subtree updates
meta-openembedded: c5668905a6..cbbaa82238:
Alex Kiernan (1):
lldpd: Upgrade 1.0.14 -> 1.0.15
Alexander Stein (1):
dool: Add patch to fix rebuild
Archana Polampalli (1):
Nodejs - Upgrade to 16.18.1
Armin Kuster (2):
meta-oe][PATCH] gst-editing-services: fix typo in LICENSE field.
Revert "waf-samba.bbclass: point PYTHON_CONFIG to target python3-config"
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Changqing Li (3):
redis: 7.0.5 -> 7.0.7
redis: 6.2.7 -> 6.2.8
redis: upgrade 7.0.9 -> 7.0.10
Chee Yang Lee (5):
zsh: Fix CVE-2021-45444
fwupd: Fix CVE-2022-3287
redis: Upgrade to 7.0.8
redis: Upgrade to 6.2.9
tinyproxy: fix CVE-2022-40468
Chen Pei (1):
botan: upgrade 2.19.2 -> 2.19.3
Chen Qi (4):
xfce4-verve-plugin: fix do_configure faiure about missing libpcre
networkmanager: fix dhcpcd PACKAGECONFIG
networkmanager: install config files into correct place
networkmanager: fix /etc/resolv.conf handling
Dmitry Baryshkov (1):
nss: fix cross-compilation error
Geoff Parker (1):
python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES
Hermes Zhang (1):
kernel_add_regdb: Change the task order
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Joe Slater (1):
phoronix-test-suite: fix CVE-2022-40704
Kai Kang (2):
freeradius: fix multilib systemd service start failure
postfix: fix multilib conflict of sample-main.cf
Khem Raj (15):
gnome-text-editor: Add missing libpcre build time depenedency
ettercap: Add missing dependency on libpcre
imapfilter: Upgrade to 2.7.6
aufs-util: Fix build with large file support enabled systems
volume-key: Inherit python3targetconfig
audit: Inherit python3targetconfig
waf-samba.bbclass: point PYTHON_CONFIG to target python3-config
fontforge: Inherit python3targetconfig
sshpass: Use SPDX identified string for GPLv2
perfetto: Do not pass TUNE_CCARGS to native/host compiler
net-snmp: Fix build with clang16
ncmpc: Upgrade to 0.47
mpd: Upgrade to 0.23.12 release
redis: Upgrade 6.x recipe to 6.2.11
redis: Upgrade 7.x to 7.0.9
Leon Anavi (1):
python3-pythonping: Upgrade 1.1.3 -> 1.1.4
Markus Volk (3):
libcamera: upgrade -> 0.0.1
blueman: add RDEPEND on python3-fcntl
perfetto: pass TUNE_CCARGS to use machine tune
Martin Jansa (11):
monkey: use git fetcher
nss: fix SRC_URI
exiv2: fix SRC_URI
mdns: use git fetcher
zsh: fix installed-vs-shipped with multilib
restinio: fix S variable in multilib builds
mongodb: fix chown user for multilib builds
pahole: respect libdir
lvgl,lv-lib-png,lv-drivers: fix installed-vs-shipped QA issue with multilib
lirc: fix do_install with multilib
dleyna-{server,renderer}: fix dev-so QA issue with multilib
Mathieu Dubois-Briand (2):
nss: Add missing CVE product
nss: Whitelist CVEs related to libnssdbm
Mingli Yu (1):
php: Upgrade to 8.1.16
Narpat Mali (1):
net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception
Omkar Patil (1):
ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3
Peter Kjellerstedt (2):
chrony: Make it possible to enable editline support again
chrony: Remove the libcap and nss PACKAGECONFIGs
Peter Marko (4):
cpputest: remove dev package dependency
ntp: whitelist CVE-2019-11331
c-ares: fix CVE-2022-4904
dnsmasq: fix CVE-2023-28450
Polampalli, Archana (1):
nodejs: Upgrade 16.19.0 -> 16.19.1
Preeti Sachan (1):
fluidsynth: update SRC_URI to remove non-existing 2.2.x branch
Randy MacLeod (2):
python3-pillow: add ptest support
python3-pillow: Add distutils, unixadmin for ptest
Robert Joslyn (1):
fwupd: Fix plugin_gpio PACKAGECONFIG
Samuli Piippo (1):
protobuf: stage protoc binary to sysroot
Stefan Ghinea (1):
mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393
Tim Orling (1):
nodejs: upgrade 16.18.1 -> 16.19.0
Tom Hochstein (1):
nlohmann-json: Allow empty main package for SDK
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Wang Mingyu (34):
bats: upgrade 1.8.0 -> 1.8.2
ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0
fvwm: upgrade 2.6.9 -> 2.7.0
makedumpfile: upgrade 1.7.1 -> 1.7.2
sanlock: upgrade 3.8.4 -> 3.8.5
python3-astroid: upgrade 2.12.11 -> 2.12.12
python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0
python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0
python3-google-auth: upgrade 2.12.0 -> 2.13.0
python3-huey: upgrade 2.4.3 -> 2.4.4
python3-oauthlib: upgrade 3.2.1 -> 3.2.2
python3-pandas: upgrade 1.5.0 -> 1.5.1
python3-pika: upgrade 1.3.0 -> 1.3.1
python3-protobuf: upgrade 4.21.7 -> 4.21.8
python3-pywbemtools: upgrade 1.0.0 -> 1.0.1
python3-socketio: upgrade 5.7.1 -> 5.7.2
python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42
tracker: upgrade 3.4.0 -> 3.4.1
wolfssl: upgrade 5.5.1 -> 5.5.2
cglm: upgrade 0.8.5 -> 0.8.7
ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0
function2: upgrade 4.2.1 -> 4.2.2
poco: upgrade 1.12.2 -> 1.12.3
audit: upgrade 3.0.8 -> 3.0.9
colord: upgrade 1.4.5 -> 1.4.6
smcroute: upgrade 2.5.5 -> 2.5.6
openwsman: upgrade 2.7.1 -> 2.7.2
python3-pillow: upgrade 9.2.0 -> 9.3.0
python3-pillow: upgrade 9.3.0 -> 9.4.0
apache2: upgrade 2.4.54 -> 2.4.55
python3-django: upgrade 4.1 -> 4.1.3
python3-django: upgrade 4.1.3 -> 4.1.6
apache2: upgrade 2.4.55 -> 2.4.56
openwsman: Change download branch from master to main.
Xiangyu Chen (1):
ipmitool: fix typo in .bb file's comments, using = instead of =?
Yi Zhao (4):
ostree: fix selinux policy rebuild error on first deployment
strongswan: upgrade 5.9.8 -> 5.9.9
freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861
apache2: use /run instead of /var/run for systemd volatile config
Yogita Urade (1):
multipath-tools: fix CVE-2022-41974
zhengruoqin (2):
tcpslice: upgrade 1.5 -> 1.6
tio: upgrade 2.1 -> 2.2
meta-arm: 4ee457693e..58952aa7ba:
Abdellatif El Khlifi (1):
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the user guide
Adam Johnston (2):
arm/trusted-services: Fix 'no such file' when building libts
CI: Remove ts-smm-gateway from N1SDP
Adrian Herrera (2):
atp: decouple m5readfile from m5ops
atp: move m5readfile to meta-gem5
Adrián Herrera Arcila (5):
atp: fix failing test_readme
gem5: support for EXTRAS
atp: separate recipe for gem5 models
atp: fix machine overrides in recipes
ci: add meta-atp to check-layers
Anton Antonov (1):
arm-bsp/fvp-base: Enable virtio-rng support and unset preferred 5.15 kernel
Daniel Díaz (1):
arm-bsp/firmware-image-juno: Fix deployment of compressed Image
Diego Sueiro (2):
arm/classes: Introduce apply_local_src_patches bbclass
arm/trusted-firmware-m: Fix local source patches application
Emekcan (3):
arm-bsp/trusted-services: add checks for null attributes in smm gateway
arm-bsp/trusted-services: Fix GetNextVariable max_name_len in smm gateway
arm/fvp: Upgrade Corstone1000 FVP
Emekcan Aras (3):
arm-bsp/documentation: corstone1000: update the user guide
kas/corstone1000-base.yml: set refspec for Corstone1000 release
arm/trusted-firmware-m: Do not use release branches
Gowtham Suresh Kumar (6):
arm/edk2-basetools: Add edk2 base tool native recipe
arm-bsp/uefi_capsule: Add UEFI capsule generation class
arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform
arm/edk2-basetools: Convert edk2 basetools recipes to native only
arm-bsp/uefi_capsule: Use json file to pass capsule config
arm-bsp/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR
Jon Mason (4):
CI: define DEFAULT_TAG and CPU_REQUEST
arm-bsp/juno: move to compressed initramfs image
arm-bsp/juno: Update kernel patches to the latest
CI: dev kernel allow failure
Luca Fancellu (1):
arm,arm-bsp/recipes-kernel: don't use PN in arm-ffa-transport.inc
Peter Hoyes (15):
arm/fvp: Join cli arguments in verbose logging
arm/lib: Factor out asyncio in FVPRunner
arm/lib: Decouple console parsing from the FVPRunner
arm/oeqa: Log the FVP output in OEFVPSSHTarget
runfvp: Fix verbose output when using --console
arm/fvp: Backport shlex.join from Python 3.8
arm/fvpboot: Disable timing annotation by default
arm/classes: Ensure patch files are sorted in apply_local_src_patches
arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized
arm/scp-firmware: Disable cppcheck
arm/lib: Add XAUTHORITY to runfvp environment
classes: Define FVP_ENV_PASSTHROUGH variable dependencies
classes: Prevent passing None to the runfvp environment
classes: Set ARMLMD_LICENSE_FILE in the runfvp environment
CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds
Qi Feng (1):
kas/fvp-baser-aemv8r64: Use langdale as kas default refspec
Robbie Cao (1):
arm/fvp-base-r-aem: upgrade to version 11.20.15
Ross Burton (9):
arm/linux-arm64-ack: fix buildpaths in the perf Python module
CI: revert a meta-clang change which breaks pixman (thus, xserver)
CI: add variables needed for k8s runners
CI: add tags to all jobs
CI: no need to install telnet
CI: use the .setup fragment in machine-coverage
CI: fix builds with clang
CI: pin to kas 3.2 as 3.2.1 fails
arm-bsp/external-system: fix the gen_module race, again
Rui Miguel Silva (4):
arm/trusted-services: check before applying patches
arm-bsp/trusted-services: psa test setup corstone1000
arm-bsp/trusted-firmware-m: adjust ps assets for corstone1000
kas/corstone500.yml: pin repos to langdale
Vishnu Banavath (3):
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the release notes
arm-bsp/documentation: corstone1000: 2022.11.10 RC: update the change log
arm-bsp/optee: register DRAM1 for N1SDP target
poky: 6b9db5a99b..3e95f268ce:
Adrian Freihofer (2):
buildconf: compare abspath
bblayers/setupwriters/oe-setup-layers: create dir if not exists
Alejandro Hernandez Samaniego (2):
baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
testimage: Fix error message to reflect new syntax
Alex Kiernan (2):
cargo_common.bbclass: Fix typos
classes: image: Set empty weak default IMAGE_LINGUAS
Alex Stewart (2):
lsof: add update-alternatives logic
opkg: upgrade to version 0.6.1
Alexander Kanavin (69):
rust-target-config: match riscv target names with what rust expects
rust: install rustfmt for riscv32 as well
shadow: update 4.12.1 -> 4.12.3
lttng-modules: upgrade 2.13.4 -> 2.13.5
quilt: backport a patch to address grep 3.8 failures
go: submit patch upstream
go: update 1.19 -> 1.19.2
groff: submit patches upstream
tcl: correct patch status
lttng-tools: submit determinism.patch upstream
kea: submit patch upstream
ovmf: correct patches status
libffi: submit patch upstream
rust: submit a rewritten version of crossbeam_atomic.patch upstream
ffmpeg: upgrade 5.1.1 -> 5.1.2
linux-firmware: upgrade 20220913 -> 20221012
xwayland: upgrade 22.1.3 -> 22.1.4
libffi: upgrade 3.4.2 -> 3.4.4
libical: upgrade 3.0.15 -> 3.0.16
mtd-utils: upgrade 2.1.4 -> 2.1.5
selftest: add a copy of previous mtd-utils version to meta-selftest
gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
pango: upgrade 1.50.10 -> 1.50.11
pango: replace a recipe fix with an upstream submitted patch
gstreamer1.0: upgrade 1.20.3 -> 1.20.4
libepoxy: convert to git
libepoxy: update 1.5.9 -> 1.5.10
mesa: do not rely on native llvm-config in target sysroot
systemd: update 251.4 -> 251.8
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
gnomebase.bbclass: return the whole version for tarball directory if it is a number
glibc-tests: correctly pull in the actual tests when installing -ptest package
libnewt: update 0.52.21 -> 0.52.23
ruby: merge .inc into .bb
ruby: update 3.1.2 -> 3.1.3
tzdata: update 2022d -> 2022g
cmake: update 3.24.0 -> 3.24.2
devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
libarchive: upgrade 3.6.1 -> 3.6.2
