae2438fec"
+SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
diff --git a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch
index 9105da6..c3cfc7c 100644
--- a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch
+++ b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch
@@ -3,7 +3,7 @@
Date: Sat, 7 Mar 2020 00:59:13 +0000
Subject: [PATCH] Make manpages mulitlib identical
-Upstream-Status: Pending
+Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com]
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
---
Makefile.am | 2 +-
diff --git a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
index eda6a40..b028fa2 100644
--- a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
+++ b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
@@ -15,7 +15,7 @@
So replace "perl -w" with "use warnings" to make it work.
-Upstream-Status: Pending
+Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
diff --git a/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch
new file mode 100644
index 0000000..20f9d89
--- /dev/null
+++ b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch
@@ -0,0 +1,28 @@
+CVE: CVE-2022-46663
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49ae..cba7bdd1 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ /* Hyperlink ends with \7 or ESC-backslash. */
+ if (ch == '\7')
+ return ANSI_END;
+- if (pansi->prev_esc && ch == '\\')
+- return ANSI_END;
++ if (pansi->prev_esc)
++ return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ pansi->prev_esc = (ch == ESC);
+ return ANSI_MID;
+ }
diff --git a/poky/meta/recipes-extended/less/less_608.bb b/poky/meta/recipes-extended/less/less_608.bb
index f411a8f..f907a81 100644
--- a/poky/meta/recipes-extended/less/less_608.bb
+++ b/poky/meta/recipes-extended/less/less_608.bb
@@ -26,6 +26,7 @@
DEPENDS = "ncurses"
SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+ file://CVE-2022-46663.patch \
"
SRC_URI[sha256sum] = "a69abe2e0a126777e021d3b73aa3222e1b261f10e64624d41ec079685a6ac209"
diff --git a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch b/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch
deleted file mode 100644
index 0d21799..0000000
--- a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 25 Jul 2022 10:56:53 -0700
-Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is
- present
-
-These headers are in conflict and only one is needed by
-archive_read_disk_posix.c therefore include linux/fs.h if it exists
-otherwise include sys/mount.h
-
-It also helps compiling with glibc 2.36
-where sys/mount.h conflicts with linux/mount.h see [1]
-
-[1] https://sourceware.org/glibc/wiki/Release/2.36
-
-Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/1761]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libarchive/archive_read_disk_posix.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c
-index 2b39e672..a96008db 100644
---- a/libarchive/archive_read_disk_posix.c
-+++ b/libarchive/archive_read_disk_posix.c
-@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$");
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
- #endif
--#ifdef HAVE_SYS_MOUNT_H
--#include <sys/mount.h>
--#endif
- #ifdef HAVE_SYS_STAT_H
- #include <sys/stat.h>
- #endif
-@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$");
- #endif
- #ifdef HAVE_LINUX_FS_H
- #include <linux/fs.h>
-+#elif HAVE_SYS_MOUNT_H
-+#include <sys/mount.h>
- #endif
- /*
- * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
---
-2.25.1
-
diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
similarity index 90%
rename from poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
rename to poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 24d7918..f447035 100644
--- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
+++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -30,14 +30,12 @@
PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
-EXTRA_OECONF += "--enable-largefile"
+EXTRA_OECONF += "--enable-largefile --without-iconv"
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
- file://0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch \
- "
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
-SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2"
+SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3"
inherit autotools update-alternatives pkgconfig
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
index 8c6c207..f55e0b0 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
@@ -22,7 +22,7 @@
EXTRA_OECONF = "--disable-gssapi"
do_install:append() {
- chown root:root ${D}${sysconfdir}/netconfig
+ test -e ${D}${sysconfdir}/netconfig && chown root:root ${D}${sysconfdir}/netconfig
}
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
deleted file mode 100644
index 284a5a3..0000000
--- a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-CVE: CVE-2022-41556
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sun, 11 Sep 2022 22:31:34 -0400
-Subject: [PATCH] [core] handle RDHUP when collecting chunked body
-
-handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
-request body (and when not streaming request body to backend)
-
-x-ref:
- https://github.com/lighttpd/lighttpd1.4/pull/115
----
- src/gw_backend.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gw_backend.c b/src/gw_backend.c
-index df9d8217..5db56287 100644
---- a/src/gw_backend.c
-+++ b/src/gw_backend.c
-@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
- * and module is flagged to stream request body to backend) */
- return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
- ? http_response_reqbody_read_error(r, 411)
-- : HANDLER_WAIT_FOR_EVENT;
-+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
- }
-
- if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
similarity index 96%
rename from poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
rename to poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
index 7897810..838881f 100644
--- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
+++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
@@ -14,13 +14,12 @@
lighttpd-module-accesslog"
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
- file://CVE-2022-41556.patch \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \
"
-SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b"
+SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358"
DEPENDS = "virtual/crypt"
diff --git a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb
index f380de0..f59fe00 100644
--- a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb
+++ b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb
@@ -19,6 +19,15 @@
S = "${WORKDIR}/git"
+
+inherit update-alternatives
+
+ALTERNATIVE:${PN} = "lsof"
+ALTERNATIVE_LINK_NAME[lsof] = "${sbindir}/lsof"
+# Make our priority higher than busybox
+ALTERNATIVE_PRIORITY = "100"
+
+
export LSOF_INCLUDE = "${STAGING_INCDIR}"
do_configure () {
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch
new file mode 100644
index 0000000..186d1e7
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch
@@ -0,0 +1,45 @@
+From 41edf6f45895193f4a523cb0a08d639c9ff9ccc9 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:12 -0600
+Subject: [PATCH] mdadm: Fix optional --write-behind parameter
+
+The commit noted below changed the behaviour of --write-behind to
+require an argument. This broke the 06wrmostly test with the error:
+
+ mdadm: Invalid value for maximum outstanding write-behind writes: (null).
+ Must be between 0 and 16383.
+
+To fix this, check if optarg is NULL before parising it, as the origial
+code did.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=41edf6f45895193f4a523cb0a08d639c9ff9ccc9]
+
+Fixes: 60815698c0ac ("Refactor parse_num and use it to parse optarg.")
+Cc: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ mdadm.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/mdadm.c b/mdadm.c
+index d0c5e6de..56722ed9 100644
+--- a/mdadm.c
++++ b/mdadm.c
+@@ -1201,8 +1201,9 @@ int main(int argc, char *argv[])
+ case O(BUILD, WriteBehind):
+ case O(CREATE, WriteBehind):
+ s.write_behind = DEFAULT_MAX_WRITE_BEHIND;
+- if (parse_num(&s.write_behind, optarg) != 0 ||
+- s.write_behind < 0 || s.write_behind > 16383) {
++ if (optarg &&
++ (parse_num(&s.write_behind, optarg) != 0 ||
++ s.write_behind < 0 || s.write_behind > 16383)) {
+ pr_err("Invalid value for maximum outstanding write-behind writes: %s.\n\tMust be between 0 and 16383.\n",
+ optarg);
+ exit(2);
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch
new file mode 100644
index 0000000..1c95834
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch
@@ -0,0 +1,41 @@
+From 7539254342bc591717b0051734cc6c09c1b88640 Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:13 -0600
+Subject: [PATCH] tests/00raid0: add a test that validates raid0 with layout
+ fails for 0.9
+
+329dfc28debb disallows the creation of raid0 with layouts for 0.9
+metadata. This test confirms the new behavior.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7539254342bc591717b0051734cc6c09c1b88640]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/00raid0 | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/tests/00raid0 b/tests/00raid0
+index 8bc18985..e6b21cc4 100644
+--- a/tests/00raid0
++++ b/tests/00raid0
+@@ -6,11 +6,9 @@ check raid0
+ testdev $md0 3 $mdsize2_l 512
+ mdadm -S $md0
+
+-# now with version-0.90 superblock
++# verify raid0 with layouts fail for 0.90
+ mdadm -CR $md0 -e0.90 -l0 -n4 $dev0 $dev1 $dev2 $dev3
+-check raid0
+-testdev $md0 4 $mdsize0 512
+-mdadm -S $md0
++check opposite_result
+
+ # now with no superblock
+ mdadm -B $md0 -l0 -n5 $dev0 $dev1 $dev2 $dev3 $dev4
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch
new file mode 100644
index 0000000..c621c08
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch
@@ -0,0 +1,39 @@
+From 39b381252c32275079344d30de18b76fda4bba26 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 27 Jul 2022 15:52:45 -0600
+Subject: [PATCH] tests/00readonly: Run udevadm settle before setting ro
+
+In some recent kernel versions, 00readonly fails with:
+
+ mdadm: failed to set readonly for /dev/md0: Device or resource busy
+ ERROR: array is not read-only!
+
+This was traced down to a race condition with udev holding a reference
+to the block device at the same time as trying to set it read only.
+
+To fix this, call udevadm settle before setting the array read only.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=39b381252c32275079344d30de18b76fda4bba26]
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jsorensen@fb.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/00readonly | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/00readonly b/tests/00readonly
+index 39202487..afe243b3 100644
+--- a/tests/00readonly
++++ b/tests/00readonly
+@@ -12,6 +12,7 @@ do
+ $dev1 $dev2 $dev3 $dev4 --assume-clean
+ check nosync
+ check $level
++ udevadm settle
+ mdadm -ro $md0
+ check readonly
+ state=$(cat /sys/block/md0/md/array_state)
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch
new file mode 100644
index 0000000..1a7104b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch
@@ -0,0 +1,33 @@
+From a2c832465fc75202e244327b2081231dfa974617 Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:16 -0600
+Subject: [PATCH] tests/02lineargrow: clear the superblock at every iteration
+
+This fixes 02lineargrow test as prior metadata causes --add operation
+to misbehave.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=a2c832465fc75202e244327b2081231dfa974617]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/02lineargrow | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/02lineargrow b/tests/02lineargrow
+index e05c219d..595bf9f2 100644
+--- a/tests/02lineargrow
++++ b/tests/02lineargrow
+@@ -20,4 +20,6 @@ do
+ testdev $md0 3 $sz 1
+
+ mdadm -S $md0
++ mdadm --zero /dev/loop2
++ mdadm --zero /dev/loop3
+ done
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch
new file mode 100644
index 0000000..9098fb2
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch
@@ -0,0 +1,41 @@
+From de045db607b1ac4b70fc2a8878463e029c2ab1dc Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:15 -0600
+Subject: [PATCH] tests/04update-metadata: avoid passing chunk size to raid1
+
+'04update-metadata' test fails with error, "specifying chunk size is
+forbidden for this level" added by commit, 5b30a34aa4b5e. Hence,
+correcting the test to ignore passing chunk size to raid1.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=de045db607b1ac4b70fc2a8878463e029c2ab1dc]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+[logang@deltatee.com: fix if/then style and dropped unrelated hunk]
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/04update-metadata | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tests/04update-metadata b/tests/04update-metadata
+index 08c14af7..2b72a303 100644
+--- a/tests/04update-metadata
++++ b/tests/04update-metadata
+@@ -11,7 +11,11 @@ dlist="$dev0 $dev1 $dev2 $dev3"
+ for ls in linear/4 raid1/1 raid5/3 raid6/2
+ do
+ s=${ls#*/} l=${ls%/*}
+- mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist
++ if [[ $l == 'raid1' ]]; then
++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 $dlist
++ else
++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist
++ fi
+ testdev $md0 $s 19904 64
+ mdadm -S $md0
+ mdadm -A $md0 --update=metadata $dlist
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch
new file mode 100644
index 0000000..d2e7d8e
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch
@@ -0,0 +1,102 @@
+From 14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7 Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:14 -0600
+Subject: [PATCH] tests: fix raid0 tests for 0.90 metadata
+
+Some of the test cases fail because raid0 creation fails with the error,
+"0.90 metadata does not support layouts for RAID0" added by commit,
+329dfc28debb. Fix some of the test cases by switching from raid0 to
+linear level for 0.9 metadata where possible.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/00raid0 | 4 ++--
+ tests/00readonly | 4 ++++
+ tests/03r0assem | 6 +++---
+ tests/04r0update | 4 ++--
+ tests/04update-metadata | 2 +-
+ 5 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/tests/00raid0 b/tests/00raid0
+index e6b21cc4..9b8896cb 100644
+--- a/tests/00raid0
++++ b/tests/00raid0
+@@ -20,8 +20,8 @@ mdadm -S $md0
+ # now same again with different chunk size
+ for chunk in 4 32 256
+ do
+- mdadm -CR $md0 -e0.90 -l raid0 --chunk $chunk -n3 $dev0 $dev1 $dev2
+- check raid0
++ mdadm -CR $md0 -e0.90 -l linear --chunk $chunk -n3 $dev0 $dev1 $dev2
++ check linear
+ testdev $md0 3 $mdsize0 $chunk
+ mdadm -S $md0
+
+diff --git a/tests/00readonly b/tests/00readonly
+index 28b0fa13..39202487 100644
+--- a/tests/00readonly
++++ b/tests/00readonly
+@@ -4,6 +4,10 @@ for metadata in 0.9 1.0 1.1 1.2
+ do
+ for level in linear raid0 raid1 raid4 raid5 raid6 raid10
+ do
++ if [[ $metadata == "0.9" && $level == "raid0" ]];
++ then
++ continue
++ fi
+ mdadm -CR $md0 -l $level -n 4 --metadata=$metadata \
+ $dev1 $dev2 $dev3 $dev4 --assume-clean
+ check nosync
+diff --git a/tests/03r0assem b/tests/03r0assem
+index 6744e322..44df0645 100644
+--- a/tests/03r0assem
++++ b/tests/03r0assem
+@@ -68,9 +68,9 @@ mdadm -S $md2
+ ### Now for version 0...
+
+ mdadm --zero-superblock $dev0 $dev1 $dev2
+-mdadm -CR $md2 -l0 --metadata=0.90 -n3 $dev0 $dev1 $dev2
+-check raid0
+-tst="testdev $md2 3 $mdsize0 512"
++mdadm -CR $md2 -llinear --metadata=0.90 -n3 $dev0 $dev1 $dev2
++check linear
++tst="testdev $md2 3 $mdsize0 1"
+ $tst
+
+ uuid=`mdadm -Db $md2 | sed 's/.*UUID=//'`
+diff --git a/tests/04r0update b/tests/04r0update
+index 73ee3b9f..b95efb06 100644
+--- a/tests/04r0update
++++ b/tests/04r0update
+@@ -1,7 +1,7 @@
+
+ # create a raid0, re-assemble with a different super-minor
+-mdadm -CR -e 0.90 $md0 -l0 -n3 $dev0 $dev1 $dev2
+-testdev $md0 3 $mdsize0 512
++mdadm -CR -e 0.90 $md0 -llinear -n3 $dev0 $dev1 $dev2
++testdev $md0 3 $mdsize0 1
+ minor1=`mdadm -E $dev0 | sed -n -e 's/.*Preferred Minor : //p'`
+ mdadm -S /dev/md0
+
+diff --git a/tests/04update-metadata b/tests/04update-metadata
+index 232fc1ff..08c14af7 100644
+--- a/tests/04update-metadata
++++ b/tests/04update-metadata
+@@ -8,7 +8,7 @@ set -xe
+
+ dlist="$dev0 $dev1 $dev2 $dev3"
+
+-for ls in raid0/4 linear/4 raid1/1 raid5/3 raid6/2
++for ls in linear/4 raid1/1 raid5/3 raid6/2
+ do
+ s=${ls#*/} l=${ls%/*}
+ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 19035ca..4aa3737 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -24,6 +24,12 @@
file://0001-mdadm-skip-test-11spare-migration.patch \
file://0001-Fix-parsing-of-r-in-monitor-manager-mode.patch \
file://0001-Makefile-install-mdcheck.patch \
+ file://0001-mdadm-Fix-optional-write-behind-parameter.patch \
+ file://0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch \
+ file://0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch \
+ file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
+ file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
+ file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
diff --git a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch
index a4b3afd..090ed5c 100644
--- a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch
+++ b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch
@@ -1,4 +1,4 @@
-From 58245b859ffbcb1780575bf1b0a018d55e74e434 Mon Sep 17 00:00:00 2001
+From 08ba909500412611953aea0fa2fe0d8fe76b6e24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@googlemail.com>
Date: Wed, 21 Sep 2016 21:14:40 +0200
Subject: [PATCH] detect gold as GNU linker too
@@ -9,23 +9,21 @@
Upstream-Status: Pending
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
+
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 03e8bda..c2fce51 100644
+index 468c718..cd93f30 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ AC_CHECK_SIZEOF([void *])
AC_MSG_CHECKING([for GNU ld])
- LD=`$CC -print-prog-name=ld 2>&5`
+ LD=$($CC -print-prog-name=ld 2>&5)
--if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld"` = 0; then
-+if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU "` = 0; then
+-if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld") = 0; then
++if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ") = 0; then
# Not
GNU_LD=""
AC_MSG_RESULT([no])
---
-2.5.5
-
diff --git a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch b/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch
deleted file mode 100644
index ca235d5..0000000
--- a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From f60dc1063607ca1f201ba4cbda467d8af3f78f64 Mon Sep 17 00:00:00 2001
-From: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Tue, 1 Oct 2019 16:37:55 +0200
-Subject: [PATCH] don't ignore CFLAGS when building snack
-
-In addition to the flags returned by python-config --cflags, use the
-user-specified CFLAGS when building the snack object.
-
-Upstream-Status: Backport from master
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index be5f87b..6facd5e 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -96,8 +96,8 @@ _snack.$(SOEXT): snack.c $(LIBNEWTSH)
- PIFLAGS=`$$pyconfig --includes`; \
- PLDFLAGS=`$$pyconfig --ldflags`; \
- PLFLAGS=`$$pyconfig --libs`; \
-- echo $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
-- $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
-+ echo $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
-+ $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
- echo $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \
- $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \
- done || :
diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb
similarity index 87%
rename from poky/meta/recipes-extended/newt/libnewt_0.52.21.bb
rename to poky/meta/recipes-extended/newt/libnewt_0.52.23.bb
index 430e481..cd3731c 100644
--- a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb
+++ b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb
@@ -21,11 +21,9 @@
file://cross_ar.patch \
file://Makefile.in-Add-tinfo-library-to-the-linking-librari.patch \
file://0001-detect-gold-as-GNU-linker-too.patch \
- file://0002-don-t-ignore-CFLAGS-when-building-snack.patch \
"
-SRC_URI[md5sum] = "a0a5fd6b53bb167a65e15996b249ebb5"
-SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac5abb31"
+SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a"
S = "${WORKDIR}/newt-${PV}"
diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
new file mode 100644
index 0000000..e7bf03f
--- /dev/null
+++ b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
@@ -0,0 +1,205 @@
+From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001
+From: Thorsten Kukuk <kukuk@suse.com>
+Date: Thu, 24 Feb 2022 10:37:32 +0100
+Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf
+
+According to the manual page, the following entry is valid but does not
+work:
+-:root:ALL EXCEPT localhost
+
+See https://bugzilla.suse.com/show_bug.cgi?id=1019866
+
+Patched is based on PR#226 from Josef Moellers
+
+Upstream-Status: Backport
+CVE: CVE-2022-28321
+
+Reference to upstream patch:
+[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f]
+
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+---
+ modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++-------
+ 1 file changed, 76 insertions(+), 19 deletions(-)
+
+diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
+index 277192b..bca424f 100644
+--- a/modules/pam_access/pam_access.c
++++ b/modules/pam_access/pam_access.c
+@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+ if ((str_len = strlen(string)) > tok_len
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return YES;
+- } else if (tok[tok_len - 1] == '.') {
++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */
+ struct addrinfo hint;
+
+ memset (&hint, '\0', sizeof (hint));
+@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+ return NO;
+ }
+
+- /* Assume network/netmask with an IP of a host. */
++ /* Assume network/netmask, IP address or hostname. */
+ return network_netmask_match(pamh, tok, string, item);
+ }
+
+@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+- * "NONE" token matches NULL string.
++ * "NONE" token matches NULL string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
+
+ /* network_netmask_match - match a string against one token
+ * where string is a hostname or ip (v4,v6) address and tok
+- * represents either a single ip (v4,v6) address or a network/netmask
++ * represents either a hostname, a single ip (v4,v6) address
++ * or a network/netmask
+ */
+ static int
+ network_netmask_match (pam_handle_t *pamh,
+@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh,
+ char *netmask_ptr;
+ char netmask_string[MAXHOSTNAMELEN + 1];
+ int addr_type;
++ struct addrinfo *ai = NULL;
+
+ if (item->debug)
+- pam_syslog (pamh, LOG_DEBUG,
++ pam_syslog (pamh, LOG_DEBUG,
+ "network_netmask_match: tok=%s, item=%s", tok, string);
++
+ /* OK, check if tok is of type addr/mask */
+ if ((netmask_ptr = strchr(tok, '/')) != NULL)
+ {
+@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh,
+ netmask_ptr = number_to_netmask(netmask, addr_type,
+ netmask_string, MAXHOSTNAMELEN);
+ }
+- }
++
++ /*
++ * Construct an addrinfo list from the IP address.
++ * This should not fail as the input is a correct IP address...
++ */
++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
++ {
++ return NO;
++ }
++ }
+ else
+- /* NO, then check if it is only an addr */
+- if (isipaddr(tok, NULL, NULL) != YES)
++ {
++ /*
++ * It is either an IP address or a hostname.
++ * Let getaddrinfo sort everything out
++ */
++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
+ {
++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
++
+ return NO;
+ }
++ netmask_ptr = NULL;
++ }
+
+ if (isipaddr(string, NULL, NULL) != YES)
+ {
+- /* Assume network/netmask with a name of a host. */
+ struct addrinfo hint;
+
++ /* Assume network/netmask with a name of a host. */
+ memset (&hint, '\0', sizeof (hint));
+ hint.ai_flags = AI_CANONNAME;
+ hint.ai_family = AF_UNSPEC;
+
+ if (item->gai_rv != 0)
++ {
++ freeaddrinfo(ai);
+ return NO;
++ }
+ else if (!item->res &&
+ (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0)
++ {
++ freeaddrinfo(ai);
+ return NO;
++ }
+ else
+ {
+ struct addrinfo *runp = item->res;
++ struct addrinfo *runp1;
+
+ while (runp != NULL)
+ {
+ char buf[INET6_ADDRSTRLEN];
+
+- DIAG_PUSH_IGNORE_CAST_ALIGN;
+- inet_ntop (runp->ai_family,
+- runp->ai_family == AF_INET
+- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
+- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
+- buf, sizeof (buf));
+- DIAG_POP_IGNORE_CAST_ALIGN;
++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0)
++ {
++ freeaddrinfo(ai);
++ return NO;
++ }
+
+- if (are_addresses_equal(buf, tok, netmask_ptr))
++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
+ {
+- return YES;
++ char buf1[INET6_ADDRSTRLEN];
++
++ if (runp->ai_family != runp1->ai_family)
++ continue;
++
++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0)
++ {
++ freeaddrinfo(ai);
++ return NO;
++ }
++
++ if (are_addresses_equal (buf, buf1, netmask_ptr))
++ {
++ freeaddrinfo(ai);
++ return YES;
++ }
+ }
+ runp = runp->ai_next;
+ }
+ }
+ }
+ else
+- return (are_addresses_equal(string, tok, netmask_ptr));
++ {
++ struct addrinfo *runp1;
++
++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
++ {
++ char buf1[INET6_ADDRSTRLEN];
++
++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
++
++ if (are_addresses_equal(string, buf1, netmask_ptr))
++ {
++ freeaddrinfo(ai);
++ return YES;
++ }
++ }
++ }
++
++ freeaddrinfo(ai);
+
+ return NO;
+ }
+--
+2.37.3
+
diff --git a/poky/meta/recipes-extended/screen/screen/signal-permission.patch b/poky/meta/recipes-extended/screen/screen/signal-permission.patch
new file mode 100644
index 0000000..77dc649
--- /dev/null
+++ b/poky/meta/recipes-extended/screen/screen/signal-permission.patch
@@ -0,0 +1,40 @@
+From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: fix: missing signal sending permission check on failed query messages
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+
+CVE: CVE-2023-24626
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/socket.c b/src/socket.c
+index 147dc54..54d8cb8 100644
+--- a/socket.c
++++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+ else
+ queryflag = -1;
+
+- Kill(m.m.command.apid,
++ if (CheckPid(m.m.command.apid)) {
++ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
++ }
++ else {
++ Kill(m.m.command.apid,
+ (queryflag >= 0)
+ ? SIGCONT
+ : SIG_BYE); /* Send SIG_BYE if an error happened */
+- queryflag = -1;
++ queryflag = -1;
++ }
+ }
+ break;
+ case MSG_COMMAND:
+--
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/screen/screen_4.9.0.bb b/poky/meta/recipes-extended/screen/screen_4.9.0.bb
index 77e8000..235cd8c 100644
--- a/poky/meta/recipes-extended/screen/screen_4.9.0.bb
+++ b/poky/meta/recipes-extended/screen/screen_4.9.0.bb
@@ -22,6 +22,7 @@
file://0001-fix-for-multijob-build.patch \
file://0001-Remove-more-compatibility-stuff.patch \
file://0001-configure-Add-needed-system-headers-in-checks.patch \
+ file://signal-permission.patch \
"
SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
new file mode 100644
index 0000000..37ba5f3
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
@@ -0,0 +1,41 @@
+commit 670cae834827a8f794e6f7464fa57790d911b63c
+Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com>
+Date: Tue Dec 27 17:40:17 2022 +0530
+
+ shadow: Fix can not print full login timeout message
+
+ Login timed out message prints only first few bytes when write is immediately followed by exit.
+ Calling exit from new handler provides enough time to display full message.
+
+Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
+
+diff --git a/src/login.c b/src/login.c
+index 116e2cb3..c55f4de0 100644
+--- a/src/login.c
++++ b/src/login.c
+@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user);
+
+ static void init_env (void);
+ static void alarm_handler (int);
++static void exit_handler (int);
+
+ /*
+ * usage - print login command usage and exit
+@@ -391,11 +392,16 @@ static void init_env (void)
+ #endif /* !USE_PAM */
+ }
+
++static void exit_handler (unused int sig)
++{
++ _exit (0);
++}
+
+ static void alarm_handler (unused int sig)
+ {
+ write (STDERR_FILENO, tmsg, strlen (tmsg));
+- _exit (0);
++ signal(SIGALRM, exit_handler);
++ alarm(2);
+ }
+
+ #ifdef USE_PAM
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index a87e235..0ed220a 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -15,6 +15,7 @@
file://0001-shadow-use-relaxed-usernames.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
file://useradd \
+ file://0001-Fix-can-not-print-full-login.patch \
"
SRC_URI:append:class-target = " \
@@ -30,7 +31,7 @@
SRC_URI:append:class-nativesdk = " \
file://0001-Disable-use-of-syslog-for-sysroot.patch \
"
-SRC_URI[sha256sum] = "9fdb73b5d2b44e8ba9fcee1b4493ac75dd5040bda35b9ac8b06570cd192e7ee3"
+SRC_URI[sha256sum] = "f525154adc5605e4ebf03d3e7ee8be4d7f3c7cf9df2c2244043406b6eefca2da"
# Additional Policy files for PAM
diff --git a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb
similarity index 83%
rename from poky/meta/recipes-extended/shadow/shadow_4.12.1.bb
rename to poky/meta/recipes-extended/shadow/shadow_4.12.3.bb
index 40b1134..d1a3fd5 100644
--- a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb
+++ b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb
@@ -9,3 +9,6 @@
# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
CVE_CHECK_IGNORE += "CVE-2013-4235"
+
+# This is an issue for a different shadow
+CVE_CHECK_IGNORE += "CVE-2016-15024"
diff --git a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
index f4fc376..041c717 100644
--- a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
+++ b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
@@ -1,4 +1,7 @@
-sudo.conf.in: fix conflict with multilib
+From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Tue, 17 Nov 2020 11:13:40 +0800
+Subject: [PATCH] sudo.conf.in: fix conflict with multilib
When pass ${libdir} to --libexecdir of sudo, it fails to install sudo
and lib32-sudo at same time:
@@ -12,12 +15,13 @@
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Upstream-Status: Inappropriate [OE configuration specific]
+
---
examples/sudo.conf.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
-index 6535d3a..50afc8f 100644
+index 2187457..0908d24 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -4,7 +4,7 @@
@@ -33,8 +37,8 @@
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_intercept.so file.
#
--#Path intercept @plugindir@/sudo_intercept.so
-+#Path intercept $plugindir/sudo_intercept.so
+-#Path intercept @intercept_file@
++#Path intercept $intercept_file
#
# Sudo noexec:
@@ -42,8 +46,8 @@
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_noexec.so file.
#
--#Path noexec @plugindir@/sudo_noexec.so
-+#Path noexec $plugindir/sudo_noexec.so
+-#Path noexec @noexec_file@
++#Path noexec $noexec_file
#
# Sudo plugin directory:
@@ -55,7 +59,4 @@
+#Path plugin_dir $plugindir
#
- # Sudo developer mode:
---
-2.17.1
-
+ # Core dumps:
diff --git a/poky/meta/recipes-extended/sudo/sudo.inc b/poky/meta/recipes-extended/sudo/sudo.inc
index 8947c46..f22b3ea 100644
--- a/poky/meta/recipes-extended/sudo/sudo.inc
+++ b/poky/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=16cf60b466f3a0606427a7b624a3a670 \
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
similarity index 96%
rename from poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb
rename to poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
index ba610ee..2e11739 100644
--- a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb
+++ b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
@@ -8,7 +8,7 @@
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "4687e7d2f56721708f59cca2e1352c056cb23de526c22725615a42bb094f1f70"
+SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb
similarity index 65%
rename from poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb
rename to poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb
index 273c5c1..6df7bdb 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb
+++ b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb
@@ -4,4 +4,4 @@
SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
-SRC_URI[sha256sum] = "699fd948836d77f9ad0541fd5dcf75cd2505f9da4ec14df669286ad047c23d97"
+SRC_URI[sha256sum] = "18ff5a4e149e2568e43385637f72437fe6bafcc1322a93d13d1981e9464a0342"
diff --git a/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
new file mode 100644
index 0000000..b2f40f3
--- /dev/null
+++ b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
@@ -0,0 +1,43 @@
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 11 Feb 2023 11:57:39 +0200
+Subject: Fix boundary checking in base-256 decoder
+
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
+long.
+
+Upstream-Status: Backport [see reference below]
+CVE: CVE-2022-48303
+
+Reference to upstream patch:
+https://savannah.gnu.org/bugs/?62387
+https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
+
+Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ src/list.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+
+
+(limited to 'src/list.c')
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc42..86bcfdd 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
+ where++;
+ }
+ }
+- else if (*where == '\200' /* positive base-256 */
+- || *where == '\377' /* negative base-256 */)
++ else if (where <= lim - 2
++ && (*where == '\200' /* positive base-256 */
++ || *where == '\377' /* negative base-256 */))
+ {
+ /* Parse base-256 output. A nonnegative number N is
+ represented as (256**DIGS)/2 + N; a negative number -N is
+--
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/tar/tar_1.34.bb b/poky/meta/recipes-extended/tar/tar_1.34.bb
index 7307cd5..1ef5fe2 100644
--- a/poky/meta/recipes-extended/tar/tar_1.34.bb
+++ b/poky/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
+ file://CVE-2022-48303.patch \
+"
SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc
index d3c78e9..14a1ce1 100644
--- a/poky/meta/recipes-extended/timezone/timezone.inc
+++ b/poky/meta/recipes-extended/timezone/timezone.inc
@@ -6,14 +6,15 @@
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2022d"
+PV = "2023c"
-SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
- http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
+SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
+ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
"
+S = "${WORKDIR}/tz"
+
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0"
-SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0"
-
+SRC_URI[tzcode.sha256sum] = "46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7"
+SRC_URI[tzdata.sha256sum] = "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c"
diff --git a/poky/meta/recipes-extended/timezone/tzcode-native.bb b/poky/meta/recipes-extended/timezone/tzcode-native.bb
index e3582ba..d0b23a9 100644
--- a/poky/meta/recipes-extended/timezone/tzcode-native.bb
+++ b/poky/meta/recipes-extended/timezone/tzcode-native.bb
@@ -1,10 +1,7 @@
require timezone.inc
-#
SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
-S = "${WORKDIR}"
-
inherit native
EXTRA_OEMAKE += "cc='${CC}'"
diff --git a/poky/meta/recipes-extended/timezone/tzdata.bb b/poky/meta/recipes-extended/timezone/tzdata.bb
index 7f4322d..dd1960f 100644
--- a/poky/meta/recipes-extended/timezone/tzdata.bb
+++ b/poky/meta/recipes-extended/timezone/tzdata.bb
@@ -4,8 +4,6 @@
inherit allarch
-S = "${WORKDIR}"
-
DEFAULT_TIMEZONE ?= "Universal"
INSTALL_TIMEZONE_FILE ?= "1"
@@ -18,17 +16,21 @@
# "fat" is needed by e.g. MariaDB's mysql_tzinfo_to_sql
ZIC_FMT ?= "slim"
+do_configure[cleandirs] = "${B}"
+B = "${WORKDIR}/build"
+
do_compile() {
for zone in ${TZONES}; do
- ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null ${S}/${zone}
- ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null ${S}/${zone}
- ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone}
+ ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone}
+ ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone}
+ ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone}
done
}
do_install() {
- install -d ${D}$exec_prefix ${D}${datadir}/zoneinfo
- cp -pPR ${WORKDIR}$exec_prefix ${D}${base_prefix}
+ install -d ${D}${datadir}/zoneinfo
+ cp -pPR ${B}/zoneinfo/* ${D}${datadir}/zoneinfo
+
# libc is removing zoneinfo files from package
cp -pP "${S}/zone.tab" ${D}${datadir}/zoneinfo
cp -pP "${S}/zone1970.tab" ${D}${datadir}/zoneinfo
diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch
new file mode 100644
index 0000000..b236030
--- /dev/null
+++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch
@@ -0,0 +1,145 @@
+xdg-email does not parse mailto uris properly for thunderbird
+
+When using thunderbird as mailto handler xdg-email translates mailto uris into an 'thunderbird -compose' argument. While to, cc and bcc values are properly enclosed in single quotes this is not the case for subject or body. This breaks functionality and allows to use all thunderbird -compose arguments within a mailto uri, e.g.