go: update 1.19.3 -> 1.19.4
devtool: process local files only for the main branch
libksba: update 1.6.2 -> 1.6.3
linux-firmware: upgrade 20221109 -> 20221214
xwayland: upgrade 22.1.5 -> 22.1.7
xserver-xorg: upgrade 21.1.4 -> 21.1.6
selftest/virgl: use pkg-config from the host
vulkan-samples: branch rename master -> main
gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
diffutils: update 3.8 -> 3.9
lttng-tools: update 2.13.8 -> 2.13.9
apr: update 1.7.0 -> 1.7.2
apr-util: update 1.6.1 -> 1.6.3
bind: upgrade 9.18.10 -> 9.18.11
libjpeg-turbo: upgrade 2.1.4 -> 2.1.5
pkgconf: upgrade 1.9.3 -> 1.9.4
linux-firmware: upgrade 20221214 -> 20230117
sudo: upgrade 1.9.12p1 -> 1.9.12p2
libgit2: upgrade 1.5.0 -> 1.5.1
vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
dbus: upgrade 1.14.4 -> 1.14.6
linux-firmware: upgrade 20230117 -> 20230210
wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
bblayers/makesetup: skip git repos that are submodules
sudo: update 1.9.12p2 -> 1.9.13p2
libdnf: update 0.69.0 -> 0.70.0
pango: upgrade 1.50.12 -> 1.50.13
apt: re-enable version check
devtool/upgrade: do not delete the workspace/recipes directory
Alexey Smirnov (1):
classes: make TOOLCHAIN more permissive for kernel
Alexis Lothoré (1):
oeqa/selftest/resulttooltests: fix minor typo
Andrew Geissler (1):
filemap.py: enforce maximum of 4kb block size
Anton Antonov (1):
rust: Do not use default compiler flags defined in CC crate
Antonin Godard (2):
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
Armin Kuster (1):
lttng-modules: Fix for 5.10.163 kernel version
Arnout Vandecappelle (1):
python3-pytest: depend on python3-tomli instead of python3-toml
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Benoît Mauduit (1):
lib/oe/reproducible: Use git log without gpg signature
Bernhard Rosenkränzer (1):
cmake-native: Fix host tool contamination
Bhabu Bindu (1):
qemu: Fix CVE-2022-4144
Bruce Ashfield (35):
linux-yocto/5.15: update to v5.15.72
linux-yocto/5.19: update to v5.19.14
kern-tools: fix relative path processing
linux-yocto/5.15: update to v5.15.74
linux-yocto/5.15: update to v5.15.76
linux-yocto/5.15: update to v5.15.78
linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.19: update to v5.19.16
linux-yocto/5.19: update to v5.19.17
linux-yocto/5.19: cfg: intel and vesa updates
linux-yocto/5.19: security.cfg: remove configs which have been dropped
linux-yocto/5.19: fix CONFIG_CRYPTO_CCM mismatch warnings
linux-yocto/5.19: fix elfutils run-backtrace-native-core ptest failure
kern-tools: integrate ZFS speedup patch
linux-yocto/5.19: fix perf build with clang
linux-yocto/5.15: ltp and squashfs fixes
linux-yocto/5.15: fix perf build with clang
linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
linux-yocto/5.15: update to v5.15.84
linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.19: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.15: update to v5.15.87
linux-yocto/5.15: update to v5.15.89
linux-yocto/5.15: update to v5.15.91
lttng-modules: fix for kernel 6.2+
linux-yocto/5.15: update to v5.15.94
linux-yocto/5.15: update to v5.15.96
linux-yocto-rt/5.15: update to -rt59
linux-yocto/5.15: update to v5.15.98
linux-yocto/5.15: update to v5.15.103
lttng-modules: update to v2.13.9
kernel-devsrc: fix mismatched compiler warning
linux-yocto/5.15: update to v5.15.106
linux-yocto/5.15: update to v5.15.107
linux-yocto/5.15: update to v5.15.108
Carlos Alberto Lopez Perez (3):
xwayland: libxshmfence is needed when dri3 is enabled
mesa-gl: gallium is required when enabling x11
mesa-demos: packageconfig weston should have a dependency on wayland-protocols
Changqing Li (2):
base.bbclass: Fix way to check ccache path
apt: fix do_package_qa failure
Charlie Johnston (1):
opkg: ensure opkg uses private gpg.conf when applying keys.
Chee Yang Lee (5):
git: upgrade to 2.37.5
tiff: fix multiple CVEs
git: ignore CVE-2023-22743
tiff: Fix CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
go: upgrade to 1.19.7
Chen Qi (9):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
dhcpcd: fix to work with systemd
resolvconf: make it work
psplash: consider the situation of psplash not exist for systemd
bc: extend to nativesdk
rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
dhcpcd: backport two patches to fix runtime error
libseccomp: fix typo in DESCRIPTION
ffmpeg: fix configure failure on noexec /tmp host
Chris Elledge (1):
busybox: move hwclock init earlier in startup
Christian Eggers (1):
linux-firmware: split rtl8761 firmware
Christoph Lauer (1):
populate_sdk_base: add zip options
Claus Stovgaard (1):
gstreamer1.0-libav: fix errors with ffmpeg 5.x
Diego Sueiro (1):
kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
Dmitry Baryshkov (5):
linux-firmware: upgrade 20221012 -> 20221109
linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
linux-firmware: properly set license for all Qualcomm firmware
linux-firmware: add yamato fw files to qcom-adreno-a2xx package
ffmpeg: fix build failure when vulkan is enabled
Ed Tanous (1):
openssl: Upgrade 3.0.5 -> 3.0.7
Enguerrand de Ribaucourt (1):
bitbake-layers: fix a typo
Enrico Jörns (8):
sstatesig: emit more helpful error message when not finding sstate manifest
oeqa/selftest/cases/runqemu: update imports
oeqa/targetcontrol: fix misspelled RuntimeError
oeqa/targetcontrol: do not set dump_host_cmds redundantly
oeqa/targetcontrol: remove unused imports
oeqa/utils/commands: fix usage of undefined EPIPE
oeqa/utils/commands: remove unused imports
oeqa/utils/qemurunner: replace hard-coded user 'root' in debug output
Etienne Cordonnier (2):
mirrors.bbclass: use shallow tarball for binutils-native
bitbake: siggen: Fix inefficient string concatenation
Fawzi KHABER (3):
ref-manual: update DEV_PKG_DEPENDENCY in variables
package.bbclass: check packages name conflict in do_package
oeqa/selftest/cases/package.py: adding unittest for package rename conflicts
Federico Pellegrin (1):
curl: fix dependencies when building with ldap/ldaps
Frank de Brabander (2):
bitbake: process: log odd unlink events with bitbake.sock
bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system
Frederic Martinsons (1):
cargo.bbclass: use offline mode for building
Geoffrey GIRY (2):
cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
cve-check: Fix false negative version issue
Harald Seiler (2):
opkg: Set correct info_dir and status_file in opkg.conf
bootchart2: Fix usrmerge support
He Zhe (1):
lttng-modules: update 2.13.7 -> 2.13.8
Hitendra Prajapati (3):
openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c
libxml2: Fix CVE-2022-40303 && CVE-2022-40304
Jagadeesh Krishnanjanappa (1):
qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
Jan Kircher (1):
toolchain-scripts: compatibility with unbound variable protection
Jan-Simon Moeller (1):
buildtools-tarball: export certificates to python and curl
Jeremy Puhlman (1):
qemu-native: Add PACKAGECONFIG option for jack
Jermain Horsman (1):
cve-check: write the cve manifest to IMGDEPLOYDIR
Jose Quaresma (10):
kernel-yocto: improve fatal error messages of symbol_why.py
archiver: avoid using machine variable as it breaks multiconfig
sstatesig: skip the rm_work task signature
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
sstate: Allow optimisation of do_deploy_archives task dependencies
Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
gstreamer1.0: Fix race conditions in gstbin tests
oeqs/selftest: OESelftestTestContext: replace the os.environ after subprocess.check_output
oeqa/selftest: OESelftestTestContext: convert relative to full path when newbuilddir is provided
oeqa/selftest/reproducible: Split different packages from missing packages output
Joshua Watt (6):
runqemu: Do not perturb script environment
runqemu: Fix gl-es argument from causing other arguments to be ignored
qemu-helper-native: Re-write bridge helper as C program
qemu-helper-native: Correctly pass program name as argv[0]
scripts: convert-overrides: Allow command-line customizations
classes/populate_sdk_base: Append cleandirs
Justin Bronder (1):
bitbake: asyncrpc: serv: correct closed client socket detection
Kai Kang (3):
mesa: only apply patch to fix ALWAYS_INLINE for native
libuv: fixup SRC_URI
xserver-xorg: 21.1.6 -> 21.1.7
Keiya Nobuta (1):
create-spdx: Remove ";name=..." for downloadLocation
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Khem Raj (11):
tiff: Add packageconfig knob for webp
createrepo-c: Include missing rpm/rpmstring.h
libtirpc: Check if file exists before operating on it
libusb1: Link with latomic only if compiler has no atomic builtins
libusb1: Strip trailing whitespaces
scons: Pass MAXLINELENGTH to scons invocation
scons.bbclass: Make MAXLINELENGTH overridable
libcomps: Fix callback function prototype for PyCOMPS_hash
rpm: Fix hdr_hash function prototype
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
Revert "runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86"
Konrad Weihmann (1):
create-spdx: default share_src for shared sources
Lee Chee Yang (2):
git: Upgrade to 2.37.4
migration-guides: add release-notes for 4.0.7
Leon Anavi (1):
get_module_deps3.py: Check attribute '__file__'
Liam Beguin (1):
meson: make wrapper options sub-command specific
Louis Rannou (1):
oeqa/selftest/locales: Add selftest for locale generation/presence
Luca Boccassi (1):
systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
Luis (1):
rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
Marek Vasut (5):
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
systemd: Make importd depend on glib-2.0 again
bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
bitbake: fetch2/git: Clarify the meaning of namespace
cpio: Fix wrong CRC with ASCII CRC for large files
Mark Asselstine (1):
bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
Markus Volk (2):
mesa: update 22.2.0 -> 22.2.2
librsvg: enable vapi build
Marta Rybczynska (1):
cve-update-db-native: avoid incomplete updates
Martin Jansa (12):
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
externalsrc.bbclass: fix git repo detection
libxml2: fix test data checksums
meta: remove True option to getVar and getVarFlag calls (again)
timezone: use 'tz' subdir instead of ${WORKDIR} directly
tzdata: use separate B instead of WORKDIR for zic output
tzcode-native: fix build with gcc-13 on host
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
bmap-tools: switch to main branch
selftest: runqemu: better check for ROOTFS: in the log
selftest: runqemu: use better error message when asserts fail
runqemu: respect IMAGE_LINK_NAME
Mateusz Marciniec (1):
sstatesig: Improve output hash calculation
Mathieu Dubois-Briand (1):
dbus: Add missing CVE product name
Mauro Queiros (1):
image.bbclass: print all QA functions exceptions
Michael Halstead (3):
uninative: Upgrade to 3.8.1 to include libgcc
selftest/runtime_test/virgl: Disable for all Rocky Linux
uninative: Upgrade to 3.9 to include glibc 2.37
Michael Opdenacker (13):
bitbake: bitbake-user-manual: details about variable flags starting with underscore
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
backport SPDX documentation and vulnerability improvements
Expand create-spdx class documentation
Expand cve-check class documentation
manuals: add 4.0.5 and 4.0.6 release notes
dev-manual: fix old override syntax
ref-manual: variables.rst: fix broken hyperlink
profile-manual: update WireShark hyperlinks
bsp-guide: fix broken git URLs and missing word
manuals: update patchwork instance URL
dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
migration-guides: update release notes
Mikko Rapeli (13):
common-tasks.rst: fix oeqa runtime test path
oeqa context.py: fix --target-ip comment to include ssh port number
oeqa ssh.py: move output prints to new line
oeqa ssh.py: add connection keep alive options to ssh client
oeqa dump.py: add error counter and stop after 5 failures
oeqa qemurunner: read more data at a time from serial
oeqa qemurunner.py: add timeout to QMP calls
oeqa qemurunner.py: try to avoid reading one character at a time
oeqa ssh.py: fix hangs in run()
runqemu: kill qemu if it hangs
oeqa rtc.py: skip if read-only-rootfs
oeqa ping.py: avoid busylooping failing ping command
oeqa ping.py: fail test if target IP address has not been set
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Mingli Yu (6):
grub: disable build on armv7ve/a with hardfp
glslang: branch rename master -> main
mdadm: Fix testcase 06wrmostly
mdadm: fix tests/02lineargrow
mdadm: Fix raid0 tests
report-error: catch Nothing PROVIDES error
Narpat Mali (4):
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
libseccomp: fix for the ptest result format
python3-setuptools: fix for CVE-2022-40897
Nathan Rossi (2):
oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
package: Fix handling of minidebuginfo with newer binutils
Niko Mauno (3):
systemd: Consider PACKAGECONFIG in RRECOMMENDS
Fix missing leading whitespace with ':append'
ref-manual: Fix invalid feature name
Ola x Nilsson (1):
kbd: Don't build tests
Ovidiu Panait (1):
kernel.bbclass: remove empty module directories to prevent QA issues
Pavel Zhukov (4):
bitbake: gitsm: Fix regression in gitsm submodule path parsing
oeqa/rpm.py: Increase timeout and add debug output
wic: Fix usage of fstype=none in wic
u-boot: Map arm64 into map for u-boot dts installation
Pawel Zalewski (1):
classes/fs-uuid: Fix command output decoding issue
Peter Bergin (1):
gptfdisk: remove warning message from target system
Peter Kjellerstedt (4):
externalsrc.bbclass: Remove a trailing slash from ${B}
pango: Make it build with ptest disabled
librsvg: Only enable the Vala bindings if GObject Introspection is enabled
devshell: Do not add scripts/git-intercept to PATH
Peter Marko (6):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
externalsrc: fix lookup for .gitmodules
oeqa/selftest/externalsrc: add test for srctree_hash_files
systemd: add group sgx to udev package
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
Petr Kubizňák (1):
harfbuzz: remove bindir only if it exists
Piotr Łobacz (1):
systemd: fix wrong nobody-group assignment
Polampalli, Archana (1):
libpam: fix CVE-2022-28321
Qiu, Zheng (3):
tiff: fix a typo for CVE-2022-2953.patch
tiff: Security fix for CVE-2022-3970
vim: upgrade 9.0.0820 -> 9.0.0947
Quentin Schulz (4):
cairo: update patch for CVE-2019-6461 with upstream solution
docs: kernel-dev: faq: update tip on how to not include kernel in image
docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
cairo: fix CVE patches assigned wrong CVE number
Randy MacLeod (3):
valgrind: skip the boost_thread test on arm
vim: upgrade 9.0.0947 -> 9.0.1211
vim: upgrade 9.0.1403 -> 9.0.1429
Ranjitsinh Rathod (1):
curl: Correct LICENSE from MIT-open-group to curl
Ravula Adhitya Siddartha (2):
linux-yocto/5.15: update genericx86* machines to v5.15.72
linux-yocto/5.19: update genericx86* machines to v5.19.14
Richard Purdie (37):
build-appliance-image: Update to langdale head revision
bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
lttng-modules: upgrade 2.13.5 -> 2.13.7
bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
gcc-shared-source: Fix source date epoch handling
gcc-source: Fix gengtypes race
gcc-source: Drop gengtype manipulation
gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
sanity: Drop data finalize call
oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
qemu: Ensure libpng dependency is deterministic
yocto-check-layer: Allow OE-Core to be tested
oeqa/concurrencytest: Add number of failures to summary output
build-appliance-image: Update to langdale head revision
bitbake: server/process: Add bitbake.sock race handling
native: Drop special variable handling
kernel/linux-kernel-base: Fix kernel build artefact determinism issues
make-mod-scripts: Ensure kernel build output is deterministic
perf: Enable debug/source packaging
libc-locale: Fix on target locale generation
libssh2: Clean up ptest patch/coverage
build-appliance-image: Update to langdale head revision
bitbake: utils: Allow to_boolean to support int values
bitbake: cookerdata: Remove incorrect SystemExit usage
bitbake: cookerdata: Improve early exception handling
bitbake: cookerdata: Drop dubious exception handling code
binutils: Fix nativesdk ld.so search
oeqa/selftest/prservice: Improve debug output for failure
staging: Separate out different multiconfig manifests
staging/multilib: Fix manifest corruption
glibc: Add missing binutils dependency
selftest/recipetool: Stop test corrupting tinfoil class
base-files: Drop localhost.localdomain from hosts file
pybootchartui: Fix python syntax issue
pybootchart: Fix extents handling to account for cpu/io/mem pressure changes
xdg-utils: Add a patch for CVE-2020-27748
xdg-utils: Fix CVE number
Robert Andersson (1):
go-crosssdk: avoid host contamination by GOCACHE
Robert Joslyn (2):
curl: Backport CVE fixes
curl: Fix CVE-2022-43551 and CVE-2022-43552
Robert Yang (1):
bitbake: fetch/git: Fix local clone url to make it work with repo
Rodolfo Quesada Zumbado (1):
tar: CVE-2022-48303
Romuald JEANNE (1):
image_types: fix vname var init in multiubi_mkfs() function
Romuald Jeanne (1):
image_types: fix multiubi var init
Ross Burton (48):
libx11: apply the fix for CVE-2022-3554
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
tiff: fix a number of CVEs
qemu: backport the fix for CVE-2022-3165
pango: upgrade 1.50.9 -> 1.50.10
zlib: do out-of-tree builds
zlib: upgrade 1.2.12 -> 1.2.13
bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
pixman: backport fix for CVE-2022-44638
sudo: backport fix for CVE-2022-43995
sanity: check for GNU tar specifically
expat: upgrade to 2.5.0
oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
insane: add codeload.github.com to src-uri-bad check
linux-firmware: don't put the firmware into the sysroot
lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
combo-layer: remove unused import
combo-layer: dont use bb.utils.rename
combo-layer: add sync-revs command
libepoxy: remove upstreamed patch
cve-update-db-native: show IP on failure
pango: upgrade 1.50.11 -> 1.50.12
oeqa/selftest/debuginfod: improve testcase
curl: don't enable debug builds
bitbake: bb/utils: include SSL certificate paths in export_proxies
ppp: backport fix for CVE-2022-4603
quilt: fix intermittent failure in faildiff.test
spirv-headers/spirv-tools: set correct branch name
quilt: use upstreamed faildiff.test fix
git: ignore CVE-2022-41953
buildtools-tarball: set pkg-config search path
sdkext/cases/devtool: pass a logger to HTTPService
httpserver: add error handler that write to the logger
less: backport the fix for CVE-2022-46663
lib/buildstats: handle tasks that never finished
cml1: remove redundant addtask
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
vim: upgrade to 9.0.1403
vim: set modified-by to the recipe MAINTAINER
meson: remove obsolete RPATH stripping patch
lib/resulttool: fix typo breaking resulttool log --ptest
scripts/lib/buildstats: handle top-level build_stats not being complete
tzdata: upgrade to 2023c
oeqa/runtime: clean up deprecated backslash expansion
xserver-xorg: backport fix for CVE-2023-1393
screen: backport fix for CVE-2023-24626
Ryan Eatmon (1):
go: Update reproducibility patch to fix panic errors
Sakib Sajal (2):
go: update 1.19.2 -> 1.19.3
git: upgrade 2.37.5 -> 2.37.6
Sandeep Gundlupet Raju (3):
libdrm: Remove libdrm-kms package
kernel-fitimage: Adjust order of dtb/dtbo files
kernel-fitimage: Allow user to select dtb when multiple dtb exists
Saul Wold (2):
at: Change when files are copied
busybox: Fix depmod patch
Sean Anderson (3):
uboot-sign: Fix using wrong KEY_REQ_ARGS
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
Sergei Zhmylev (2):
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
wic: make ext2/3/4 images reproducible
Siddharth (1):
harfbuzz: Security fix for CVE-2023-25193
Siddharth Doshi (3):
openssl: Upgrade 3.0.7 -> 3.0.8
epiphany: Security fix for CVE-2023-26081
openssl: Security fix for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466
Soumya (1):
shadow: Fix can not print full login timeout message
Steve Sakoman (8):
poky.conf: bump version for 4.1.1
Revert "sudo: backport fix for CVE-2022-43995"
poky.conf: bump version for 4.1.2
poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
system-requirements.rst: Add Fedora 36, AlmaLinux 8.7 & 9.1, and OpenSUSE 15.4 to list of supported distros
poky.conf: bump version for 4.1.3
poky.conf: bump version for 4.1.4
build-appliance-image: Update to langdale head revision
Sudip Mukherjee (1):
libgit2: update license information
Teoh Jay Shen (1):
vim: Upgrade 9.0.0598 -> 9.0.0614
Thomas Perrot (1):
xserver-xorg: move some recommended dependencies in required
Thomas Roos (1):
devtool: fix devtool finish when gitmodules file is empty
Tim Orling (7):
vim: upgrade 9.0.0614 -> 9.0.0820
python3-mako: upgrade 1.2.2 -> 1.2.3
mirrors.bbclass: update CPAN_MIRROR
bitbake: toaster: fixtures/README: django 1.8 -> 3.2
bitbake: toaster: fixtures/gen_fixtures.py: update branches
bitbake: toaster: Add refreshed oe-core and poky fixtures
cracklib: update github branch to 'main'
Tobias Hagelborn (2):
sstate.bbclass: Fetch non-existing local .sig files if needed
lib/oe/gpg_sign.py: Avoid race when creating .sig files in detach_sign
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Trevor Woerner (3):
cups: use BUILDROOT instead of DESTDIR
cups: check PACKAGECONFIG for pam feature
cups: add/fix web interface packaging
Ulrich Ölmann (4):
recipe_sanity: fix old override syntax
lsof: fix old override syntax
update-alternatives: fix typos
kernel-yocto: fix kernel-meta data detection
Vincent Davis Jr (1):
linux-firmware: package amdgpu firmware
Vivek Kumbhar (1):
openssl: fix CVE-2022-3996 double locking leads to denial of service
Vyacheslav Yurkov (1):
overlayfs: Allow not used mount points
Wang Mingyu (26):
bind: upgrade 9.18.7 -> 9.18.8
inetutils: upgrade 2.3 -> 2.4
socat: upgrade 1.7.4.3 -> 1.7.4.4
libxcrypt: upgrade 4.4.28 -> 4.4.30
xwayland: upgrade 22.1.4 -> 22.1.5
sysstat: upgrade 12.6.0 -> 12.6.1
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
libsdl2: upgrade 2.24.1 -> 2.24.2
mesa: upgrade 22.2.2 -> 22.2.3
babeltrace: upgrade 1.5.8 -> 1.5.11
iso-codes: upgrade 4.11.0 -> 4.12.0
bind: upgrade 9.18.8 -> 9.18.9
libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
mpfr: upgrade 4.1.0 -> 4.1.1
libpng: upgrade 1.6.38 -> 1.6.39
help2man: upgrade 1.49.2 -> 1.49.3
gstreamer1.0: upgrade 1.20.4 -> 1.20.5
bind: upgrade 9.18.9 -> 9.18.10
libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1
xwayland: upgrade 22.1.7 -> 22.1.8
iso-codes: upgrade 4.12.0 -> 4.13.0
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
dhcpcd: Fix install conflict when enable multilib.
xcb-proto: Fix install conflict when enable multilib.