+
+xdg-email 'mailto:test@example.com?subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt'
+
+translates into
+
+thunderbird -compose to='test@example.com,',subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt
+
+with working attachment and message. (And, yes, ~ expands to the home directory.)
+
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205]
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+CVE: CVE-2022-4055
+
+
+Index: xdg-utils-1.1.3/scripts/xdg-email.in
+===================================================================
+--- xdg-utils-1.1.3.orig/scripts/xdg-email.in
++++ xdg-utils-1.1.3/scripts/xdg-email.in
+@@ -30,53 +30,6 @@ _USAGE
+
+ #@xdg-utils-common@
+
+-run_thunderbird()
+-{
+- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY
+- THUNDERBIRD="$1"
+- MAILTO=$(echo "$2" | sed 's/^mailto://')
+- echo "$MAILTO" | grep -qs "^?"
+- if [ "$?" = "0" ] ; then
+- MAILTO=$(echo "$MAILTO" | sed 's/^?//')
+- else
+- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/')
+- fi
+-
+- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g')
+- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1)
+- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1)
+-
+- if [ -z "$TO" ] ; then
+- NEWMAILTO=
+- else
+- NEWMAILTO="to='$TO'"
+- fi
+- if [ -n "$CC" ] ; then
+- NEWMAILTO="${NEWMAILTO},cc='$CC'"
+- fi
+- if [ -n "$BCC" ] ; then
+- NEWMAILTO="${NEWMAILTO},bcc='$BCC'"
+- fi
+- if [ -n "$SUBJECT" ] ; then
+- NEWMAILTO="${NEWMAILTO},$SUBJECT"
+- fi
+- if [ -n "$BODY" ] ; then
+- NEWMAILTO="${NEWMAILTO},$BODY"
+- fi
+-
+- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//')
+- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\""
+- "$THUNDERBIRD" -compose "$NEWMAILTO"
+- if [ $? -eq 0 ]; then
+- exit_success
+- else
+- exit_failure_operation_failed
+- fi
+-}
+-
+ open_kde()
+ {
+ if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then
+@@ -130,15 +83,6 @@ open_kde()
+
+ open_gnome3()
+ {
+- local client
+- local desktop
+- desktop=`xdg-mime query default "x-scheme-handler/mailto"`
+- client=`desktop_file_to_binary "$desktop"`
+- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
+- if [ $? -eq 0 ] ; then
+- run_thunderbird "$client" "$1"
+- fi
+-
+ if gio help open 2>/dev/null 1>&2; then
+ DEBUG 1 "Running gio open \"$1\""
+ gio open "$1"
+@@ -159,13 +103,6 @@ open_gnome3()
+
+ open_gnome()
+ {
+- local client
+- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || ""
+- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
+- if [ $? -eq 0 ] ; then
+- run_thunderbird "$client" "$1"
+- fi
+-
+ if gio help open 2>/dev/null 1>&2; then
+ DEBUG 1 "Running gio open \"$1\""
+ gio open "$1"
+@@ -231,15 +168,6 @@ open_flatpak()
+
+ open_generic()
+ {
+- local client
+- local desktop
+- desktop=`xdg-mime query default "x-scheme-handler/mailto"`
+- client=`desktop_file_to_binary "$desktop"`
+- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
+- if [ $? -eq 0 ] ; then
+- run_thunderbird "$client" "$1"
+- fi
+-
+ xdg-open "$1"
+ local ret=$?
+
+@@ -364,21 +292,6 @@ while [ $# -gt 0 ] ; do
+ shift
+ ;;
+
+- --attach)
+- if [ -z "$1" ] ; then
+- exit_failure_syntax "file argument missing for --attach option"
+- fi
+- check_input_file "$1"
+- file=`readlink -f "$1"` # Normalize path
+- if [ -z "$file" ] || [ ! -f "$file" ] ; then
+- exit_failure_file_missing "file '$1' does not exist"
+- fi
+-
+- url_encode "$file"
+- options="${options}attach=${result}&"
+- shift
+- ;;
+-
+ -*)
+ exit_failure_syntax "unexpected option '$parm'"
+ ;;
diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
index 73acf6b..4d93180 100644
--- a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
+++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
@@ -21,6 +21,7 @@
file://0001-Reinstate-xdg-terminal.patch \
file://0001-Don-t-build-the-in-script-manual.patch \
file://1f199813e0eb0246f63b54e9e154970e609575af.patch \
+ file://CVE-2022-4055.patch \
"
SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff"
diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb
index 9efd280..98923a3 100644
--- a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb
+++ b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb
@@ -27,6 +27,7 @@
file://0002-help-meson.build-disable-the-use-of-yelp.patch \
file://migrator.patch \
file://distributor.patch \
+ file://CVE-2023-26081.patch \
"
SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860"
diff --git a/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
new file mode 100644
index 0000000..af1e20b
--- /dev/null
+++ b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
@@ -0,0 +1,90 @@
+From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 3 Feb 2023 13:07:15 -0600
+Subject: [PATCH] Don't autofill passwords in sandboxed contexts
+
+If using the sandbox CSP or iframe tag, the web content is supposed to
+be not trusted by the main resource origin. Therefore, we'd better
+disable the password manager entirely so the untrusted web content
+cannot exfiltrate passwords.
+
+https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
+CVE: CVE-2023-26081
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ .../resources/js/ephy.js | 26 +++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js
+index 38b806f..44d1792 100644
+--- a/embed/web-process-extension/resources/js/ephy.js
++++ b/embed/web-process-extension/resources/js/ephy.js
+@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function()
+ }
+ };
+
++Ephy.isSandboxedWebContent = function()
++{
++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
++ return self.origin === null || self.origin === 'null';
++};
++
+ Ephy.PasswordManager = class PasswordManager
+ {
+ constructor(pageID, frameID)
+@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ query(origin, targetOrigin, username, usernameField, passwordField)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`);
+
+ return new Promise((resolver, reject) => {
+@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ save(origin, targetOrigin, username, password, usernameField, passwordField, isNew)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerSave.postMessage({
+@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager
+ // FIXME: Why is pageID a parameter here?
+ requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
+@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ queryUsernames(origin)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Requesting usernames for origin=${origin}`);
+
+ return new Promise((resolver, reject) => {
+--
+2.35.5
+
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch
deleted file mode 100644
index 02cc9a2..0000000
--- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From f81b60ebcbbfd9548c8aa1e388662c429068d1e3 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Sat, 8 May 2021 21:58:54 +0200
-Subject: [PATCH] Add use_prebuilt_tools option
-
-This allows using the gdk-pixbuf tools from the host to
-build and install tests in a cross-compile scenarion.
-
-Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/119]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
----
- gdk-pixbuf/meson.build | 11 +++++++++--
- meson.build | 6 +++---
- meson_options.txt | 4 ++++
- tests/meson.build | 16 ++++++++--------
- thumbnailer/meson.build | 24 ++++++++++++++++++------
- 5 files changed, 42 insertions(+), 19 deletions(-)
-
-diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build
-index 54ff9dd..2e321cf 100644
---- a/gdk-pixbuf/meson.build
-+++ b/gdk-pixbuf/meson.build
-@@ -342,13 +342,20 @@ foreach bin: gdkpixbuf_bin
- include_directories: [ root_inc, gdk_pixbuf_inc ],
- c_args: common_cflags + gdk_pixbuf_cflags,
- install: true)
-- meson.override_find_program(bin_name, bin)
-+ if not get_option('use_prebuilt_tools')
-+ meson.override_find_program(bin_name, bin)
-+ endif
-
- # Used in tests
- set_variable(bin_name.underscorify(), bin)
- endforeach
-
--if not meson.is_cross_build()
-+if get_option('use_prebuilt_tools')
-+ gdk_pixbuf_query_loaders = find_program('gdk-pixbuf-query-loaders', required: true)
-+ gdk_pixbuf_pixdata = find_program('gdk-pixbuf-pixdata', required: true)
-+endif
-+
-+if not meson.is_cross_build() or get_option('use_prebuilt_tools')
- # The 'loaders.cache' used for testing, so we don't accidentally
- # load the installed cache; we always build it by default
- loaders_cache = custom_target('loaders.cache',
-diff --git a/meson.build b/meson.build
-index 813bd43..a93e6f7 100644
---- a/meson.build
-+++ b/meson.build
-@@ -369,18 +369,18 @@ subdir('gdk-pixbuf')
- # i18n
- subdir('po')
-
--if not meson.is_cross_build()
-+if not meson.is_cross_build() or get_option('use_prebuilt_tools')
- if get_option('tests')
- subdir('tests')
- endif
-- subdir('thumbnailer')
- endif
-+subdir('thumbnailer')
-
- # Documentation
- build_docs = get_option('gtk_doc') or get_option('docs')
- subdir('docs')
-
--if not meson.is_cross_build()
-+if not meson.is_cross_build() or get_option('use_prebuilt_tools')
- meson.add_install_script('build-aux/post-install.py',
- gdk_pixbuf_bindir,
- gdk_pixbuf_libdir,
-diff --git a/meson_options.txt b/meson_options.txt
-index d198d99..1c899e9 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -53,4 +53,8 @@ option('gio_sniffing',
- description: 'Perform file type detection using GIO (Unused on MacOS and Windows)',
- type: 'boolean',
- value: true)
-+option('use_prebuilt_tools',
-+ description: 'Use prebuilt gdk-pixbuf tools from the host for cross-compilation',
-+ type: 'boolean',
-+ value: false)
-
-diff --git a/tests/meson.build b/tests/meson.build
-index 28c2525..d97c02d 100644
---- a/tests/meson.build
-+++ b/tests/meson.build
-@@ -5,6 +5,12 @@
- # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with
- # this problem: See https://github.com/mesonbuild/meson/issues/8266.
- if enabled_loaders.contains('png') and host_system != 'windows'
-+
-+ resources_deps = [loaders_cache,]
-+ if not get_option('use_prebuilt_tools')
-+ resources_deps += [gdk_pixbuf_pixdata,]
-+ endif
-+
- # Resources; we cannot use gnome.compile_resources() here, because we need to
- # override the environment in order to use the utilities we just built instead
- # of the system ones
-@@ -21,10 +27,7 @@ if enabled_loaders.contains('png') and host_system != 'windows'
- '@INPUT@',
- '@OUTPUT@',
- ],
-- depends: [
-- gdk_pixbuf_pixdata,
-- loaders_cache,
-- ],
-+ depends: resources_deps,
- )
-
- resources_h = custom_target('resources.h',
-@@ -40,10 +43,7 @@ if enabled_loaders.contains('png') and host_system != 'windows'
- '@INPUT@',
- '@OUTPUT@',
- ],
-- depends: [
-- gdk_pixbuf_pixdata,
-- loaders_cache,
-- ],
-+ depends: resources_deps,
- )
- no_resources = false
- else
-diff --git a/thumbnailer/meson.build b/thumbnailer/meson.build
-index b6a206d..9336c21 100644
---- a/thumbnailer/meson.build
-+++ b/thumbnailer/meson.build
-@@ -6,13 +6,29 @@ bin = executable('gdk-pixbuf-thumbnailer',
- ],
- dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ],
- install: true)
--meson.override_find_program('gdk-pixbuf-thumbnailer', bin)
-+if not get_option('use_prebuilt_tools')
-+ meson.override_find_program('gdk-pixbuf-thumbnailer', bin)
-+endif
-
- gdk_pixbuf_print_mime_types = executable('gdk-pixbuf-print-mime-types',
- 'gdk-pixbuf-print-mime-types.c',
-+ install: true,
- c_args: common_cflags,
- dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ])
-
-+if get_option('use_prebuilt_tools')
-+ gdk_pixbuf_print_mime_types = find_program('gdk-pixbuf-print-mime-types', required: true)
-+endif
-+
-+thumbnailer_deps = [loaders_cache,]
-+
-+if not get_option('use_prebuilt_tools')
-+ thumbnailer_deps += [
-+ gdk_pixbuf_print_mime_types,
-+ gdk_pixbuf_pixdata,
-+ ]
-+endif
-+
- custom_target('thumbnailer',
- input: 'gdk-pixbuf-thumbnailer.thumbnailer.in',
- output: 'gdk-pixbuf-thumbnailer.thumbnailer',
-@@ -25,10 +41,6 @@ custom_target('thumbnailer',
- '@INPUT@',
- '@OUTPUT@',
- ],
-- depends: [
-- gdk_pixbuf_print_mime_types,
-- gdk_pixbuf_pixdata,
-- loaders_cache,
-- ],
-+ depends: thumbnailer_deps,
- install: true,
- install_dir: join_paths(gdk_pixbuf_datadir, 'thumbnailers'))
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch
new file mode 100644
index 0000000..7250fa3
--- /dev/null
+++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch
@@ -0,0 +1,66 @@
+From 9d3b374e75692da3d1d05344a1693c85a3098f47 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Thu, 26 Jan 2023 20:29:46 +0100
+Subject: [PATCH] meson.build: allow (a subset of) tests in cross compile
+ settings
+
+There is no need to completely disable tests: most of them
+do not require running target executables at build time,
+and so can be built and installed.
+
+This requires inserting a couple of specific guards around
+items that do require running target executables.
+
+Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/150]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ meson.build | 6 +++---
+ tests/meson.build | 10 ++++++----
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 8a16c8f..7c8b20f 100644
+--- a/meson.build
++++ b/meson.build
+@@ -369,10 +369,10 @@ subdir('gdk-pixbuf')
+ # i18n
+ subdir('po')
+
++if get_option('tests')
++ subdir('tests')
++endif
+ if not meson.is_cross_build()
+- if get_option('tests')
+- subdir('tests')
+- endif
+ subdir('thumbnailer')
+ endif
+
+diff --git a/tests/meson.build b/tests/meson.build
+index 28c2525..c45e765 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -4,7 +4,7 @@
+ # gdk-pixbuf-pixdata from build directory because it needs all DLL locations in
+ # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with
+ # this problem: See https://github.com/mesonbuild/meson/issues/8266.
+-if enabled_loaders.contains('png') and host_system != 'windows'
++if enabled_loaders.contains('png') and host_system != 'windows' and not meson.is_cross_build()
+ # Resources; we cannot use gnome.compile_resources() here, because we need to
+ # override the environment in order to use the utilities we just built instead
+ # of the system ones
+@@ -166,9 +166,11 @@ endif
+ test_deps = gdk_pixbuf_deps + [ gdkpixbuf_dep, ]
+ test_args = [ '-k' ]
+ test_env = environment()
+-test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
+-test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
+-test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path())
++if not meson.is_cross_build()
++ test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
++ test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
++ test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path())
++endif
+
+ foreach test_name, test_data: installed_tests
+ test_sources = [ test_name + '.c', 'test-common.c' ]
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
similarity index 87%
rename from poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
rename to poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
index d33718e..cca89a9 100644
--- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
+++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
@@ -12,18 +12,17 @@
SECTION = "libs"
-DEPENDS = "glib-2.0 gdk-pixbuf-native shared-mime-info"
-DEPENDS:remove:class-native = "gdk-pixbuf-native"
+DEPENDS = "glib-2.0 shared-mime-info"
MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
- file://0001-Add-use_prebuilt_tools-option.patch \
+ file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
"
-SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962"
+SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"
inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package
@@ -46,14 +45,6 @@
EXTRA_OEMESON = "-Dman=false"
-EXTRA_OEMESON:append:class-target = " \
- -Duse_prebuilt_tools=true \
-"
-
-EXTRA_OEMESON:append:class-nativesdk = " \
- -Duse_prebuilt_tools=true \
-"
-
PACKAGES =+ "${PN}-xlib"
# For GIO image type sniffing
@@ -115,10 +106,6 @@
XDG_DATA_DIRS=${STAGING_DATADIR} \
GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache
- create_wrapper ${D}/${bindir}/gdk-pixbuf-print-mime-types \
- XDG_DATA_DIRS=${STAGING_DATADIR} \
- GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache
-
create_wrapper ${D}/${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \
XDG_DATA_DIRS=${STAGING_DATADIR} \
GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
index fc52ae6..59278d1 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
+++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
@@ -56,8 +56,10 @@
CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
PACKAGECONFIG ??= "gdkpixbuf"
+PACKAGECONFIG:append:class-target = " ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vala', '', d)}"
# The gdk-pixbuf loader
PACKAGECONFIG[gdkpixbuf] = "--enable-pixbuf-loader,--disable-pixbuf-loader,gdk-pixbuf-native"
+PACKAGECONFIG[vala] = "--enable-vala,--disable-vala"
do_install:append() {
# Loadable modules don't need .a or .la on Linux
diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
index 5232cf7..a2dba6c 100644
--- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -1,19 +1,20 @@
-There is a potential infinite-loop in function _arc_error_normalized().
+There is an assertion in function _cairo_arc_in_direction().
CVE: CVE-2019-6461
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..f9249dbeb 100644
+index 390397bae..1bde774a4 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
-@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
- do {
- angle = M_PI / i++;
- error = _arc_error_normalized (angle);
-- } while (error > tolerance);
-+ } while (error > tolerance && error > __DBL_EPSILON__);
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
- return angle;
- }
+- assert (angle_max >= angle_min);
++ if (angle_max < angle_min)
++ return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
index 4e4598c..7c32092 100644
--- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -1,20 +1,40 @@
-There is an assertion in function _cairo_arc_in_direction().
-
CVE: CVE-2019-6462
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
+Upstream-Status: Backport
+Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
+
+From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <hlewin@gmx.de>
+Date: Sun, 1 Aug 2021 11:16:03 +0000
+Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
+
+---
+ src/cairo-arc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1bde774a4 100644
+index 390397bae..1c891d1a0 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
-@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
- if (cairo_status (cr))
- return;
+@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ { M_PI / 11.0, 9.81410988043554039085e-09 },
+ };
+ int table_size = ARRAY_LENGTH (table);
++ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
-- assert (angle_max >= angle_min);
-+ if (angle_max < angle_min)
-+ return;
+ for (i = 0; i < table_size; i++)
+ if (table[i].error < tolerance)
+ return table[i].angle;
- if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
- angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+ ++i;
++
+ do {
+ angle = M_PI / i++;
+ error = _arc_error_normalized (angle);
+- } while (error > tolerance);
++ } while (error > tolerance && i < max_segments);
+
+ return angle;
+ }
+--
+2.38.1
+
diff --git a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb
index 959ef68..613d343 100644
--- a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb
+++ b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb
@@ -39,7 +39,7 @@
ALLOW_EMPTY:${PN}-drivers = "1"
PACKAGES =+ "${PN}-tests ${PN}-drivers ${PN}-radeon ${PN}-nouveau ${PN}-omap \
- ${PN}-intel ${PN}-exynos ${PN}-kms ${PN}-freedreno ${PN}-amdgpu \
+ ${PN}-intel ${PN}-exynos ${PN}-freedreno ${PN}-amdgpu \
${PN}-etnaviv"
RRECOMMENDS:${PN}-drivers = "${PN}-radeon ${PN}-nouveau ${PN}-omap ${PN}-intel \
@@ -52,7 +52,6 @@
FILES:${PN}-omap = "${libdir}/libdrm_omap.so.*"
FILES:${PN}-intel = "${libdir}/libdrm_intel.so.*"
FILES:${PN}-exynos = "${libdir}/libdrm_exynos.so.*"
-FILES:${PN}-kms = "${libdir}/libkms*.so.*"
FILES:${PN}-freedreno = "${libdir}/libdrm_freedreno.so.*"
FILES:${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.* ${datadir}/${PN}/amdgpu.ids"
FILES:${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*"
diff --git a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb
index 69d9a0a..5b3b85b 100644
--- a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb
+++ b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb
@@ -9,7 +9,7 @@
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3"
SRCREV = "adbf0d3106b26daa237b10b9bf72b1af7c31092d"
-SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \
+SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \
file://0001-generate-glslang-pkg-config.patch"
PE = "1"
UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
new file mode 100644
index 0000000..47d2d7c
--- /dev/null
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
@@ -0,0 +1,135 @@
+From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 13:08:52 -0700
+Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match()
+
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324]
+Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP.
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ src/hb-ot-layout-gsubgpos.hh | 94 +++++++++++++++++++++---------------
+ 1 file changed, 54 insertions(+), 40 deletions(-)
+
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index c77ec12..04b823e 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -532,33 +532,52 @@ struct hb_ot_apply_context_t :
+ may_skip (const hb_glyph_info_t &info) const
+ { return matcher.may_skip (c, info); }
+
++ enum match_t {
++ MATCH,
++ NOT_MATCH,
++ SKIP
++ };
++
++ match_t match (hb_glyph_info_t &info)
++ {
++ matcher_t::may_skip_t skip = matcher.may_skip (c, info);
++ if (unlikely (skip == matcher_t::SKIP_YES))
++ return SKIP;
++
++ matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ());
++ if (match == matcher_t::MATCH_YES ||
++ (match == matcher_t::MATCH_MAYBE &&
++ skip == matcher_t::SKIP_NO))
++ return MATCH;
++
++ if (skip == matcher_t::SKIP_NO)
++ return NOT_MATCH;
++
++ return SKIP;
++ }
++
+ bool next (unsigned *unsafe_to = nullptr)
+ {
+ assert (num_items > 0);
+ while (idx + num_items < end)
+ {
+ idx++;
+- hb_glyph_info_t &info = c->buffer->info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+- continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ());
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+- num_items--;
+- advance_glyph_data ();
+- return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->info[idx]))
+ {
+- if (unsafe_to)
+- *unsafe_to = idx + 1;
+- return false;
++ case MATCH:
++ {
++ num_items--;
++ advance_glyph_data ();
++ return true;
++ }
++ case NOT_MATCH:
++ {
++ if (unsafe_to)
++ *unsafe_to = idx + 1;
++ return false;
++ }
++ case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_to)
+@@ -571,27 +590,22 @@ struct hb_ot_apply_context_t :
+ while (idx > num_items - 1)
+ {
+ idx--;
+- hb_glyph_info_t &info = c->buffer->out_info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+- continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ());
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+- num_items--;
+- advance_glyph_data ();
+- return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->out_info[idx]))
+ {
+- if (unsafe_from)
+- *unsafe_from = hb_max (1u, idx) - 1u;
+- return false;
++ case MATCH:
++ {
++ num_items--;
++ advance_glyph_data ();
++ return true;
++ }
++ case NOT_MATCH:
++ {
++ if (unsafe_from)
++ *unsafe_from = hb_max (1u, idx) - 1u;
++ return false;
++ }
++ case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_from)
+--
+2.25.1
+
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
new file mode 100644
index 0000000..f5c5cf4
--- /dev/null
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
@@ -0,0 +1,192 @@
+From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 14:51:25 -0700
+Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment
+
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
+Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc] causes regression and was reverted. This Patch completes the fix.
+CVE: CVE-2023-25193
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+
+---
+ src/OT/Layout/GPOS/MarkBasePosFormat1.hh | 76 +++++++++++++++---------
+ src/OT/Layout/GPOS/MarkLigPosFormat1.hh | 24 ++++++--
+ src/hb-ot-layout-gsubgpos.hh | 5 +-
+ 3 files changed, 69 insertions(+), 36 deletions(-)
+
+diff --git a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
+index ebb8c31..73839a4 100644
+--- a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
++++ b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
+@@ -90,6 +90,25 @@ struct MarkBasePosFormat1_2
+
+ const Coverage &get_coverage () const { return this+markCoverage; }
+
++ static inline bool accept (hb_buffer_t *buffer, unsigned idx)
++ {
++ /* We only want to attach to the first of a MultipleSubst sequence.
++ * https://github.com/harfbuzz/harfbuzz/issues/740
++ * Reject others...
++ * ...but stop if we find a mark in the MultipleSubst sequence:
++ * https://github.com/harfbuzz/harfbuzz/issues/1020 */
++ return !_hb_glyph_info_multiplied (&buffer->info[idx]) ||
++ 0 == _hb_glyph_info_get_lig_comp (&buffer->info[idx]) ||
++ (idx == 0 ||
++ _hb_glyph_info_is_mark (&buffer->info[idx - 1]) ||
++ !_hb_glyph_info_multiplied (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_id (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_id (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx - 1]) + 1
++ );
++ }
++
+ bool apply (hb_ot_apply_context_t *c) const
+ {
+ TRACE_APPLY (this);
+@@ -97,48 +116,47 @@ struct MarkBasePosFormat1_2
+ unsigned int mark_index = (this+markCoverage).get_coverage (buffer->cur().codepoint);
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+- /* Now we search backwards for a non-mark glyph */
++ /* Now we search backwards for a non-mark glyph.
++ * We don't use skippy_iter.prev() to avoid O(n^2) behavior. */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+- skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+- do {
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++
++ unsigned j;
++ for (j = buffer->idx; j > c->last_base_until; j--)
++ {
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1);
+- return_trace (false);
++ if (!accept (buffer, j - 1))
++ match = skippy_iter.SKIP;
+ }
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++ }
++ c->last_base_until = buffer->idx;
++ if (c->last_base == -1)
++ {
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
++ return_trace (false);
++ }
+
+- /* We only want to attach to the first of a MultipleSubst sequence.
+- * https://github.com/harfbuzz/harfbuzz/issues/740
+- * Reject others...
+- * ...but stop if we find a mark in the MultipleSubst sequence:
+- * https://github.com/harfbuzz/harfbuzz/issues/1020 */
+- if (!_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx]) ||
+- 0 == _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) ||
+- (skippy_iter.idx == 0 ||
+- _hb_glyph_info_is_mark (&buffer->info[skippy_iter.idx - 1]) ||
+- !_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx - 1]) + 1
+- ))
+- break;
+- skippy_iter.reject ();
+- } while (true);
++ unsigned idx = (unsigned) c->last_base;
+
+ /* Checking that matched glyph is actually a base glyph by GDEF is too strong; disabled */
+- //if (!_hb_glyph_info_is_base_glyph (&buffer->info[skippy_iter.idx])) { return_trace (false); }
++ //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); }
+
+- unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[skippy_iter.idx].codepoint);
++ unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[idx].codepoint);
+ if (base_index == NOT_COVERED)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (skippy_iter.idx, buffer->idx + 1);
++ buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1);
+ return_trace (false);
+ }
+
+- return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx));
++ return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, idx));
+ }
+
+ bool subset (hb_subset_context_t *c) const
+diff --git a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
+index 1a80212..4471871 100644
+--- a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
++++ b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
+@@ -100,20 +100,32 @@ struct MarkLigPosFormat1_2
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+ /* Now we search backwards for a non-mark glyph */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+- skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++
++ unsigned j;
++ for (j = buffer->idx; j > c->last_base_until; j--)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1);
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++ }
++ c->last_base_until = buffer->idx;
++ if (c->last_base == -1)
++ {
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
+ return_trace (false);
+ }
+
++ j = (unsigned) c->last_base;
++
+ /* Checking that matched glyph is actually a ligature by GDEF is too strong; disabled */
+- //if (!_hb_glyph_info_is_ligature (&buffer->info[skippy_iter.idx])) { return_trace (false); }
++ //if (!_hb_glyph_info_is_ligature (&buffer->info[j])) { return_trace (false); }
+
+- unsigned int j = skippy_iter.idx;
+ unsigned int lig_index = (this+ligatureCoverage).get_coverage (buffer->info[j].codepoint);
+ if (lig_index == NOT_COVERED)
+ {
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index 04b823e..dc3c4b6 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -701,6 +701,9 @@ struct hb_ot_apply_context_t :
+ uint32_t random_state = 1;
+ unsigned new_syllables = (unsigned) -1;
+
++ signed last_base = -1; // GPOS uses
++ unsigned last_base_until = 0; // GPOS uses
++
+ hb_ot_apply_context_t (unsigned int table_index_,
+ hb_font_t *font_,
+ hb_buffer_t *buffer_) :
+@@ -738,7 +741,7 @@ struct hb_ot_apply_context_t :
+ iter_context.init (this, true);
+ }
+
+- void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; init_iters (); }
++ void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; last_base = -1; last_base_until = 0; init_iters (); }
+ void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); }
+ void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); }
+ void set_per_syllable (bool per_syllable_) { per_syllable = per_syllable_; init_iters (); }
+--
+2.25.1
+
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb
index 4905e8e..0d68a4b 100644
--- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb
@@ -10,6 +10,8 @@
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz \
file://0001-fix-signedness-of-char-in-tests.patch \
+ file://CVE-2023-25193-pre1.patch \
+ file://CVE-2023-25193.patch \
"
SRC_URI[sha256sum] = "2edb95db668781aaa8d60959d21be2ff80085f31b12053cdd660d9a50ce84f05"
@@ -32,9 +34,9 @@
LEAD_SONAME = "libharfbuzz.so"
do_install:append() {
- # If no tools are installed due to PACKAGECONFIG then this directory is
- #still installed, so remove it to stop packaging wanings.
- rmdir --ignore-fail-on-non-empty ${D}${bindir}
+ # If no tools are installed due to PACKAGECONFIG then this directory might
+ # still be installed, so remove it to stop packaging warnings.
+ [ ! -d ${D}${bindir} ] || rmdir --ignore-fail-on-non-empty ${D}${bindir}
}
FILES:${PN}-icu = "${libdir}/libharfbuzz-icu.so.*"
diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
similarity index 96%
rename from poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb
rename to poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
index 1708fa9..e086830 100644
--- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb
+++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
@@ -14,7 +14,7 @@
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
"
-SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b"
+SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf"
UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/"
UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch b/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch
deleted file mode 100644
index 971a3f5..0000000
--- a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 7211120d1e2f059d900f3379b9790484dbcf7761 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <Martin.Jansa@gmail.com>
-Date: Fri, 25 Oct 2019 11:09:34 +0000
-Subject: [PATCH] dispatch_common.h: define also EGL_NO_X11
-
-MESA_EGL_NO_X11_HEADERS was renamed to EGL_NO_X11 in:
-https://github.com/mesa3d/mesa/commit/6202a13b71e18dc31ba7e2f4ea915b67eacc1ddb
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-Upstream-Status: Pending
-
----
- src/dispatch_common.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/dispatch_common.h b/src/dispatch_common.h
-index a136943..448c9b1 100644
---- a/src/dispatch_common.h
-+++ b/src/dispatch_common.h
-@@ -55,6 +55,7 @@
- * as EGL_NO_X11
- */
- # define MESA_EGL_NO_X11_HEADERS 1
-+# define EGL_NO_X11 1
- # endif
- #include "epoxy/egl.h"
- #endif
diff --git a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
similarity index 76%
rename from poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
rename to poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
index 1210f73..384afa6 100644
--- a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
+++ b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
@@ -9,11 +9,9 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
-SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \
- file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \
- "
-SRC_URI[sha256sum] = "d168a19a6edfdd9977fef1308ccf516079856a4275cf876de688fb7927e365e4"
-GITHUB_BASE_URI = "https://github.com/anholt/libepoxy/releases"
+SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https"
+SRCREV = "c84bc9459357a40e46e2fec0408d04fbdde2c973"
+S = "${WORKDIR}/git"
inherit meson pkgconfig features_check github-releases
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch
index 57bc522..f34b870 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch
@@ -1,4 +1,4 @@
-From 0234c546d86174fafe9ab280cf5f44de50b73676 Mon Sep 17 00:00:00 2001
+From 77093de6a12c24a60fc447698900d18d0a3943af Mon Sep 17 00:00:00 2001
From: Carlos Rafael Giani <crg7475@mailbox.org>
Date: Fri, 18 Mar 2022 12:06:23 +0100
Subject: [PATCH] Disable libunwind in native OE builds by not looking for
@@ -22,10 +22,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 644715a..bbf2e28 100644
+index 7617205..d9b1522 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -869,7 +869,7 @@ if(SDL_LIBC)
+@@ -952,7 +952,7 @@ if(SDL_LIBC)
check_include_file(sys/types.h HAVE_SYS_TYPES_H)
foreach(_HEADER
stdio.h stdlib.h stddef.h stdarg.h malloc.h memory.h string.h limits.h float.h
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb
similarity index 97%
rename from poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb
rename to poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb
index d5cbf73..ce5a8aa 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb
@@ -27,7 +27,7 @@
S = "${WORKDIR}/SDL2-${PV}"
-SRC_URI[sha256sum] = "91e4c34b1768f92d399b078e171448c6af18cafda743987ed2064a28954d6d97"
+SRC_URI[sha256sum] = "b35ef0a802b09d90ed3add0dcac0e95820804202914f5bb7b0feb710f1a1329f"
inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even
diff --git a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
index 6e9b95e..12f41d7 100644
--- a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
+++ b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
@@ -30,7 +30,7 @@
PACKAGECONFIG[gles2] = "-Dgles2=enabled,-Dgles2=disabled,virtual/libgles2"
PACKAGECONFIG[glut] = "-Dwith-glut=${STAGING_EXECPREFIXDIR},,freeglut"
PACKAGECONFIG[osmesa] = "-Dosmesa=enabled,-Dosmesa=disabled,"
-PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native"
+PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native wayland-protocols"
PACKAGECONFIG[x11] = "-Dx11=enabled,-Dx11=disabled,virtual/libx11 libglu"
do_install:append() {
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb
deleted file mode 100644
index f2bc8f6..0000000
--- a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require mesa.inc
-
-SUMMARY += " (OpenGL only, no EGL/GLES)"
-
-PROVIDES = "virtual/libgl virtual/mesa"
-
-S = "${WORKDIR}/mesa-${PV}"
-
-# At least one DRI rendering engine is required to build mesa.
-# When no X11 is available, use osmesa for the rendering engine.
-PACKAGECONFIG ??= "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}"
-PACKAGECONFIG:class-target = "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}"
-
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb
new file mode 100644
index 0000000..c7c7aa7
--- /dev/null
+++ b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb
@@ -0,0 +1,13 @@
+require mesa.inc
+
+SUMMARY += " (OpenGL only, no EGL/GLES)"
+
+PROVIDES = "virtual/libgl virtual/mesa"
+
+S = "${WORKDIR}/mesa-${PV}"
+
+# At least one DRI rendering engine is required to build mesa.
+# When no X11 is available, use osmesa for the rendering engine.