Xiangyu Chen (7):
sudo: upgrade 1.9.11p3 -> 1.9.12p1
grub: backport patches to fix CVE-2022-28736
openssh: remove RRECOMMENDS to rng-tools for sshd package
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
numactl: skip test case when target platform doesn't have 2 CPU node
dhcpcd: fix dhcpcd start failure on qemuppc64
sudo: update 1.9.13p2 -> 1.9.13p3
Zoltan Boszormenyi (1):
piglit: Fix build time dependency
ciarancourtney (1):
wic: swap partitions are not added to fstab
leimaohui (1):
libpng: Enable NEON for aarch64 to enensure consistency with arm32.
pgowda (1):
binutils: Add patch to fix CVE-2022-4285
wangmy (13):
meson: upgrade 0.63.2 -> 0.63.3
mtools: upgrade 4.0.40 -> 4.0.41
ifupdown: upgrade 0.8.37 -> 0.8.39
gnutls: upgrade 3.7.7 -> 3.7.8
libcap: upgrade 2.65 -> 2.66
libical: upgrade 3.0.14 -> 3.0.15
numactl: upgrade 2.0.15 -> 2.0.16
wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
libksba: upgrade 1.6.0 -> 1.6.2
libsdl2: upgrade 2.24.0 -> 2.24.1
lttng-ust: upgrade 2.13.4 -> 2.13.5
lighttpd: upgrade 1.4.66 -> 1.4.67
dbus: upgrade 1.14.0 -> 1.14.4
meta-security: 2aa48e6f4e..a4562b1912:
Anton Antonov (2):
Flush caches after OEQA tests
Fix PACKAGECONFIG check in Parsec OEQA tests
Armin Kuster (2):
packagegroup-security-tpm2: restore pkgs removed earlier
Revert "meta-parsec/layer.conf: Insert addpylib declaration"
Peter Hoyes (1):
meta-parsec/layer.conf: Insert addpylib declaration
meta-raspberrypi: 722c51647c..8e3cbfa598:
Andrei Gherzan (2):
ci: Bump actions/checkout to v3
ci: Fix dco-check job with newer git versions
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
Martin Jansa (1):
raspberrypi4-64: drop DEFAULTTUNE assignment
Sung Gon Kim (1):
libcamera: rename bbappend to match any version
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I394eff2a339089121317b9dfb1a2ff4dfcae3339
diff --git a/poky/meta/classes-global/base.bbclass b/poky/meta/classes-global/base.bbclass
index 8203f54..2d0e355 100644
--- a/poky/meta/classes-global/base.bbclass
+++ b/poky/meta/classes-global/base.bbclass
@@ -139,7 +139,7 @@
# /usr/local/bin/ccache/gcc -> /usr/bin/ccache, then which(gcc)
# would return /usr/local/bin/ccache/gcc, but what we need is
# /usr/bin/gcc, this code can check and fix that.
- if "ccache" in srctool:
+ if os.path.islink(srctool) and os.path.basename(os.readlink(srctool)) == 'ccache':
srctool = bb.utils.which(path, tool, executable=True, direction=1)
if srctool:
os.symlink(srctool, desttool)
diff --git a/poky/meta/classes-global/devshell.bbclass b/poky/meta/classes-global/devshell.bbclass
index 03af56b..4c23049 100644
--- a/poky/meta/classes-global/devshell.bbclass
+++ b/poky/meta/classes-global/devshell.bbclass
@@ -8,8 +8,6 @@
DEVSHELL = "${SHELL}"
-PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:"
-
python do_devshell () {
if d.getVarFlag("do_devshell", "manualfakeroot"):
d.prependVar("DEVSHELL", "pseudo ")
diff --git a/poky/meta/classes-global/insane.bbclass b/poky/meta/classes-global/insane.bbclass
index dc46857..df2c40c 100644
--- a/poky/meta/classes-global/insane.bbclass
+++ b/poky/meta/classes-global/insane.bbclass
@@ -1346,7 +1346,7 @@
for url in d.getVar("SRC_URI").split():
# Search for github and gitlab URLs that pull unstable archives (comment for future greppers)
- if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url):
+ if re.search(r"git(hu|la)b\.com/.+/.+/archive/.+", url) or "//codeload.github.com/" in url:
oe.qa.handle_error("src-uri-bad", "%s: SRC_URI uses unstable GitHub/GitLab archives, convert recipe to use git protocol" % pn, d)
python do_qa_unpack() {
diff --git a/poky/meta/classes-global/mirrors.bbclass b/poky/meta/classes-global/mirrors.bbclass
index 9643b31..d641c39 100644
--- a/poky/meta/classes-global/mirrors.bbclass
+++ b/poky/meta/classes-global/mirrors.bbclass
@@ -67,8 +67,7 @@
https?://.*/.* http://sources.openembedded.org/ \
ftp://.*/.* http://sources.openembedded.org/ \
npm://.*/?.* http://sources.openembedded.org/ \
-${CPAN_MIRROR} http://cpan.metacpan.org/ \
-${CPAN_MIRROR} http://search.cpan.org/CPAN/ \
+${CPAN_MIRROR} https://cpan.metacpan.org/ \
https?://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \
https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \
"
@@ -90,6 +89,7 @@
BB_GIT_SHALLOW:pn-binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "1"
BB_GIT_SHALLOW:pn-binutils-cross-testsuite = "1"
BB_GIT_SHALLOW:pn-binutils-crosssdk-${SDK_SYS} = "1"
+BB_GIT_SHALLOW:pn-binutils-native = "1"
BB_GIT_SHALLOW:pn-glibc = "1"
PREMIRRORS += "git://sourceware.org/git/glibc.git https://downloads.yoctoproject.org/mirror/sources/ \
git://sourceware.org/git/binutils-gdb.git https://downloads.yoctoproject.org/mirror/sources/"
diff --git a/poky/meta/classes-global/package.bbclass b/poky/meta/classes-global/package.bbclass
index 2d985d8..a47da14 100644
--- a/poky/meta/classes-global/package.bbclass
+++ b/poky/meta/classes-global/package.bbclass
@@ -490,16 +490,31 @@
bb.debug(1, 'ELF file {} has no debuginfo, skipping minidebuginfo injection'.format(file))
return
+ # minidebuginfo does not make sense to apply to ELF objects other than
+ # executables and shared libraries, skip applying the minidebuginfo
+ # generation for objects like kernel modules.
+ for line in subprocess.check_output([readelf, '-h', debugfile], universal_newlines=True).splitlines():
+ if not line.strip().startswith("Type:"):
+ continue
+ elftype = line.split(":")[1].strip()
+ if not any(elftype.startswith(i) for i in ["EXEC", "DYN"]):
+ bb.debug(1, 'ELF file {} is not executable/shared, skipping minidebuginfo injection'.format(file))
+ return
+ break
+
# Find non-allocated PROGBITS, NOTE, and NOBITS sections in the debuginfo.
# We will exclude all of these from minidebuginfo to save space.
remove_section_names = []
for line in subprocess.check_output([readelf, '-W', '-S', debugfile], universal_newlines=True).splitlines():
- fields = line.split()
- if len(fields) < 8:
+ # strip the leading " [ 1]" section index to allow splitting on space
+ if ']' not in line:
+ continue
+ fields = line[line.index(']') + 1:].split()
+ if len(fields) < 7:
continue
name = fields[0]
type = fields[1]
- flags = fields[7]
+ flags = fields[6]
# .debug_ sections will be removed by objcopy -S so no need to explicitly remove them
if name.startswith('.debug_'):
continue
@@ -2434,6 +2449,15 @@
bb.build.exec_func("package_convert_pr_autoinc", d)
+ # Check for conflict between renamed packages and existing ones
+ # for each package in PACKAGES, check if it will be renamed to an existing one
+ for p in packages:
+ localdata = bb.data.createCopy(d)
+ localdata.setVar('OVERRIDES', p)
+ rename = localdata.getVar('PKG')
+ if (rename != None) and rename in packages:
+ bb.fatal('package "%s" is renamed to "%s" using PKG:%s, but package name already exists'%(p,rename,p))
+
###########################################################################
# Optimisations
###########################################################################
diff --git a/poky/meta/classes-global/sanity.bbclass b/poky/meta/classes-global/sanity.bbclass
index 15067e7..8cf4203 100644
--- a/poky/meta/classes-global/sanity.bbclass
+++ b/poky/meta/classes-global/sanity.bbclass
@@ -504,6 +504,14 @@
version = result.split()[3]
if bb.utils.vercmp_string_op(version, "1.28", "<"):
return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n"
+
+ try:
+ result = subprocess.check_output(["tar", "--help"], stderr=subprocess.STDOUT).decode('utf-8')
+ if "--xattrs" not in result:
+ return "Your tar doesn't support --xattrs, please use GNU tar.\n"
+ except subprocess.CalledProcessError as e:
+ return "Unable to execute tar --help, exit code %d\n%s\n" % (e.returncode, e.output)
+
return None
# We use git parameters and functionality only found in 1.7.8 or later
@@ -997,13 +1005,6 @@
if status.messages != "":
raise_sanity_error(sanity_data.expand(status.messages), sanity_data, status.network_error)
-# Create a copy of the datastore and finalise it to ensure appends and
-# overrides are set - the datastore has yet to be finalised at ConfigParsed
-def copy_data(e):
- sanity_data = bb.data.createCopy(e.data)
- sanity_data.finalize()
- return sanity_data
-
addhandler config_reparse_eventhandler
config_reparse_eventhandler[eventmask] = "bb.event.ConfigParsed"
python config_reparse_eventhandler() {
@@ -1014,13 +1015,13 @@
check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck bb.event.NetworkTest"
python check_sanity_eventhandler() {
if bb.event.getName(e) == "SanityCheck":
- sanity_data = copy_data(e)
+ sanity_data = bb.data.createCopy(e.data)
check_sanity(sanity_data)
if e.generateevents:
sanity_data.setVar("SANITY_USE_EVENTS", "1")
bb.event.fire(bb.event.SanityCheckPassed(), e.data)
elif bb.event.getName(e) == "NetworkTest":
- sanity_data = copy_data(e)
+ sanity_data = bb.data.createCopy(e.data)
if e.generateevents:
sanity_data.setVar("SANITY_USE_EVENTS", "1")
bb.event.fire(bb.event.NetworkTestFailed() if check_connectivity(sanity_data) else bb.event.NetworkTestPassed(), e.data)
diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass
index 2c8e7b8..2dd880b 100644
--- a/poky/meta/classes-global/sstate.bbclass
+++ b/poky/meta/classes-global/sstate.bbclass
@@ -365,8 +365,9 @@
d.setVar("SSTATE_CURRTASK", ss['task'])
sstatefetch = d.getVar('SSTATE_PKGNAME')
sstatepkg = d.getVar('SSTATE_PKG')
+ verify_sig = bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False)
- if not os.path.exists(sstatepkg):
+ if not os.path.exists(sstatepkg) or (verify_sig and not os.path.exists(sstatepkg + '.sig')):
pstaging_fetch(sstatefetch, d)
if not os.path.isfile(sstatepkg):
@@ -377,7 +378,7 @@
d.setVar('SSTATE_INSTDIR', sstateinst)
- if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False):
+ if verify_sig:
if not os.path.isfile(sstatepkg + '.sig'):
bb.warn("No signature file for sstate package %s, skipping acceleration..." % sstatepkg)
return False
@@ -1097,7 +1098,7 @@
logit("Considering setscene task: %s" % (str(taskdependees[task])), log)
- directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx"]
+ directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_deploy_archives"]
def isNativeCross(x):
return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross")
diff --git a/poky/meta/classes-global/staging.bbclass b/poky/meta/classes-global/staging.bbclass
index 5a1f43d..a058d34 100644
--- a/poky/meta/classes-global/staging.bbclass
+++ b/poky/meta/classes-global/staging.bbclass
@@ -275,6 +275,10 @@
pn = d.getVar("PN")
stagingdir = d.getVar("STAGING_DIR")
sharedmanifests = d.getVar("COMPONENTS_DIR") + "/manifests"
+ # only needed by multilib cross-canadian since it redefines RECIPE_SYSROOT
+ manifestprefix = d.getVar("RECIPE_SYSROOT_MANIFEST_SUBDIR")
+ if manifestprefix:
+ sharedmanifests = sharedmanifests + "/" + manifestprefix
recipesysroot = d.getVar("RECIPE_SYSROOT")
recipesysrootnative = d.getVar("RECIPE_SYSROOT_NATIVE")
diff --git a/poky/meta/classes-recipe/baremetal-image.bbclass b/poky/meta/classes-recipe/baremetal-image.bbclass