+PACKAGECONFIG ??= "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}"
+PACKAGECONFIG:class-target = "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}"
+
diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc
index 8a74e0a..f9007f3 100644
--- a/poky/meta/recipes-graphics/mesa/mesa.inc
+++ b/poky/meta/recipes-graphics/mesa/mesa.inc
@@ -19,10 +19,12 @@
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \
file://0001-util-format-Check-for-NEON-before-using-it.patch \
- file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch \
"
-SRC_URI[sha256sum] = "b1f9c8fd08f2cae3adf83355bef4d2398e8025f44947332880f2d0066bdafa8c"
+# required by mesa-native on Ubuntu 18.04 with gcc 7.5 when DEBUG_BUILD enabled
+SRC_URI:append:class-native = " file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch"
+
+SRC_URI[sha256sum] = "ee7d026f7b1991dbae0861d359b671145c3a86f2a731353b885d2ea2d5c098d6"
UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"
@@ -52,17 +54,7 @@
PLATFORMS ??= "${@bb.utils.filter('PACKAGECONFIG', 'x11 wayland', d)}"
-# By placing llvm-config in the target sysroot bindir, it will then map values
-# to the target libdir magically. We can safely add to path as there are no other binaries
-# there.
-PATH:prepend = "${STAGING_BINDIR_CROSS}:${STAGING_BINDIR}:"
MESA_LLVM_RELEASE ?= "${LLVMVERSION}"
-do_configure:prepend () {
- if [ -e ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ]; then
- cp ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ${STAGING_BINDIR}
- cp ${STAGING_BINDIR_NATIVE}/llvm-config ${STAGING_BINDIR}
- fi
-}
# set the MESA_BUILD_TYPE to either 'release' (default) or 'debug'
# by default the upstream mesa sources build a debug release
@@ -179,6 +171,8 @@
PACKAGECONFIG[osmesa] = "-Dosmesa=true,-Dosmesa=false"
+PACKAGECONFIG[perfetto] = "-Dperfetto=true,-Dperfetto=false,libperfetto"
+
PACKAGECONFIG[unwind] = "-Dlibunwind=enabled,-Dlibunwind=disabled,libunwind"
PACKAGECONFIG[lmsensors] = "-Dlmsensors=enabled,-Dlmsensors=disabled,lmsensors"
diff --git a/poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb
similarity index 100%
rename from poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb
rename to poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb
diff --git a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb
similarity index 89%
rename from poky/meta/recipes-graphics/pango/pango_1.50.9.bb
rename to poky/meta/recipes-graphics/pango/pango_1.50.13.bb
index 03e2ca6..e673366 100644
--- a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb
+++ b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb
@@ -21,10 +21,10 @@
GIR_MESON_DISABLE_FLAG = "disabled"
SRC_URI += "file://run-ptest \
- file://0001-Skip-running-test-layout-test.patch \
-"
+ file://0001-Skip-running-test-layout-test.patch \
+ "
-SRC_URI[archive.sha256sum] = "1b636aabf905130d806372136f5e137b6a27f26d47defd9240bf444f6a4fe610"
+SRC_URI[archive.sha256sum] = "5cdcf6d761d26a3eb9412b6cb069b32bd1d9b07abf116321167d94c2189299fd"
DEPENDS = "glib-2.0 glib-2.0-native fontconfig freetype virtual/libiconv cairo harfbuzz fribidi"
@@ -38,7 +38,7 @@
GIR_MESON_OPTION = 'introspection'
do_configure:prepend() {
- chmod +x ${S}/tests/*.py
+ chmod +x ${S}/tests/*.py
}
LEAD_SONAME = "libpango-1.0*"
diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb
index f758208..4a4e44f 100644
--- a/poky/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb
@@ -39,7 +39,7 @@
PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 glx', '', d)}"
PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut,"
PACKAGECONFIG[glx] = "-DPIGLIT_BUILD_GLX_TESTS=ON,-DPIGLIT_BUILD_GLX_TESTS=OFF"
-PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,opencl-icd-loader"
+PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,virtual/opencl-icd"
PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}"
PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader"
diff --git a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb
index 94500a9..ce47206 100644
--- a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb
+++ b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d"
SRCREV = "b2a156e1c0434bc8c99aaebba1c7be98be7ac580"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master"
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=main"
PE = "1"
UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb
index fc1074d..c6fba38 100644
--- a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb
+++ b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "c94501352d545e84c821ce031399e76d1af32d18"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=main;protocol=https \
file://0001-Remove-default-copy-constructor-in-header.-4879.patch \
"
PE = "1"
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
index 332411b..d5d285c 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a"
-SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \
+SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=main;protocol=https;lfs=0 \
file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \
file://debugfix.patch \
file://0001-Qualify-move-as-std-move.patch;patchdir=third_party/spirv-cross \
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
new file mode 100644
index 0000000..722116c
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2022-3554
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Tue, 4 Oct 2022 18:26:17 -0400
+Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback
+
+Analysis:
+
+ _XimRegisterIMInstantiateCallback() opens an XIM and closes it using
+ the internal function pointers, but the internal close function does
+ not free the pointer to the XIM (this would be done in XCloseIM()).
+
+Report/patch:
+
+ Date: Mon, 03 Oct 2022 18:47:32 +0800
+ From: Po Lu <luangruo@yahoo.com>
+ To: xorg-devel@lists.x.org
+ Subject: Re: Yet another leak in Xlib
+
+ For reference, here's how I'm calling XRegisterIMInstantiateCallback:
+
+ XSetLocaleModifiers ("");
+ XRegisterIMInstantiateCallback (compositor.display,
+ XrmGetDatabase (compositor.display),
+ (char *) compositor.resource_name,
+ (char *) compositor.app_name,
+ IMInstantiateCallback, NULL);
+
+ and XMODIFIERS is:
+
+ @im=ibus
+
+Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
+---
+ modules/im/ximcp/imInsClbk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
+index 95b379cb..c10e347f 100644
+--- a/modules/im/ximcp/imInsClbk.c
++++ b/modules/im/ximcp/imInsClbk.c
+@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback(
+ if( xim ) {
+ lock = True;
+ xim->methods->close( (XIM)xim );
++ /* XIMs must be freed manually after being opened; close just
++ does the protocol to deinitialize the IM. */
++ XFree( xim );
+ lock = False;
+ icb->call = True;
+ callback( display, client_data, NULL );
+--
+2.34.1
+
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
index 1dcc3ab..9ff196c 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
@@ -15,6 +15,7 @@
SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.xz"
SRC_URI += "file://disable_tests.patch \
+ file://0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch \
"
SRC_URI[sha256sum] = "1bc41aa1bbe01401f330d76dfa19f386b79c51881c7bbfee9eb4e27f22f2d9f7"
diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
new file mode 100644
index 0000000..d226766
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
@@ -0,0 +1,33 @@
+CVE: CVE-2022-44638
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Wed, 2 Nov 2022 12:07:32 -0400
+Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
+
+Thanks to Maddie Stone and Google's Project Zero for discovering this
+issue, providing a proof-of-concept, and a great analysis.
+
+Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
+---
+ pixman/pixman-trap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
+index 91766fd..7560405 100644
+--- a/pixman/pixman-trap.c
++++ b/pixman/pixman-trap.c
+@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
+
+ if (f < Y_FRAC_FIRST (n))
+ {
+- if (pixman_fixed_to_int (i) == 0x8000)
++ if (pixman_fixed_to_int (i) == 0xffff8000)
+ {
+ f = 0; /* saturate */
+ }
+--
+GitLab
+
diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
index ccfe277..c56733e 100644
--- a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
@@ -9,6 +9,7 @@
SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \
file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \
+ file://CVE-2022-44638.patch \
"
SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4"
SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc"
diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch
new file mode 100644
index 0000000..4209139
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch
@@ -0,0 +1,32 @@
+From fc28149b6b198042c8d29e0931415adad7ed3231 Mon Sep 17 00:00:00 2001
+From: Wang Mingyu <wangmy@fujitsu.com>
+Date: Thu, 16 Mar 2023 08:03:47 +0000
+Subject: [PATCH] Fix install conflict when enable multilib.
+
+Automake defines pythondir in terms of libdir (rather than hardcode 'lib' or query it from python as automake upstream does)
+https://git.yoctoproject.org/poky/tree/meta/recipes-devtools/automake/automake/0001-automake-Update-for-python.m4-to-respect-libdir.patch
+
+So libdir needs to be defined when pythondir is defined.
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 8b57a83..580f5bc 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = src xcbgen
+
+-pkgconfigdir = $(datarootdir)/pkgconfig
++pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = xcb-proto.pc
+
+ EXTRA_DIST=doc xcb-proto.pc.in autogen.sh README.md
+--
+2.34.1
+
diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
index 4e4472a..e60e795 100644
--- a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
+++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
@@ -13,6 +13,7 @@
SRC_URI = "https://xorg.freedesktop.org/archive/individual/proto/${BP}.tar.xz \
file://0001-xcb-proto.pc.in-reinstate-libdir.patch \
+ file://0001-Fix-install-conflict-when-enable-multilib.patch \
"
SRC_URI[sha256sum] = "7072beb1f680a2fe3f9e535b797c146d22528990c72f63ddb49d2f350a3653ed"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 057a1ba..ecb164d 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -28,6 +28,8 @@
# impossible or difficult to exploit. There is currently no upstream patch
# available for this flaw.
CVE_CHECK_IGNORE += "CVE-2020-25697"
+# This is specific to XQuartz, which is the macOS X server port
+CVE_CHECK_IGNORE += "CVE-2022-3553"
S = "${WORKDIR}/${XORG_PN}-${PV}"
@@ -80,9 +82,9 @@
SUMMARY:xf86-video-modesetting = "X.Org X server -- modesetting display driver"
INSANE_SKIP:${MLPREFIX}xf86-video-modesetting = "xorg-driver-abi"
-XSERVER_RRECOMMENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput"
-RRECOMMENDS:${PN} += "${XSERVER_RRECOMMENDS}"
-RRECOMMENDS:${PN}-xwayland += "${XSERVER_RRECOMMENDS}"
+XSERVER_RDEPENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput"
+RDEPENDS:${PN} += "${XSERVER_RDEPENDS}"
+RDEPENDS:${PN}-xwayland += "${XSERVER_RDEPENDS}"
RDEPENDS:${PN}-xvfb += "xkeyboard-config"
RDEPENDS:${PN}-module-exa = "${PN} (= ${EXTENDPKGV})"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
new file mode 100644
index 0000000..fc426da
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
@@ -0,0 +1,46 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+
+CVE: CVE-2023-1393
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ composite/compwindow.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86..b30da589e 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+ ret = (*pScreen->DestroyWindow) (pWin);
+ cs->DestroyWindow = pScreen->DestroyWindow;
+ pScreen->DestroyWindow = compDestroyWindow;
++
++ /* Did we just destroy the overlay window? */
++ if (pWin == cs->pOverlayWin)
++ cs->pOverlayWin = NULL;
++
+ /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+ return ret;
+ }
+--
+2.34.1
+
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
similarity index 79%
rename from poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
rename to poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
index b9cbc99..f0771cc 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
@@ -1,9 +1,10 @@
require xserver-xorg.inc
SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
- file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+ file://0001-composite-Fix-use-after-free-of-the-COW.patch \
"
-SRC_URI[sha256sum] = "5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587"
+SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.
diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
similarity index 92%
rename from poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
rename to poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
index da1b275..6919ba4 100644
--- a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
+++ b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
@@ -10,7 +10,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5"
+SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
@@ -23,7 +23,7 @@
PACKAGECONFIG ??= "${XORG_CRYPTO} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \
"
-PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false"
+PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence"
PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl virtual/libx11"
PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,libegl"
PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index dea7b65..12f1cf5 100644
--- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -11,7 +11,7 @@
DEPENDS = "git-native"
-SRCREV = "ba600ef61a85966596126a6e8d936971905e8749"
+SRCREV = "2d01f24bc78256c709728eb3f204491bce13e0e5"
PV = "0.3+git${SRCPV}"
inherit native
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
similarity index 94%
rename from poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
rename to poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
index 45c9d0e..bf5d4f5 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
@@ -45,6 +45,7 @@
& Firmware-phanfw \
& Firmware-qat \
& Firmware-qcom \
+ & Firmware-qcom-yamato \
& Firmware-qla1280 \
& Firmware-qla2xxx \
& Firmware-qualcommAthos_ar3k \
@@ -70,8 +71,8 @@
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \
- file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
+ file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
+ file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
@@ -109,6 +110,7 @@
file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
+ file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
@@ -132,7 +134,7 @@
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20"
+WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -177,6 +179,7 @@
NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw"
NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware"
NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom"
+NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato"
NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280"
NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx"
NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k"
@@ -209,7 +212,7 @@
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9"
+SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a"
inherit allarch
@@ -228,6 +231,7 @@
PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-mt7601u-license ${PN}-mt7601u \
${PN}-radeon-license ${PN}-radeon \
+ ${PN}-amdgpu-license ${PN}-amdgpu \
${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \
${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
@@ -235,6 +239,7 @@
${PN}-vt6656-license ${PN}-vt6656 \
${PN}-rs9113 ${PN}-rs9116 \
${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
+ ${PN}-rtl8761 \
${PN}-rtl8168 \
${PN}-cypress-license \
${PN}-broadcom-license \
@@ -305,7 +310,7 @@
${PN}-nvidia-gpu \
${PN}-netronome-license ${PN}-netronome \
${PN}-qat ${PN}-qat-license \
- ${PN}-qcom-license \
+ ${PN}-qcom-license ${PN}-qcom-yamato-license \
${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
@@ -428,6 +433,17 @@
RDEPENDS:${PN}-radeon += "${PN}-radeon-license"
+# For amdgpu
+LICENSE:${PN}-amdgpu = "Firmware-amdgpu"
+LICENSE:${PN}-amdgpu-license = "Firmware-amdgpu"
+
+FILES:${PN}-amdgpu-license = "${nonarch_base_libdir}/firmware/LICENSE.amdgpu"
+FILES:${PN}-amdgpu = " \
+ ${nonarch_base_libdir}/firmware/amdgpu \
+"
+
+RDEPENDS:${PN}-amdgpu += "${PN}-amdgpu-license"
+
# For lontium
LICENSE:${PN}-lt9611uxc = "Firmware-Lontium"
@@ -563,6 +579,7 @@
LICENSE:${PN}-rtl8192ce = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
+LICENSE:${PN}-rtl8761 = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl-license = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8168 = "WHENCE"
@@ -588,6 +605,9 @@
FILES:${PN}-rtl8821 = " \
${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
"
+FILES:${PN}-rtl8761 = " \
+ ${nonarch_base_libdir}/firmware/rtl_bt/rtl8761*.bin \
+"
FILES:${PN}-rtl8168 = " \
${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
"
@@ -598,6 +618,7 @@
RDEPENDS:${PN}-rtl8192su = "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8723 += "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license"
# For ti-connectivity
@@ -965,17 +986,44 @@
# For QCOM VPU/GPU and SDM845
LICENSE:${PN}-qcom-license = "Firmware-qcom"
+LICENSE:${PN}-qcom-yamato-license = "Firmware-qcom-yamato"
+LICENSE:${PN}-qcom-venus-1.8 = "Firmware-qcom"
+LICENSE:${PN}-qcom-venus-4.2 = "Firmware-qcom"
+LICENSE:${PN}-qcom-venus-5.2 = "Firmware-qcom"
+LICENSE:${PN}-qcom-venus-5.4 = "Firmware-qcom"
+LICENSE:${PN}-qcom-vpu-1.0 = "Firmware-qcom"
+LICENSE:${PN}-qcom-vpu-2.0 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato"
+LICENSE:${PN}-qcom-adreno-a3xx = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a4xx = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a530 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a630 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a650 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a660 = "Firmware-qcom"
+LICENSE:${PN}-qcom-apq8096-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-apq8096-modem = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom"
+LICENSE:${PN}-qcom-sdm845-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-sdm845-compute = "Firmware-qcom"
+LICENSE:${PN}-qcom-sdm845-modem = "Firmware-qcom"
+LICENSE:${PN}-qcom-sm8250-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-sm8250-compute = "Firmware-qcom"
+
FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
+FILES:${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato"
FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
-FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw"
+FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw"
FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
-FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
+FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/a530*.*"
FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
@@ -991,13 +1039,14 @@
FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*"
FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*"
+
RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
-RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
+RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license"
RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
@@ -1103,3 +1152,6 @@
# Don't warn about already stripped files
INSANE_SKIP:${PN} = "already-stripped"
+
+# No need to put firmware into the sysroot
+SYSROOT_DIRS_IGNORE += "${nonarch_base_libdir}/firmware"
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
new file mode 100644
index 0000000..53d5379
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -0,0 +1,90 @@
+# CVE exclusions specific to version 5.15 of the kernel.
+
+# 2021
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
+# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
+# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
+# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_IGNORE += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
+# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
+# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
+# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
+# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
+# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
+CVE_CHECK_IGNORE += "CVE-2022-3534"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_IGNORE += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
+# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
+# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
+# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
+CVE_CHECK_IGNORE += "CVE-2022-3619"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
+# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
+# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
+# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
+# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
+# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
+# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
+# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
+# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
+CVE_CHECK_IGNORE += "CVE-2022-3640"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
+# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_IGNORE += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+CVE_CHECK_IGNORE += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
+# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
+# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
+# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
+CVE_CHECK_IGNORE += "CVE-2022-42896"
+
+
+# 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
+# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
+# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
+CVE_CHECK_IGNORE += "CVE-2023-0266"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_IGNORE += "CVE-2023-0394"
+
+
diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
index 46d706b..17ae744 100644
--- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -308,6 +308,13 @@
# external modules can be built
touch -r $kerneldir/build/Makefile $kerneldir/build/include/generated/uapi/linux/version.h
+ # This fixes a warning that the compilers don't match when building a module
+ # Change: CONFIG_CC_VERSION_TEXT="x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0"
+ # #define CONFIG_CC_VERSION_TEXT "x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0"
+ sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' "$kerneldir/build/.config"
+ sed -i 's/#define CONFIG_CC_VERSION_TEXT ".*\(gcc.*\)"/#define CONFIG_CC_VERSION_TEXT "\1"/' $kerneldir/build/include/generated/autoconf.h
+ sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' $kerneldir/build/include/config/auto.conf
+
# make sure these are at least as old as the .config, or rebuilds will trigger
touch -r $kerneldir/build/.config $kerneldir/build/include/generated/autoconf.h 2>/dev/null || :
touch -r $kerneldir/build/.config $kerneldir/build/include/config/auto.conf* 2>/dev/null || :
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
index b1b57be..f01931d 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -10,8 +10,6 @@
inherit kernel
require recipes-kernel/linux/linux-yocto.inc
-# for ncurses tests
-inherit pkgconfig
# provide this .inc to set specific revisions
include recipes-kernel/linux/linux-yocto-dev-revisions.inc
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 6f8648e0..2117e1f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -2,6 +2,9 @@
require recipes-kernel/linux/linux-yocto.inc
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_5.15.inc
+
# Skip processing of this recipe if it is not explicitly specified as the
# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
# to build multiple virtual/kernel providers, e.g. as dependency of
@@ -11,13 +14,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "dba1b7d90813231782bdeda1bd169c93b35c94e0"
-SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99"
+SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.68"
+LINUX_VERSION ?= "5.15.108"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb
index b3e9fba..f4d205e 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "bc8af638c00f28a46e77e34056079087638f6e65"
-SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455"
+SRCREV_machine ?= "3101c367eab8952721086b545ad37c301b2a7452"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.19.9"
+LINUX_VERSION ?= "5.19.17"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 4f2bb48..277a6a6 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,10 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.68"
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_5.15.inc
+
+LINUX_VERSION ?= "5.15.108"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +17,8 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "33e7eea5c4545a973cf01a849c2b45fa0cd1fa13"
-SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99"
+SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb
index 466b706..95a8a46 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb
@@ -5,7 +5,7 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.19.9"
+LINUX_VERSION ?= "5.19.17"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455"
+SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc
index 091003e..9bca0e7 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc
@@ -47,7 +47,6 @@
# Pick up shared functions
inherit kernel
inherit kernel-yocto
-inherit pkgconfig
B = "${WORKDIR}/linux-${PACKAGE_ARCH}-${LINUX_KERNEL_TYPE}-build"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 2f91fb7..b58ca03 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -2,6 +2,9 @@
require recipes-kernel/linux/linux-yocto.inc
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_5.15.inc
+
# board specific branches
KBRANCH:qemuarm ?= "v5.15/standard/arm-versatile-926ejs"
KBRANCH:qemuarm64 ?= "v5.15/standard/qemuarm64"
@@ -13,24 +16,24 @@
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "efe28b4b16d4a1a19f59b4650a0bfb23ffc8c40e"
-SRCREV_machine:qemuarm64 ?= "66986670c45f63d2ed2078e07aa817ede88025ad"
-SRCREV_machine:qemumips ?= "aeeb80fd7f684aca830adb7daf32cfd80637cf3a"
-SRCREV_machine:qemuppc ?= "5c6387a562af89ec92546c1374a120ac240f14e6"
-SRCREV_machine:qemuriscv64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemuriscv32 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemux86 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemux86-64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemumips64 ?= "20ec37851f4ee9965120937dcf2567f15e72e07a"
-SRCREV_machine ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99"
+SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010"
+SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5"
+SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf"
+SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558"
+SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5"
+SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "dd20085f2a88b6cdb12bdcdbd2d7a761c86b184a"
+SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +41,7 @@
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.68"
+LINUX_VERSION ?= "5.15.108"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb
index f882972..5baa0c1 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb
@@ -13,24 +13,24 @@
KBRANCH:qemux86-64 ?= "v5.19/standard/base"
KBRANCH:qemumips64 ?= "v5.19/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "446661f6a3b07535304497c1a51d9cab95f48f0b"
-SRCREV_machine:qemuarm64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemumips ?= "98da147618fca3da29cf1c6ab9c53f24de2c587c"
-SRCREV_machine:qemuppc ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemuriscv64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemuriscv32 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemux86 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemux86-64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemumips64 ?= "53842054198d851b5deb5810afaf126156efbb54"
-SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455"
+SRCREV_machine:qemuarm ?= "f30404d233fc4cc461a0800fd635f4e9650a20a5"
+SRCREV_machine:qemuarm64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemumips ?= "ceaf2134635845794c24b750f15004096a597256"
+SRCREV_machine:qemuppc ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemuriscv64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemuriscv32 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemux86 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemux86-64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemumips64 ?= "acf9ebb1e7d1ceb61a89ec33ca4cc3613287630b"
+SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "d1105a680e66b0482bd18048534c58ecabb5c284"
+SRCREV_machine:class-devupstream ?= "2b525314c7b57eac29fe8b77a6589428e4a4f6dd"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.19/base"
@@ -38,7 +38,7 @@
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.19.9"
+LINUX_VERSION ?= "5.19.17"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
similarity index 98%
rename from poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
rename to poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index 19601e7..8e2fe41 100644
--- a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
+++ b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -10,7 +10,7 @@
SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \
file://run-ptest \
"
-SRCREV = "054a54ae10b01a271afc4f19496c041b10fb414c"
+SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>1(\.\d+)+)$"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
deleted file mode 100644
index 21e27ff..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 8e42c4821fb5f5cb816b6ddf73d9a13ba3298a63 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 10 Aug 2022 11:07:14 -0400
-Subject: [PATCH] fix: tie compaction probe build to CONFIG_COMPACTION
-
-The definition of 'struct compact_control' in 'mm/internal.h' depends on
-CONFIG_COMPACTION being defined. Only build the compaction probe when
-this configuration option is enabled.
-
-Thanks to Bruce Ashfield <bruce.ashfield@gmail.com> for reporting this
-issue.
-
-Upstream-Status: Backport [https://review.lttng.org/c/lttng-modules/+/8660]
-
-Change-Id: I81e77aa9c1bf10452c152d432fe5224df0db42c9
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
----
- src/probes/Kbuild | 34 ++++++++++++++++++----------------
- 1 file changed, 18 insertions(+), 16 deletions(-)
-
-diff --git a/src/probes/Kbuild b/src/probes/Kbuild
-index 2908cf75..3e556b8e 100644
---- a/src/probes/Kbuild
-+++ b/src/probes/Kbuild
-@@ -167,22 +167,24 @@ ifneq ($(CONFIG_BTRFS_FS),)
- endif # $(wildcard $(btrfs_dep))
- endif # CONFIG_BTRFS_FS
-
--# A dependency on internal header 'mm/internal.h' was introduced in v5.18
--compaction_dep = $(srctree)/mm/internal.h
--compaction_dep_wildcard = $(wildcard $(compaction_dep))
--compaction_dep_check = $(shell \
--if [ \( $(VERSION) -ge 6 \
-- -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \
-- -z "$(compaction_dep_wildcard)" ] ; then \
-- echo "warn" ; \
--else \
-- echo "ok" ; \
--fi ;)
--ifeq ($(compaction_dep_check),ok)
-- obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o
--else
-- $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.)
--endif # $(wildcard $(compaction_dep))
-+ifneq ($(CONFIG_COMPACTION),)
-+ # A dependency on internal header 'mm/internal.h' was introduced in v5.18
-+ compaction_dep = $(srctree)/mm/internal.h
-+ compaction_dep_wildcard = $(wildcard $(compaction_dep))
-+ compaction_dep_check = $(shell \
-+ if [ \( $(VERSION) -ge 6 \
-+ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \
-+ -z "$(compaction_dep_wildcard)" ] ; then \
-+ echo "warn" ; \
-+ else \
-+ echo "ok" ; \
-+ fi ;)
-+ ifeq ($(compaction_dep_check),ok)
-+ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o
-+ else
-+ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.)
-+ endif # $(wildcard $(compaction_dep))
-+endif # CONFIG_COMPACTION
-
- ifneq ($(CONFIG_EXT4_FS),)
- ext4_dep = $(srctree)/fs/ext4/*.h
---
-2.34.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
deleted file mode 100644
index 6237680..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 8d5da4d2a3d7d9173208f4e8dc7a709f0bfc9820 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 8 Jun 2022 12:56:36 -0400
-Subject: [PATCH 1/3] fix: mm/page_alloc: fix tracepoint
- mm_page_alloc_zone_locked() (v5.19)
-
-See upstream commit :
-
- commit 10e0f7530205799e7e971aba699a7cb3a47456de
- Author: Wonhyuk Yang <vvghjk1234@gmail.com>
- Date: Thu May 19 14:08:54 2022 -0700
-
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
-
- Currently, trace point mm_page_alloc_zone_locked() doesn't show correct
- information.
-
- First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated
- from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use
- requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA.
-
- Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages
- to be stored on the per-cpu lists") percpu-list can store high order
- pages. But trace point determine whether it is a refiil of percpu-list by
- comparing requested order and 0.
-
- To handle these problems, make mm_page_alloc_zone_locked() only be called
- by __rmqueue_smallest with correct migration type. With a new argument
- called percpu_refill, it can show roughly whether it is a refill of
- percpu-list.
-
-Upstream-Status: Backport
-
-Change-Id: I2e4a57393757f12b9c5a4566c4d1102ee2474a09
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/instrumentation/events/kmem.h | 45 +++++++++++++++++++++++++++
- 1 file changed, 45 insertions(+)
-
-diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h
-index 29c0fb7f..8c19e962 100644
---- a/include/instrumentation/events/kmem.h
-+++ b/include/instrumentation/events/kmem.h
-@@ -218,6 +218,50 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc,
- )
- )
-
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0))
-+LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page,
-+
-+ TP_PROTO(struct page *page, unsigned int order, int migratetype,
-+ int percpu_refill),
-+
-+ TP_ARGS(page, order, migratetype, percpu_refill),
-+
-+ TP_FIELDS(
-+ ctf_integer_hex(struct page *, page, page)
-+ ctf_integer(unsigned long, pfn,
-+ page ? page_to_pfn(page) : -1UL)
-+ ctf_integer(unsigned int, order, order)
-+ ctf_integer(int, migratetype, migratetype)
-+ ctf_integer(int, percpu_refill, percpu_refill)
-+ )
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked,
-+
-+ kmem_mm_page_alloc_zone_locked,
-+
-+ TP_PROTO(struct page *page, unsigned int order, int migratetype,
-+ int percpu_refill),
-+
-+ TP_ARGS(page, order, migratetype, percpu_refill)
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_MAP(mm_page_pcpu_drain,
-+
-+ kmem_mm_page_pcpu_drain,
-+
-+ TP_PROTO(struct page *page, unsigned int order, int migratetype),
-+
-+ TP_ARGS(page, order, migratetype),
-+
-+ TP_FIELDS(
-+ ctf_integer(unsigned long, pfn,
-+ page ? page_to_pfn(page) : -1UL)
-+ ctf_integer(unsigned int, order, order)
-+ ctf_integer(int, migratetype, migratetype)
-+ )
-+)
-+#else
- LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page,
-
- TP_PROTO(struct page *page, unsigned int order, int migratetype),
-@@ -250,6 +294,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_pcpu_drain,
-
- TP_ARGS(page, order, migratetype)
- )
-+#endif
-
- #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,19,2) \
- || LTTNG_KERNEL_RANGE(3,14,36, 3,15,0) \
---
-2.19.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
deleted file mode 100644
index ca6abea..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From d8254360c7f2ff9b3f945e9668d89c0b56b9bd91 Mon Sep 17 00:00:00 2001
-From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
-Date: Fri, 29 Jul 2022 15:37:43 -0400
-Subject: [PATCH] fix: net: skb: introduce kfree_skb_reason() (v5.15.58..v5.16)
-
-See upstream commit :
-
- commit c504e5c2f9648a1e5c2be01e8c3f59d394192bd3
- Author: Menglong Dong <imagedong@tencent.com>
- Date: Sun Jan 9 14:36:26 2022 +0800
-
- net: skb: introduce kfree_skb_reason()
-
- Introduce the interface kfree_skb_reason(), which is able to pass
- the reason why the skb is dropped to 'kfree_skb' tracepoint.
-
- Add the 'reason' field to 'trace_kfree_skb', therefor user can get
- more detail information about abnormal skb with 'drop_monitor' or
- eBPF.
-
- All drop reasons are defined in the enum 'skb_drop_reason', and
- they will be print as string in 'kfree_skb' tracepoint in format
- of 'reason: XXX'.
-
- ( Maybe the reasons should be defined in a uapi header file, so that
- user space can use them? )
-
-Upstream-Status: Backport
-
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
-Change-Id: Ib3c039207739dad10f097cf76474e0822e351273
----
- include/instrumentation/events/skb.h | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/include/instrumentation/events/skb.h b/include/instrumentation/events/skb.h
-index 237e54ad..186732ea 100644
---- a/include/instrumentation/events/skb.h
-+++ b/include/instrumentation/events/skb.h
-@@ -13,7 +13,9 @@
- /*
- * Tracepoint for free an sk_buff:
- */
--#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0))
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0) \
-+ || LTTNG_KERNEL_RANGE(5,15,58, 5,16,0))
-+
- LTTNG_TRACEPOINT_ENUM(skb_drop_reason,
- TP_ENUM_VALUES(
- ctf_enum_value("NOT_SPECIFIED", SKB_DROP_REASON_NOT_SPECIFIED)
---
-2.17.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
deleted file mode 100644
index 84c97d5..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From b5d1c38665cd69d7d1c94231fe0609da5c8afbc3 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 8 Jun 2022 13:07:59 -0400
-Subject: [PATCH 2/3] fix: fs: Remove flags parameter from aops->write_begin
- (v5.19)
-
-See upstream commit :
-
- commit 9d6b0cd7579844761ed68926eb3073bab1dca87b
- Author: Matthew Wilcox (Oracle) <willy@infradead.org>
- Date: Tue Feb 22 14:31:43 2022 -0500
-
- fs: Remove flags parameter from aops->write_begin
-
- There are no more aop flags left, so remove the parameter.
-
-Upstream-Status: Backport
-
-Change-Id: I82725b93e13d749f52a631b2ac60df81a5e839f8
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/instrumentation/events/ext4.h | 30 +++++++++++++++++++++++++++
- 1 file changed, 30 insertions(+)
-
-diff --git a/include/instrumentation/events/ext4.h b/include/instrumentation/events/ext4.h
-index 513762c0..222416ec 100644
---- a/include/instrumentation/events/ext4.h
-+++ b/include/instrumentation/events/ext4.h
-@@ -122,6 +122,35 @@ LTTNG_TRACEPOINT_EVENT(ext4_begin_ordered_truncate,
- )
- )
-
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0))
-+LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin,
-+
-+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len),
-+
-+ TP_ARGS(inode, pos, len),
-+
-+ TP_FIELDS(
-+ ctf_integer(dev_t, dev, inode->i_sb->s_dev)
-+ ctf_integer(ino_t, ino, inode->i_ino)
-+ ctf_integer(loff_t, pos, pos)
-+ ctf_integer(unsigned int, len, len)
-+ )
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_write_begin,
-+
-+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len),
-+
-+ TP_ARGS(inode, pos, len)
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin,
-+
-+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len),
-+
-+ TP_ARGS(inode, pos, len)
-+)
-+#else
- LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin,
-
- TP_PROTO(struct inode *inode, loff_t pos, unsigned int len,
-@@ -153,6 +182,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin,
-
- TP_ARGS(inode, pos, len, flags)
- )
-+#endif
-
- LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_end,
- TP_PROTO(struct inode *inode, loff_t pos, unsigned int len,
---
-2.19.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
deleted file mode 100644
index 63f9c40..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 526f13c844cd29f89bd3e924867d9ddfe3c40ade Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 15 Jun 2022 12:07:16 -0400
-Subject: [PATCH 3/3] fix: workqueue: Fix type of cpu in trace event (v5.19)
-
-See upstream commit :
-
- commit 873a400938b31a1e443c4d94b560b78300787540
- Author: Wonhyuk Yang <vvghjk1234@gmail.com>
- Date: Wed May 4 11:32:03 2022 +0900
-
- workqueue: Fix type of cpu in trace event
-
- The trace event "workqueue_queue_work" use unsigned int type for
- req_cpu, cpu. This casue confusing cpu number like below log.