index d3377a9..513155e 100644
--- a/poky/meta/classes-recipe/baremetal-image.bbclass
+++ b/poky/meta/classes-recipe/baremetal-image.bbclass
@@ -15,15 +15,6 @@
#
# See meta-skeleton for a working example.
-## Emulate image.bbclass
-# Handle inherits of any of the image classes we need
-IMAGE_CLASSES ??= ""
-IMGCLASSES = " ${IMAGE_CLASSES}"
-inherit ${IMGCLASSES}
-# Set defaults to satisfy IMAGE_FEATURES check
-IMAGE_FEATURES ?= ""
-IMAGE_FEATURES[type] = "list"
-IMAGE_FEATURES[validitems] += ""
# Toolchain should be baremetal or newlib based.
# TCLIBC="baremetal" or TCLIBC="newlib"
@@ -110,6 +101,17 @@
CFLAGS:append:qemuriscv64 = " -mcmodel=medany"
+## Emulate image.bbclass
+# Handle inherits of any of the image classes we need
+IMAGE_CLASSES ??= ""
+IMGCLASSES = " ${IMAGE_CLASSES}"
+inherit ${IMGCLASSES}
+# Set defaults to satisfy IMAGE_FEATURES check
+IMAGE_FEATURES ?= ""
+IMAGE_FEATURES[type] = "list"
+IMAGE_FEATURES[validitems] += ""
+
+
# This next part is necessary to trick the build system into thinking
# its building an image recipe so it generates the qemuboot.conf
addtask do_rootfs before do_image after do_install
diff --git a/poky/meta/classes-recipe/cargo.bbclass b/poky/meta/classes-recipe/cargo.bbclass
index d1e8351..b27eb2f 100644
--- a/poky/meta/classes-recipe/cargo.bbclass
+++ b/poky/meta/classes-recipe/cargo.bbclass
@@ -39,7 +39,7 @@
RUSTFLAGS ??= ""
BUILD_MODE = "${@['--release', ''][d.getVar('DEBUG_BUILD') == '1']}"
-CARGO_BUILD_FLAGS = "-v --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}"
+CARGO_BUILD_FLAGS = "-v --offline --target ${RUST_HOST_SYS} ${BUILD_MODE} --manifest-path=${MANIFEST_PATH}"
# This is based on the content of CARGO_BUILD_FLAGS and generally will need to
# change if CARGO_BUILD_FLAGS changes.
diff --git a/poky/meta/classes-recipe/cargo_common.bbclass b/poky/meta/classes-recipe/cargo_common.bbclass
index dea0fbe..f503a00 100644
--- a/poky/meta/classes-recipe/cargo_common.bbclass
+++ b/poky/meta/classes-recipe/cargo_common.bbclass
@@ -56,7 +56,7 @@
[source.crates-io]
replace-with = "bitbake"
- local-registry = "/nonexistant"
+ local-registry = "/nonexistent"
EOF
fi
@@ -103,7 +103,7 @@
cat <<- EOF >> ${CARGO_HOME}/config
[build]
- # Use out of tree build destination to avoid poluting the source tree
+ # Use out of tree build destination to avoid polluting the source tree
target-dir = "${B}/target"
EOF
fi
diff --git a/poky/meta/classes-recipe/cml1.bbclass b/poky/meta/classes-recipe/cml1.bbclass
index b790913..a09a042 100644
--- a/poky/meta/classes-recipe/cml1.bbclass
+++ b/poky/meta/classes-recipe/cml1.bbclass
@@ -21,7 +21,6 @@
}
EXPORT_FUNCTIONS do_configure
-addtask configure after do_unpack do_patch before do_compile
inherit terminal
diff --git a/poky/meta/classes-recipe/core-image.bbclass b/poky/meta/classes-recipe/core-image.bbclass
index 90d9eb9..40fc15c 100644
--- a/poky/meta/classes-recipe/core-image.bbclass
+++ b/poky/meta/classes-recipe/core-image.bbclass
@@ -65,7 +65,7 @@
# Do not install openssh complementary packages if either packagegroup-core-ssh-dropbear or dropbear
# is installed # to avoid openssh-dropbear conflict
# see [Yocto #14858] for more information
-PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', 'openssh', '' , d)}"
+PACKAGE_EXCLUDE_COMPLEMENTARY:append = "${@bb.utils.contains_any('PACKAGE_INSTALL', 'packagegroup-core-ssh-dropbear dropbear', ' openssh', '' , d)}"
# IMAGE_FEATURES_CONFLICTS_foo = 'bar1 bar2'
# An error exception would be raised if both image features foo and bar1(or bar2) are included
diff --git a/poky/meta/classes-recipe/fs-uuid.bbclass b/poky/meta/classes-recipe/fs-uuid.bbclass
index a9e7eb8..e215f06 100644
--- a/poky/meta/classes-recipe/fs-uuid.bbclass
+++ b/poky/meta/classes-recipe/fs-uuid.bbclass
@@ -10,7 +10,7 @@
def get_rootfs_uuid(d):
import subprocess
rootfs = d.getVar('ROOTFS')
- output = subprocess.check_output(['tune2fs', '-l', rootfs])
+ output = subprocess.check_output(['tune2fs', '-l', rootfs], text=True)
for line in output.split('\n'):
if line.startswith('Filesystem UUID:'):
uuid = line.split()[-1]
diff --git a/poky/meta/classes-recipe/gnomebase.bbclass b/poky/meta/classes-recipe/gnomebase.bbclass
index 805daaf..5e72f54 100644
--- a/poky/meta/classes-recipe/gnomebase.bbclass
+++ b/poky/meta/classes-recipe/gnomebase.bbclass
@@ -5,7 +5,7 @@
#
def gnome_verdir(v):
- return ".".join(v.split(".")[:-1])
+ return ".".join(v.split(".")[:-1]) or v
GNOME_COMPRESS_TYPE ?= "xz"
diff --git a/poky/meta/classes-recipe/image.bbclass b/poky/meta/classes-recipe/image.bbclass
index e387645..14528e6 100644
--- a/poky/meta/classes-recipe/image.bbclass
+++ b/poky/meta/classes-recipe/image.bbclass
@@ -182,8 +182,7 @@
IMAGE_POSTPROCESS_COMMAND ?= ""
-# some default locales
-IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
+IMAGE_LINGUAS ??= ""
LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS').split()))}"
@@ -319,7 +318,7 @@
except oe.utils.ImageQAFailed as e:
qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description)
except Exception as e:
- qamsg = qamsg + '\tImage QA function %s failed\n' % cmd
+ qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e)
if qamsg:
imgname = d.getVar('IMAGE_NAME')
@@ -446,7 +445,7 @@
localdata.delVar('DATE')
localdata.delVar('TMPDIR')
localdata.delVar('IMAGE_VERSION_SUFFIX')
- vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude', True) or '').split()
+ vardepsexclude = (d.getVarFlag('IMAGE_CMD:' + realt, 'vardepsexclude') or '').split()
for dep in vardepsexclude:
localdata.delVar(dep)
diff --git a/poky/meta/classes-recipe/image_types.bbclass b/poky/meta/classes-recipe/image_types.bbclass
index 764e6a5..e4939af 100644
--- a/poky/meta/classes-recipe/image_types.bbclass
+++ b/poky/meta/classes-recipe/image_types.bbclass
@@ -157,11 +157,7 @@
UBI_IMGTYPE ?= "ubifs"
write_ubi_config() {
- if [ -z "$1" ]; then
- local vname=""
- else
- local vname="_$1"
- fi
+ local vname="$1"
cat <<EOF > ubinize${vname}-${IMAGE_NAME}.cfg
[ubifs]
@@ -183,7 +179,12 @@
bbfatal "MKUBIFS_ARGS and UBINIZE_ARGS have to be set, see http://www.linux-mtd.infradead.org/faq/ubifs.html for details"
fi
- write_ubi_config "$3"
+ if [ -z "$3" ]; then
+ local vname=""
+ else
+ local vname="_$3"
+ fi
+ write_ubi_config "${vname}"
if [ -n "$vname" ]; then
mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
@@ -208,7 +209,10 @@
fi
}
+MULTIUBI_ARGS = "MKUBIFS_ARGS UBINIZE_ARGS"
+
IMAGE_CMD:multiubi () {
+ ${@' '.join(['%s_%s="%s";' % (arg, name, d.getVar('%s_%s' % (arg, name))) for arg in d.getVar('MULTIUBI_ARGS').split() for name in d.getVar('MULTIUBI_BUILD').split()])}
# Split MKUBIFS_ARGS_<name> and UBINIZE_ARGS_<name>
for name in ${MULTIUBI_BUILD}; do
eval local mkubifs_args=\"\$MKUBIFS_ARGS_${name}\"
diff --git a/poky/meta/classes-recipe/kernel-arch.bbclass b/poky/meta/classes-recipe/kernel-arch.bbclass
index 6f5d3bd..1531ae6 100644
--- a/poky/meta/classes-recipe/kernel-arch.bbclass
+++ b/poky/meta/classes-recipe/kernel-arch.bbclass
@@ -70,5 +70,5 @@
KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd ${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} -fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
-TOOLCHAIN = "gcc"
+TOOLCHAIN ?= "gcc"
diff --git a/poky/meta/classes-recipe/kernel-fitimage.bbclass b/poky/meta/classes-recipe/kernel-fitimage.bbclass
index 107914e..f6d82ce 100644
--- a/poky/meta/classes-recipe/kernel-fitimage.bbclass
+++ b/poky/meta/classes-recipe/kernel-fitimage.bbclass
@@ -73,6 +73,9 @@
FIT_SUPPORTED_INITRAMFS_FSTYPES ?= "cpio.lz4 cpio.lzo cpio.lzma cpio.xz cpio.zst cpio.gz ext2.gz cpio"
+# Allow user to select the default DTB for FIT image when multiple dtb's exists.
+FIT_CONF_DEFAULT_DTB ?= ""
+
# Keys used to sign individually image nodes.
# The keys to sign image nodes must be different from those used to sign
# configuration nodes, otherwise the "required" property, from
@@ -375,6 +378,7 @@
bootscr_line=""
setup_line=""
default_line=""
+ default_dtb_image="${FIT_CONF_DEFAULT_DTB}"
# conf node name is selected based on dtb ID if it is present,
# otherwise its selected based on kernel ID
@@ -417,7 +421,17 @@
# default node is selected based on dtb ID if it is present,
# otherwise its selected based on kernel ID
if [ -n "$dtb_image" ]; then
- default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
+ # Select default node as user specified dtb when
+ # multiple dtb exists.