-
- $ cat /sys/kernel/debug/tracing/trace
- cat-317 [001] ...: workqueue_queue_work: ... req_cpu=8192 cpu=4294967295
-
- So, change unsigned type to signed type in the trace event. After
- applying this patch, cpu number will be printed as -1 instead of
- 4294967295 as folllows.
-
- $ cat /sys/kernel/debug/tracing/trace
- cat-1338 [002] ...: workqueue_queue_work: ... req_cpu=8192 cpu=-1
-
-Upstream-Status: Backport
-
-Change-Id: I478083c350b6ec314d87e9159dc5b342b96daed7
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/instrumentation/events/workqueue.h | 49 ++++++++++++++++++++--
- 1 file changed, 46 insertions(+), 3 deletions(-)
-
-diff --git a/include/instrumentation/events/workqueue.h b/include/instrumentation/events/workqueue.h
-index 023b65a8..5693cf89 100644
---- a/include/instrumentation/events/workqueue.h
-+++ b/include/instrumentation/events/workqueue.h
-@@ -28,10 +28,35 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work,
- )
- )
-
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0))
- /**
- * workqueue_queue_work - called when a work gets queued
- * @req_cpu: the requested cpu
-- * @cwq: pointer to struct cpu_workqueue_struct
-+ * @pwq: pointer to struct pool_workqueue
-+ * @work: pointer to struct work_struct
-+ *
-+ * This event occurs when a work is queued immediately or once a
-+ * delayed work is actually queued on a workqueue (ie: once the delay
-+ * has been reached).
-+ */
-+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
-+
-+ TP_PROTO(int req_cpu, struct pool_workqueue *pwq,
-+ struct work_struct *work),
-+
-+ TP_ARGS(req_cpu, pwq, work),
-+
-+ TP_FIELDS(
-+ ctf_integer_hex(void *, work, work)
-+ ctf_integer_hex(void *, function, work->func)
-+ ctf_integer(int, req_cpu, req_cpu)
-+ )
-+)
-+#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0))
-+/**
-+ * workqueue_queue_work - called when a work gets queued
-+ * @req_cpu: the requested cpu
-+ * @pwq: pointer to struct pool_workqueue
- * @work: pointer to struct work_struct
- *
- * This event occurs when a work is queued immediately or once a
-@@ -40,17 +65,34 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work,
- */
- LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
-
--#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0))
- TP_PROTO(unsigned int req_cpu, struct pool_workqueue *pwq,
- struct work_struct *work),
-
- TP_ARGS(req_cpu, pwq, work),
-+
-+ TP_FIELDS(
-+ ctf_integer_hex(void *, work, work)
-+ ctf_integer_hex(void *, function, work->func)
-+ ctf_integer(unsigned int, req_cpu, req_cpu)
-+ )
-+)
- #else
-+/**
-+ * workqueue_queue_work - called when a work gets queued
-+ * @req_cpu: the requested cpu
-+ * @cwq: pointer to struct cpu_workqueue_struct
-+ * @work: pointer to struct work_struct
-+ *
-+ * This event occurs when a work is queued immediately or once a
-+ * delayed work is actually queued on a workqueue (ie: once the delay
-+ * has been reached).
-+ */
-+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
-+
- TP_PROTO(unsigned int req_cpu, struct cpu_workqueue_struct *cwq,
- struct work_struct *work),
-
- TP_ARGS(req_cpu, cwq, work),
--#endif
-
- TP_FIELDS(
- ctf_integer_hex(void *, work, work)
-@@ -58,6 +100,7 @@ LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
- ctf_integer(unsigned int, req_cpu, req_cpu)
- )
- )
-+#endif
-
- /**
- * workqueue_activate_work - called when a work gets activated
---
-2.19.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb
similarity index 76%
rename from poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb
rename to poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb
index f60ab3b..a08386b 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb
@@ -11,17 +11,12 @@
SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0009-Rename-genhd-wrapper-to-blkdev.patch \
- file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \
- file://0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch \
- file://0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch \
- file://0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch \
- file://0001-fix-compaction.patch \
"
# Use :append here so that the patch is applied also when using devupstream
SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch"
-SRC_URI[sha256sum] = "6159d00e4e1d59546eec8d4a67e1aa39c1084ceb5e5afeb666eab4b8a5b5a9ee"
+SRC_URI[sha256sum] = "bf808b113544287cfe837a6382887fa66354ef5cc8216460cebbef3d27dc3581"
export INSTALL_MOD_DIR="kernel/lttng-modules"
diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch b/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch
deleted file mode 100644
index b2ab880..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-This is a bit ugly. Specifing abs_builddir as an RPATH is plain wrong when
-cross compiling. Sadly, removing the rpath makes libtool/automake do
-weird things and breaks the build as shared libs are no longer generated.
-
-We already try and delete the RPATH at do_install with chrpath however
-that does leave the path in the string table so it doesn't help us
-with reproducibility.
-
-Instead, hack in a bogus but harmless path, then delete it later in
-our do_install. Ultimately we may want to pass a specific path to use
-to configure if we really do need to set an RPATH at all. It is unclear
-to me whether the tests need that or not.
-
-Fixes reproducibility issues for lttng-tools.
-
-Upstream-Status: Pending [needs discussion with upstream about the correct solution]
-RP 2021/3/1
-
-Index: lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am
-===================================================================
---- lttng-tools-2.12.2.orig/tests/regression/ust/ust-dl/Makefile.am
-+++ lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am
-@@ -27,16 +27,16 @@ noinst_LTLIBRARIES = libzzz.la libbar.la
-
- libzzz_la_SOURCES = libzzz.c libzzz.h
- libzzz_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
-
- libbar_la_SOURCES = libbar.c libbar.h
- libbar_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
- libbar_la_LIBADD = libzzz.la
-
- libfoo_la_SOURCES = libfoo.c libfoo.h
- libfoo_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
- libfoo_la_LIBADD = libbar.la
-
- CLEANFILES = libfoo.so libfoo.so.debug libbar.so libbar.so.debug \
-@@ -44,7 +44,7 @@ CLEANFILES = libfoo.so libfoo.so.debug l
-
- libtp_la_SOURCES = libbar-tp.h libbar-tp.c libfoo-tp.h libfoo-tp.c \
- libzzz-tp.h libzzz-tp.c
--libtp_la_LDFLAGS = -module -shared -rpath $(abs_builddir)
-+libtp_la_LDFLAGS = -module -shared -rpath /usr/lib
-
- # Extract debug symbols
- libfoo.so.debug: libfoo.la
-Index: lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-===================================================================
---- lttng-tools-2.12.2.orig/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-+++ lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-@@ -5,7 +5,7 @@ AM_CFLAGS += -O0
- noinst_LTLIBRARIES = libfoo.la
-
- libfoo_la_SOURCES = foo.c foo.h
--libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath $(abs_builddir)/.libs/
-+libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath /usr/lib
-
- noinst_PROGRAMS = userspace-probe-elf-binary
- userspace_probe_elf_binary_SOURCES = userspace-probe-elf-binary.c
diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
similarity index 98%
rename from poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb
rename to poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
index a814eb7..1f6929e 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
@@ -35,11 +35,10 @@
file://0001-tests-do-not-strip-a-helper-library.patch \
file://run-ptest \
file://lttng-sessiond.service \
- file://determinism.patch \
file://disable-tests.patch \
"
-SRC_URI[sha256sum] = "b1e959579b260790930b20f3c7aa7cefb8a40e0de80d4a777c2bf78c6b353dc1"
+SRC_URI[sha256sum] = "8d94dc95b608cf70216b01203a3f8242b97a232db2e23421a2f43708da08f337"
inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
similarity index 95%
rename from poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb
rename to poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
index 56200ac..916408b 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
@@ -34,7 +34,7 @@
file://0001-Makefile.am-update-rpath-link.patch \
"
-SRC_URI[sha256sum] = "698f82ec5dc56e981c0bb08c46ebabaf31c60e877c2e365b9fd6d3a9fff8b398"
+SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
CVE_PRODUCT = "ust"
diff --git a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
index 9afd671..38282e5 100644
--- a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
+++ b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
@@ -3,7 +3,7 @@
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
-inherit kernel-arch
+inherit kernel-arch linux-kernel-base
inherit pkgconfig
PACKAGE_ARCH = "${MACHINE_ARCH}"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 5b2f595..691268d 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -356,6 +356,16 @@
"
FILES:${PN}-perl = "${libexecdir}/perf-core/scripts/perl"
-
-INHIBIT_PACKAGE_DEBUG_SPLIT="1"
DEBUG_OPTIMIZATION:append = " -Wno-error=maybe-uninitialized"
+
+PACKAGESPLITFUNCS =+ "perf_fix_sources"
+
+perf_fix_sources () {
+ for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \
+ util/expr-flex.h util/expr-flex.c; do
+ f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f
+ if [ -e $f ]; then
+ sed -i -e 's#${S}/##g' $f
+ fi
+ done
+}
diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb
similarity index 94%
rename from poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
rename to poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb
index 357e79d..ce60154 100644
--- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
+++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84"
+SRC_URI[sha256sum] = "fe81e8a8694dc4753a45087a1c4c7e1b48dee5a59f5f796ce374ea550f0b2e73"
inherit bin_package allarch
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 0000000..2775a81
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,89 @@
+From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 12 Nov 2022 16:12:00 +0100
+Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
+
+Signed-off-by: <narpat.mali@windriver.com>
+
+---
+ libavcodec/rpzaenc.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
+index d710eb4f82..4ced9523e2 100644
+--- a/libavcodec/rpzaenc.c
++++ b/libavcodec/rpzaenc.c
+@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt
+
+ // loop thru and compare pixels
+ for (y = 0; y < bi->block_height; y++) {
+- for (x = 0; x < bi->block_width; x++){
++ for (x = 0; x < bi->block_width; x++) {
+ // TODO: optimize
+ min_r = FFMIN(R(block_ptr[x]), min_r);
+ min_g = FFMIN(G(block_ptr[x]), min_g);
+@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi,
+ return -1;
+
+ for (i = 0; i < bi->block_height; i++) {
+- for (j = 0; j < bi->block_width; j++){
++ for (j = 0; j < bi->block_width; j++) {
+ x = GET_CHAN(block_ptr[j], xchannel);
+ y = GET_CHAN(block_ptr[j], ychannel);
+ sumx += x;
+@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi
+ int max_err = 0;
+
+ for (i = 0; i < bi->block_height; i++) {
+- for (j = 0; j < bi->block_width; j++){
++ for (j = 0; j < bi->block_width; j++) {
+ int x_inc, lin_y, lin_x;
+ x = GET_CHAN(block_ptr[j], xchannel);
+ y = GET_CHAN(block_ptr[j], ychannel);
+@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels,
+ uint16_t *dest_pixels,
+ const BlockInfo *bi, int block_counter)
+ {
+- for (int y = 0; y < 4; y++) {
++ const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
++
++ for (int y = 0; y < y_size; y++) {
+ memcpy(dest_pixels, src_pixels, 8);
+ dest_pixels += bi->rowstride;
+ src_pixels += bi->rowstride;
+@@ -730,14 +732,15 @@ post_skip :
+
+ if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
+ uint16_t *row_ptr;
+- int rgb555;
++ int y_size, rgb555;
+
+ block_offset = get_block_info(&bi, block_counter);
+
+ row_ptr = &src_pixels[block_offset];
++ y_size = FFMIN(4, bi.image_height - bi.row * 4);
+
+- for (int y = 0; y < 4; y++) {
+- for (int x = 0; x < 4; x++){
++ for (int y = 0; y < y_size; y++) {
++ for (int x = 0; x < 4; x++) {
+ rgb555 = row_ptr[x] & ~0x8000;
+
+ put_bits(&s->pb, 16, rgb555);
+@@ -745,6 +748,11 @@ post_skip :
+ row_ptr += bi.rowstride;
+ }
+
++ for (int y = y_size; y < 4; y++) {
++ for (int x = 0; x < 4; x++)
++ put_bits(&s->pb, 16, 0);
++ }
++
+ block_counter++;
+ } else { // FOUR COLOR BLOCK
+ block_counter += encode_four_color_block(min_color, max_color,
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 0000000..923fc6a
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,108 @@
+From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 12 Nov 2022 15:19:21 +0100
+Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd]
+
+Signed-off-by: <narpat.mali@windriver.com>
+
+---
+ libavcodec/smcenc.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c
+index f3d26a4e8d..33549b8ab4 100644
+--- a/libavcodec/smcenc.c
++++ b/libavcodec/smcenc.c
+@@ -61,6 +61,7 @@ typedef struct SMCContext {
+ { \
+ row_ptr += stride * 4; \
+ pixel_ptr = row_ptr; \
++ cur_y += 4; \
+ } \
+ } \
+ }
+@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0];
+ uint8_t *distinct_values = s->distinct_values;
+ const uint8_t *pixel_ptr, *row_ptr;
++ const int height = frame->height;
+ const int width = frame->width;
+ uint8_t block_values[16];
+ int block_counter = 0;
+@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ int color_octet_index = 0;
+ int color_table_index; /* indexes to color pair, quad, or octet tables */
+ int total_blocks;
++ int cur_y = 0;
+
+ memset(s->color_pairs, 0, sizeof(s->color_pairs));
+ memset(s->color_quads, 0, sizeof(s->color_quads));
+ memset(s->color_octets, 0, sizeof(s->color_octets));
+
+ /* Number of 4x4 blocks in frame. */
+- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4);
++ total_blocks = ((width + 3) / 4) * ((height + 3) / 4);
+
+ pixel_ptr = row_ptr = src_pixels;
+
+@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ int cache_index;
+ int distinct = 0;
+ int blocks = 0;
++ int frame_y = cur_y;
+
+ while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) {
++ const int y_size = FFMIN(4, height - cur_y);
+ int compare = 0;
+
+- for (int y = 0; y < 4; y++) {
++ for (int y = 0; y < y_size; y++) {
+ const ptrdiff_t offset = pixel_ptr - src_pixels;
+ const uint8_t *prev_pixel_ptr = prev_pixels + offset;
+
+@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++ cur_y = frame_y;
+
+ while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) {
++ const int y_size = FFMIN(4, height - cur_y);
+ const ptrdiff_t offset = pixel_ptr - src_pixels;
+ const int sy = offset / stride;
+ const int sx = offset % stride;
+@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride;
+ int compare = 0;
+
+- for (int y = 0; y < 4; y++) {
++ for (int y = 0; y < y_size; y++) {
+ compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4);
+ if (compare)
+ break;
+@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++ cur_y = frame_y;
+
+ while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) {
+- for (int y = 0; y < 4; y++)
++ const int y_size = FFMIN(4, height - cur_y);
++ for (int y = 0; y < y_size; y++)
+ memcpy(block_values + y * 4, pixel_ptr + y * stride, 4);
+
+ qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values);
+@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++ cur_y = frame_y;
+
+ blocks = coded_blocks;
+ distinct = coded_distinct;
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
new file mode 100644
index 0000000..95bd608
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
@@ -0,0 +1,34 @@
+From: Lynne <dev@lynne.ee>
+Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100)
+Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list
+X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690
+
+hwcontext_vulkan: remove optional encode/decode extensions from the list
+
+They're not currently used, so they don't need to be there.
+Vulkan stabilized the decode extensions less than a week ago, and their
+name prefixes were changed from EXT to KHR. It's a bit too soon to be
+depending on it, so rather than bumping, just remove these for now.
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690]
+---
+
+diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c
+index f1db1c7291..2a9b5f4aac 100644
+--- a/libavutil/hwcontext_vulkan.c
++++ b/libavutil/hwcontext_vulkan.c
+@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = {
+ { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY },
+ { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM },
+ #endif
+-
+- /* Video encoding/decoding */
+- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+ };
+
+ /* Converts return values to strings */
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb
rename to poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
index 2306fe4..2ab3416 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
@@ -22,8 +22,13 @@
file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \
file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02"
-SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
-SRC_URI[sha256sum] = "95bf3ff8c496511e71e958fb249e663c8c9c3de583c5bebc0f5a9745abbc0435"
+SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
+ file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
+ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
+ file://ffmpeg-fix-vulkan.patch \
+ "
+
+SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc"
# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
ARM_INSTRUCTION_SET:armv4 = "arm"
@@ -137,6 +142,8 @@
EXTRA_OEMAKE = "V=1"
do_configure() {
+ export TMPDIR="${B}/tmp"
+ mkdir -p ${B}/tmp
${S}/configure ${EXTRA_OECONF}
}
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
index c515e17..9db31c1 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
@@ -12,7 +12,7 @@
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "bbbd45ead703367ea8f4be9b3c082d7b62bef47b240a39083f27844e28758c47"
+SRC_URI[sha256sum] = "5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
index e8da49a..e5925c6 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
@@ -12,7 +12,7 @@
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "3fedd10560fcdfaa1b6462cbf79a38c4e7b57d7f390359393fc0cef6dbf27dfe"
+SRC_URI[sha256sum] = "b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
index fb48562..ec5efcd 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
@@ -10,7 +10,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "8db48040bb41f09edf8d17ff6d16c54888d7777ba4501c2c69f0083350ea9a15"
+SRC_URI[sha256sum] = "bcccbc02548cdc123fd49944dd44a4f1adc5d107e36f010d320eb526e2107806"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
similarity index 98%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
index 39d5e08..2f1793d 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
@@ -10,7 +10,7 @@
file://0002-avoid-including-sys-poll.h-directly.patch \
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
"
-SRC_URI[sha256sum] = "7a11c13b55dd1d2386dd902219e41cbfcdda8e1e0aa3e738186c95074b35da4f"
+SRC_URI[sha256sum] = "f431214b0754d7037adcde93c3195106196588973e5b32dcb24938805f866363"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch
deleted file mode 100644
index 23c1048..0000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c85a53a41d4e6bfc49c377217ece12a1f330a690 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 12 Aug 2022 22:50:06 -0700
-Subject: [PATCH] include required system headers for isspace() and sscanf()
- functions
-
-Newer compilers ( clang 15 ) has turned stricter and errors out instead
-of warning on implicit function declations
-Fixes
-gstssaparse.c:297:12: error: call to undeclared library function 'isspace' with type 'int (int)'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
-while (isspace(*t))
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2879]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- gst/subparse/gstssaparse.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
-index ff802fa..5ebe678 100755
---- a/gst/subparse/gstssaparse.c
-+++ b/gst/subparse/gstssaparse.c
-@@ -24,6 +24,8 @@
- #include "config.h"
- #endif
-
-+#include <ctype.h> /* isspace() */
-+#include <stdio.h> /* sscanf() */
- #include <stdlib.h> /* atoi() */
- #include <string.h>
-
---
-2.37.1
-
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
index e5e346e..c37b542 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
@@ -10,9 +10,8 @@
file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
- file://0001-include-required-system-headers-for-isspace-and-ssca.patch \
"
-SRC_URI[sha256sum] = "7e30b3dd81a70380ff7554f998471d6996ff76bbe6fc5447096f851e24473c9f"
+SRC_URI[sha256sum] = "11f911ef65f3095d7cf698a1ad1fc5242ac3ad6c9270465fb5c9e7f4f9c19b35"
S = "${WORKDIR}/gst-plugins-base-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
similarity index 97%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
index 0235935..80aed01 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
@@ -8,7 +8,7 @@
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
"
-SRC_URI[sha256sum] = "f8f3c206bf5cdabc00953920b47b3575af0ef15e9f871c0b6966f6d0aa5868b7"
+SRC_URI[sha256sum] = "e83ab4d12ca24959489bbb0ec4fac9b90e32f741d49cda357cb554b2cb8b97f9"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
index ad7b84b..f765e62 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
@@ -14,7 +14,7 @@
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "8caa20789a09c304b49cf563d33cca9421b1875b84fcc187e4a385fa01d6aefd"
+SRC_URI[sha256sum] = "af67d8ba7cab230f64d0594352112c2c443e2aa36a87c35f9f98a43d11430b87"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
index 57026ba..05e9ace 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "db348120eae955b8cc4de3560a7ea06e36d6e1ddbaa99a7ad96b59846601cfdc"
+SRC_URI[sha256sum] = "27487652318659cfd7dc42784b713c78d29cc7a7df4fb397134c8c125f65e3b2"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
similarity index 90%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
index fd4f82f..c9cf429 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
@@ -10,7 +10,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "ee402718be9b127f0e5e66ca4c1b4f42e4926ec93ba307b7ccca5dc6cc9794ca"
+SRC_URI[sha256sum] = "ba398a7ddd559cce56ef4b91f448d174e0dccad98a493563d2d59c41a2ef39c5"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
index 6e580f9..716f50e 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
@@ -11,7 +11,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "6ee99eb316abdde9ad37002915bd8c3867918f6fdc74b7cf2ac4c1ae0d690b45"
+SRC_URI[sha256sum] = "510c6fb4ff3f676d7946ce1800e04ccf5aabe5a586d4e164d1961808fab8c94b"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
new file mode 100644
index 0000000..f1fac2d
--- /dev/null
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
@@ -0,0 +1,300 @@
+From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 21 Jun 2022 11:51:35 +0300
+Subject: [PATCH] bin: Fix race conditions in tests
+
+The latency messages are non-deterministic and can arrive before/after
+async-done or during state-changes as they are posted by e.g. sinks from
+their streaming thread but bins are finishing asynchronous state changes
+from a secondary helper thread.
+
+To solve this, expect latency messages at any time and assert that we
+receive one at some point during the test.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643]
+Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
+---
+ .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------
+ 1 file changed, 92 insertions(+), 40 deletions(-)
+
+diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c
+index e366d5fe20f..88ff44db0c3 100644
+--- a/subprojects/gstreamer/tests/check/gst/gstbin.c
++++ b/subprojects/gstreamer/tests/check/gst/gstbin.c
+@@ -27,50 +27,95 @@
+ #include <gst/base/gstbasesrc.h>
+
+ static void
+-pop_async_done (GstBus * bus)
++pop_async_done (GstBus * bus, gboolean * had_latency)
+ {
+ GstMessage *message;
++ GstMessageType types = GST_MESSAGE_ASYNC_DONE;
++
++ if (!*had_latency)
++ types |= GST_MESSAGE_LATENCY;
+
+ GST_DEBUG ("popping async-done message");
+- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1);
+
+- fail_unless (message && GST_MESSAGE_TYPE (message)
+- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
++ do {
++ message = gst_bus_poll (bus, types, -1);
+
+- gst_message_unref (message);
+- GST_DEBUG ("popped message");
++ fail_unless (message);
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++
++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
++ fail_unless (*had_latency == FALSE);
++ *had_latency = TRUE;
++ gst_clear_message (&message);
++ types &= ~GST_MESSAGE_LATENCY;
++ continue;
++ }
++
++ fail_unless (GST_MESSAGE_TYPE (message)
++ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
++
++ gst_clear_message (&message);
++ break;
++ } while (TRUE);
+ }
+
+ static void
+-pop_latency (GstBus * bus)
++pop_latency (GstBus * bus, gboolean * had_latency)
+ {
+ GstMessage *message;
+
+- GST_DEBUG ("popping async-done message");
++ if (*had_latency)
++ return;
++
++ GST_DEBUG ("popping latency message");
+ message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1);
+
+- fail_unless (message && GST_MESSAGE_TYPE (message)
++ fail_unless (message);
++ fail_unless (GST_MESSAGE_TYPE (message)
+ == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY");
+
+- gst_message_unref (message);
+- GST_DEBUG ("popped message");
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++ gst_clear_message (&message);
++
++ *had_latency = TRUE;
+ }
+
+ static void
+-pop_state_changed (GstBus * bus, int count)
++pop_state_changed (GstBus * bus, int count, gboolean * had_latency)
+ {
+ GstMessage *message;
+-
++ GstMessageType types = GST_MESSAGE_STATE_CHANGED;
+ int i;
+
++ if (!*had_latency)
++ types |= GST_MESSAGE_LATENCY;
++
+ GST_DEBUG ("popping %d messages", count);
+ for (i = 0; i < count; ++i) {
+- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1);
+-
+- fail_unless (message && GST_MESSAGE_TYPE (message)
+- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED");
+-
+- gst_message_unref (message);
++ do {
++ message = gst_bus_poll (bus, types, -1);
++
++ fail_unless (message);
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++
++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
++ fail_unless (*had_latency == FALSE);
++ *had_latency = TRUE;
++ gst_clear_message (&message);
++ types &= ~GST_MESSAGE_LATENCY;
++ continue;
++ }
++
++ fail_unless (GST_MESSAGE_TYPE (message)
++ == GST_MESSAGE_STATE_CHANGED,
++ "did not get GST_MESSAGE_STATE_CHANGED");
++
++ gst_message_unref (message);
++ break;
++ } while (TRUE);
+ }
+ GST_DEBUG ("popped %d messages", count);
+ }
+@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children)
+ GstBus *bus;
+ GstStateChangeReturn ret;
+ GstState current, pending;
++ gboolean had_latency = FALSE;
+
+ pipeline = GST_PIPELINE (gst_pipeline_new (NULL));
+ fail_unless (pipeline != NULL, "Could not create pipeline");
+@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT (sink, "sink", 2);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ fail_if (gst_bus_have_pending (bus), "unexpected pending messages");
+
+ ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
+@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children)
+ * its state_change message */
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4);
+
+- pop_state_changed (bus, 3);
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_state_changed (bus, 3, &had_latency);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3);
+@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
+@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
+
+- pop_state_changed (bus, 6);
++ pop_state_changed (bus, 6, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT (src, "src", 1);
+@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change)
+ GstElement *src, *sink, *bin;
+ GstBus *bus;
+ GstStateChangeReturn ret;
++ gboolean had_latency = FALSE;
+
+ bin = gst_element_factory_make ("bin", NULL);
+ fail_unless (bin != NULL, "Could not create bin");
+@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change)
+ GST_CLOCK_TIME_NONE);
+ fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
+
+- pop_state_changed (bus, 6);
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_state_changed (bus, 6, &had_latency);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+
+ fail_unless (gst_bus_have_pending (bus) == FALSE,
+ "Unexpected messages on bus");
+@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change)
+ ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
+ fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+
++ had_latency = FALSE;
+ /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
+ ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
+ gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ if (ret == GST_STATE_CHANGE_ASYNC) {
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ }
+
+ fail_unless (gst_bus_have_pending (bus) == FALSE,
+@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ GstStateChangeReturn ret;
+ GstState current, pending;
+ GstBus *bus;
++ gboolean had_latency = FALSE;
+
+ pipeline = gst_pipeline_new (NULL);
+ fail_unless (pipeline != NULL, "Could not create pipeline");
+@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107);
+ #else
+
+- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
+ ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
+ 108);
+- pop_async_done (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ #endif
+ /* PAUSED => PLAYING */
+ GST_DEBUG ("popping PAUSED -> PLAYING messages");
+@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
+
+ /* TODO: do we need to check downwards state change order as well? */
+- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
+- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
+
+ while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
+ THREAD_SWITCH ();
+@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ GstStateChangeReturn ret;
+ GstState current, pending;
+ GstBus *bus;
++ gboolean had_latency = FALSE;
+
+ /* (2) Now again, but check other code path where we don't have
+ * a proper sink correctly flagged as such, but a 'semi-sink' */
+@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206);
+ ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207);
+ #else
+- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
+ ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
+ 208);
+- pop_async_done (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+
+ /* PAUSED => PLAYING */
+ GST_DEBUG ("popping PAUSED -> PLAYING messages");
+@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
+
+ /* TODO: do we need to check downwards state change order as well? */
+- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
+- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
+
+ GST_DEBUG ("waiting for pipeline to reach refcount 1");
+ while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
+--
+GitLab
+
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
deleted file mode 100644
index f51df6d..0000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From b935abba3d8fa3ea1ce384c08e650afd8c20b78a Mon Sep 17 00:00:00 2001
-From: Claudius Heine <ch@denx.de>
-Date: Wed, 2 Feb 2022 13:47:02 +0100
-Subject: [PATCH] tests: remove gstbin:test_watch_for_state_change testcase
-
-This testcase seems to be flaky, and upstream marked it as such:
-https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/778
-
-This patch removes the testcase to avoid it interfering with out ptest.
-
-Signed-off-by: Claudius Heine <ch@denx.de>
-
-Upstream-Status: Inappropriate [needs proper upstream fix]
----
- tests/check/gst/gstbin.c | 69 -------------------
- 1 file changed, 69 deletions(-)
-
-diff --git a/tests/check/gst/gstbin.c b/tests/check/gst/gstbin.c
-index e366d5fe20..ac29d81474 100644
---- a/tests/check/gst/gstbin.c
-+++ b/tests/check/gst/gstbin.c
-@@ -691,74 +691,6 @@ GST_START_TEST (test_message_state_changed_children)
-
- GST_END_TEST;
-
--GST_START_TEST (test_watch_for_state_change)
--{
-- GstElement *src, *sink, *bin;
-- GstBus *bus;
-- GstStateChangeReturn ret;
--
-- bin = gst_element_factory_make ("bin", NULL);
-- fail_unless (bin != NULL, "Could not create bin");
--
-- bus = g_object_new (gst_bus_get_type (), NULL);
-- gst_object_ref_sink (bus);
-- gst_element_set_bus (GST_ELEMENT_CAST (bin), bus);
--
-- src = gst_element_factory_make ("fakesrc", NULL);
-- fail_if (src == NULL, "Could not create fakesrc");
-- sink = gst_element_factory_make ("fakesink", NULL);
-- fail_if (sink == NULL, "Could not create fakesink");
--
-- gst_bin_add (GST_BIN (bin), sink);
-- gst_bin_add (GST_BIN (bin), src);
--
-- fail_unless (gst_element_link (src, sink), "could not link src and sink");
--
-- /* change state, spawning two times three messages */
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
-- fail_unless (ret == GST_STATE_CHANGE_ASYNC);
-- ret =
-- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL,
-- GST_CLOCK_TIME_NONE);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- pop_state_changed (bus, 6);
-- pop_async_done (bus);
-- pop_latency (bus);
--
-- fail_unless (gst_bus_have_pending (bus) == FALSE,
-- "Unexpected messages on bus");
--
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- pop_state_changed (bus, 3);
--
-- /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
-- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
--
-- pop_state_changed (bus, 3);
-- if (ret == GST_STATE_CHANGE_ASYNC) {
-- pop_async_done (bus);
-- pop_latency (bus);
-- }
--
-- fail_unless (gst_bus_have_pending (bus) == FALSE,
-- "Unexpected messages on bus");
--
-- gst_bus_set_flushing (bus, TRUE);
--
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_NULL);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- /* clean up */
-- gst_object_unref (bus);
-- gst_object_unref (bin);
--}
--
--GST_END_TEST;
--
- GST_START_TEST (test_state_change_error_message)
- {
- GstElement *src, *sink, *bin;
-@@ -1956,7 +1888,6 @@ gst_bin_suite (void)
- tcase_add_test (tc_chain, test_message_state_changed);
- tcase_add_test (tc_chain, test_message_state_changed_child);
- tcase_add_test (tc_chain, test_message_state_changed_children);
-- tcase_add_test (tc_chain, test_watch_for_state_change);
- tcase_add_test (tc_chain, test_state_change_error_message);
- tcase_add_test (tc_chain, test_add_linked);
- tcase_add_test (tc_chain, test_add_self);
---
-2.33.1
-
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
index 1f4576c..ce9c1c1 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
@@ -21,9 +21,9 @@
file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \
file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
- file://0005-tests-remove-gstbin-test_watch_for_state_change-test.patch \
+ file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \
"
-SRC_URI[sha256sum] = "607daf64bbbd5fb18af9d17e21c0d22c4d702fffe83b23cb22d1b1af2ca23a2a"
+SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
similarity index 78%
rename from poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb
rename to poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
index dc62720..a6c229f 100644
--- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb
+++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
@@ -11,7 +11,7 @@
LIBV = "16"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be"
+SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/"
@@ -22,7 +22,9 @@
inherit autotools binconfig-disabled pkgconfig
# Work around missing symbols
-EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}"
+ARMNEON = "${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}"
+ARMNEON:aarch64 = "--enable-hardware-optimizations=on"
+EXTRA_OECONF += "${ARMNEON}"
PACKAGES =+ "${PN}-tools"
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
new file mode 100644
index 0000000..ce72c86
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
@@ -0,0 +1,266 @@
+CVE: CVE-2022-3599
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From f00484b9519df933723deb38fff943dc291a793d Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Tue, 30 Aug 2022 16:56:48 +0200
+Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related
+ TIFFTAG_NUMBEROFINKS value
+
+In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed:
+
+Behaviour for writing:
+ `NumberOfInks` MUST fit to the number of inks in the `InkNames` string.
+ `NumberOfInks` is automatically set when `InkNames` is set.
+ If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
+ If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
+
+Behaviour for reading:
+ When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string.
+ If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
+ If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
+
+This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow
+
+This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456.
+
+It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue.
+---
+ libtiff/tif_dir.c | 119 ++++++++++++++++++++++++-----------------
+ libtiff/tif_dir.h | 2 +
+ libtiff/tif_dirinfo.c | 2 +-
+ libtiff/tif_dirwrite.c | 5 ++
+ libtiff/tif_print.c | 4 ++
+ 5 files changed, 82 insertions(+), 50 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 793e8a79..816f7756 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -136,32 +136,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32_t* v)
+ }
+
+ /*
+- * Confirm we have "samplesperpixel" ink names separated by \0. Returns
++ * Count ink names separated by \0. Returns
+ * zero if the ink names are not as expected.