+ if [ -n "$default_dtb_image" ]; then
+ if [ -s "${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image" ]; then
+ default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";"
+ else
+ bbwarn "Couldn't find a valid user specified dtb in ${EXTERNAL_KERNEL_DEVICETREE}/$default_dtb_image"
+ fi
+ else
+ default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";"
+ fi
else
default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";"
fi
@@ -496,7 +510,7 @@
ramdiskcount=$3
setupcount=""
bootscr_id=""
- rm -f $1 arch/${ARCH}/boot/$2
+ rm -f $1 ${KERNEL_OUTPUT_DIR}/$2
if [ -n "${UBOOT_SIGN_IMG_KEYNAME}" -a "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ]; then
bbfatal "Keys used to sign images and configuration nodes must be different."
@@ -529,9 +543,9 @@
continue
fi
- DTB_PATH="arch/${ARCH}/boot/dts/$DTB"
+ DTB_PATH="${KERNEL_OUTPUT_DIR}/dts/$DTB"
if [ ! -e "$DTB_PATH" ]; then
- DTB_PATH="arch/${ARCH}/boot/$DTB"
+ DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB"
fi
DTB=$(echo "$DTB" | tr '/' '_')
@@ -546,10 +560,11 @@
if [ -n "${EXTERNAL_KERNEL_DEVICETREE}" ]; then
dtbcount=1
- for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" \( -name '*.dtb' -o -name '*.dtbo' \) -printf '%P\n' | sort); do
+ for DTB in $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtb' -printf '%P\n' | sort) \
+ $(find "${EXTERNAL_KERNEL_DEVICETREE}" -name '*.dtbo' -printf '%P\n' | sort); do
DTB=$(echo "$DTB" | tr '/' '_')
- # Skip DTB if we've picked it up previously
+ # Skip DTB/DTBO if we've picked it up previously
echo "$DTBS" | tr ' ' '\n' | grep -xq "$DTB" && continue
DTBS="$DTBS $DTB"
@@ -574,9 +589,9 @@
#
# Step 4: Prepare a setup section. (For x86)
#
- if [ -e arch/${ARCH}/boot/setup.bin ]; then
+ if [ -e ${KERNEL_OUTPUT_DIR}/setup.bin ]; then
setupcount=1
- fitimage_emit_section_setup $1 $setupcount arch/${ARCH}/boot/setup.bin
+ fitimage_emit_section_setup $1 $setupcount ${KERNEL_OUTPUT_DIR}/setup.bin
fi
#
@@ -650,7 +665,7 @@
${UBOOT_MKIMAGE} \
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-f $1 \
- arch/${ARCH}/boot/$2
+ ${KERNEL_OUTPUT_DIR}/$2
#
# Step 8: Sign the image and add public key to U-Boot dtb
@@ -667,7 +682,7 @@
${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
-F -k "${UBOOT_SIGN_KEYDIR}" \
$add_key_to_u_boot \
- -r arch/${ARCH}/boot/$2 \
+ -r ${KERNEL_OUTPUT_DIR}/$2 \
${UBOOT_MKIMAGE_SIGN_ARGS}
fi
}
@@ -770,7 +785,7 @@
if [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ]; then
bbnote "Copying fitImage-${INITRAMFS_IMAGE} file..."
- install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
+ install -m 0644 ${B}/${KERNEL_OUTPUT_DIR}/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT}"
if [ -n "${KERNEL_FIT_LINK_NAME}" ] ; then
ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}${KERNEL_FIT_BIN_EXT} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
fi
diff --git a/poky/meta/classes-recipe/kernel-yocto.bbclass b/poky/meta/classes-recipe/kernel-yocto.bbclass
index 8eda0dc..7de99cf 100644
--- a/poky/meta/classes-recipe/kernel-yocto.bbclass
+++ b/poky/meta/classes-recipe/kernel-yocto.bbclass
@@ -212,7 +212,7 @@
# SRC_URI. If they were supplied, we convert them into include directives
# for the update part of the process
for f in ${feat_dirs}; do
- if [ -d "${WORKDIR}/$f/meta" ]; then
+ if [ -d "${WORKDIR}/$f/kernel-meta" ]; then
includes="$includes -I${WORKDIR}/$f/kernel-meta"
elif [ -d "${WORKDIR}/../oe-local-files/$f" ]; then
includes="$includes -I${WORKDIR}/../oe-local-files/$f"
@@ -506,7 +506,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--blame', c], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
outfile = d.getVar( 'CONFIG_ANALYSIS_FILE' )
@@ -514,7 +514,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--summary', '--extended', '--sanity', c], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
outfile = d.getVar( 'CONFIG_AUDIT_FILE' )
@@ -575,7 +575,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--mismatches', extra_params], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
if analysis:
outfile = "{}/{}/cfg/mismatch.txt".format( s, kmeta )
@@ -597,7 +597,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--invalid', extra_params], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
if analysis:
outfile = "{}/{}/cfg/invalid.txt".format(s,kmeta)
@@ -616,7 +616,7 @@
try:
analysis = subprocess.check_output(['symbol_why.py', '--dotconfig', '{}'.format( d.getVar('B') + '/.config' ), '--sanity'], cwd=s, env=env ).decode('utf-8')
except subprocess.CalledProcessError as e:
- bb.fatal( "config analysis failed: %s" % e.output.decode('utf-8'))
+ bb.fatal( "config analysis failed when running '%s': %s" % (" ".join(e.cmd), e.output.decode('utf-8')))
if analysis:
outfile = "{}/{}/cfg/redefinition.txt".format(s,kmeta)
diff --git a/poky/meta/classes-recipe/kernel.bbclass b/poky/meta/classes-recipe/kernel.bbclass
index e4e69e0..01f866f 100644
--- a/poky/meta/classes-recipe/kernel.bbclass
+++ b/poky/meta/classes-recipe/kernel.bbclass
@@ -210,9 +210,6 @@
export OS = "${TARGET_OS}"
export CROSS_COMPILE = "${TARGET_PREFIX}"
-export KBUILD_BUILD_VERSION = "1"
-export KBUILD_BUILD_USER ?= "oe-user"
-export KBUILD_BUILD_HOST ?= "oe-host"
KERNEL_RELEASE ?= "${KERNEL_VERSION}"
@@ -367,6 +364,10 @@
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
+ else
+ ts=`LC_ALL=C date`
+ export KBUILD_BUILD_TIMESTAMP="$ts"
+ bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
# The $use_alternate_initrd is only set from
# do_bundle_initramfs() This variable is specifically for the
@@ -412,6 +413,10 @@
export KBUILD_BUILD_TIMESTAMP="$ts"
export KCONFIG_NOTIMESTAMP=1
bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
+ else
+ ts=`LC_ALL=C date`
+ export KBUILD_BUILD_TIMESTAMP="$ts"
+ bbnote "KBUILD_BUILD_TIMESTAMP: $ts"
fi
if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then
oe_runmake -C ${B} ${PARALLEL_MAKE} modules ${KERNEL_EXTRA_ARGS}
@@ -442,8 +447,8 @@
oe_runmake DEPMOD=echo MODLIB=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION} INSTALL_FW_PATH=${D}${nonarch_base_libdir}/firmware modules_install
rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
- # If the kernel/ directory is empty remove it to prevent QA issues
- rmdir --ignore-fail-on-non-empty "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel"
+ # Remove empty module directories to prevent QA issues
+ find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete
else
bbnote "no modules to install"
fi
@@ -591,12 +596,26 @@
cp tools/objtool/objtool ${kerneldir}/tools/objtool/
fi
fi
+
+ # When building with CONFIG_MODVERSIONS=y and CONFIG_RANDSTRUCT=y we need
+ # to copy the build assets generated for the randstruct seed to
+ # STAGING_KERNEL_BUILDDIR, otherwise the out-of-tree modules build will
+ # generate those assets which will result in a different
+ # RANDSTRUCT_HASHED_SEED
+ if [ -d scripts/basic ]; then
+ mkdir -p ${kerneldir}/scripts
+ cp -r scripts/basic ${kerneldir}/scripts
+ fi
+
+ if [ -d scripts/gcc-plugins ]; then
+ mkdir -p ${kerneldir}/scripts
+ cp -r scripts/gcc-plugins ${kerneldir}/scripts
+ fi
+
}
# We don't need to stage anything, not the modules/firmware since those would clash with linux-firmware
-sysroot_stage_all () {
- :
-}
+SYSROOT_DIRS = ""
KERNEL_CONFIG_COMMAND ?= "oe_runmake_call -C ${S} O=${B} olddefconfig || oe_runmake -C ${S} O=${B} oldnoconfig"
@@ -641,7 +660,7 @@
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-inherit cml1
+inherit cml1 pkgconfig
# Need LD, HOSTLDFLAGS and more for config operations
KCONFIG_CONFIG_COMMAND:append = " ${EXTRA_OEMAKE}"
diff --git a/poky/meta/classes-recipe/libc-package.bbclass b/poky/meta/classes-recipe/libc-package.bbclass
index de3d422..8a99f73 100644
--- a/poky/meta/classes-recipe/libc-package.bbclass
+++ b/poky/meta/classes-recipe/libc-package.bbclass
@@ -51,6 +51,7 @@
OVERRIDES:append = ":${TARGET_ARCH}-${TARGET_OS}"
locale_base_postinst_ontarget() {
+mkdir ${libdir}/locale
localedef --inputfile=${datadir}/i18n/locales/%s --charmap=%s %s
}
diff --git a/poky/meta/classes-recipe/license_image.bbclass b/poky/meta/classes-recipe/license_image.bbclass
index b60d6e4..8560c27 100644
--- a/poky/meta/classes-recipe/license_image.bbclass
+++ b/poky/meta/classes-recipe/license_image.bbclass
@@ -235,7 +235,7 @@
deploy = {}
# Get all the dependencies for the current task (rootfs).
taskdata = d.getVar("BB_TASKDEPDATA", False)
- pn = d.getVar("PN", True)
+ pn = d.getVar("PN")
depends = list(set([dep[0] for dep
in list(taskdata.values())
if not dep[0].endswith("-native") and not dep[0] == pn]))
diff --git a/poky/meta/classes-recipe/linux-kernel-base.bbclass b/poky/meta/classes-recipe/linux-kernel-base.bbclass
index cb2212c..65cc48f 100644
--- a/poky/meta/classes-recipe/linux-kernel-base.bbclass
+++ b/poky/meta/classes-recipe/linux-kernel-base.bbclass
@@ -43,5 +43,9 @@
suffix = ""
return " ".join(map(lambda s: "kernel-module-%s%s" % (s.lower().replace('_', '-').replace('@', '+'), suffix), s.split()))
+export KBUILD_BUILD_VERSION = "1"
+export KBUILD_BUILD_USER ?= "oe-user"
+export KBUILD_BUILD_HOST ?= "oe-host"
+
# that's all
diff --git a/poky/meta/classes-recipe/native.bbclass b/poky/meta/classes-recipe/native.bbclass
index 61ad053..1e94585 100644
--- a/poky/meta/classes-recipe/native.bbclass
+++ b/poky/meta/classes-recipe/native.bbclass
@@ -161,7 +161,7 @@
newdeps.append(dep.replace(pn, bpn) + "-native")
else:
newdeps.append(dep)
- d.setVar(varname, " ".join(newdeps), parsing=True)
+ d.setVar(varname, " ".join(newdeps))
map_dependencies("DEPENDS", e.data, selfref=False)
for pkg in e.data.getVar("PACKAGES", False).split():
diff --git a/poky/meta/classes-recipe/overlayfs.bbclass b/poky/meta/classes-recipe/overlayfs.bbclass
index bdc6dd9..53d65d7 100644
--- a/poky/meta/classes-recipe/overlayfs.bbclass
+++ b/poky/meta/classes-recipe/overlayfs.bbclass
@@ -102,7 +102,11 @@
overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT")
for mountPoint in overlayMountPoints:
bb.debug(1, "Process variable flag %s" % mountPoint)
- for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+ lowerList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+ if not lowerList:
+ bb.note("No mount points defined for %s flag, skipping" % (mountPoint))
+ continue
+ for lower in lowerList.split():
bb.debug(1, "Prepare mount unit for %s with data mount point %s" %
(lower, d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint)))
prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower)
diff --git a/poky/meta/classes-recipe/populate_sdk_base.bbclass b/poky/meta/classes-recipe/populate_sdk_base.bbclass
index 64a4a58..6286d64 100644
--- a/poky/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/poky/meta/classes-recipe/populate_sdk_base.bbclass
@@ -74,6 +74,8 @@
SDK_ARCHIVE_TYPE ?= "tar.xz"
SDK_XZ_COMPRESSION_LEVEL ?= "-9"
SDK_XZ_OPTIONS ?= "${XZ_DEFAULTS} ${SDK_XZ_COMPRESSION_LEVEL}"
+SDK_ZIP_OPTIONS ?= "-y"
+
# To support different sdk type according to SDK_ARCHIVE_TYPE, now support zip and tar.xz
python () {
@@ -81,7 +83,7 @@
d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native')
# SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR}
# recommand to cd into input dir first to avoid archive with buildpath
- d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .')