+ */
+-static uint32_t
+-checkInkNamesString(TIFF* tif, uint32_t slen, const char* s)
++static uint16_t
++countInkNamesString(TIFF *tif, uint32_t slen, const char *s)
+ {
+- TIFFDirectory* td = &tif->tif_dir;
+- uint16_t i = td->td_samplesperpixel;
++ uint16_t i = 0;
++ const char *ep = s + slen;
++ const char *cp = s;
+
+ if (slen > 0) {
+- const char* ep = s+slen;
+- const char* cp = s;
+- for (; i > 0; i--) {
++ do {
+ for (; cp < ep && *cp != '\0'; cp++) {}
+ if (cp >= ep)
+ goto bad;
+ cp++; /* skip \0 */
+- }
+- return ((uint32_t)(cp - s));
++ i++;
++ } while (cp < ep);
++ return (i);
+ }
+ bad:
+ TIFFErrorExt(tif->tif_clientdata, "TIFFSetField",
+- "%s: Invalid InkNames value; expecting %"PRIu16" names, found %"PRIu16,
+- tif->tif_name,
+- td->td_samplesperpixel,
+- (uint16_t)(td->td_samplesperpixel-i));
++ "%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink",
++ tif->tif_name, slen, i);
+ return (0);
+ }
+
+@@ -478,13 +476,61 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
+ _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6);
+ break;
+ case TIFFTAG_INKNAMES:
+- v = (uint16_t) va_arg(ap, uint16_vap);
+- s = va_arg(ap, char*);
+- v = checkInkNamesString(tif, v, s);
+- status = v > 0;
+- if( v > 0 ) {
+- _TIFFsetNString(&td->td_inknames, s, v);
+- td->td_inknameslen = v;
++ {
++ v = (uint16_t) va_arg(ap, uint16_vap);
++ s = va_arg(ap, char*);
++ uint16_t ninksinstring;
++ ninksinstring = countInkNamesString(tif, v, s);
++ status = ninksinstring > 0;
++ if(ninksinstring > 0 ) {
++ _TIFFsetNString(&td->td_inknames, s, v);
++ td->td_inknameslen = v;
++ /* Set NumberOfInks to the value ninksinstring */
++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS))
++ {
++ if (td->td_numberofinks != ninksinstring) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n -> NumberOfInks value adapted to %"PRIu16"",
++ tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring);
++ td->td_numberofinks = ninksinstring;
++ }
++ } else {
++ td->td_numberofinks = ninksinstring;
++ TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS);
++ }
++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL))
++ {
++ if (td->td_numberofinks != td->td_samplesperpixel) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"",
++ tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel);
++ }
++ }
++ }
++ }
++ break;
++ case TIFFTAG_NUMBEROFINKS:
++ v = (uint16_t)va_arg(ap, uint16_vap);
++ /* If InkNames already set also NumberOfInks is set accordingly and should be equal */
++ if (TIFFFieldSet(tif, FIELD_INKNAMES))
++ {
++ if (v != td->td_numberofinks) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Error %s; Tag %s:\n It is not possible to set the value %"PRIu32" for NumberOfInks\n which is different from the number of inks in the InkNames tag (%"PRIu16")",
++ tif->tif_name, fip->field_name, v, td->td_numberofinks);
++ /* Do not set / overwrite number of inks already set by InkNames case accordingly. */
++ status = 0;
++ }
++ } else {
++ td->td_numberofinks = (uint16_t)v;
++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL))
++ {
++ if (td->td_numberofinks != td->td_samplesperpixel) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Warning %s; Tag %s:\n Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"",
++ tif->tif_name, fip->field_name, v, td->td_samplesperpixel);
++ }
++ }
+ }
+ break;
+ case TIFFTAG_PERSAMPLE:
+@@ -986,34 +1032,6 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
+ if (fip->field_bit == FIELD_CUSTOM) {
+ standard_tag = 0;
+ }
+-
+- if( standard_tag == TIFFTAG_NUMBEROFINKS )
+- {
+- int i;
+- for (i = 0; i < td->td_customValueCount; i++) {
+- uint16_t val;
+- TIFFTagValue *tv = td->td_customValues + i;
+- if (tv->info->field_tag != standard_tag)
+- continue;
+- if( tv->value == NULL )
+- return 0;
+- val = *(uint16_t *)tv->value;
+- /* Truncate to SamplesPerPixel, since the */
+- /* setting code for INKNAMES assume that there are SamplesPerPixel */
+- /* inknames. */
+- /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
+- if( val > td->td_samplesperpixel )
+- {
+- TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
+- "Truncating NumberOfInks from %u to %"PRIu16,
+- val, td->td_samplesperpixel);
+- val = td->td_samplesperpixel;
+- }
+- *va_arg(ap, uint16_t*) = val;
+- return 1;
+- }
+- return 0;
+- }
+
+ switch (standard_tag) {
+ case TIFFTAG_SUBFILETYPE:
+@@ -1195,6 +1213,9 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
+ case TIFFTAG_INKNAMES:
+ *va_arg(ap, const char**) = td->td_inknames;
+ break;
++ case TIFFTAG_NUMBEROFINKS:
++ *va_arg(ap, uint16_t *) = td->td_numberofinks;
++ break;
+ default:
+ {
+ int i;
+diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
+index 09065648..0c251c9e 100644
+--- a/libtiff/tif_dir.h
++++ b/libtiff/tif_dir.h
+@@ -117,6 +117,7 @@ typedef struct {
+ /* CMYK parameters */
+ int td_inknameslen;
+ char* td_inknames;
++ uint16_t td_numberofinks; /* number of inks in InkNames string */
+
+ int td_customValueCount;
+ TIFFTagValue *td_customValues;
+@@ -174,6 +175,7 @@ typedef struct {
+ #define FIELD_TRANSFERFUNCTION 44
+ #define FIELD_INKNAMES 46
+ #define FIELD_SUBIFD 49
++#define FIELD_NUMBEROFINKS 50
+ /* FIELD_CUSTOM (see tiffio.h) 65 */
+ /* end of support for well-known tags; codec-private tags follow */
+ #define FIELD_CODEC 66 /* base of codec-private tags */
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 3371cb5c..3b4bcd33 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -114,7 +114,7 @@ tiffFields[] = {
+ { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray },
+ { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL },
+ { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL },
+- { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL },
++ { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL },
+ { TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL },
+ { TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL },
+ { TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL },
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 6c86fdca..062e4610 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -626,6 +626,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64_t* pdiroff)
+ if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames))
+ goto bad;
+ }
++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS))
++ {
++ if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks))
++ goto bad;
++ }
+ if (TIFFFieldSet(tif,FIELD_SUBIFD))
+ {
+ if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir))
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 16ce5780..a91b9e7b 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -397,6 +397,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ }
+ fputs("\n", fd);
+ }
++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) {
++ fprintf(fd, " NumberOfInks: %d\n",
++ td->td_numberofinks);
++ }
+ if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) {
+ fprintf(fd, " Thresholding: ");
+ switch (td->td_threshholding) {
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
new file mode 100644
index 0000000..02642ec
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
@@ -0,0 +1,36 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 20 Aug 2022 23:35:26 +0200
+Subject: [PATCH] tiffcrop -S option: Make decision simpler.
+
+---
+ tools/tiffcrop.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c3b758ec..8fd856dc 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2133,11 +2133,11 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ }
+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
+ char XY, Z, R, S;
+- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
+- Z = (crop_data->crop_mode & CROP_ZONES);
+- R = (crop_data->crop_mode & CROP_REGIONS);
+- S = (page->mode & PAGE_MODE_ROWSCOLS);
+- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0;
++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
++ if (XY + Z + R + S > 1) {
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
+ exit(EXIT_FAILURE);
+ }
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
new file mode 100644
index 0000000..3e33f4a
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Thu, 25 Aug 2022 16:11:41 +0200
+Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options
+ with any PAGE_MODE_x option (fixes #411 and #413)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S.
+
+Code analysis:
+
+With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[].
+In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) .
+
+Execution of the else-clause often leads to buffer-overflows.
+
+Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows.
+
+The MR solves issues #411 and #413.
+---
+ doc/tools/tiffcrop.rst | 8 ++++++++
+ tools/tiffcrop.c | 32 +++++++++++++++++++++++++-------
+ 2 files changed, 33 insertions(+), 7 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 8fd856dc..41a2ea36 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
+ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
+ if (XY + Z + R + S > 1) {
+- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit");
+ exit(EXIT_FAILURE);
+ }
++
++ /* Check for not allowed combination:
++ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
++. */
++ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) {
++ TIFFError("tiffcrop input error",
++ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit");
++ exit(EXIT_FAILURE);
++ }
++
+ } /* end process_command_opts */
+
+ /* Start a new output file if one has not been previously opened or
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
new file mode 100644
index 0000000..e44b9bc
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
@@ -0,0 +1,653 @@
+CVE: CVE-2022-3570 CVE-2022-3598
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From afd7086090dafd3949afd172822cbcec4ed17d56 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Thu, 13 Oct 2022 14:33:27 +0000
+Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271,
+ #381, #386, #388, #389, #435)
+
+---
+ tools/tiffcrop.c | 209 ++++++++++++++++++++++++++---------------------
+ 1 file changed, 118 insertions(+), 91 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 41a2ea36..deab5feb 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -212,6 +212,10 @@ static char tiffcrop_rev_date[] = "26-08-2022";
+
+ #define TIFF_DIR_MAX 65534
+
++/* Some conversion subroutines require image buffers, which are at least 3 bytes
++ * larger than the necessary size for the image itself. */
++#define NUM_BUFF_OVERSIZE_BYTES 3
++
+ /* Offsets into buffer for margins and fixed width and length segments */
+ struct offset {
+ uint32_t tmargin;
+@@ -233,7 +237,7 @@ struct offset {
+ */
+
+ struct buffinfo {
+- uint32_t size; /* size of this buffer */
++ size_t size; /* size of this buffer */
+ unsigned char *buffer; /* address of the allocated buffer */
+ };
+
+@@ -810,8 +814,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf,
+ uint32_t dst_rowsize, shift_width;
+ uint32_t bytes_per_sample, bytes_per_pixel;
+ uint32_t trailing_bits, prev_trailing_bits;
+- uint32_t tile_rowsize = TIFFTileRowSize(in);
+- uint32_t src_offset, dst_offset;
++ tmsize_t tile_rowsize = TIFFTileRowSize(in);
++ tmsize_t src_offset, dst_offset;
+ uint32_t row_offset, col_offset;
+ uint8_t *bufp = (uint8_t*) buf;
+ unsigned char *src = NULL;
+@@ -861,7 +865,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf,
+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
+ exit(EXIT_FAILURE);
+ }
+- tilebuf = limitMalloc(tile_buffsize + 3);
++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (tilebuf == 0)
+ return 0;
+ tilebuf[tile_buffsize] = 0;
+@@ -1024,7 +1028,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8_t *obuf,
+ for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++)
+ {
+ srcbuffs[sample] = NULL;
+- tbuff = (unsigned char *)limitMalloc(tilesize + 8);
++ tbuff = (unsigned char *)limitMalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!tbuff)
+ {
+ TIFFError ("readSeparateTilesIntoBuffer",
+@@ -1217,7 +1221,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+ }
+ rowstripsize = rowsperstrip * bytes_per_sample * (width + 1);
+
+- obuf = limitMalloc (rowstripsize);
++ /* Add 3 padding bytes for extractContigSamples32bits */
++ obuf = limitMalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (obuf == NULL)
+ return 1;
+
+@@ -1229,7 +1234,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+
+ stripsize = TIFFVStripSize(out, nrows);
+ src = buf + (row * rowsize);
+- memset (obuf, '\0', rowstripsize);
++ memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump))
+ {
+ _TIFFfree(obuf);
+@@ -1237,10 +1242,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+ }
+ if ((dump->outfile != NULL) && (dump->level == 1))
+ {
+- dump_info(dump->outfile, dump->format,"",
++ if (scanlinesize > 0x0ffffffffULL) {
++ dump_info(dump->infile, dump->format, "loadImage",
++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.",
++ scanlinesize);
++ }
++ dump_info(dump->outfile, dump->format,"",
+ "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d",
+- s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf);
+- dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf);
++ s + 1, strip + 1, stripsize, row + 1, (uint32_t)scanlinesize, src - buf);
++ dump_buffer(dump->outfile, dump->format, nrows, (uint32_t)scanlinesize, row, obuf);
+ }
+
+ if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0)
+@@ -1267,7 +1277,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng
+ uint32_t tl, tw;
+ uint32_t row, col, nrow, ncol;
+ uint32_t src_rowsize, col_offset;
+- uint32_t tile_rowsize = TIFFTileRowSize(out);
++ tmsize_t tile_rowsize = TIFFTileRowSize(out);
+ uint8_t* bufp = (uint8_t*) buf;
+ tsize_t tile_buffsize = 0;
+ tsize_t tilesize = TIFFTileSize(out);
+@@ -1310,9 +1320,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng
+ }
+ src_rowsize = ((imagewidth * spp * bps) + 7U) / 8;
+
+- tilebuf = limitMalloc(tile_buffsize);
++ /* Add 3 padding bytes for extractContigSamples32bits */
++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (tilebuf == 0)
+ return 1;
++ memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ for (row = 0; row < imagelength; row += tl)
+ {
+ nrow = (row + tl > imagelength) ? imagelength - row : tl;
+@@ -1358,7 +1370,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele
+ uint32_t imagewidth, tsample_t spp,
+ struct dump_opts * dump)
+ {
+- tdata_t obuf = limitMalloc(TIFFTileSize(out));
++ /* Add 3 padding bytes for extractContigSamples32bits */
++ tdata_t obuf = limitMalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES);
+ uint32_t tl, tw;
+ uint32_t row, col, nrow, ncol;
+ uint32_t src_rowsize, col_offset;
+@@ -1368,6 +1381,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele
+
+ if (obuf == NULL)
+ return 1;
++ memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES);
+
+ if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) ||
+ !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) ||
+@@ -1793,14 +1807,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+
+ *opt_offset = '\0';
+ /* convert option to lowercase */
+- end = strlen (opt_ptr);
++ end = (unsigned int)strlen (opt_ptr);
+ for (i = 0; i < end; i++)
+ *(opt_ptr + i) = tolower((int) *(opt_ptr + i));
+ /* Look for dump format specification */
+ if (strncmp(opt_ptr, "for", 3) == 0)
+ {
+ /* convert value to lowercase */
+- end = strlen (opt_offset + 1);
++ end = (unsigned int)strlen (opt_offset + 1);
+ for (i = 1; i <= end; i++)
+ *(opt_offset + i) = tolower((int) *(opt_offset + i));
+ /* check dump format value */
+@@ -2273,6 +2287,8 @@ main(int argc, char* argv[])
+ size_t length;
+ char temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */
+
++ assert(NUM_BUFF_OVERSIZE_BYTES >= 3);
++
+ little_endian = *((unsigned char *)&little_endian) & '1';
+
+ initImageData(&image);
+@@ -3227,13 +3243,13 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ /* If we have a full buffer's worth, write it out */
+ if (ready_bits >= 32)
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -3642,13 +3658,13 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ }
+ else /* If we have a full buffer's worth, write it out */
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -3825,10 +3841,10 @@ extractContigSamplesToTileBuffer(uint8_t *out, uint8_t *in, uint32_t rows, uint3
+ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf)
+ {
+ uint8_t* bufp = buf;
+- int32_t bytes_read = 0;
++ tmsize_t bytes_read = 0;
+ uint32_t strip, nstrips = TIFFNumberOfStrips(in);
+- uint32_t stripsize = TIFFStripSize(in);
+- uint32_t rows = 0;
++ tmsize_t stripsize = TIFFStripSize(in);
++ tmsize_t rows = 0;
+ uint32_t rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
+ tsize_t scanline_size = TIFFScanlineSize(in);
+
+@@ -3841,11 +3857,11 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf)
+ bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1);
+ rows = bytes_read / scanline_size;
+ if ((strip < (nstrips - 1)) && (bytes_read != (int32_t)stripsize))
+- TIFFError("", "Strip %"PRIu32": read %"PRId32" bytes, strip size %"PRIu32,
++ TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64,
+ strip + 1, bytes_read, stripsize);
+
+ if (bytes_read < 0 && !ignore) {
+- TIFFError("", "Error reading strip %"PRIu32" after %"PRIu32" rows",
++ TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows",
+ strip, rows);
+ return 0;
+ }
+@@ -4310,13 +4326,13 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ /* If we have a full buffer's worth, write it out */
+ if (ready_bits >= 32)
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -4359,10 +4375,10 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d",
+ row + 1, col + 1, src_byte, src_bit, dst - out);
+
+- dump_long (dumpfile, format, "Match bits ", matchbits);
++ dump_wide (dumpfile, format, "Match bits ", matchbits);
+ dump_data (dumpfile, format, "Src bits ", src, 4);
+- dump_long (dumpfile, format, "Buff1 bits ", buff1);
+- dump_long (dumpfile, format, "Buff2 bits ", buff2);
++ dump_wide (dumpfile, format, "Buff1 bits ", buff1);
++ dump_wide (dumpfile, format, "Buff2 bits ", buff2);
+ dump_byte (dumpfile, format, "Write bits1", bytebuff1);
+ dump_byte (dumpfile, format, "Write bits2", bytebuff2);
+ dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits);
+@@ -4835,13 +4851,13 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ /* If we have a full buffer's worth, write it out */
+ if (ready_bits >= 32)
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -4884,10 +4900,10 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d",
+ row + 1, col + 1, src_byte, src_bit, dst - out);
+
+- dump_long (dumpfile, format, "Match bits ", matchbits);
++ dump_wide (dumpfile, format, "Match bits ", matchbits);
+ dump_data (dumpfile, format, "Src bits ", src, 4);
+- dump_long (dumpfile, format, "Buff1 bits ", buff1);
+- dump_long (dumpfile, format, "Buff2 bits ", buff2);
++ dump_wide (dumpfile, format, "Buff1 bits ", buff1);
++ dump_wide (dumpfile, format, "Buff2 bits ", buff2);
+ dump_byte (dumpfile, format, "Write bits1", bytebuff1);
+ dump_byte (dumpfile, format, "Write bits2", bytebuff2);
+ dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits);
+@@ -4910,7 +4926,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+ {
+ int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
+ uint32_t j;
+- int32_t bytes_read = 0;
++ tmsize_t bytes_read = 0;
+ uint16_t bps = 0, planar;
+ uint32_t nstrips;
+ uint32_t strips_per_sample;
+@@ -4976,7 +4992,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
+ {
+ srcbuffs[s] = NULL;
+- buff = limitMalloc(stripsize + 3);
++ buff = limitMalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!buff)
+ {
+ TIFFError ("readSeparateStripsIntoBuffer",
+@@ -4999,7 +5015,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+ buff = srcbuffs[s];
+ strip = (s * strips_per_sample) + j;
+ bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize);
+- rows_this_strip = bytes_read / src_rowsize;
++ rows_this_strip = (uint32_t)(bytes_read / src_rowsize);
+ if (bytes_read < 0 && !ignore)
+ {
+ TIFFError(TIFFFileName(in),
+@@ -6062,13 +6078,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ uint16_t input_compression = 0, input_photometric = 0;
+ uint16_t subsampling_horiz, subsampling_vert;
+ uint32_t width = 0, length = 0;
+- uint32_t stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0;
++ tmsize_t stsize = 0, tlsize = 0, buffsize = 0;
++ tmsize_t scanlinesize = 0;
+ uint32_t tw = 0, tl = 0; /* Tile width and length */
+- uint32_t tile_rowsize = 0;
++ tmsize_t tile_rowsize = 0;
+ unsigned char *read_buff = NULL;
+ unsigned char *new_buff = NULL;
+ int readunit = 0;
+- static uint32_t prev_readsize = 0;
++ static tmsize_t prev_readsize = 0;
+
+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp);
+@@ -6325,6 +6342,8 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ /* The buffsize_check and the possible adaptation of buffsize
+ * has to account also for padding of each line to a byte boundary.
+ * This is assumed by mirrorImage() and rotateImage().
++ * Furthermore, functions like extractContigSamplesShifted32bits()
++ * need a buffer, which is at least 3 bytes larger than the actual image.
+ * Otherwise buffer-overflow might occur there.
+ */
+ buffsize_check = length * (uint32_t)(((width * spp * bps) + 7) / 8);
+@@ -6376,7 +6395,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+ return (-1);
+ }
+- read_buff = (unsigned char *)limitMalloc(buffsize+3);
++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ {
+@@ -6387,11 +6406,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+ return (-1);
+ }
+- new_buff = _TIFFrealloc(read_buff, buffsize+3);
++ new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!new_buff)
+ {
+ free (read_buff);
+- read_buff = (unsigned char *)limitMalloc(buffsize+3);
++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ read_buff = new_buff;
+@@ -6464,8 +6483,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ dump_info (dump->infile, dump->format, "",
+ "Bits per sample %"PRIu16", Samples per pixel %"PRIu16, bps, spp);
+
++ if (scanlinesize > 0x0ffffffffULL) {
++ dump_info(dump->infile, dump->format, "loadImage",
++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.",
++ scanlinesize);
++ }
+ for (i = 0; i < length; i++)
+- dump_buffer(dump->infile, dump->format, 1, scanlinesize,
++ dump_buffer(dump->infile, dump->format, 1, (uint32_t)scanlinesize,
+ i, read_buff + (i * scanlinesize));
+ }
+ return (0);
+@@ -7485,13 +7509,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image,
+ if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) {
+ TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks);
+ if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) {
+- int inknameslen = strlen(inknames) + 1;
++ int inknameslen = (int)strlen(inknames) + 1;
+ const char* cp = inknames;
+ while (ninks > 1) {
+ cp = strchr(cp, '\0');
+ if (cp) {
+ cp++;
+- inknameslen += (strlen(cp) + 1);
++ inknameslen += ((int)strlen(cp) + 1);
+ }
+ ninks--;
+ }
+@@ -7554,23 +7578,23 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+
+ if (!sect_buff)
+ {
+- sect_buff = (unsigned char *)limitMalloc(sectsize);
++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!sect_buff)
+ {
+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+ return (-1);
+ }
+- _TIFFmemset(sect_buff, 0, sectsize);
++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ {
+ if (prev_sectsize < sectsize)
+ {
+- new_buff = _TIFFrealloc(sect_buff, sectsize);
++ new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!new_buff)
+ {
+ _TIFFfree (sect_buff);
+- sect_buff = (unsigned char *)limitMalloc(sectsize);
++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ sect_buff = new_buff;
+@@ -7580,7 +7604,7 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+ return (-1);
+ }
+- _TIFFmemset(sect_buff, 0, sectsize);
++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ }
+
+@@ -7611,17 +7635,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ cropsize = crop->bufftotal;
+ crop_buff = seg_buffs[0].buffer;
+ if (!crop_buff)
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+ prev_cropsize = seg_buffs[0].size;
+ if (prev_cropsize < cropsize)
+ {
+- next_buff = _TIFFrealloc(crop_buff, cropsize);
++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (! next_buff)
+ {
+ _TIFFfree (crop_buff);
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ crop_buff = next_buff;
+@@ -7634,7 +7658,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ return (-1);
+ }
+
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ seg_buffs[0].buffer = crop_buff;
+ seg_buffs[0].size = cropsize;
+
+@@ -7714,17 +7738,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ cropsize = crop->bufftotal;
+ crop_buff = seg_buffs[i].buffer;
+ if (!crop_buff)
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+ prev_cropsize = seg_buffs[0].size;
+ if (prev_cropsize < cropsize)
+ {
+- next_buff = _TIFFrealloc(crop_buff, cropsize);
++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (! next_buff)
+ {
+ _TIFFfree (crop_buff);
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ crop_buff = next_buff;
+@@ -7737,7 +7761,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ return (-1);
+ }
+
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ seg_buffs[i].buffer = crop_buff;
+ seg_buffs[i].size = cropsize;
+
+@@ -7853,24 +7877,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ crop_buff = *crop_buff_ptr;
+ if (!crop_buff)
+ {
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!crop_buff)
+ {
+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+ return (-1);
+ }
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ prev_cropsize = cropsize;
+ }
+ else
+ {
+ if (prev_cropsize < cropsize)
+ {
+- new_buff = _TIFFrealloc(crop_buff, cropsize);
++ new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!new_buff)
+ {
+ free (crop_buff);
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ crop_buff = new_buff;
+@@ -7879,7 +7903,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+ return (-1);
+ }
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ }
+
+@@ -8177,13 +8201,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image,
+ if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) {
+ TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks);
+ if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) {
+- int inknameslen = strlen(inknames) + 1;
++ int inknameslen = (int)strlen(inknames) + 1;
+ const char* cp = inknames;
+ while (ninks > 1) {
+ cp = strchr(cp, '\0');
+ if (cp) {
+ cp++;
+- inknameslen += (strlen(cp) + 1);
++ inknameslen += ((int)strlen(cp) + 1);
+ }
+ ninks--;
+ }
+@@ -8568,13 +8592,13 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+ }
+ else /* If we have a full buffer's worth, write it out */
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -8643,12 +8667,13 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+ return (-1);
+ }
+
+- if (!(rbuff = (unsigned char *)limitMalloc(buffsize)))
++ /* Add 3 padding bytes for extractContigSamplesShifted32bits */
++ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES)))
+ {
+- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize);
++ TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ return (-1);
+ }
+- _TIFFmemset(rbuff, '\0', buffsize);
++ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES);
+
+ ibuff = *ibuff_ptr;
+ switch (rotation)
+@@ -9176,13 +9201,13 @@ reverseSamples32bits (uint16_t spp, uint16_t bps, uint32_t width,
+ }
+ else /* If we have a full buffer's worth, write it out */
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -9273,12 +9298,13 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ {
+ case MIRROR_BOTH:
+ case MIRROR_VERT:
+- line_buff = (unsigned char *)limitMalloc(rowsize);
++ line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (line_buff == NULL)
+ {
+- TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize);
++ TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ return (-1);
+ }
++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+
+ dst = ibuff + (rowsize * (length - 1));
+ for (row = 0; row < length / 2; row++)
+@@ -9310,11 +9336,12 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ }
+ else
+ { /* non 8 bit per sample data */
+- if (!(line_buff = (unsigned char *)limitMalloc(rowsize + 1)))
++ if (!(line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES)))
+ {
+ TIFFError("mirrorImage", "Unable to allocate mirror line buffer");
+ return (-1);
+ }
++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ bytes_per_sample = (bps + 7) / 8;
+ bytes_per_pixel = ((bps * spp) + 7) / 8;
+ if (bytes_per_pixel < (bytes_per_sample + 1))
+@@ -9326,7 +9353,7 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ {
+ row_offset = row * rowsize;
+ src = ibuff + row_offset;
+- _TIFFmemset (line_buff, '\0', rowsize);
++ _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ switch (shift_width)
+ {
+ case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff))
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
index 98020ff..e673945 100644
--- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
@@ -1,4 +1,4 @@
-CVE: CVE-2022-2053
+CVE: CVE-2022-2953
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch
new file mode 100644
index 0000000..b3352ba
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch
@@ -0,0 +1,39 @@
+From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 8 Nov 2022 15:16:58 +0100
+Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on
+ strips/tiles > 2 GB
+
+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
+Upstream-Status: Accepted
+---
+ libtiff/tif_getimage.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index a4d0c1d6..60b94d8e 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in
+ return( ok );
+
+ for( i_row = 0; i_row < read_ysize; i_row++ ) {
+- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize,
+- raster + (read_ysize - i_row - 1) * read_xsize,
++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
++ raster + (size_t)(read_ysize - i_row - 1) * read_xsize,
+ read_xsize * sizeof(uint32_t) );
+- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize,
++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize,
+ 0, sizeof(uint32_t) * (tile_xsize - read_xsize) );
+ }
+
+ for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) {
+- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize,
++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
+ 0, sizeof(uint32_t) * tile_xsize );
+ }
+
+--
+2.33.0
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
new file mode 100644
index 0000000..4f8dc35
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
@@ -0,0 +1,26 @@
+From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sat, 21 Jan 2023 15:58:10 +0000
+Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
+
+
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz]
+CVE: CVE-2022-48281
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: tiff-4.2.0/tools/tiffcrop.c
+===================================================================
+--- tiff-4.2.0.orig/tools/tiffcrop.c
++++ tiff-4.2.0/tools/tiffcrop.c
+@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data
+ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+- prev_cropsize = seg_buffs[0].size;
++ prev_cropsize = seg_buffs[1].size;
+ if (prev_cropsize < cropsize)
+ {
+ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch
new file mode 100644
index 0000000..926df68
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch
@@ -0,0 +1,154 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 21 Feb 2023 14:26:43 +0100
+Subject: CVE-2023-0795
+
+This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798,
+CVE-2023-0799.
+
+Bug-Debian: https://bugs.debian.org/1031632
+Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+
+CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
+Upstream-Status: Backport [import from ubuntu debian/patches/CVE-2023-0795.patch http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.4.0-4ubuntu3.3.debian.tar.xz ]
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+--- tiff-4.4.0.orig/tools/tiffcrop.c
++++ tiff-4.4.0/tools/tiffcrop.c
+@@ -269,7 +269,6 @@ struct region {
+ uint32_t width; /* width in pixels */
+ uint32_t length; /* length in pixels */
+ uint32_t buffsize; /* size of buffer needed to hold the cropped region */
+- unsigned char *buffptr; /* address of start of the region */
+ };
+
+ /* Cropping parameters from command line and image data
+@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uin
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **);
++ unsigned char **, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps)
+ cps->regionlist[i].width = 0;
+ cps->regionlist[i].length = 0;
+ cps->regionlist[i].buffsize = 0;
+- cps->regionlist[i].buffptr = NULL;
+ cps->zonelist[i].position = 0;
+ cps->zonelist[i].total = 0;
+ }
+@@ -6551,8 +6549,13 @@ static int correct_orientation(struct i
+ (uint16_t) (image->adjustments & ROTATE_ANY));
+ return (-1);
+ }
+-
+- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr))
++
++ /* Dummy variable in order not to switch two times the
++ * image->width,->length within rotateImage(),
++ * but switch xres, yres there. */
++ uint32_t width = image->width;
++ uint32_t length = image->length;
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE))
+ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -6661,7 +6664,6 @@ extractCompositeRegions(struct image_dat
+ /* These should not be needed for composite images */
+ crop->regionlist[i].width = crop_width;
+ crop->regionlist[i].length = crop_length;
+- crop->regionlist[i].buffptr = crop_buff;
+
+ src_rowsize = ((img_width * bps * spp) + 7) / 8;
+ dst_rowsize = (((crop_width * bps * count) + 7) / 8);
+@@ -6900,7 +6902,6 @@ extractSeparateRegion(struct image_data
+
+ crop->regionlist[region].width = crop_width;
+ crop->regionlist[region].length = crop_length;
+- crop->regionlist[region].buffptr = crop_buff;
+
+ src = read_buff;
+ dst = crop_buff;
+@@ -7778,7 +7779,7 @@ processCropSelections(struct image_data
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff))
++ &crop->combined_length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+@@ -7888,7 +7889,7 @@ processCropSelections(struct image_data
+ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
+ */
+ if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff))
++ &crop->regionlist[i].length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -8020,7 +8021,7 @@ createCroppedImage(struct image_data *im
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr))
++ &crop->combined_length, crop_buff_ptr, TRUE))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8683,7 +8684,7 @@ rotateContigSamples32bits(uint16_t rotat
+ /* Rotate an image by a multiple of 90 degrees clockwise */
+ static int
+ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+- uint32_t *img_length, unsigned char **ibuff_ptr)
++ uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params)
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+@@ -8874,11 +8875,15 @@ rotateImage(uint16_t rotation, struct im
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+
+ case 270: if ((bps % 8) == 0) /* byte aligned data */
+@@ -8951,11 +8956,15 @@ rotateImage(uint16_t rotation, struct im
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+ default:
+ break;
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
new file mode 100644
index 0000000..8372bc3
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
@@ -0,0 +1,128 @@
+From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sun, 5 Feb 2023 15:53:15 +0000
+Subject: [PATCH] tiffcrop: added check for assumption on composite images
+ (fixes #496)
+
+tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action.
+
+Closes #496, #497, #498, #500, #501.
+
+Upstream-Status: Backport [import from fedora https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440 ]
+CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 66 insertions(+), 2 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 84e26ac6..480b927c 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -5329,18 +5329,39 @@
+
+ crop->regionlist[i].buffsize = buffsize;
+ crop->bufftotal += buffsize;
++ /* For composite images with more than one region, the
++ * combined_length or combined_width always needs to be equal,
++ * respectively.
++ * Otherwise, even the first section/region copy
++ * action might cause buffer overrun. */
+ if (crop->img_mode == COMPOSITE_IMAGES)
+ {
+ switch (crop->edge_ref)
+ {
+ case EDGE_LEFT:
+ case EDGE_RIGHT:
++ if (i > 0 && zlength != crop->combined_length)
++ {
++ TIFFError(
++ "computeInputPixelOffsets",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (-1);
++ }
+ crop->combined_length = zlength;
+ crop->combined_width += zwidth;
+ break;
+ case EDGE_BOTTOM:
+ case EDGE_TOP: /* width from left, length from top */
+ default:
++ if (i > 0 && zwidth != crop->combined_width)
++ {
++ TIFFError("computeInputPixelOffsets",
++ "Only equal width regions can be "
++ "combined for -E "
++ "top or bottom");
++ return (-1);
++ }
+ crop->combined_width = zwidth;
+ crop->combined_length += zlength;
+ break;
+@@ -6546,6 +6567,46 @@
+ crop->combined_width = 0;
+ crop->combined_length = 0;
+
++ /* If there is more than one region, check beforehand whether all the width
++ * and length values of the regions are the same, respectively. */
++ switch (crop->edge_ref)
++ {
++ default:
++ case EDGE_TOP:
++ case EDGE_BOTTOM:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_width0 =
++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1;
++ uint32_t crop_width1 =
++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++ if (crop_width0 != crop_width1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal width regions can be combined for -E "
++ "top or bottom");
++ return (1);
++ }
++ }
++ break;
++ case EDGE_LEFT:
++ case EDGE_RIGHT:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_length0 =
++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1;
++ uint32_t crop_length1 =
++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
++ if (crop_length0 != crop_length1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (1);
++ }
++ }
++ }
++
+ for (i = 0; i < crop->selections; i++)
+ {
+ /* rows, columns, width, length are expressed in pixels */
+@@ -6570,7 +6631,8 @@
+ default:
+ case EDGE_TOP:
+ case EDGE_BOTTOM:
+- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width))
++ if ((crop->selections > i + 1) &&
++ (crop_width != crop->regionlist[i + 1].width))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal width regions can be combined for -E top or bottom");
+@@ -6651,7 +6713,8 @@
+ break;
+ case EDGE_LEFT: /* splice the pieces of each row together, side by side */
+ case EDGE_RIGHT:
+- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length))
++ if ((crop->selections > i + 1) &&
++ (crop_length != crop->regionlist[i + 1].length))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal length regions can be combined for -E left or right");
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
index caf6f60..9df3c5a 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
@@ -12,6 +12,14 @@
file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
file://CVE-2022-34526.patch \
file://CVE-2022-2953.patch \
+ file://CVE-2022-3970.patch \
+ file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \
+ file://0001-tiffcrop-S-option-Make-decision-simpler.patch \
+ file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \
+ file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
+ file://CVE-2022-48281.patch \
+ file://CVE-2023-0800_0801_0802_0803_0804.patch \
+ file://CVE-2023-0795_0796_0797_0798_0799.patch \
"
SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed"
@@ -25,7 +33,6 @@
# These issues only affect libtiff post-4.3.0 but before 4.4.0,
# caused by 3079627e and fixed by b4e79bfa.
CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
-
# Issue is in jbig which we don't enable
CVE_CHECK_IGNORE += "CVE-2022-1210"
@@ -41,6 +48,7 @@
PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg,"
PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib,"
PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz,"
+PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp,"
# Convert single-strip uncompressed images to multiple strips of specified
# size (default: 8192) to reduce memory usage
diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
similarity index 90%
rename from poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb
rename to poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
index 5f776c1..7082010 100644
--- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb
+++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
@@ -13,7 +13,7 @@
REQUIRED_DISTRO_FEATURES = "opengl"
SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "45aa833c44ec292f31fa943b01b8cc75e54eb623ad7ba6a66fc2f118fe69e629"
+SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155"
# Especially helps compiling with clang which enable this as error when
# using c++11
diff --git a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch b/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
deleted file mode 100644
index 6f27876..0000000
--- a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 6b638fa9afbeb54dfa19378e391465a5284ce1ad Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 12 Sep 2018 17:16:36 +0800
-Subject: [PATCH] Fix error handling in gdbm
-
-Only check for gdbm_errno if the return value of the called gdbm_*
-function says so. This fixes apr-util with gdbm 1.14, which does not
-seem to always reset gdbm_errno.