+ d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .')
else:
d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native')
d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}')
@@ -205,7 +207,7 @@
}
SSTATETASKS += "do_populate_sdk"
SSTATE_SKIP_CREATION:task-populate-sdk = '1'
-do_populate_sdk[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk[cleandirs] += "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-inputdirs] = "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-outputdirs] = "${SDK_DEPLOY}"
do_populate_sdk[stamp-extra-info] = "${MACHINE_ARCH}${SDKMACHINE}"
diff --git a/poky/meta/classes-recipe/populate_sdk_ext.bbclass b/poky/meta/classes-recipe/populate_sdk_ext.bbclass
index 925cb31..1b47fbe 100644
--- a/poky/meta/classes-recipe/populate_sdk_ext.bbclass
+++ b/poky/meta/classes-recipe/populate_sdk_ext.bbclass
@@ -120,7 +120,7 @@
f.write("%s %s %s\n" % (info[1], info[2], info[3]))
}
-SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = "write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; "
+SDK_POSTPROCESS_COMMAND:append:task-populate-sdk-ext = " write_target_sdk_ext_manifest; write_host_sdk_ext_manifest; "
SDK_TITLE:task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTRO')} Extensible SDK"
@@ -720,7 +720,7 @@
# A bit of another hack, but we need this in the path only for devtool
# so put it at the end of $PATH.
- echo "export PATH=$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH" >> $env_setup_script
+ echo "export PATH=\"$target_sdk_dir/sysroots/${SDK_SYS}${bindir_nativesdk}:\$PATH\"" >> $env_setup_script
echo "printf 'SDK environment now set up; additionally you may now run devtool to perform development tasks.\nRun devtool --help for further details.\n'" >> $env_setup_script
diff --git a/poky/meta/classes-recipe/qemuboot.bbclass b/poky/meta/classes-recipe/qemuboot.bbclass
index 018c000..5a0e50c 100644
--- a/poky/meta/classes-recipe/qemuboot.bbclass
+++ b/poky/meta/classes-recipe/qemuboot.bbclass
@@ -13,6 +13,7 @@
# QB_OPT_APPEND: options to append to qemu, e.g., "-device usb-mouse"
#
# QB_DEFAULT_KERNEL: default kernel to boot, e.g., "bzImage"
+# e.g., "bzImage-initramfs-qemux86-64.bin" if INITRAMFS_IMAGE_BUNDLE is set to 1.
#
# QB_DEFAULT_FSTYPE: default FSTYPE to boot, e.g., "ext4"
#
@@ -93,7 +94,7 @@
QB_MEM ?= "-m 256"
QB_SMP ?= ""
QB_SERIAL_OPT ?= "-serial mon:stdio -serial null"
-QB_DEFAULT_KERNEL ?= "${KERNEL_IMAGETYPE}"
+QB_DEFAULT_KERNEL ?= "${@bb.utils.contains("INITRAMFS_IMAGE_BUNDLE", "1", "${KERNEL_IMAGETYPE}-${INITRAMFS_LINK_NAME}.bin", "${KERNEL_IMAGETYPE}", d)}"
QB_DEFAULT_FSTYPE ?= "ext4"
QB_RNG ?= "-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0"
QB_OPT_APPEND ?= ""
diff --git a/poky/meta/classes-recipe/rust-common.bbclass b/poky/meta/classes-recipe/rust-common.bbclass
index 93bf6c8..5e70007 100644
--- a/poky/meta/classes-recipe/rust-common.bbclass
+++ b/poky/meta/classes-recipe/rust-common.bbclass
@@ -94,7 +94,7 @@
# Rust additionally will use two additional cases:
# - undecorated (e.g. CC) - equivalent to TARGET
# - triple suffix (e.g. CC:x86_64_unknown_linux_gnu) - both
-# see: https://github.com/alexcrichton/gcc-rs
+# see: https://github.com/rust-lang/cc-rs
# The way that Rust's internal triples and Yocto triples are mapped together
# its likely best to not use the triple suffix due to potential confusion.
@@ -125,12 +125,22 @@
shift
extras="$1"
shift
+ crate_cc_extras="$1"
+ shift
cat <<- EOF > "${file}"
#!/usr/bin/env python3
import os, sys
orig_binary = "$@"
extras = "${extras}"
+
+ # Apply a required subset of CC crate compiler flags
+ # when we build a target recipe for a non-bare-metal target.
+ # https://github.com/rust-lang/cc-rs/blob/main/src/lib.rs#L1614
+ if "CRATE_CC_NO_DEFAULTS" in os.environ.keys() and \
+ "TARGET" in os.environ.keys() and not "-none-" in os.environ["TARGET"]:
+ orig_binary += "${crate_cc_extras}"
+
binary = orig_binary.split()[0]
args = orig_binary.split() + sys.argv[1:]
if extras:
@@ -154,22 +164,22 @@
mkdir -p "${WRAPPER_DIR}"
# Yocto Build / Rust Host C compiler
- create_wrapper_rust "${RUST_BUILD_CC}" "" "${BUILD_CC}"
+ create_wrapper_rust "${RUST_BUILD_CC}" "" "${CRATE_CC_FLAGS}" "${BUILD_CC}"
# Yocto Build / Rust Host C++ compiler
- create_wrapper_rust "${RUST_BUILD_CXX}" "" "${BUILD_CXX}"
+ create_wrapper_rust "${RUST_BUILD_CXX}" "" "${CRATE_CC_FLAGS}" "${BUILD_CXX}"
# Yocto Build / Rust Host linker
- create_wrapper_rust "${RUST_BUILD_CCLD}" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}"
+ create_wrapper_rust "${RUST_BUILD_CCLD}" "" "" "${BUILD_CCLD}" "${BUILD_LDFLAGS}"
# Yocto Build / Rust Host archiver
- create_wrapper_rust "${RUST_BUILD_AR}" "" "${BUILD_AR}"
+ create_wrapper_rust "${RUST_BUILD_AR}" "" "" "${BUILD_AR}"
# Yocto Target / Rust Target C compiler
- create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}"
+ create_wrapper_rust "${RUST_TARGET_CC}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CC}" "${WRAPPER_TARGET_LDFLAGS}"
# Yocto Target / Rust Target C++ compiler
- create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}"
+ create_wrapper_rust "${RUST_TARGET_CXX}" "${WRAPPER_TARGET_EXTRALD}" "${CRATE_CC_FLAGS}" "${WRAPPER_TARGET_CXX}" "${CXXFLAGS}"
# Yocto Target / Rust Target linker
- create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}"
+ create_wrapper_rust "${RUST_TARGET_CCLD}" "${WRAPPER_TARGET_EXTRALD}" "" "${WRAPPER_TARGET_CCLD}" "${WRAPPER_TARGET_LDFLAGS}"
# Yocto Target / Rust Target archiver
- create_wrapper_rust "${RUST_TARGET_AR}" "" "${WRAPPER_TARGET_AR}"
+ create_wrapper_rust "${RUST_TARGET_AR}" "" "" "${WRAPPER_TARGET_AR}"
}
diff --git a/poky/meta/classes-recipe/rust-target-config.bbclass b/poky/meta/classes-recipe/rust-target-config.bbclass
index 9e1d81b..876fe8f 100644
--- a/poky/meta/classes-recipe/rust-target-config.bbclass
+++ b/poky/meta/classes-recipe/rust-target-config.bbclass
@@ -114,7 +114,7 @@
# TARGET_FPU can be hard or soft. +soft-float tell llvm to use soft float
# ABI. There is no option for hard.
- fpu = d.getVar('TARGET_FPU', True)
+ fpu = d.getVar('TARGET_FPU')
return ["+soft-float"] if fpu == "soft" else []
def llvm_features(d):
@@ -231,19 +231,19 @@
TARGET_C_INT_WIDTH[powerpc64le] = "64"
MAX_ATOMIC_WIDTH[powerpc64le] = "64"
-## riscv32-unknown-linux-{gnu, musl}
-DATA_LAYOUT[riscv32] = "e-m:e-p:32:32-i64:64-n32-S128"
-TARGET_ENDIAN[riscv32] = "little"
-TARGET_POINTER_WIDTH[riscv32] = "32"
-TARGET_C_INT_WIDTH[riscv32] = "32"
-MAX_ATOMIC_WIDTH[riscv32] = "32"
+## riscv32gc-unknown-linux-{gnu, musl}
+DATA_LAYOUT[riscv32gc] = "e-m:e-p:32:32-i64:64-n32-S128"
+TARGET_ENDIAN[riscv32gc] = "little"
+TARGET_POINTER_WIDTH[riscv32gc] = "32"
+TARGET_C_INT_WIDTH[riscv32gc] = "32"
+MAX_ATOMIC_WIDTH[riscv32gc] = "32"
-## riscv64-unknown-linux-{gnu, musl}
-DATA_LAYOUT[riscv64] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128"
-TARGET_ENDIAN[riscv64] = "little"
-TARGET_POINTER_WIDTH[riscv64] = "64"
-TARGET_C_INT_WIDTH[riscv64] = "64"
-MAX_ATOMIC_WIDTH[riscv64] = "64"
+## riscv64gc-unknown-linux-{gnu, musl}
+DATA_LAYOUT[riscv64gc] = "e-m:e-p:64:64-i64:64-i128:128-n64-S128"
+TARGET_ENDIAN[riscv64gc] = "little"
+TARGET_POINTER_WIDTH[riscv64gc] = "64"
+TARGET_C_INT_WIDTH[riscv64gc] = "64"
+MAX_ATOMIC_WIDTH[riscv64gc] = "64"
# Convert a normal arch (HOST_ARCH, TARGET_ARCH, BUILD_ARCH, etc) to something
# rust's internals won't choke on.
@@ -258,9 +258,21 @@
return "arm"
elif arch == "powerpc64le":
return "powerpc64"
+ elif arch == "riscv32gc":
+ return "riscv32"
+ elif arch == "riscv64gc":
+ return "riscv64"
else:
return arch
+# Convert a rust target string to a llvm-compatible triplet
+def rust_sys_to_llvm_target(sys):
+ if sys.startswith('riscv32gc-'):
+ return sys.replace('riscv32gc-', 'riscv32-', 1)
+ if sys.startswith('riscv64gc-'):
+ return sys.replace('riscv64gc-', 'riscv64-', 1)
+ return sys
+
# generates our target CPU value
def llvm_cpu(d):
cpu = d.getVar('PACKAGE_ARCH')
@@ -334,7 +346,7 @@
# build tspec
tspec = {}
- tspec['llvm-target'] = rustsys
+ tspec['llvm-target'] = rust_sys_to_llvm_target(rustsys)
tspec['data-layout'] = d.getVarFlag('DATA_LAYOUT', arch_abi)
if tspec['data-layout'] is None:
bb.fatal("No rust target defined for %s" % arch_abi)
@@ -389,3 +401,19 @@
addtask rust_gen_targets after do_patch before do_compile
do_rust_gen_targets[dirs] += "${RUST_TARGETS_DIR}"
+# For building target C dependecies use only compiler parameters defined in OE
+# and ignore the CC crate defaults which conflicts with OE ones in some cases.
+# https://github.com/rust-lang/cc-rs#external-configuration-via-environment-variables
+# Some CC crate compiler flags are still required.