-
-Also make the gdbm driver return error codes starting with
-APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is
-what the berkleydb driver already does.
-
-Also ensure that dsize is 0 if dptr == NULL.
-
-Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1825311]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- dbm/apr_dbm_gdbm.c | 47 +++++++++++++++++++++++++++++------------------
- 1 file changed, 29 insertions(+), 18 deletions(-)
-
-diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c
-index 749447a..1c86327 100644
---- a/dbm/apr_dbm_gdbm.c
-+++ b/dbm/apr_dbm_gdbm.c
-@@ -36,13 +36,25 @@
- static apr_status_t g2s(int gerr)
- {
- if (gerr == -1) {
-- /* ### need to fix this */
-- return APR_EGENERAL;
-+ if (gdbm_errno == GDBM_NO_ERROR)
-+ return APR_SUCCESS;
-+ return APR_OS_START_USEERR + gdbm_errno;
- }
-
- return APR_SUCCESS;
- }
-
-+static apr_status_t gdat2s(datum d)
-+{
-+ if (d.dptr == NULL) {
-+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND)
-+ return APR_SUCCESS;
-+ return APR_OS_START_USEERR + gdbm_errno;
-+ }
-+
-+ return APR_SUCCESS;
-+}
-+
- static apr_status_t datum_cleanup(void *dptr)
- {
- if (dptr)
-@@ -53,22 +65,15 @@ static apr_status_t datum_cleanup(void *dptr)
-
- static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said)
- {
-- apr_status_t rv = APR_SUCCESS;
-
-- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */
-+ dbm->errcode = dbm_said;
-
-- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) {
-+ if (dbm_said == APR_SUCCESS)
- dbm->errmsg = NULL;
-- }
-- else {
-- dbm->errmsg = gdbm_strerror(gdbm_errno);
-- rv = APR_EGENERAL; /* ### need something better */
-- }
--
-- /* captured it. clear it now. */
-- gdbm_errno = GDBM_NO_ERROR;
-+ else
-+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR);
-
-- return rv;
-+ return dbm_said;
- }
-
- /* --------------------------------------------------------------------------
-@@ -107,7 +112,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname,
- NULL);
-
- if (file == NULL)
-- return APR_EGENERAL; /* ### need a better error */
-+ return APR_OS_START_USEERR + gdbm_errno; /* ### need a better error */
-
- /* we have an open database... return it */
- *pdb = apr_pcalloc(pool, sizeof(**pdb));
-@@ -141,10 +146,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key,
- if (pvalue->dptr)
- apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pvalue->dsize = 0;
-
- /* store the error info into DBM, and return a status code. Also, note
- that *pvalue should have been cleared on error. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key,
-@@ -201,9 +208,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey)
- if (pkey->dptr)
- apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pkey->dsize = 0;
-
- /* store any error info into DBM, and return a status code. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
-@@ -221,9 +230,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
- if (pkey->dptr)
- apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pkey->dsize = 0;
-
- /* store any error info into DBM, and return a status code. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data)
---
-2.7.4
-
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb
similarity index 93%
rename from poky/meta/recipes-support/apr/apr-util_1.6.1.bb
rename to poky/meta/recipes-support/apr/apr-util_1.6.3.bb
index b851d46..7c6fcc6 100644
--- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb
@@ -13,11 +13,9 @@
file://configfix.patch \
file://configure_fixes.patch \
file://run-ptest \
- file://0001-Fix-error-handling-in-gdbm.patch \
-"
+ "
-SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
-SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
+SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983"
EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
--without-odbc \
diff --git a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
index abff4e9..a274f3a 100644
--- a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
+++ b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
@@ -1,14 +1,15 @@
-From 2bbe20b4f69e84e7a18bc79d382486953f479328 Mon Sep 17 00:00:00 2001
+From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman <jpuhlman@mvista.com>
Date: Thu, 26 Mar 2020 18:30:36 +0000
Subject: [PATCH] Add option to disable timed dependant tests
-The disabled tests rely on timing to pass correctly. On a virtualized
+The disabled tests rely on timing to pass correctly. On a virtualized
system under heavy load, these tests randomly fail because they miss
a timer or other timing related issues.
Upstream-Status: Pending
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+
---
configure.in | 6 ++++++
include/apr.h.in | 1 +
@@ -16,10 +17,10 @@
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
-index d9f32d6..f0c5661 100644
+index bfd488b..3663220 100644
--- a/configure.in
+++ b/configure.in
-@@ -2886,6 +2886,12 @@ AC_ARG_ENABLE(timedlocks,
+@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks,
)
AC_SUBST(apr_has_timedlocks)
@@ -45,10 +46,10 @@
#define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@
diff --git a/test/testlock.c b/test/testlock.c
-index a43f477..6233d0b 100644
+index e3437c1..04e01b9 100644
--- a/test/testlock.c
+++ b/test/testlock.c
-@@ -396,13 +396,13 @@ abts_suite *testlock(abts_suite *suite)
+@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, threads_not_impl, NULL);
#else
abts_run_test(suite, test_thread_mutex, NULL);
@@ -56,6 +57,8 @@
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_thread_timedmutex, NULL);
#endif
+ abts_run_test(suite, test_thread_nestedmutex, NULL);
+@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, test_thread_rwlock, NULL);
abts_run_test(suite, test_cond, NULL);
abts_run_test(suite, test_timeoutcond, NULL);
@@ -63,7 +66,4 @@
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_timeoutmutex, NULL);
#endif
- #endif
---
-2.23.0
-
+ #ifdef WIN32
diff --git a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
deleted file mode 100644
index d0a9bd9..0000000
--- a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 23 Aug 2022 22:42:03 -0700
-Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type
-
-APR's configure script uses AC_TRY_RUN to detect whether the return type
-of strerror_r is int. When cross-compiling this defaults to no.
-
-This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
-influence the outcome with a configure variable.
-
-Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- build/apr_common.m4 | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/build/apr_common.m4 b/build/apr_common.m4
-index cbf2a4c..42e75cf 100644
---- a/build/apr_common.m4
-+++ b/build/apr_common.m4
-@@ -525,8 +525,9 @@ dnl string.
- dnl
- dnl
- AC_DEFUN([APR_CHECK_STRERROR_R_RC], [
--AC_MSG_CHECKING(for type of return code from strerror_r)
--AC_TRY_RUN([
-+AC_CACHE_CHECK([whether return code from strerror_r has type int],
-+[ac_cv_strerror_r_rc_int],
-+[AC_TRY_RUN([
- #include <errno.h>
- #include <string.h>
- #include <stdio.h>
-@@ -542,14 +543,10 @@ main()
- }], [
- ac_cv_strerror_r_rc_int=yes ], [
- ac_cv_strerror_r_rc_int=no ], [
-- ac_cv_strerror_r_rc_int=no ] )
-+ ac_cv_strerror_r_rc_int=no ] ) ] )
- if test "x$ac_cv_strerror_r_rc_int" = xyes; then
- AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int])
-- msg="int"
--else
-- msg="pointer"
- fi
--AC_MSG_RESULT([$msg])
- ] )
-
- dnl
---
-2.37.2
-
diff --git a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
index fa6202d..a78b162 100644
--- a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
+++ b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
@@ -1,4 +1,4 @@
-From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001
+From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 26 Aug 2022 00:28:08 -0700
Subject: [PATCH] configure: Remove runtime test for mmap that can map
@@ -10,24 +10,25 @@
Upstream-Status: Inappropriate [Cross-compile specific]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
---
- configure.in | 32 --------------------------------
- 1 file changed, 32 deletions(-)
+ configure.in | 30 ------------------------------
+ 1 file changed, 30 deletions(-)
diff --git a/configure.in b/configure.in
-index a99049d..f1f55c7 100644
+index 3663220..dce9789 100644
--- a/configure.in
+++ b/configure.in
-@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
+@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
APR_CHECK_DEFINE(MAP_ANON, sys/mman.h)
AC_CHECK_FILE(/dev/zero)
-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that.
-if test "$ac_cv_func_mmap" = "yes" &&
-- test "$ac_cv_file__dev_zero" = "yes"; then
-- AC_MSG_CHECKING(for mmap that can map /dev/zero)
-- AC_TRY_RUN([
--#include <sys/types.h>
+- test "$ac_cv_file__dev_zero" = "yes"; then
+- AC_CACHE_CHECK([for mmap that can map /dev/zero],
+- [ac_cv_mmap__dev_zero],
+- [AC_TRY_RUN([#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#ifdef HAVE_SYS_MMAN_H
@@ -49,14 +50,9 @@
- return 3;
- }
- return 0;
-- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])
--
-- AC_MSG_RESULT($ac_cv_file__dev_zero)
+- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])])
-fi
-
# Now we determine which one is our anonymous shmem preference.
haveshmgetanon="0"
havemmapzero="0"
---
-2.37.2
-
diff --git a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
index 72e706f..d63423f 100644
--- a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
+++ b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
@@ -1,8 +1,7 @@
-From 5925b20da8bbc34d9bf5a5dca123ef38864d43c6 Mon Sep 17 00:00:00 2001
+From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 30 Jan 2018 09:39:06 +0800
-Subject: [PATCH 2/7] apr: Remove workdir path references from installed apr
- files
+Subject: [PATCH] apr: Remove workdir path references from installed apr files
Upstream-Status: Inappropriate [configuration]
@@ -14,20 +13,23 @@
Rebase to 1.6.3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
- apr-config.in | 26 ++------------------------
- 1 file changed, 2 insertions(+), 24 deletions(-)
+ apr-config.in | 32 ++------------------------------
+ 1 file changed, 2 insertions(+), 30 deletions(-)
diff --git a/apr-config.in b/apr-config.in
-index 84b4073..bbbf651 100644
+index bed47ca..47874e5 100644
--- a/apr-config.in
+++ b/apr-config.in
-@@ -152,14 +152,7 @@ while test $# -gt 0; do
+@@ -164,16 +164,7 @@ while test $# -gt 0; do
flags="$flags $LDFLAGS"
;;
--includes)
- if test "$location" = "installed"; then
flags="$flags -I$includedir $EXTRA_INCLUDES"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES"
- elif test "$location" = "source"; then
- flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES"
- else
@@ -37,13 +39,15 @@
;;
--srcdir)
echo $APR_SOURCE_DIR
-@@ -181,29 +174,14 @@ while test $# -gt 0; do
+@@ -197,33 +188,14 @@ while test $# -gt 0; do
exit 0
;;
--link-ld)
- if test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
- flags="$flags -L$libdir -l${APR_LIBNAME}"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}"
- else
- ### this surely can't work since the library is in .libs?
- flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}"
@@ -62,6 +66,8 @@
- # Since the user is specifying they are linking with libtool, we
- # *know* that -R will be recognized by libtool.
- flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}"
- else
- flags="$flags $LA_FILE"
- fi
@@ -69,6 +75,3 @@
;;
--shlib-path-var)
echo "$SHLIBPATH_VAR"
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch b/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
deleted file mode 100644
index 4dd53bd..0000000
--- a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d5028c10f156c224475b340cfb1ba025d6797243 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Fri, 2 Feb 2018 15:51:42 +0800
-Subject: [PATCH 3/7] Makefile.in/configure.in: support cross compiling
-
-While cross compiling, the tools/gen_test_char could not
-be executed at build time, use AX_PROG_CC_FOR_BUILD to
-build native tools/gen_test_char
-
-Upstream-Status: Submitted [https://github.com/apache/apr/pull/8]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- Makefile.in | 10 +++-------
- configure.in | 3 +++
- 2 files changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 5fb760e..8675f90 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -46,7 +46,7 @@ LT_VERSION = @LT_VERSION@
-
- CLEAN_TARGETS = apr-config.out apr.exp exports.c export_vars.c .make.dirs \
- build/apr_rules.out tools/gen_test_char@EXEEXT@ \
-- tools/gen_test_char.o tools/gen_test_char.lo \
-+ tools/gen_test_char.o \
- include/private/apr_escape_test_char.h
- DISTCLEAN_TARGETS = config.cache config.log config.status \
- include/apr.h include/arch/unix/apr_private.h \
-@@ -131,13 +131,9 @@ check: $(TARGET_LIB)
- etags:
- etags `find . -name '*.[ch]'`
-
--OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS)
--tools/gen_test_char.lo: tools/gen_test_char.c
-+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c
- $(APR_MKDIR) tools
-- $(LT_COMPILE)
--
--tools/gen_test_char@EXEEXT@: $(OBJECTS_gen_test_char)
-- $(LINK_PROG) $(OBJECTS_gen_test_char) $(ALL_LIBS)
-+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@
-
- include/private/apr_escape_test_char.h: tools/gen_test_char@EXEEXT@
- $(APR_MKDIR) include/private
-diff --git a/configure.in b/configure.in
-index 719f331..361120f 100644
---- a/configure.in
-+++ b/configure.in
-@@ -183,6 +183,9 @@ dnl can only be used once within a configure script, so this prevents a
- dnl preload section from invoking the macro to get compiler info.
- AC_PROG_CC
-
-+dnl Check build CC for gen_test_char compiling which is executed at build time.
-+AX_PROG_CC_FOR_BUILD
-+
- dnl AC_PROG_SED is only avaliable in recent autoconf versions.
- dnl Use AC_CHECK_PROG instead if AC_PROG_SED is not present.
- ifdef([AC_PROG_SED],
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch b/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
deleted file mode 100644
index d1a2ebe..0000000
--- a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 49661ea3858cf8494926cccf57d3e8c6dcb47117 Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Wed, 14 Dec 2016 18:13:08 +0800
-Subject: [PATCH] apr: fix off_t size doesn't match in glibc when cross
- compiling
-
-In configure.in, it contains the following:
-
- APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
-
-the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4,
-it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross
-compiling enable.
-
-So it was hardcoded for cross compiling, we should detect it dynamic based on
-the sysroot's glibc. We change it to the following:
-
- AC_CHECK_SIZEOF(off_t)
-
-The same for the following hardcoded types for cross compiling:
-
- pid_t 8
- ssize_t 8
- size_t 8
- off_t 8
-
-Change the above correspondingly.
-
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
-
-Upstream-Status: Pending
-
----
- configure.in | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 27b8539..fb408d1 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1801,7 +1801,7 @@ else
- socklen_t_value="int"
- fi
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], pid_t, 8)
-+AC_CHECK_SIZEOF(pid_t)
-
- if test "$ac_cv_sizeof_pid_t" = "$ac_cv_sizeof_short"; then
- pid_t_fmt='#define APR_PID_T_FMT "hd"'
-@@ -1873,7 +1873,7 @@ APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned long, lu, [size_t_fmt="lu"], [
- APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned int, u, [size_t_fmt="u"])
- ])
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], ssize_t, 8)
-+AC_CHECK_SIZEOF(ssize_t)
-
- dnl the else cases below should no longer occur;
- AC_MSG_CHECKING([which format to use for apr_ssize_t])
-@@ -1891,7 +1891,7 @@ fi
-
- ssize_t_fmt="#define APR_SSIZE_T_FMT \"$ssize_t_fmt\""
-
--APR_CHECK_SIZEOF_EXTENDED([#include <stddef.h>], size_t, 8)
-+AC_CHECK_SIZEOF(size_t)
-
- # else cases below should no longer occur;
- AC_MSG_CHECKING([which format to use for apr_size_t])
-@@ -1909,7 +1909,7 @@ fi
-
- size_t_fmt="#define APR_SIZE_T_FMT \"$size_t_fmt\""
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
-+AC_CHECK_SIZEOF(off_t)
-
- if test "${ac_cv_sizeof_off_t}${apr_cv_use_lfs64}" = "4yes"; then
- # Enable LFS
diff --git a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch
deleted file mode 100644
index 00befda..0000000
--- a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-
-SECURITY: CVE-2021-35940 (cve.mitre.org)
-
-Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
-was addressed in 1.6.x in 1.6.3 and later via r1807976.
-
-The fix was merged back to 1.7.x in r1891198.
-
-Since this was a regression in 1.7.0, a new CVE name has been assigned
-to track this, CVE-2021-35940.
-
-Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
-
-https://svn.apache.org/viewvc?view=revision&revision=1891198
-
-Upstream-Status: Backport
-CVE: CVE-2021-35940
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-
-Index: time/unix/time.c
-===================================================================
---- a/time/unix/time.c (revision 1891197)
-+++ b/time/unix/time.c (revision 1891198)
-@@ -142,6 +142,9 @@
- static const int dayoffset[12] =
- {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
-
-+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
-+ return APR_EBADDATE;
-+
- /* shift new year to 1st March in order to make leap year calc easy */
-
- if (xt->tm_mon < 2)
-Index: time/win32/time.c
-===================================================================
---- a/time/win32/time.c (revision 1891197)
-+++ b/time/win32/time.c (revision 1891198)
-@@ -54,6 +54,9 @@
- static const int dayoffset[12] =
- {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
-
-+ if (tm->wMonth < 1 || tm->wMonth > 12)
-+ return APR_EBADDATE;
-+
- /* Note; the caller is responsible for filling in detailed tm_usec,
- * tm_gmtoff and tm_isdst data when applicable.
- */
-@@ -228,6 +231,9 @@
- static const int dayoffset[12] =
- {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
-
-+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
-+ return APR_EBADDATE;
-+
- /* shift new year to 1st March in order to make leap year calc easy */
-
- if (xt->tm_mon < 2)
diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch
deleted file mode 100644
index 9f7b5c6..0000000
--- a/poky/meta/recipes-support/apr/apr/autoconf270.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-With autoconf 2.70 confdefs.h is already included. Including it twice generates
-compiler warnings and since this macros is to error on warnings, it breaks.
-
-Fix by not including the file.
-
-Upstream-Status: Pending
-RP - 2021/1/28
-
-Index: apr-1.7.0/build/apr_common.m4
-===================================================================
---- apr-1.7.0.orig/build/apr_common.m4
-+++ apr-1.7.0/build/apr_common.m4
-@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
- fi
- AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE(
-- [#include "confdefs.h"
-- ]
-+ []
- [[$1]]
- [int main(int argc, const char *const *argv) {]
- [[$2]]
diff --git a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch
index 740792e..80ce43c 100644
--- a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch
+++ b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch
@@ -1,6 +1,7 @@
+From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
-Subject: check for libtoolize rather than libtool
-Last-Update: 2014-09-19
+Date: Tue, 7 Feb 2023 07:04:00 +0000
+Subject: [PATCH] check for libtoolize rather than libtool
libtool is now in package libtool-bin, but apr only needs libtoolize.
@@ -8,14 +9,22 @@
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---- apr.orig/build/buildcheck.sh
-+++ apr/build/buildcheck.sh
-@@ -39,11 +39,11 @@ fi
+---
+ build/buildcheck.sh | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/build/buildcheck.sh b/build/buildcheck.sh
+index 44921b5..08bc8a8 100755
+--- a/build/buildcheck.sh
++++ b/build/buildcheck.sh
+@@ -39,13 +39,11 @@ fi
# ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a
# output is multiline from 1.5 onwards
-# Require libtool 1.4 or newer
--libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+-if test -z "$libtool"; then
+- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+-fi
-lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
+# Require libtoolize 1.4 or newer
+libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14`
diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.2.bb
similarity index 91%
rename from poky/meta/recipes-support/apr/apr_1.7.0.bb
rename to poky/meta/recipes-support/apr/apr_1.7.2.bb
index cb4bb93..c9059c9 100644
--- a/poky/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/poky/meta/recipes-support/apr/apr_1.7.2.bb
@@ -16,21 +16,15 @@
SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://run-ptest \
file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \
- file://0003-Makefile.in-configure.in-support-cross-compiling.patch \
file://0004-Fix-packet-discards-HTTP-redirect.patch \
file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \
- file://0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch \
file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
- file://autoconf270.patch \
- file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \
file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \
- file://CVE-2021-35940.patch \
"
-SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-SRC_URI[sha256sum] = "e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea"
+SRC_URI[sha256sum] = "75e77cc86776c030c0a5c408dfbd0bf2a0b75eed5351e52d5439fa1e5509a43e"
inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script
diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb
index 78c51e7..89b7bf2 100644
--- a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb
+++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb
@@ -9,7 +9,7 @@
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https"
+SRC_URI = "git://github.com/intel/${BPN};branch=main;protocol=https"
SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch
new file mode 100644
index 0000000..03a7ac5
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch
@@ -0,0 +1,27 @@
+From dd31455d46dcf9e3a1b8bd37e671af1a6af52807 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 15 Sep 2022 09:22:45 +0200
+Subject: [PATCH] setopt: when POST is set, reset the 'upload' field
+
+Reported-by: RobBotic1 on github
+Fixes #9507
+Closes #9511
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d6]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/setopt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index d5e3b50..b8793b4 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -696,6 +696,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+ }
+ else
+ data->set.method = HTTPREQ_GET;
++ data->set.upload = FALSE;
+ break;
+
+ case CURLOPT_HTTPPOST:
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch
new file mode 100644
index 0000000..a4aae69
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch
@@ -0,0 +1,73 @@
+From 9169e54444bdca7b5e7b44034c463fe5fc801e88 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 4 Oct 2022 14:37:24 +0200
+Subject: [PATCH] netrc: replace fgets with Curl_get_line
+
+Make the parser only accept complete lines and avoid problems with
+overly long lines.
+
+Reported-by: Hiroki Kurosawa
+
+Closes #9789
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa86]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/curl_get_line.c | 6 +++---
+ lib/netrc.c | 5 +++--
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c
+index 6a26bb2..22e3705 100644
+--- a/lib/curl_get_line.c
++++ b/lib/curl_get_line.c
+@@ -25,7 +25,7 @@
+ #include "curl_setup.h"
+
+ #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \
+- !defined(CURL_DISABLE_HSTS)
++ !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC)
+
+ #include "curl_get_line.h"
+ #include "curl_memory.h"
+@@ -33,8 +33,8 @@
+ #include "memdebug.h"
+
+ /*
+- * get_line() makes sure to only return complete whole lines that fit in 'len'
+- * bytes and end with a newline.
++ * Curl_get_line() makes sure to only return complete whole lines that fit in
++ * 'len' bytes and end with a newline.
+ */
+ char *Curl_get_line(char *buf, int len, FILE *input)
+ {
+diff --git a/lib/netrc.c b/lib/netrc.c
+index 62a6a10..5d17482 100644
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -33,6 +33,7 @@
+ #include "netrc.h"
+ #include "strtok.h"
+ #include "strcase.h"
++#include "curl_get_line.h"
+
+ /* The last 3 #include files should be in this order */
+ #include "curl_printf.h"
+@@ -84,7 +85,7 @@ static int parsenetrc(const char *host,
+ char netrcbuffer[4096];
+ int netrcbuffsize = (int)sizeof(netrcbuffer);
+
+- while(!done && fgets(netrcbuffer, netrcbuffsize, file)) {
++ while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) {
+ char *tok;
+ char *tok_end;
+ bool quoted;
+@@ -243,7 +244,7 @@ static int parsenetrc(const char *host,
+ } /* switch (state) */
+ tok = ++tok_end;
+ }
+- } /* while fgets() */
++ } /* while Curl_get_line() */
+
+ out:
+ if(!retcode) {
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch
new file mode 100644
index 0000000..43de6e6
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch
@@ -0,0 +1,53 @@
+From 3ede0e72aaad6447d2a5ab07dac43e1b9d7e617b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 6 Oct 2022 14:13:36 +0200
+Subject: [PATCH] http_proxy: restore the protocol pointer on error
+
+Reported-by: Trail of Bits
+
+Closes #9790
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315ce]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/http_proxy.c | 6 ++----
+ lib/url.c | 9 ---------
+ 2 files changed, 2 insertions(+), 13 deletions(-)
+
+diff --git a/lib/http_proxy.c b/lib/http_proxy.c
+index 1f87f6c..cc20b3a 100644
+--- a/lib/http_proxy.c
++++ b/lib/http_proxy.c
+@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data)
+ Curl_dyn_free(&s->rcvbuf);
+ Curl_dyn_free(&s->req);
+
+- /* restore the protocol pointer, if not already done */
+- if(s->prot_save)
+- data->req.p.http = s->prot_save;
+- s->prot_save = NULL;
++ /* restore the protocol pointer */
++ data->req.p.http = s->prot_save;
+ data->info.httpcode = 0; /* clear it as it might've been used for the
+ proxy */
+ data->req.ignorebody = FALSE;
+diff --git a/lib/url.c b/lib/url.c
+index bfc784f..61c99d2 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -746,15 +746,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
+ DEBUGASSERT(data);
+ infof(data, "Closing connection %ld", conn->connection_id);
+
+-#ifndef USE_HYPER
+- if(conn->connect_state && conn->connect_state->prot_save) {
+- /* If this was closed with a CONNECT in progress, cleanup this temporary
+- struct arrangement */
+- data->req.p.http = NULL;
+- Curl_safefree(conn->connect_state->prot_save);
+- }
+-#endif
+-
+ /* possible left-overs from the async name resolvers */
+ Curl_resolver_cancel(data);
+
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch
new file mode 100644
index 0000000..000af69
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch
@@ -0,0 +1,134 @@
+From 401455229a5006bed0346fedc99791ccb53e146c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 12 Oct 2022 10:47:59 +0200
+Subject: [PATCH] url: use IDN decoded names for HSTS checks
+
+Reported-by: Hiroki Kurosawa
+
+Closes #9791
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/53bcf55b4538067e6]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/url.c | 91 ++++++++++++++++++++++++++++---------------------------
+ 1 file changed, 47 insertions(+), 44 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 61c99d2..6426fa7 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -2024,10 +2024,56 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+ failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN);
+ return CURLE_URL_MALFORMAT;
+ }
++ hostname = data->state.up.hostname;
++
++ if(hostname && hostname[0] == '[') {
++ /* This looks like an IPv6 address literal. See if there is an address
++ scope. */
++ size_t hlen;
++ conn->bits.ipv6_ip = TRUE;
++ /* cut off the brackets! */
++ hostname++;
++ hlen = strlen(hostname);
++ hostname[hlen - 1] = 0;
++
++ zonefrom_url(uh, data, conn);
++ }
++
++ /* make sure the connect struct gets its own copy of the host name */
++ conn->host.rawalloc = strdup(hostname ? hostname : "");
++ if(!conn->host.rawalloc)
++ return CURLE_OUT_OF_MEMORY;
++ conn->host.name = conn->host.rawalloc;
++
++ /*************************************************************
++ * IDN-convert the hostnames
++ *************************************************************/
++ result = Curl_idnconvert_hostname(data, &conn->host);
++ if(result)
++ return result;
++ if(conn->bits.conn_to_host) {
++ result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
++ if(result)
++ return result;
++ }
++#ifndef CURL_DISABLE_PROXY
++ if(conn->bits.httpproxy) {
++ result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
++ if(result)
++ return result;
++ }
++ if(conn->bits.socksproxy) {
++ result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
++ if(result)
++ return result;
++ }
++#endif
+
+ #ifndef CURL_DISABLE_HSTS
++ /* HSTS upgrade */
+ if(data->hsts && strcasecompare("http", data->state.up.scheme)) {
+- if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) {
++ /* This MUST use the IDN decoded name */
++ if(Curl_hsts(data->hsts, conn->host.name, TRUE)) {
+ char *url;
+ Curl_safefree(data->state.up.scheme);
+ uc = curl_url_set(uh, CURLUPART_SCHEME, "https", 0);
+@@ -2133,26 +2179,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+
+ (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0);
+
+- hostname = data->state.up.hostname;
+- if(hostname && hostname[0] == '[') {
+- /* This looks like an IPv6 address literal. See if there is an address
+- scope. */
+- size_t hlen;
+- conn->bits.ipv6_ip = TRUE;
+- /* cut off the brackets! */
+- hostname++;
+- hlen = strlen(hostname);
+- hostname[hlen - 1] = 0;
+-
+- zonefrom_url(uh, data, conn);
+- }
+-
+- /* make sure the connect struct gets its own copy of the host name */
+- conn->host.rawalloc = strdup(hostname ? hostname : "");
+- if(!conn->host.rawalloc)
+- return CURLE_OUT_OF_MEMORY;
+- conn->host.name = conn->host.rawalloc;
+-
+ #ifdef ENABLE_IPV6
+ if(data->set.scope_id)
+ /* Override any scope that was set above. */
+@@ -3781,29 +3807,6 @@ static CURLcode create_conn(struct Curl_easy *data,
+ if(result)
+ goto out;
+
+- /*************************************************************
+- * IDN-convert the hostnames
+- *************************************************************/
+- result = Curl_idnconvert_hostname(data, &conn->host);
+- if(result)
+- goto out;
+- if(conn->bits.conn_to_host) {
+- result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
+- if(result)
+- goto out;
+- }
+-#ifndef CURL_DISABLE_PROXY
+- if(conn->bits.httpproxy) {
+- result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
+- if(result)
+- goto out;
+- }
+- if(conn->bits.socksproxy) {
+- result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
+- if(result)
+- goto out;
+- }
+-#endif
+
+ /*************************************************************
+ * Check whether the host and the "connect to host" are equal.
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch
new file mode 100644
index 0000000..7c617ef
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch
@@ -0,0 +1,32 @@
+From 08aa76b7b24454a89866aaef661ea90ae3d57900 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 19 Dec 2022 08:36:55 +0100
+Subject: [PATCH] http: use the IDN decoded name in HSTS checks
+
+Otherwise it stores the info HSTS into the persistent cache for the IDN
+name which will not match when the HSTS status is later checked for
+using the decoded name.
+
+Reported-by: Hiroki Kurosawa
+
+Closes #10111
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/9e71901634e276dd]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index b0ad28e..8b18e8d 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -3654,7 +3654,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
+ else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) &&
+ (conn->handler->flags & PROTOPT_SSL)) {
+ CURLcode check =
+- Curl_hsts_parse(data->hsts, data->state.up.hostname,
++ Curl_hsts_parse(data->hsts, conn->host.name,
+ headp + strlen("Strict-Transport-Security:"));
+ if(check)
+ infof(data, "Illegal STS header skipped");
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch
new file mode 100644
index 0000000..059dad1
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch
@@ -0,0 +1,78 @@
+From 6ae56c9c47b02106373c9482f09c510fd5c50a84 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 19 Dec 2022 08:38:37 +0100
+Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
+
+It is managed by the generic layer.
+
+Reported-by: Trail of Bits
+
+Closes #10112
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe1]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/smb.c | 14 ++------------
+ lib/telnet.c | 3 ---
+ 2 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/lib/smb.c b/lib/smb.c
+index 039d680..f682c1f 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -62,8 +62,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
+ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
+ static CURLcode smb_do(struct Curl_easy *data, bool *done);
+ static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+- bool premature);
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+ struct connectdata *conn, bool dead);
+ static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
+@@ -78,7 +76,7 @@ const struct Curl_handler Curl_handler_smb = {
+ "SMB", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ smb_do, /* do_it */
+- smb_done, /* done */
++ ZERO_NULL, /* done */
+ ZERO_NULL, /* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+@@ -105,7 +103,7 @@ const struct Curl_handler Curl_handler_smbs = {
+ "SMBS", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ smb_do, /* do_it */
+- smb_done, /* done */
++ ZERO_NULL, /* done */
+ ZERO_NULL, /* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+@@ -941,14 +939,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+ return CURLE_OK;
+ }
+
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+- bool premature)
+-{
+- (void) premature;
+- Curl_safefree(data->req.p.smb);
+- return status;
+-}
+-
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+ struct connectdata *conn, bool dead)
+ {
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 923c7f8..48cd0d7 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct Curl_easy *data,
+
+ curl_slist_free_all(tn->telnet_vars);
+ tn->telnet_vars = NULL;
+-
+- Curl_safefree(data->req.p.telnet);
+-
+ return CURLE_OK;
+ }
+
diff --git a/poky/meta/recipes-support/curl/curl_7.85.0.bb b/poky/meta/recipes-support/curl/curl_7.85.0.bb
index ad6a517..4e05434 100644
--- a/poky/meta/recipes-support/curl/curl_7.85.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.85.0.bb
@@ -6,13 +6,19 @@
HOMEPAGE = "https://curl.se/"
BUGTRACKER = "https://github.com/curl/curl/issues"
SECTION = "console/network"
-LICENSE = "MIT-open-group"
+LICENSE = "curl"
LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238"
SRC_URI = " \
https://curl.se/download/${BP}.tar.xz \
file://run-ptest \
file://disable-tests \
+ file://CVE-2022-32221.patch \
+ file://CVE-2022-35260.patch \
+ file://CVE-2022-42915.patch \
+ file://CVE-2022-42916.patch \
+ file://CVE-2022-43551.patch \
+ file://CVE-2022-43552.patch \
"
SRC_URI[sha256sum] = "88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6"
@@ -32,14 +38,16 @@
PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
+# Don't use this in production
+PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
-PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
-PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
+PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap"
+PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap"
PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
@@ -68,9 +76,7 @@
--enable-crypto-auth \
--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
--without-libpsl \
- --enable-debug \
--enable-optimize \
- --disable-curldebug \
${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \
"
diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb
similarity index 97%
rename from poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb
rename to poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb
index c7d782e..8f979a5 100644
--- a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb
+++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb
@@ -24,7 +24,7 @@
file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
"
-SRC_URI[sha256sum] = "be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106"
+SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
similarity index 93%
rename from poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
rename to poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
index be57398..f3ead5e 100644
--- a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
+++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
@@ -9,7 +9,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985"
+SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
# are inhibited by allarch
diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
index 3f4c7e5..8bd2050 100644
--- a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
+++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
@@ -1,4 +1,4 @@
-From 1c234bc39446eb9b23896e85dd67b02976d46c3d Mon Sep 17 00:00:00 2001
+From a3196f3a06e7bbfde30d143c92a4325be323b3d0 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Thu, 14 Oct 2021 15:57:36 +0800
Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl
diff --git a/poky/meta/recipes-support/libcap/libcap_2.65.bb b/poky/meta/recipes-support/libcap/libcap_2.66.bb
similarity index 96%
rename from poky/meta/recipes-support/libcap/libcap_2.65.bb
rename to poky/meta/recipes-support/libcap/libcap_2.66.bb
index 8013d40..c50e9d8 100644
--- a/poky/meta/recipes-support/libcap/libcap_2.65.bb
+++ b/poky/meta/recipes-support/libcap/libcap_2.66.bb
@@ -20,7 +20,7 @@
SRC_URI:append:class-nativesdk = " \
file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
"
-SRC_URI[sha256sum] = "73e350020cc31fe15360879d19384ffa3395a825f065fcf6bda3a5cdf965bebd"
+SRC_URI[sha256sum] = "15c40ededb3003d70a283fe587a36b7d19c8b3b554e33f86129c059a4bb466b2"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
diff --git a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
index 5e529d1..3ffcb3e 100644
--- a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
+++ b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
@@ -1,4 +1,4 @@
-From 501a6b55853af549fae72723e74271f2a4ec7cf6 Mon Sep 17 00:00:00 2001
+From 000f1500b693a84880d2da49b77b1113f98dde35 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Fri, 27 Nov 2020 15:28:42 +0000
Subject: [PATCH] arm/sysv: reverted clang VFP mitigation
@@ -11,8 +11,9 @@
clang supports the LDC and SDC instructions, this mitigation
has been reverted.
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/libffi/libffi/pull/747]
Signed-off-by: Brett Warren <brett.warren@arm.com>
+
---
src/arm/sysv.S | 33 ---------------------------------
1 file changed, 33 deletions(-)
@@ -99,6 +100,3 @@
b call_epilogue
E(ARM_TYPE_INT64)
ldr r1, [r2, #4]
---
-2.25.1
-
diff --git a/poky/meta/recipes-support/libffi/libffi/not-win32.patch b/poky/meta/recipes-support/libffi/libffi/not-win32.patch
index 62daaf4..38f9b00 100644
--- a/poky/meta/recipes-support/libffi/libffi/not-win32.patch
+++ b/poky/meta/recipes-support/libffi/libffi/not-win32.patch
@@ -1,4 +1,4 @@
-From 306719369a0d3608b4ff2737de74ae284788a14b Mon Sep 17 00:00:00 2001
+From 20bc4e03442e15965ae3907013e9a177878f0323 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Thu, 4 Feb 2016 16:22:50 +0000
Subject: [PATCH] libffi: ensure sysroot paths are not in libffi.pc
@@ -21,11 +21,11 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index b764368..d51ce91 100644
+index 7e8cd98..cf37e88 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -354,7 +354,7 @@ AC_ARG_ENABLE(multi-os-directory,
-
+@@ -405,7 +405,7 @@ AC_ARG_ENABLE(multi-os-directory,
+
# These variables are only ever used when we cross-build to X86_WIN32.
# And we only support this with GCC, so...
-if test "x$GCC" = "xyes"; then
diff --git a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb
similarity index 89%
rename from poky/meta/recipes-support/libffi/libffi_3.4.2.bb
rename to poky/meta/recipes-support/libffi/libffi_3.4.4.bb
index 41c3cad..15d974c 100644
--- a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb
+++ b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb
@@ -8,13 +8,13 @@
A layer must exist above `libffi' that handles type conversions for values passed between the two languages."
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=679b5c9bdc79a2b93ee574e193e7a7bc"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BPN}-${PV}.tar.gz \
file://not-win32.patch \
file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \
"
-SRC_URI[sha256sum] = "540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620"
+SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676"
EXTRA_OECONF += "--disable-builddir --disable-exec-static-tramp"
EXTRA_OECONF:class-native += "--with-gcc-arch=generic"
diff --git a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb
similarity index 72%
rename from poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb
rename to poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb
index ee4d79b..eb7b538 100644
--- a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb
+++ b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb
@@ -1,12 +1,12 @@
SUMMARY = "the Git linkable library"
HOMEPAGE = "http://libgit2.github.com/"
-LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause"
+LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause & Zlib & ISC & LGPL-2.1-or-later & CC0-1.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https"
-SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https"
+SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-support/libical/libical_3.0.14.bb b/poky/meta/recipes-support/libical/libical_3.0.16.bb
similarity index 96%
rename from poky/meta/recipes-support/libical/libical_3.0.14.bb
rename to poky/meta/recipes-support/libical/libical_3.0.16.bb
index 44030fd..61599b2 100644
--- a/poky/meta/recipes-support/libical/libical_3.0.14.bb
+++ b/poky/meta/recipes-support/libical/libical_3.0.16.bb
@@ -15,7 +15,7 @@
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \
"
-SRC_URI[sha256sum] = "4284b780356f1dc6a01f16083e7b836e63d3815e27ed0eaaad684712357ccc8f"
+SRC_URI[sha256sum] = "b44705dd71ca4538c86fb16248483ab4b48978524fb1da5097bd76aa2e0f0c33"
inherit cmake pkgconfig gobject-introspection vala github-releases
diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
index af96bd5..bdb80ff 100644
--- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
+++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
@@ -1,4 +1,4 @@
-From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001
+From ca8174aa81d7bf364b33f7254a9e887735c4996d Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 3 Dec 2012 18:17:31 +0800
Subject: [PATCH] libksba: add pkgconfig support
@@ -16,7 +16,7 @@
1 file changed, 4 insertions(+), 86 deletions(-)
diff --git a/src/ksba.m4 b/src/ksba.m4
-index 6b55bb8..6e7336f 100644
+index 452c245..aa96255 100644
--- a/src/ksba.m4
+++ b/src/ksba.m4
@@ -23,37 +23,6 @@ dnl with a changed API.
@@ -44,7 +44,7 @@
- fi
-
- use_gpgrt_config=""
-- if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+- if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
- if $GPGRT_CONFIG ksba --exists; then
- KSBA_CONFIG="$GPGRT_CONFIG ksba"
- AC_MSG_NOTICE([Use gpgrt-config as ksba-config])
diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb
similarity index 93%
rename from poky/meta/recipes-support/libksba/libksba_1.6.0.bb
rename to poky/meta/recipes-support/libksba/libksba_1.6.3.bb
index f9e8368..dc39693 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb
@@ -24,7 +24,7 @@
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
-SRC_URI[sha256sum] = "dad683e6f2d915d880aa4bed5cea9a115690b8935b78a1bbe01669189307a48b"
+SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
do_configure:prepend () {
# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
similarity index 90%
rename from poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
rename to poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
index 043fed3..7bd66f6 100644
--- a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
+++ b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
@@ -7,7 +7,7 @@
DEPENDS = "file"
SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb"
+SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c"
inherit autotools lib_package pkgconfig gettext
diff --git a/poky/meta/recipes-support/libseccomp/files/run-ptest b/poky/meta/recipes-support/libseccomp/files/run-ptest
index 54b4a63..63c79f0 100644
--- a/poky/meta/recipes-support/libseccomp/files/run-ptest
+++ b/poky/meta/recipes-support/libseccomp/files/run-ptest
@@ -1,4 +1,7 @@
#!/bin/sh
cd tests
+sed -i 's/SUCCESS/PASS/g; s/FAILURE/FAIL/g; s/SKIPPED/SKIP/g' regression
+sed -i 's/"Test %s result: %s\\n" "$1" "$2"/"%s: %s\\n" "$2" "$1"/g' regression
+sed -i 's/"Test %s result: %s %s\\n" "$1" "$2" "$3"/"%s: %s %s\\n" "$2" "$1" "$3"/g' regression
./regression -a
diff --git a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb
index e89b8f7..505c219 100644
--- a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb
+++ b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb
@@ -1,5 +1,5 @@
SUMMARY = "interface to seccomp filtering mechanism"
-DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
+DESCRIPTION = "The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp."
HOMEPAGE = "https://github.com/seccomp/libseccomp"
SECTION = "security"
LICENSE = "LGPL-2.1-only"
diff --git a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
deleted file mode 100644
index b1204e4..0000000
--- a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001
-From: Your Name <you@example.com>
-Date: Mon, 28 Dec 2020 02:08:03 +0000
-Subject: [PATCH] Don't let host enviroment to decide if a test is build
-
-test ssh2.sh need sshd, for cross compile, we need it on target, so
-don't use SSHD on host to decide weither to build a test
-
-Upstream-Status: Inappropriate[oe specific]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- tests/Makefile.am | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index dc0922f..6cbc35d 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -1,16 +1,12 @@
- AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/include -I$(top_builddir)/src
- LDADD = ../src/libssh2.la
-
--if SSHD
- noinst_PROGRAMS = ssh2
- ssh2_SOURCES = ssh2.c
--endif
-
- ctests = simple$(EXEEXT)
- TESTS = $(ctests) mansyntax.sh
--if SSHD
- TESTS += ssh2.sh
--endif
- check_PROGRAMS = $(ctests)
-
- TESTS_ENVIRONMENT = SSHD=$(SSHD) EXEEXT=$(EXEEXT)
-@@ -38,4 +34,4 @@ if OPENSSL
- # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_encrypted_ed25519_key.c
- # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c
- EXTRA_DIST += test_public_key_auth_succeeds_with_correct_rsa_openssh_key.c
--endif
-\ No newline at end of file
-+endif
diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
new file mode 100644
index 0000000..ee916c4
--- /dev/null
+++ b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
@@ -0,0 +1,23 @@
+In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
+so we need to re-enable them as a workaround for the test
+suite until upstream updates the tests.
+
+See: https://github.com/libssh2/libssh2/issues/630
+
+Upstream-Status: Backport [alternative fixes merged upstream]
+
+Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5
+
+--- a/tests/ssh2.sh
++++ b/tests/ssh2.sh
+@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host
+ -o 'Port 4711' \
+ -o 'Protocol 2' \
+ -o "AuthorizedKeysFile $srcdir/etc/user.pub" \
+- -o 'UsePrivilegeSeparation no' \
++ -o 'HostKeyAlgorithms +ssh-rsa' \
++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
+ -o 'StrictModes no' \
+ -D \
+ $libssh2_sshd_params &
+
diff --git a/poky/meta/recipes-support/libssh2/files/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
similarity index 67%
rename from poky/meta/recipes-support/libssh2/files/run-ptest
rename to poky/meta/recipes-support/libssh2/libssh2/run-ptest
index 9e2fce2..5e7426f 100644
--- a/poky/meta/recipes-support/libssh2/files/run-ptest
+++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
@@ -2,8 +2,7 @@
ptestdir=$(dirname "$(readlink -f "$0")")
cd tests
-# omit ssh2.sh until https://github.com/libssh2/libssh2/issues/630 is fixed
-for test in simple mansyntax.sh
+for test in simple mansyntax.sh ssh2.sh
do
./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test
done
diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
index 072d681..d551337 100644
--- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -8,11 +8,10 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
+ file://fix-ssh2-test.patch \
file://run-ptest \
"
-SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
-
SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
inherit autotools pkgconfig ptest
diff --git a/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch
new file mode 100644
index 0000000..3c223e0
--- /dev/null
+++ b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch
@@ -0,0 +1,46 @@
+From 95e601ce116dd46ea7915c171976b85ea0905d58 Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck <lonnie@abelbeck.com>
+Date: Sun, 8 May 2022 14:05:56 -0500
+Subject: [PATCH] configure.ac: Link with -latomic only if no atomic builtins
+
+Follow-up to 561dbda, a check of GCC atomic builtins needs to be done
+first.
+
+I'm no autoconf guru, but using this:
+https://github.com/mesa3d/mesa/blob/0df485c285b73c34ba9062f0c27e55c3c702930d/configure.ac#L469
+as inspiration, I created a pre-check before calling AC_SEARCH_LIBS(...)
+
+Fixes #1135
+Closes #1139
+Upstream-Status: Backport [https://github.com/kraj/libusb/commit/95e601ce116dd46ea7915c171976b85ea0905d58]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ configure.ac | 16 +++++++++++++++-
+ libusb/version_nano.h | 2 +-
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -153,7 +153,21 @@ if test "x$platform" = xposix; then
+ AC_SEARCH_LIBS([pthread_create], [pthread],
+ [test "x$ac_cv_search_pthread_create" != "xnone required" && AC_SUBST(THREAD_LIBS, [-lpthread])],
+ [], [])
+- AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic])
++ dnl Check for new-style atomic builtins. We first check without linking to -latomic.
++ AC_MSG_CHECKING(whether __atomic_load_n is supported)
++ AC_LINK_IFELSE([AC_LANG_SOURCE([[
++ #include <stdint.h>
++ int main() {
++ struct {
++ uint64_t *v;
++ } x;
++ return (int)__atomic_load_n(x.v, __ATOMIC_ACQUIRE) &
++ (int)__atomic_add_fetch(x.v, (uint64_t)1, __ATOMIC_ACQ_REL);
++ }]])], GCC_ATOMIC_BUILTINS_SUPPORTED=yes, GCC_ATOMIC_BUILTINS_SUPPORTED=no)
++ AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_SUPPORTED)
++ if test "x$GCC_ATOMIC_BUILTINS_SUPPORTED" != xyes; then
++ AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic])
++ fi
+ elif test "x$platform" = xwindows; then
+ AC_DEFINE([PLATFORM_WINDOWS], [1], [Define to 1 if compiling for a Windows platform.])
+ else
diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb
index 7371faf..122c3d4 100644
--- a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb
+++ b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb
@@ -11,6 +11,7 @@
BBCLASSEXTEND = "native nativesdk"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \
+ file://0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch \
file://run-ptest \
"
@@ -34,12 +35,12 @@
fi
}
-do_compile_ptest() {
- oe_runmake -C tests stress
-}
-
-do_install_ptest() {
- install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH}
+do_compile_ptest() {
+ oe_runmake -C tests stress
+}
+
+do_install_ptest() {
+ install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH}
}
FILES:${PN} += "${base_libdir}/*.so.*"
diff --git a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb
similarity index 91%
rename from poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb
rename to poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb
index 2121dad..f531a88 100644
--- a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb
+++ b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb
@@ -12,7 +12,7 @@
DEPENDS = "gmp autoconf-archive"
SRC_URI = "https://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz"
-SRC_URI[sha256sum] = "0c98a3f1732ff6ca4ea690552079da9c597872d30e96ec28414ee23c95558a7f"
+SRC_URI[sha256sum] = "ffd195bd567dbaffc3b98b23fd00aad0537680c9896171e44fe3ff79e28ac33d"
UPSTREAM_CHECK_URI = "http://www.mpfr.org/mpfr-current/"
diff --git a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch
index 9812ecc..a7bc8d3 100644
--- a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch
+++ b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch
@@ -7,6 +7,7 @@
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
test/regress | 6 +++---
test/regress2 | 11 +++++------
@@ -20,7 +21,7 @@
if [ $numnodes -lt 2 ] ; then
echo "need at least two nodes with at least $NEEDPAGES each of"
echo "free memory for mempolicy regression tests"
-+ echo "FAIL: numa regress"
++ echo "SKIP: numa regress"
exit 77 # Skip test
fi
}
diff --git a/poky/meta/recipes-support/numactl/numactl/run-ptest b/poky/meta/recipes-support/numactl/numactl/run-ptest
index bf269da..e019b0d 100755
--- a/poky/meta/recipes-support/numactl/numactl/run-ptest
+++ b/poky/meta/recipes-support/numactl/numactl/run-ptest
@@ -8,7 +8,11 @@
if numademo -t -e 10M; then
echo "PASS: numademo"
else
- echo "FAIL: numademo"
+ if [ "$?" = 77 ] ; then
+ echo "SKIP: numademo"
+ else
+ echo "FAIL: numademo"
+ fi
fi
else
echo "SKIP: ./../test/bind_range"
diff --git a/poky/meta/recipes-support/numactl/numactl_git.bb b/poky/meta/recipes-support/numactl/numactl_git.bb
index 712cf02..23be0a3 100644
--- a/poky/meta/recipes-support/numactl/numactl_git.bb
+++ b/poky/meta/recipes-support/numactl/numactl_git.bb
@@ -10,8 +10,8 @@
LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=9f34c3af4ed6f3f5df0da5f3c0835a43"
-SRCREV = "01a39cb4edc0dd0f4151b7ad11e0c56d2e612a02"
-PV = "2.0.15"
+SRCREV = "10285f1a1bad49306839b2c463936460b604e3ea"
+PV = "2.0.16"
SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \
file://Fix-the-test-output-format.patch \
diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc
index cbc3701..1e27415 100644
--- a/poky/meta/recipes-support/vim/vim.inc
+++ b/poky/meta/recipes-support/vim/vim.inc
@@ -10,8 +10,7 @@
RSUGGESTS:${PN} = "diffutils"
LICENSE = "Vim"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \
- file://runtime/doc/uganda.txt;md5=001ef779f422a0e9106d428c84495b4d"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99"
SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://disable_acl_header_check.patch \
@@ -20,8 +19,8 @@
file://no-path-adjust.patch \
"
-PV .= ".0598"
-SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
+PV .= ".1429"
+SRCREV = "1a08a3e2a584889f19b84a27672134649b73da58"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
@@ -33,7 +32,7 @@
VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}"
-inherit autotools-brokensep update-alternatives mime-xdg
+inherit autotools-brokensep update-alternatives mime-xdg pkgconfig
CLEANBROKEN = "1"
@@ -82,6 +81,7 @@
--disable-netbeans \
--disable-desktop-database-update \
--with-tlib=ncurses \
+ --with-modified-by='${MAINTAINER}' \
ac_cv_small_wchar_t=no \
ac_cv_path_GLIB_COMPILE_RESOURCES=no \
vim_cv_getcwd_broken=no \
diff --git a/poky/scripts/combo-layer b/poky/scripts/combo-layer
index 045de65..7f2020f 100755
--- a/poky/scripts/combo-layer
+++ b/poky/scripts/combo-layer
@@ -21,7 +21,6 @@
import copy
import pipes
import shutil
-from collections import OrderedDict
from string import Template
from functools import reduce
@@ -192,6 +191,23 @@
logger.debug("output: %s" % output.replace(chr(0), '\\0'))
return output
+def action_sync_revs(conf, args):
+ """
+ Update the last_revision config option for each repo with the latest
+ revision in the remote's branch. Useful if multiple people are using
+ combo-layer.
+ """
+ repos = get_repos(conf, args[1:])
+
+ for name in repos:
+ repo = conf.repos[name]
+ ldir = repo['local_repo_dir']
+ branch = repo.get('branch', "master")
+ runcmd("git fetch", ldir)
+ lastrev = runcmd('git rev-parse origin/%s' % branch, ldir).strip()
+ print("Updating %s to %s" % (name, lastrev))
+ conf.update(name, "last_revision", lastrev)
+
def action_init(conf, args):
"""
Clone component repositories
@@ -508,7 +524,7 @@
f.close()
if of:
of.close()
- bb.utils.rename(patchfile + '.tmp', patchfile)
+ os.rename(of.name, patchfile)
def drop_to_shell(workdir=None):
if not sys.stdin.isatty():
@@ -1302,6 +1318,7 @@
"update": action_update,
"pull": action_pull,
"splitpatch": action_splitpatch,
+ "sync-revs": action_sync_revs,
}
def main():
@@ -1312,10 +1329,11 @@
Create and update a combination layer repository from multiple component repositories.
Action:
- init initialise the combo layer repo
- update [components] get patches from component repos and apply them to the combo repo
- pull [components] just pull component repos only
- splitpatch [commit] generate commit patch and split per component, default commit is HEAD""")
+ init initialise the combo layer repo
+ update [components] get patches from component repos and apply them to the combo repo
+ pull [components] just pull component repos only
+ sync-revs [components] update the config file's last_revision for each repository
+ splitpatch [commit] generate commit patch and split per component, default commit is HEAD""")
parser.add_option("-c", "--conf", help = "specify the config file (conf/combo-layer.conf is the default).",
action = "store", dest = "conffile", default = "conf/combo-layer.conf")
diff --git a/poky/scripts/contrib/convert-overrides.py b/poky/scripts/contrib/convert-overrides.py
index 4d41a4c..1939757 100755
--- a/poky/scripts/contrib/convert-overrides.py
+++ b/poky/scripts/contrib/convert-overrides.py
@@ -22,50 +22,62 @@
import tempfile
import shutil
import mimetypes
+import argparse
-if len(sys.argv) < 2:
- print("Please specify a directory to run the conversion script against.")
- sys.exit(1)
+parser = argparse.ArgumentParser(description="Convert override syntax")
+parser.add_argument("--override", "-o", action="append", default=[], help="Add additional strings to consider as an override (e.g. custom machines/distros")
+parser.add_argument("--skip", "-s", action="append", default=[], help="Add additional string to skip and not consider an override")
+parser.add_argument("--skip-ext", "-e", action="append", default=[], help="Additional file suffixes to skip when processing (e.g. '.foo')")
+parser.add_argument("--package-vars", action="append", default=[], help="Additional variables to treat as package variables")
+parser.add_argument("--image-vars", action="append", default=[], help="Additional variables to treat as image variables")
+parser.add_argument("--short-override", action="append", default=[], help="Additional strings to treat as short overrides")
+parser.add_argument("path", nargs="+", help="Paths to convert")
+
+args = parser.parse_args()
# List of strings to treat as overrides
-vars = ["append", "prepend", "remove"]
-vars = vars + ["qemuarm", "qemux86", "qemumips", "qemuppc", "qemuriscv", "qemuall"]
-vars = vars + ["genericx86", "edgerouter", "beaglebone-yocto"]
-vars = vars + ["armeb", "arm", "armv5", "armv6", "armv4", "powerpc64", "aarch64", "riscv32", "riscv64", "x86", "mips64", "powerpc"]
-vars = vars + ["mipsarch", "x86-x32", "mips16e", "microblaze", "e5500-64b", "mipsisa32", "mipsisa64"]
-vars = vars + ["class-native", "class-target", "class-cross-canadian", "class-cross", "class-devupstream"]
-vars = vars + ["tune-", "pn-", "forcevariable"]
-vars = vars + ["libc-musl", "libc-glibc", "libc-newlib","libc-baremetal"]
-vars = vars + ["task-configure", "task-compile", "task-install", "task-clean", "task-image-qa", "task-rm_work", "task-image-complete", "task-populate-sdk"]
-vars = vars + ["toolchain-clang", "mydistro", "nios2", "sdkmingw32", "overrideone", "overridetwo"]
-vars = vars + ["linux-gnux32", "linux-muslx32", "linux-gnun32", "mingw32", "poky", "darwin", "linuxstdbase"]
-vars = vars + ["linux-gnueabi", "eabi"]
-vars = vars + ["virtclass-multilib", "virtclass-mcextend"]
+vars = args.override
+vars += ["append", "prepend", "remove"]
+vars += ["qemuarm", "qemux86", "qemumips", "qemuppc", "qemuriscv", "qemuall"]
+vars += ["genericx86", "edgerouter", "beaglebone-yocto"]
+vars += ["armeb", "arm", "armv5", "armv6", "armv4", "powerpc64", "aarch64", "riscv32", "riscv64", "x86", "mips64", "powerpc"]
+vars += ["mipsarch", "x86-x32", "mips16e", "microblaze", "e5500-64b", "mipsisa32", "mipsisa64"]
+vars += ["class-native", "class-target", "class-cross-canadian", "class-cross", "class-devupstream"]
+vars += ["tune-", "pn-", "forcevariable"]
+vars += ["libc-musl", "libc-glibc", "libc-newlib","libc-baremetal"]
+vars += ["task-configure", "task-compile", "task-install", "task-clean", "task-image-qa", "task-rm_work", "task-image-complete", "task-populate-sdk"]
+vars += ["toolchain-clang", "mydistro", "nios2", "sdkmingw32", "overrideone", "overridetwo"]
+vars += ["linux-gnux32", "linux-muslx32", "linux-gnun32", "mingw32", "poky", "darwin", "linuxstdbase"]
+vars += ["linux-gnueabi", "eabi"]
+vars += ["virtclass-multilib", "virtclass-mcextend"]
# List of strings to treat as overrides but only with whitespace following or another override (more restricted matching).
# Handles issues with arc matching arch.
-shortvars = ["arc", "mips", "mipsel", "sh4"]
+shortvars = ["arc", "mips", "mipsel", "sh4"] + args.short_override
# Variables which take packagenames as an override
packagevars = ["FILES", "RDEPENDS", "RRECOMMENDS", "SUMMARY", "DESCRIPTION", "RSUGGESTS", "RPROVIDES", "RCONFLICTS", "PKG", "ALLOW_EMPTY",
"pkg_postrm", "pkg_postinst_ontarget", "pkg_postinst", "INITSCRIPT_NAME", "INITSCRIPT_PARAMS", "DEBIAN_NOAUTONAME", "ALTERNATIVE",
"PKGE", "PKGV", "PKGR", "USERADD_PARAM", "GROUPADD_PARAM", "CONFFILES", "SYSTEMD_SERVICE", "LICENSE", "SECTION", "pkg_preinst",
"pkg_prerm", "RREPLACES", "GROUPMEMS_PARAM", "SYSTEMD_AUTO_ENABLE", "SKIP_FILEDEPS", "PRIVATE_LIBS", "PACKAGE_ADD_METADATA",
- "INSANE_SKIP", "DEBIANNAME", "SYSTEMD_SERVICE_ESCAPED"]
+ "INSANE_SKIP", "DEBIANNAME", "SYSTEMD_SERVICE_ESCAPED"] + args.package_vars
# Expressions to skip if encountered, these are not overrides
-skips = ["parser_append", "recipe_to_append", "extra_append", "to_remove", "show_appends", "applied_appends", "file_appends", "handle_remove"]
-skips = skips + ["expanded_removes", "color_remove", "test_remove", "empty_remove", "toaster_prepend", "num_removed", "licfiles_append", "_write_append"]
-skips = skips + ["no_report_remove", "test_prepend", "test_append", "multiple_append", "test_remove", "shallow_remove", "do_remove_layer", "first_append"]
-skips = skips + ["parser_remove", "to_append", "no_remove", "bblayers_add_remove", "bblayers_remove", "apply_append", "is_x86", "base_dep_prepend"]
-skips = skips + ["autotools_dep_prepend", "go_map_arm", "alt_remove_links", "systemd_append_file", "file_append", "process_file_darwin"]
-skips = skips + ["run_loaddata_poky", "determine_if_poky_env", "do_populate_poky_src", "libc_cv_include_x86_isa_level", "test_rpm_remove", "do_install_armmultilib"]
-skips = skips + ["get_appends_for_files", "test_doubleref_remove", "test_bitbakelayers_add_remove", "elf32_x86_64", "colour_remove", "revmap_remove"]
-skips = skips + ["test_rpm_remove", "test_bitbakelayers_add_remove", "recipe_append_file", "log_data_removed", "recipe_append", "systemd_machine_unit_append"]
-skips = skips + ["recipetool_append", "changetype_remove", "try_appendfile_wc", "test_qemux86_directdisk", "test_layer_appends", "tgz_removed"]
+skips = args.skip
+skips += ["parser_append", "recipe_to_append", "extra_append", "to_remove", "show_appends", "applied_appends", "file_appends", "handle_remove"]
+skips += ["expanded_removes", "color_remove", "test_remove", "empty_remove", "toaster_prepend", "num_removed", "licfiles_append", "_write_append"]
+skips += ["no_report_remove", "test_prepend", "test_append", "multiple_append", "test_remove", "shallow_remove", "do_remove_layer", "first_append"]
+skips += ["parser_remove", "to_append", "no_remove", "bblayers_add_remove", "bblayers_remove", "apply_append", "is_x86", "base_dep_prepend"]
+skips += ["autotools_dep_prepend", "go_map_arm", "alt_remove_links", "systemd_append_file", "file_append", "process_file_darwin"]
+skips += ["run_loaddata_poky", "determine_if_poky_env", "do_populate_poky_src", "libc_cv_include_x86_isa_level", "test_rpm_remove", "do_install_armmultilib"]
+skips += ["get_appends_for_files", "test_doubleref_remove", "test_bitbakelayers_add_remove", "elf32_x86_64", "colour_remove", "revmap_remove"]
+skips += ["test_rpm_remove", "test_bitbakelayers_add_remove", "recipe_append_file", "log_data_removed", "recipe_append", "systemd_machine_unit_append"]
+skips += ["recipetool_append", "changetype_remove", "try_appendfile_wc", "test_qemux86_directdisk", "test_layer_appends", "tgz_removed"]
-imagevars = ["IMAGE_CMD", "EXTRA_IMAGECMD", "IMAGE_TYPEDEP", "CONVERSION_CMD", "COMPRESS_CMD"]
-packagevars = packagevars + imagevars
+imagevars = ["IMAGE_CMD", "EXTRA_IMAGECMD", "IMAGE_TYPEDEP", "CONVERSION_CMD", "COMPRESS_CMD"] + args.image_vars
+packagevars += imagevars
+
+skip_ext = [".html", ".patch", ".m4", ".diff"] + args.skip_ext
vars_re = {}
for exp in vars:
@@ -124,21 +136,20 @@
ourname = os.path.basename(sys.argv[0])
ourversion = "0.9.3"
-if os.path.isfile(sys.argv[1]):
- processfile(sys.argv[1])
- sys.exit(0)
-
-for targetdir in sys.argv[1:]:
- print("processing directory '%s'" % targetdir)
- for root, dirs, files in os.walk(targetdir):
- for name in files:
- if name == ourname:
- continue
- fn = os.path.join(root, name)
- if os.path.islink(fn):
- continue
- if "/.git/" in fn or fn.endswith(".html") or fn.endswith(".patch") or fn.endswith(".m4") or fn.endswith(".diff"):
- continue
- processfile(fn)
+for p in args.path:
+ if os.path.isfile(p):
+ processfile(p)
+ else:
+ print("processing directory '%s'" % p)
+ for root, dirs, files in os.walk(p):
+ for name in files:
+ if name == ourname:
+ continue
+ fn = os.path.join(root, name)
+ if os.path.islink(fn):
+ continue
+ if "/.git/" in fn or any(fn.endswith(ext) for ext in skip_ext):
+ continue
+ processfile(fn)
print("All files processed with version %s" % ourversion)
diff --git a/poky/scripts/contrib/image-manifest b/poky/scripts/contrib/image-manifest
index 3c07a73..4d65a99 100755
--- a/poky/scripts/contrib/image-manifest
+++ b/poky/scripts/contrib/image-manifest
@@ -392,7 +392,7 @@
for key in rd.getVarFlags('PACKAGECONFIG').keys():
if key == 'doc':
continue
- rvalues[pn]['packageconfig_opts'][key] = rd.getVarFlag('PACKAGECONFIG', key, True)
+ rvalues[pn]['packageconfig_opts'][key] = rd.getVarFlag('PACKAGECONFIG', key)
if config['patches'] == 'yes':
patches = oe.recipeutils.get_recipe_patches(rd)
diff --git a/poky/scripts/lib/buildstats.py b/poky/scripts/lib/buildstats.py
index c69b5bf..6db60d5 100644
--- a/poky/scripts/lib/buildstats.py
+++ b/poky/scripts/lib/buildstats.py
@@ -8,7 +8,7 @@
import logging
import os
import re
-from collections import namedtuple,OrderedDict
+from collections import namedtuple
from statistics import mean
@@ -79,8 +79,8 @@
return self['rusage']['ru_oublock']
@classmethod
- def from_file(cls, buildstat_file):
- """Read buildstat text file"""
+ def from_file(cls, buildstat_file, fallback_end=0):
+ """Read buildstat text file. fallback_end is an optional end time for tasks that are not recorded as finishing."""
bs_task = cls()
log.debug("Reading task buildstats from %s", buildstat_file)
end_time = None
@@ -108,7 +108,10 @@
bs_task[ru_type][ru_key] = val
elif key == 'Status':
bs_task['status'] = val
- if end_time is not None and start_time is not None:
+ # If the task didn't finish, fill in the fallback end time if specified
+ if start_time and not end_time and fallback_end:
+ end_time = fallback_end
+ if start_time and end_time:
bs_task['elapsed_time'] = end_time - start_time
else:
raise BSError("{} looks like a invalid buildstats file".format(buildstat_file))
@@ -226,25 +229,44 @@
epoch = match.group('epoch')
return name, epoch, version, revision
+ @staticmethod
+ def parse_top_build_stats(path):
+ """
+ Parse the top-level build_stats file for build-wide start and duration.
+ """
+ start = elapsed = 0
+ with open(path) as fobj:
+ for line in fobj.readlines():
+ key, val = line.split(':', 1)
+ val = val.strip()
+ if key == 'Build Started':
+ start = float(val)
+ elif key == "Elapsed time":
+ elapsed = float(val.split()[0])
+ return start, elapsed
+
@classmethod
def from_dir(cls, path):
"""Load buildstats from a buildstats directory"""
- if not os.path.isfile(os.path.join(path, 'build_stats')):
+ top_stats = os.path.join(path, 'build_stats')
+ if not os.path.isfile(top_stats):
raise BSError("{} does not look like a buildstats directory".format(path))
log.debug("Reading buildstats directory %s", path)
-
buildstats = cls()
+ build_started, build_elapsed = buildstats.parse_top_build_stats(top_stats)
+ build_end = build_started + build_elapsed
+
subdirs = os.listdir(path)
for dirname in subdirs:
recipe_dir = os.path.join(path, dirname)
- if not os.path.isdir(recipe_dir):
+ if dirname == "reduced_proc_pressure" or not os.path.isdir(recipe_dir):
continue
name, epoch, version, revision = cls.split_nevr(dirname)
bsrecipe = BSRecipe(name, epoch, version, revision)
for task in os.listdir(recipe_dir):
bsrecipe.tasks[task] = BSTask.from_file(
- os.path.join(recipe_dir, task))
+ os.path.join(recipe_dir, task), build_end)
if name in buildstats:
raise BSError("Cannot handle multiple versions of the same "
"package ({})".format(name))
diff --git a/poky/scripts/lib/checklayer/__init__.py b/poky/scripts/lib/checklayer/__init__.py
index aa946f3..9388052 100644
--- a/poky/scripts/lib/checklayer/__init__.py
+++ b/poky/scripts/lib/checklayer/__init__.py
@@ -16,6 +16,7 @@
BSP = 0
DISTRO = 1
SOFTWARE = 2
+ CORE = 3
ERROR_NO_LAYER_CONF = 98
ERROR_BSP_DISTRO = 99
@@ -106,7 +107,13 @@
if distros:
is_distro = True
- if is_bsp and is_distro:
+ layer['collections'] = _get_layer_collections(layer['path'])
+
+ if layer_name == "meta" and "core" in layer['collections']:
+ layer['type'] = LayerType.CORE
+ layer['conf']['machines'] = machines
+ layer['conf']['distros'] = distros
+ elif is_bsp and is_distro:
layer['type'] = LayerType.ERROR_BSP_DISTRO
elif is_bsp:
layer['type'] = LayerType.BSP
@@ -117,8 +124,6 @@
else:
layer['type'] = LayerType.SOFTWARE
- layer['collections'] = _get_layer_collections(layer['path'])
-
return layer
def detect_layers(layer_directories, no_auto):
diff --git a/poky/scripts/lib/checklayer/cases/bsp.py b/poky/scripts/lib/checklayer/cases/bsp.py
index a80a584..b76163f 100644
--- a/poky/scripts/lib/checklayer/cases/bsp.py
+++ b/poky/scripts/lib/checklayer/cases/bsp.py
@@ -11,7 +11,7 @@
class BSPCheckLayer(OECheckLayerTestCase):
@classmethod
def setUpClass(self):
- if self.tc.layer['type'] != LayerType.BSP:
+ if self.tc.layer['type'] not in (LayerType.BSP, LayerType.CORE):
raise unittest.SkipTest("BSPCheckLayer: Layer %s isn't BSP one." %\
self.tc.layer['name'])
diff --git a/poky/scripts/lib/checklayer/cases/common.py b/poky/scripts/lib/checklayer/cases/common.py
index 491a139..722d3cf 100644
--- a/poky/scripts/lib/checklayer/cases/common.py
+++ b/poky/scripts/lib/checklayer/cases/common.py
@@ -12,6 +12,9 @@
class CommonCheckLayer(OECheckLayerTestCase):
def test_readme(self):
+ if self.tc.layer['type'] == LayerType.CORE:
+ raise unittest.SkipTest("Core layer's README is top level")
+
# The top-level README file may have a suffix (like README.rst or README.txt).
readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*'))
self.assertTrue(len(readme_files) > 0,
diff --git a/poky/scripts/lib/checklayer/cases/distro.py b/poky/scripts/lib/checklayer/cases/distro.py
index f0bee54..a353324 100644
--- a/poky/scripts/lib/checklayer/cases/distro.py
+++ b/poky/scripts/lib/checklayer/cases/distro.py
@@ -11,7 +11,7 @@
class DistroCheckLayer(OECheckLayerTestCase):
@classmethod
def setUpClass(self):
- if self.tc.layer['type'] != LayerType.DISTRO:
+ if self.tc.layer['type'] not in (LayerType.DISTRO, LayerType.CORE):
raise unittest.SkipTest("DistroCheckLayer: Layer %s isn't Distro one." %\
self.tc.layer['name'])
diff --git a/poky/scripts/lib/devtool/menuconfig.py b/poky/scripts/lib/devtool/menuconfig.py
index d87a01e..18daef3 100644
--- a/poky/scripts/lib/devtool/menuconfig.py
+++ b/poky/scripts/lib/devtool/menuconfig.py
@@ -45,7 +45,7 @@
return 1
check_workspace_recipe(workspace, args.component)
- pn = rd.getVar('PN', True)
+ pn = rd.getVar('PN')
if not rd.getVarFlag('do_menuconfig','task'):
raise DevtoolError("This recipe does not support menuconfig option")
diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py
index e3b74ab..d64e18e 100644
--- a/poky/scripts/lib/devtool/standard.py
+++ b/poky/scripts/lib/devtool/standard.py
@@ -765,6 +765,16 @@
staging_kbranch = "".join(branch.split('\n')[0])
return staging_kbranch
+def get_real_srctree(srctree, s, workdir):
+ # Check that recipe isn't using a shared workdir
+ s = os.path.abspath(s)
+ workdir = os.path.abspath(workdir)
+ if s.startswith(workdir) and s != workdir and os.path.dirname(s) != workdir:
+ # Handle if S is set to a subdirectory of the source
+ srcsubdir = os.path.relpath(s, workdir).split(os.sep, 1)[1]
+ srctree = os.path.join(srctree, srcsubdir)
+ return srctree
+
def modify(args, config, basepath, workspace):
"""Entry point for the devtool 'modify' subcommand"""
import bb
@@ -923,14 +933,7 @@
# Need to grab this here in case the source is within a subdirectory
srctreebase = srctree
-
- # Check that recipe isn't using a shared workdir
- s = os.path.abspath(rd.getVar('S'))
- workdir = os.path.abspath(rd.getVar('WORKDIR'))
- if s.startswith(workdir) and s != workdir and os.path.dirname(s) != workdir:
- # Handle if S is set to a subdirectory of the source
- srcsubdir = os.path.relpath(s, workdir).split(os.sep, 1)[1]
- srctree = os.path.join(srctree, srcsubdir)
+ srctree = get_real_srctree(srctree, rd.getVar('S'), rd.getVar('WORKDIR'))
bb.utils.mkdirhier(os.path.dirname(appendfile))
with open(appendfile, 'w') as f:
@@ -1406,6 +1409,18 @@
updated = OrderedDict()
added = OrderedDict()
removed = OrderedDict()
+
+ # Get current branch and return early with empty lists
+ # if on one of the override branches
+ # (local files are provided only for the main branch and processing
+ # them against lists from recipe overrides will result in mismatches
+ # and broken modifications to recipes).
+ stdout, _ = bb.process.run('git rev-parse --abbrev-ref HEAD',
+ cwd=srctree)
+ branchname = stdout.rstrip()
+ if branchname.startswith(override_branch_prefix):
+ return (updated, added, removed)
+
local_files_dir = os.path.join(srctreebase, 'oe-local-files')
git_files = _git_ls_tree(srctree)
if 'oe-local-files' in git_files:
@@ -1635,31 +1650,25 @@
tempdir = tempfile.mkdtemp(prefix='devtool')
try:
local_files_dir = tempfile.mkdtemp(dir=tempdir)
- if filter_patches:
- upd_f = {}
- new_f = {}
- del_f = {}
- else:
- upd_f, new_f, del_f = _export_local_files(srctree, rd, local_files_dir, srctreebase)
-
- remove_files = []
- if not no_remove:
- # Get all patches from source tree and check if any should be removed
- all_patches_dir = tempfile.mkdtemp(dir=tempdir)
- _, _, del_p = _export_patches(srctree, rd, initial_rev,
- all_patches_dir)
- # Remove deleted local files and patches
- remove_files = list(del_f.values()) + list(del_p.values())
+ upd_f, new_f, del_f = _export_local_files(srctree, rd, local_files_dir, srctreebase)
# Get updated patches from source tree
patches_dir = tempfile.mkdtemp(dir=tempdir)
upd_p, new_p, _ = _export_patches(srctree, rd, update_rev,
patches_dir, changed_revs)
+ # Get all patches from source tree and check if any should be removed
+ all_patches_dir = tempfile.mkdtemp(dir=tempdir)
+ _, _, del_p = _export_patches(srctree, rd, initial_rev,
+ all_patches_dir)
logger.debug('Pre-filtering: update: %s, new: %s' % (dict(upd_p), dict(new_p)))
if filter_patches:
new_p = OrderedDict()
upd_p = OrderedDict((k,v) for k,v in upd_p.items() if k in filter_patches)
- remove_files = [f for f in remove_files if f in filter_patches]
+ del_p = OrderedDict((k,v) for k,v in del_p.items() if k in filter_patches)
+ remove_files = []
+ if not no_remove:
+ # Remove deleted local files and patches
+ remove_files = list(del_f.values()) + list(del_p.values())
updatefiles = False
updaterecipe = False
destpath = None
diff --git a/poky/scripts/lib/devtool/upgrade.py b/poky/scripts/lib/devtool/upgrade.py
index 39a1910..6c4a62b 100644
--- a/poky/scripts/lib/devtool/upgrade.py
+++ b/poky/scripts/lib/devtool/upgrade.py
@@ -88,7 +88,7 @@
_rename_recipe_dirs(oldpv, newpv, path)
return _rename_recipe_file(oldrecipe, bpn, oldpv, newpv, path)
-def _write_append(rc, srctree, same_dir, no_same_dir, rev, copied, workspace, d):
+def _write_append(rc, srctreebase, srctree, same_dir, no_same_dir, rev, copied, workspace, d):
"""Writes an append file"""
if not os.path.exists(rc):
raise DevtoolError("bbappend not created because %s does not exist" % rc)
@@ -104,6 +104,11 @@
af = os.path.join(appendpath, '%s.bbappend' % brf)
with open(af, 'w') as f:
f.write('FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"\n\n')
+ # Local files can be modified/tracked in separate subdir under srctree
+ # Mostly useful for packages with S != WORKDIR
+ f.write('FILESPATH:prepend := "%s:"\n' %
+ os.path.join(srctreebase, 'oe-local-files'))
+ f.write('# srctreebase: %s\n' % srctreebase)
f.write('inherit externalsrc\n')
f.write(('# NOTE: We use pn- overrides here to avoid affecting'
'multiple variants in the case where the recipe uses BBCLASSEXTEND\n'))
@@ -120,11 +125,8 @@
return af
def _cleanup_on_error(rd, srctree):
- rdp = os.path.split(rd)[0] # recipes folder
if os.path.exists(rd):
shutil.rmtree(rd)
- if not len(os.listdir(rdp)):
- os.rmdir(rdp)
srctree = os.path.abspath(srctree)
if os.path.exists(srctree):
shutil.rmtree(srctree)
@@ -524,14 +526,7 @@
else:
srctree = standard.get_default_srctree(config, pn)
- # Check that recipe isn't using a shared workdir
- s = os.path.abspath(rd.getVar('S'))
- workdir = os.path.abspath(rd.getVar('WORKDIR'))
- srctree_s = srctree
- if s.startswith(workdir) and s != workdir and os.path.dirname(s) != workdir:
- # Handle if S is set to a subdirectory of the source
- srcsubdir = os.path.relpath(s, workdir).split(os.sep, 1)[1]
- srctree_s = os.path.join(srctree, srcsubdir)
+ srctree_s = standard.get_real_srctree(srctree, rd.getVar('S'), rd.getVar('WORKDIR'))
# try to automatically discover latest version and revision if not provided on command line
if not args.version and not args.srcrev:
@@ -575,7 +570,7 @@
_upgrade_error(e, recipedir, srctree, args.keep_failure)
standard._add_md5(config, pn, os.path.dirname(rf))
- af = _write_append(rf, srctree_s, args.same_dir, args.no_same_dir, rev2,
+ af = _write_append(rf, srctree, srctree_s, args.same_dir, args.no_same_dir, rev2,
copied, config.workspace_path, rd)
standard._add_md5(config, pn, af)
diff --git a/poky/scripts/lib/resulttool/resultutils.py b/poky/scripts/lib/resulttool/resultutils.py
index 8917022..7666331 100644
--- a/poky/scripts/lib/resulttool/resultutils.py
+++ b/poky/scripts/lib/resulttool/resultutils.py
@@ -142,7 +142,7 @@
return decode_log(ptest['log'])
def ptestresult_get_log(results, section):
- return generic_get_log('ptestresuls.sections', results, section)
+ return generic_get_log('ptestresult.sections', results, section)
def generic_get_rawlogs(sectname, results):
if sectname not in results:
diff --git a/poky/scripts/lib/wic/filemap.py b/poky/scripts/lib/wic/filemap.py
index 4d9da28..85b39d5 100644
--- a/poky/scripts/lib/wic/filemap.py
+++ b/poky/scripts/lib/wic/filemap.py
@@ -46,6 +46,13 @@
bsize = stat.st_blksize
else:
raise IOError("Unable to determine block size")
+
+ # The logic in this script only supports a maximum of a 4KB
+ # block size
+ max_block_size = 4 * 1024
+ if bsize > max_block_size:
+ bsize = max_block_size
+
return bsize
class ErrorNotSupp(Exception):
diff --git a/poky/scripts/lib/wic/partition.py b/poky/scripts/lib/wic/partition.py
index e50871b..382afa4 100644
--- a/poky/scripts/lib/wic/partition.py
+++ b/poky/scripts/lib/wic/partition.py
@@ -133,6 +133,8 @@
self.update_fstab_in_rootfs = True
if not self.source:
+ if self.fstype == "none":
+ return
if not self.size and not self.fixed_size:
raise WicError("The %s partition has a size of zero. Please "
"specify a non-zero --size/--fixed-size for that "
@@ -300,6 +302,30 @@
mkfs_cmd = "fsck.%s -pvfD %s" % (self.fstype, rootfs)
exec_native_cmd(mkfs_cmd, native_sysroot, pseudo=pseudo)
+ if os.getenv('SOURCE_DATE_EPOCH'):
+ sde_time = hex(int(os.getenv('SOURCE_DATE_EPOCH')))
+ debugfs_script_path = os.path.join(cr_workdir, "debugfs_script")
+ files = []
+ for root, dirs, others in os.walk(rootfs_dir):
+ base = root.replace(rootfs_dir, "").rstrip(os.sep)
+ files += [ "/" if base == "" else base ]
+ files += [ base + "/" + n for n in dirs + others ]
+ with open(debugfs_script_path, "w") as f:
+ f.write("set_current_time %s\n" % (sde_time))
+ if self.updated_fstab_path and self.has_fstab and not self.no_fstab_update:
+ f.write("set_inode_field /etc/fstab mtime %s\n" % (sde_time))
+ f.write("set_inode_field /etc/fstab mtime_extra 0\n")
+ for file in set(files):
+ for time in ["atime", "ctime", "crtime"]:
+ f.write("set_inode_field \"%s\" %s %s\n" % (file, time, sde_time))
+ f.write("set_inode_field \"%s\" %s_extra 0\n" % (file, time))
+ for time in ["wtime", "mkfs_time", "lastcheck"]:
+ f.write("set_super_value %s %s\n" % (time, sde_time))
+ for time in ["mtime", "first_error_time", "last_error_time"]:
+ f.write("set_super_value %s 0\n" % (time))
+ debugfs_cmd = "debugfs -w -f %s %s" % (debugfs_script_path, rootfs)
+ exec_native_cmd(debugfs_cmd, native_sysroot)
+
self.check_for_Y2038_problem(rootfs, native_sysroot)
def prepare_rootfs_btrfs(self, rootfs, cr_workdir, oe_builddir, rootfs_dir,
@@ -353,7 +379,7 @@
exec_native_cmd(mcopy_cmd, native_sysroot)
if self.updated_fstab_path and self.has_fstab and not self.no_fstab_update:
- mcopy_cmd = "mcopy -i %s %s ::/etc/fstab" % (rootfs, self.updated_fstab_path)
+ mcopy_cmd = "mcopy -m -i %s %s ::/etc/fstab" % (rootfs, self.updated_fstab_path)
exec_native_cmd(mcopy_cmd, native_sysroot)
chmod_cmd = "chmod 644 %s" % rootfs
@@ -381,6 +407,9 @@
(extraopts, self.fsuuid, rootfs, rootfs_dir)
exec_native_cmd(erofs_cmd, native_sysroot, pseudo=pseudo)
+ def prepare_empty_partition_none(self, rootfs, oe_builddir, native_sysroot):
+ pass
+
def prepare_empty_partition_ext(self, rootfs, oe_builddir,
native_sysroot):
"""
diff --git a/poky/scripts/lib/wic/plugins/imager/direct.py b/poky/scripts/lib/wic/plugins/imager/direct.py
index da483da..67dc56d 100644
--- a/poky/scripts/lib/wic/plugins/imager/direct.py
+++ b/poky/scripts/lib/wic/plugins/imager/direct.py
@@ -117,7 +117,7 @@
updated = False
for part in self.parts:
if not part.realnum or not part.mountpoint \
- or part.mountpoint == "/" or not part.mountpoint.startswith('/'):
+ or part.mountpoint == "/" or not (part.mountpoint.startswith('/') or part.mountpoint == "swap"):
continue
if part.use_uuid:
@@ -149,6 +149,9 @@
self.updated_fstab_path = os.path.join(self.workdir, "fstab")
with open(self.updated_fstab_path, "w") as f:
f.writelines(fstab_lines)
+ if os.getenv('SOURCE_DATE_EPOCH'):
+ fstab_time = int(os.getenv('SOURCE_DATE_EPOCH'))
+ os.utime(self.updated_fstab_path, (fstab_time, fstab_time))
def _full_path(self, path, name, extention):
""" Construct full file path to a file we generate. """
diff --git a/poky/scripts/lib/wic/plugins/source/rootfs.py b/poky/scripts/lib/wic/plugins/source/rootfs.py
index fc06312..e29f3a4 100644
--- a/poky/scripts/lib/wic/plugins/source/rootfs.py
+++ b/poky/scripts/lib/wic/plugins/source/rootfs.py
@@ -224,7 +224,7 @@
if part.update_fstab_in_rootfs and part.has_fstab and not part.no_fstab_update:
fstab_path = os.path.join(new_rootfs, "etc/fstab")
# Assume that fstab should always be owned by root with fixed permissions
- install_cmd = "install -m 0644 %s %s" % (part.updated_fstab_path, fstab_path)
+ install_cmd = "install -m 0644 -p %s %s" % (part.updated_fstab_path, fstab_path)
if new_pseudo:
pseudo = cls.__get_pseudo(native_sysroot, new_rootfs, new_pseudo)
else:
diff --git a/poky/scripts/pybootchartgui/pybootchartgui/draw.py b/poky/scripts/pybootchartgui/pybootchartgui/draw.py
index 4326361..6d445aa 100644
--- a/poky/scripts/pybootchartgui/pybootchartgui/draw.py
+++ b/poky/scripts/pybootchartgui/pybootchartgui/draw.py
@@ -356,6 +356,12 @@
h += 30 + bar_h
if trace.disk_stats:
h += 30 + bar_h
+ if trace.cpu_pressure:
+ h += 30 + bar_h
+ if trace.io_pressure:
+ h += 30 + bar_h
+ if trace.mem_pressure:
+ h += 30 + bar_h
if trace.monitor_disk:
h += 30 + bar_h
if trace.mem_stats:
diff --git a/poky/scripts/pybootchartgui/pybootchartgui/parsing.py b/poky/scripts/pybootchartgui/pybootchartgui/parsing.py
index 362d515..63a53b6 100644
--- a/poky/scripts/pybootchartgui/pybootchartgui/parsing.py
+++ b/poky/scripts/pybootchartgui/pybootchartgui/parsing.py
@@ -131,7 +131,7 @@
def compile(self, writer):
def find_parent_id_for(pid):
- if pid is 0:
+ if pid == 0:
return 0
ppid = self.parent_map.get(pid)
if ppid:
diff --git a/poky/scripts/runqemu b/poky/scripts/runqemu
index 983f751..9a3c9d2 100755
--- a/poky/scripts/runqemu
+++ b/poky/scripts/runqemu
@@ -210,7 +210,8 @@
self.mac_tap = "52:54:00:12:34:"
self.mac_slirp = "52:54:00:12:35:"
# pid of the actual qemu process
- self.qemupid = None
+ self.qemu_environ = os.environ.copy()
+ self.qemuprocess = None
# avoid cleanup twice
self.cleaned = False
# Files to cleanup after run
@@ -380,13 +381,19 @@
fst = m.group(1)
if fst:
self.check_arg_fstype(fst)
- qb = re.sub('\.' + fst + "$", '', self.rootfs)
- qb = '%s%s' % (re.sub('\.rootfs$', '', qb), '.qemuboot.conf')
+ qb = re.sub('\.' + fst + "$", '.qemuboot.conf', self.rootfs)
if os.path.exists(qb):
self.qemuboot = qb
self.qbconfload = True
else:
- logger.warning("%s doesn't exist" % qb)
+ logger.warning("%s doesn't exist, will try to remove '.rootfs' from filename" % qb)
+ # They to remove .rootfs (IMAGE_NAME_SUFFIX) as well
+ qb = re.sub('\.rootfs.qemuboot.conf$', '.qemuboot.conf', qb)
+ if os.path.exists(qb):
+ self.qemuboot = qb
+ self.qbconfload = True
+ else:
+ logger.warning("%s doesn't exist" % qb)
else:
raise RunQemuError("Can't find FSTYPE from: %s" % p)
@@ -420,6 +427,7 @@
# are there other scenarios in which we need to support being
# invoked by bitbake?
deploy = self.get('DEPLOY_DIR_IMAGE')
+ image_link_name = self.get('IMAGE_LINK_NAME')
bbchild = deploy and self.get('OE_TMPDIR')
if bbchild:
self.set_machine_deploy_dir(arg, deploy)
@@ -444,23 +452,30 @@
else:
logger.error("%s not a directory valid DEPLOY_DIR_IMAGE" % deploy_dir_image)
self.set("MACHINE", arg)
+ if not image_link_name:
+ s = re.search('^IMAGE_LINK_NAME="(.*)"', self.bitbake_e, re.M)
+ if s:
+ image_link_name = s.group(1)
+ self.set("IMAGE_LINK_NAME", image_link_name)
+ logger.debug('Using IMAGE_LINK_NAME = "%s"' % image_link_name)
def set_dri_path(self):
# As runqemu can be run within bitbake (when using testimage, for example),
# we need to ensure that we run host pkg-config, and that it does not
# get mis-directed to native build paths set by bitbake.
+ env = os.environ.copy()
try:
- del os.environ['PKG_CONFIG_PATH']
- del os.environ['PKG_CONFIG_DIR']
- del os.environ['PKG_CONFIG_LIBDIR']
- del os.environ['PKG_CONFIG_SYSROOT_DIR']
+ del env['PKG_CONFIG_PATH']
+ del env['PKG_CONFIG_DIR']
+ del env['PKG_CONFIG_LIBDIR']
+ del env['PKG_CONFIG_SYSROOT_DIR']
except KeyError:
pass
try:
- dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True)
+ dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True, env=env)
except subprocess.CalledProcessError as e:
raise RunQemuError("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.")
- os.environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip()
+ self.qemu_environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip()
# This preloads uninative libc pieces and therefore ensures that RPATH/RUNPATH
# in host mesa drivers doesn't trick uninative into loading host libc.
@@ -468,7 +483,7 @@
uninative_path = os.path.dirname(self.get("UNINATIVE_LOADER"))
if os.path.exists(uninative_path):
preload_paths = [os.path.join(uninative_path, i) for i in preload_items]
- os.environ['LD_PRELOAD'] = " ".join(preload_paths)
+ self.qemu_environ['LD_PRELOAD'] = " ".join(preload_paths)
def check_args(self):
for debug in ("-d", "--debug"):
@@ -482,8 +497,8 @@
sys.argv.remove(quiet)
if 'gl' not in sys.argv[1:] and 'gl-es' not in sys.argv[1:]:
- os.environ['SDL_RENDER_DRIVER'] = 'software'
- os.environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false'
+ self.qemu_environ['SDL_RENDER_DRIVER'] = 'software'
+ self.qemu_environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false'
unknown_arg = ""
for arg in sys.argv[1:]:
@@ -497,7 +512,7 @@
self.gtk = True
elif arg == 'gl':
self.gl = True
- elif 'gl-es' in sys.argv[1:]:
+ elif arg == 'gl-es':
self.gl_es = True
elif arg == 'egl-headless':
self.egl_headless = True
@@ -555,11 +570,18 @@
self.check_arg_machine(unknown_arg)
if not (self.get('DEPLOY_DIR_IMAGE') or self.qbconfload):
- self.load_bitbake_env()
+ self.load_bitbake_env(target=self.rootfs)
s = re.search('^DEPLOY_DIR_IMAGE="(.*)"', self.bitbake_e, re.M)
if s:
self.set("DEPLOY_DIR_IMAGE", s.group(1))
+ if not self.get('IMAGE_LINK_NAME') and self.rootfs:
+ s = re.search('^IMAGE_LINK_NAME="(.*)"', self.bitbake_e, re.M)
+ if s:
+ image_link_name = s.group(1)
+ self.set("IMAGE_LINK_NAME", image_link_name)
+ logger.debug('Using IMAGE_LINK_NAME = "%s"' % image_link_name)
+
def check_kvm(self):
"""Check kvm and kvm-host"""
if not (self.kvm_enabled or self.vhost_enabled):
@@ -589,11 +611,6 @@
if os.access(dev_kvm, os.W_OK|os.R_OK):
self.qemu_opt_script += ' -enable-kvm'
- if self.get('MACHINE') == "qemux86":
- # Workaround for broken APIC window on pre 4.15 host kernels which causes boot hangs
- # See YOCTO #12301
- # On 64 bit we use x2apic
- self.kernel_cmdline_script += " clocksource=kvm-clock hpet=disable noapic nolapic"
else:
logger.error("You have no read or write permission on /dev/kvm.")
logger.error("Please change the ownership of this file as described at:")
@@ -670,8 +687,8 @@
if self.rootfs and not os.path.exists(self.rootfs):
# Lazy rootfs
- self.rootfs = "%s/%s-%s.%s" % (self.get('DEPLOY_DIR_IMAGE'),
- self.rootfs, self.get('MACHINE'),
+ self.rootfs = "%s/%s.%s" % (self.get('DEPLOY_DIR_IMAGE'),
+ self.get('IMAGE_LINK_NAME'),
self.fstype)
elif not self.rootfs:
cmd_name = '%s/%s*.%s' % (self.get('DEPLOY_DIR_IMAGE'), self.get('IMAGE_NAME'), self.fstype)
@@ -875,8 +892,10 @@
machine = self.get('MACHINE')
if not machine:
machine = os.path.basename(deploy_dir_image)
- self.qemuboot = "%s/%s-%s.qemuboot.conf" % (deploy_dir_image,
- self.rootfs, machine)
+ if not self.get('IMAGE_LINK_NAME'):
+ raise RunQemuError("IMAGE_LINK_NAME wasn't set to find corresponding .qemuboot.conf file")
+ self.qemuboot = "%s/%s.qemuboot.conf" % (deploy_dir_image,
+ self.get('IMAGE_LINK_NAME'))
else:
cmd = 'ls -t %s/*.qemuboot.conf' % deploy_dir_image
logger.debug('Running %s...' % cmd)
@@ -1369,7 +1388,7 @@
# need our font setup and show-cusor below so we need to see what qemu --help says
# is supported so we can pass our correct config in.
if not self.nographic and not self.sdl and not self.gtk and not self.publicvnc and not self.egl_headless == True:
- output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True)
+ output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True, env=self.qemu_environ)
if "-display gtk" in output:
self.gtk = True
elif "-display sdl" in output:
@@ -1393,7 +1412,7 @@
if self.sdl == True:
self.qemu_opt += 'sdl,'
elif self.gtk == True:
- os.environ['FONTCONFIG_PATH'] = '/etc/fonts'
+ self.qemu_environ['FONTCONFIG_PATH'] = '/etc/fonts'
self.qemu_opt += 'gtk,'
if self.gl == True:
@@ -1514,8 +1533,8 @@
if len(self.portlocks):
for descriptor in self.portlocks.values():
pass_fds.append(descriptor.fileno())
- process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds)
- self.qemupid = process.pid
+ process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds, env=self.qemu_environ)
+ self.qemuprocess = process
retcode = process.wait()
if retcode:
if retcode == -signal.SIGTERM:
@@ -1531,6 +1550,15 @@
signal.signal(signal.SIGTERM, signal.SIG_IGN)
logger.info("Cleaning up")
+
+ if self.qemuprocess:
+ try:
+ # give it some time to shut down, ignore return values and output
+ self.qemuprocess.send_signal(signal.SIGTERM)
+ self.qemuprocess.communicate(timeout=5)
+ except subprocess.TimeoutExpired:
+ self.qemuprocess.kill()
+
with open('/proc/uptime', 'r') as f:
uptime_seconds = f.readline().split()[0]
logger.info('Host uptime: %s\n' % uptime_seconds)
@@ -1558,9 +1586,12 @@
else:
shutil.rmtree(ent)
+ # Deliberately ignore the return code of 'tput smam'.
+ subprocess.call(["tput", "smam"])
+
self.cleaned = True
- def run_bitbake_env(self, mach=None):
+ def run_bitbake_env(self, mach=None, target=''):
bitbake = shutil.which('bitbake')
if not bitbake:
return
@@ -1573,22 +1604,33 @@
multiconfig = "mc:%s" % multiconfig
if mach:
- cmd = 'MACHINE=%s bitbake -e %s' % (mach, multiconfig)
+ cmd = 'MACHINE=%s bitbake -e %s %s' % (mach, multiconfig, target)
else:
- cmd = 'bitbake -e %s' % multiconfig
+ cmd = 'bitbake -e %s %s' % (multiconfig, target)
logger.info('Running %s...' % cmd)
- return subprocess.check_output(cmd, shell=True).decode('utf-8')
+ try:
+ return subprocess.check_output(cmd, shell=True).decode('utf-8')
+ except subprocess.CalledProcessError as err:
+ logger.warning("Couldn't run '%s' to gather environment information, maybe the target wasn't an image name, will retry with virtual/kernel as a target:\n%s" % (cmd, err.output.decode('utf-8')))
+ # need something with IMAGE_NAME_SUFFIX/IMAGE_LINK_NAME defined (kernel also inherits image-artifact-names.bbclass)
+ target = 'virtual/kernel'
+ if mach:
+ cmd = 'MACHINE=%s bitbake -e %s %s' % (mach, multiconfig, target)
+ else:
+ cmd = 'bitbake -e %s %s' % (multiconfig, target)
+ try:
+ return subprocess.check_output(cmd, shell=True).decode('utf-8')
+ except subprocess.CalledProcessError as err:
+ logger.warning("Couldn't run '%s' to gather environment information, giving up with 'bitbake -e':\n%s" % (cmd, err.output.decode('utf-8')))
+ return ''
- def load_bitbake_env(self, mach=None):
+
+ def load_bitbake_env(self, mach=None, target=None):
if self.bitbake_e:
return
- try:
- self.bitbake_e = self.run_bitbake_env(mach=mach)
- except subprocess.CalledProcessError as err:
- self.bitbake_e = ''
- logger.warning("Couldn't run 'bitbake -e' to gather environment information:\n%s" % err.output.decode('utf-8'))
+ self.bitbake_e = self.run_bitbake_env(mach=mach, target=target)
def validate_combos(self):
if (self.fstype in self.vmtypes) and self.kernel:
@@ -1634,12 +1676,8 @@
subprocess.check_call([renice, str(os.getpid())])
def sigterm_handler(signum, frame):
- logger.info("SIGTERM received")
- if config.qemupid:
- os.kill(config.qemupid, signal.SIGTERM)
+ logger.info("Received signal: %s" % (signum))
config.cleanup()
- # Deliberately ignore the return code of 'tput smam'.
- subprocess.call(["tput", "smam"])
signal.signal(signal.SIGTERM, sigterm_handler)
config.check_args()
@@ -1661,8 +1699,6 @@
return 1
finally:
config.cleanup()
- # Deliberately ignore the return code of 'tput smam'.
- subprocess.call(["tput", "smam"])
if __name__ == "__main__":
sys.exit(main())
diff --git a/poky/scripts/yocto-check-layer b/poky/scripts/yocto-check-layer
index 0e5b75b..67cc719 100755
--- a/poky/scripts/yocto-check-layer
+++ b/poky/scripts/yocto-check-layer
@@ -168,14 +168,13 @@
layers_tested = 0
for layer in layers:
- if layer['type'] == LayerType.ERROR_NO_LAYER_CONF or \
- layer['type'] == LayerType.ERROR_BSP_DISTRO:
+ if layer['type'] in (LayerType.ERROR_NO_LAYER_CONF, LayerType.ERROR_BSP_DISTRO):
continue
# Reset to a clean backup copy for each run
shutil.copyfile(bblayersconf + '.backup', bblayersconf)
- if check_bblayers(bblayersconf, layer['path'], logger):
+ if layer['type'] not in (LayerType.CORE, ) and check_bblayers(bblayersconf, layer['path'], logger):
logger.info("%s already in %s. To capture initial signatures, layer under test should not present "
"in BBLAYERS. Please remove %s from BBLAYERS." % (layer['name'], bblayersconf, layer['name']))
results[layer['name']] = None