+# We apply them conditionally in rust wrappers.
+
+CRATE_CC_FLAGS:class-native = ""
+CRATE_CC_FLAGS:class-nativesdk = ""
+CRATE_CC_FLAGS:class-target = " -ffunction-sections -fdata-sections -fPIC"
+
+do_compile:prepend:class-target() {
+ export CRATE_CC_NO_DEFAULTS=1
+}
+do_install:prepend:class-target() {
+ export CRATE_CC_NO_DEFAULTS=1
+}
diff --git a/poky/meta/classes-recipe/scons.bbclass b/poky/meta/classes-recipe/scons.bbclass
index 5f0d4a9..d20a78d 100644
--- a/poky/meta/classes-recipe/scons.bbclass
+++ b/poky/meta/classes-recipe/scons.bbclass
@@ -9,7 +9,9 @@
DEPENDS += "python3-scons-native"
EXTRA_OESCONS ?= ""
-
+# This value below is derived from $(getconf ARG_MAX)
+SCONS_MAXLINELENGTH ?= "MAXLINELENGTH=2097152"
+EXTRA_OESCONS:append = " ${SCONS_MAXLINELENGTH}"
do_configure() {
if [ -n "${CONFIGURESTAMPFILE}" -a "${S}" = "${B}" ]; then
if [ -e "${CONFIGURESTAMPFILE}" -a "`cat ${CONFIGURESTAMPFILE}`" != "${BB_TASKHASH}" -a "${CLEANBROKEN}" != "1" ]; then
@@ -31,4 +33,8 @@
die "scons install execution failed."
}
+do_configure[vardepsexclude] = "SCONS_MAXLINELENGTH"
+do_compile[vardepsexclude] = "SCONS_MAXLINELENGTH"
+do_install[vardepsexclude] = "SCONS_MAXLINELENGTH"
+
EXPORT_FUNCTIONS do_compile do_install
diff --git a/poky/meta/classes-recipe/systemd.bbclass b/poky/meta/classes-recipe/systemd.bbclass
index f6564c2..ce188a8 100644
--- a/poky/meta/classes-recipe/systemd.bbclass
+++ b/poky/meta/classes-recipe/systemd.bbclass
@@ -152,6 +152,7 @@
def systemd_check_services():
searchpaths = [oe.path.join(d.getVar("sysconfdir"), "systemd", "system"),]
searchpaths.append(d.getVar("systemd_system_unitdir"))
+ searchpaths.append(d.getVar("systemd_user_unitdir"))
systemd_packages = d.getVar('SYSTEMD_PACKAGES')
keys = 'Also'
diff --git a/poky/meta/classes-recipe/testimage.bbclass b/poky/meta/classes-recipe/testimage.bbclass
index 5cc408b..b48cd96 100644
--- a/poky/meta/classes-recipe/testimage.bbclass
+++ b/poky/meta/classes-recipe/testimage.bbclass
@@ -98,7 +98,7 @@
TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/"
-TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR"
+TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME"
testimage_dump_target () {
top -bn1
@@ -236,7 +236,7 @@
with open(tdname, "r") as f:
td = json.load(f)
except FileNotFoundError as err:
- bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err))
+ bb.fatal('File %s not found (%s).\nHave you built the image with IMAGE_CLASSES += "testimage" in the conf/local.conf?' % (tdname, err))
# Some variables need to be updates (mostly paths) with the
# ones of the current environment because some tests require them.
diff --git a/poky/meta/classes-recipe/toolchain-scripts.bbclass b/poky/meta/classes-recipe/toolchain-scripts.bbclass
index 3cc823f..6bfe0b6 100644
--- a/poky/meta/classes-recipe/toolchain-scripts.bbclass
+++ b/poky/meta/classes-recipe/toolchain-scripts.bbclass
@@ -37,7 +37,7 @@
echo '# http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html#AEN80' >> $script
echo '# http://xahlee.info/UnixResource_dir/_/ldpath.html' >> $script
echo '# Only disable this check if you are absolutely know what you are doing!' >> $script
- echo 'if [ ! -z "$LD_LIBRARY_PATH" ]; then' >> $script
+ echo 'if [ ! -z "${LD_LIBRARY_PATH:-}" ]; then' >> $script
echo " echo \"Your environment is misconfigured, you probably need to 'unset LD_LIBRARY_PATH'\"" >> $script
echo " echo \"but please check why this was set in the first place and that it's safe to unset.\"" >> $script
echo ' echo "The SDK will not operate correctly in most cases when LD_LIBRARY_PATH is set."' >> $script
@@ -53,7 +53,7 @@
for i in ${CANADIANEXTRAOS}; do
EXTRAPATH="$EXTRAPATH:$sdkpathnative$bindir/${TARGET_ARCH}${TARGET_VENDOR}-$i"
done
- echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':$PATH' >> $script
+ echo "export PATH=$sdkpathnative$bindir:$sdkpathnative$sbindir:$sdkpathnative$base_bindir:$sdkpathnative$base_sbindir:$sdkpathnative$bindir/../${HOST_SYS}/bin:$sdkpathnative$bindir/${TARGET_SYS}"$EXTRAPATH':"$PATH"' >> $script
echo 'export PKG_CONFIG_SYSROOT_DIR=$SDKTARGETSYSROOT' >> $script
echo 'export PKG_CONFIG_PATH=$SDKTARGETSYSROOT'"$libdir"'/pkgconfig:$SDKTARGETSYSROOT'"$prefix"'/share/pkgconfig' >> $script
echo 'export CONFIG_SITE=${SDKPATH}/site-config-'"${multimach_target_sys}" >> $script
diff --git a/poky/meta/classes-recipe/uboot-sign.bbclass b/poky/meta/classes-recipe/uboot-sign.bbclass
index debbf23..4b5912a 100644
--- a/poky/meta/classes-recipe/uboot-sign.bbclass
+++ b/poky/meta/classes-recipe/uboot-sign.bbclass
@@ -298,7 +298,7 @@
"${UBOOT_FIT_SIGN_NUMBITS}"
echo "Generating certificate for signing U-Boot fitImage"
- openssl req ${FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
+ openssl req ${UBOOT_FIT_KEY_REQ_ARGS} "${UBOOT_FIT_KEY_SIGN_PKCS}" \
-key "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".key \
-out "${SPL_SIGN_KEYDIR}/${SPL_SIGN_KEYNAME}".crt
fi
diff --git a/poky/meta/classes-recipe/update-alternatives.bbclass b/poky/meta/classes-recipe/update-alternatives.bbclass
index 970d9bc..f34cc6b 100644
--- a/poky/meta/classes-recipe/update-alternatives.bbclass
+++ b/poky/meta/classes-recipe/update-alternatives.bbclass
@@ -5,7 +5,7 @@
#
# This class is used to help the alternatives system which is useful when
-# multiple sources provide same command. You can use update-alternatives
+# multiple sources provide the same command. You can use update-alternatives
# command directly in your recipe, but in most cases this class simplifies
# that job.
#
@@ -35,7 +35,7 @@
# A non-default link to create for a target
# ALTERNATIVE_TARGET[name] = "target"
#
-# This is the name of the binary as it's been install by do_install
+# This is the name of the binary as it's been installed by do_install
# i.e. ALTERNATIVE_TARGET[sh] = "/bin/bash"
#
# A package specific link for a target
@@ -68,7 +68,7 @@
# We need special processing for vardeps because it can not work on
# modified flag values. So we aggregate the flags into a new variable
-# and include that vairable in the set.
+# and include that variable in the set.
UPDALTVARS = "ALTERNATIVE ALTERNATIVE_LINK_NAME ALTERNATIVE_TARGET ALTERNATIVE_PRIORITY"
PACKAGE_WRITE_DEPS += "virtual/update-alternatives-native"
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass
index 0710c1e..4049694 100644
--- a/poky/meta/classes/archiver.bbclass
+++ b/poky/meta/classes/archiver.bbclass
@@ -465,7 +465,7 @@
pn = d.getVar('PN')
return pn.startswith('gcc-source') or \
bb.data.inherits_class('kernel', d) or \
- (bb.data.inherits_class('kernelsrc', d) and d.getVar('S') == d.getVar('STAGING_KERNEL_DIR'))
+ (bb.data.inherits_class('kernelsrc', d) and d.expand("${TMPDIR}/work-shared") in d.getVar('S'))
# Run do_unpack and do_patch
python do_unpack_and_patch() {
diff --git a/poky/meta/classes/create-spdx.bbclass b/poky/meta/classes/create-spdx.bbclass
index 47dd12c..f0513af 100644
--- a/poky/meta/classes/create-spdx.bbclass
+++ b/poky/meta/classes/create-spdx.bbclass
@@ -21,7 +21,6 @@
SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
SPDX_INCLUDE_SOURCES ??= "0"
-SPDX_INCLUDE_PACKAGED ??= "0"
SPDX_ARCHIVE_SOURCES ??= "0"
SPDX_ARCHIVE_PACKAGED ??= "0"
@@ -431,7 +430,6 @@
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_workdir = Path(d.getVar("SPDXWORK"))
- include_packaged = d.getVar("SPDX_INCLUDE_PACKAGED") == "1"
include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
@@ -459,6 +457,7 @@
for s in d.getVar('SRC_URI').split():
if not s.startswith("file://"):
+ s = s.split(';')[0]
recipe.downloadLocation = s
break
else:
@@ -796,6 +795,7 @@
bb.build.exec_func('do_unpack', d)
# Copy source of kernel to spdx_workdir
if is_work_shared_spdx(d):
+ share_src = d.getVar('WORKDIR')
d.setVar('WORKDIR', spdx_workdir)
d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
@@ -803,8 +803,8 @@
if bb.data.inherits_class('kernel',d):
share_src = d.getVar('STAGING_KERNEL_DIR')
cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
- cmd_copy_kernel_result = os.popen(cmd_copy_share).read()
- bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result)
+ cmd_copy_shared_res = os.popen(cmd_copy_share).read()
+ bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
git_path = src_dir + "/.git"
if os.path.exists(git_path):
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 4b4ea78..5e2da56 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -48,8 +48,8 @@
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
-CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
-CVE_CHECK_MANIFEST_JSON ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
+CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
+CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
CVE_CHECK_COPY_FILES ??= "1"
CVE_CHECK_CREATE_MANIFEST ??= "1"
@@ -202,7 +202,7 @@
recipies.add(pkg_data["PN"])
bb.note("Writing rootfs CVE manifest")
- deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+ deploy_dir = d.getVar("IMGDEPLOYDIR")
link_name = d.getVar("IMAGE_LINK_NAME")
json_data = {"version":"1", "package": []}
@@ -260,7 +260,7 @@
"""
Connect to the NVD database and find unpatched cves.
"""
- from oe.cve_check import Version
+ from oe.cve_check import Version, convert_cve_version
pn = d.getVar("PN")
real_pv = d.getVar("PV")
@@ -324,6 +324,9 @@
if cve in cve_ignore:
ignored = True
+ version_start = convert_cve_version(version_start)
+ version_end = convert_cve_version(version_end)
+
if (operator_start == '=' and pv == version_start) or version_start == '-':
vulnerable = True
else:
diff --git a/poky/meta/classes/externalsrc.bbclass b/poky/meta/classes/externalsrc.bbclass
index 06a9548..26c5803 100644
--- a/poky/meta/classes/externalsrc.bbclass
+++ b/poky/meta/classes/externalsrc.bbclass
@@ -61,7 +61,7 @@
if externalsrcbuild:
d.setVar('B', externalsrcbuild)
else:
- d.setVar('B', '${WORKDIR}/${BPN}-${PV}/')
+ d.setVar('B', '${WORKDIR}/${BPN}-${PV}')
local_srcuri = []
fetch = bb.fetch2.Fetch((d.getVar('SRC_URI') or '').split(), d)
@@ -212,8 +212,8 @@
try:
git_dir = os.path.join(s_dir,
subprocess.check_output(['git', '-C', s_dir, 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
- top_git_dir = os.path.join(s_dir, subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'],
- stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
+ top_git_dir = os.path.join(d.getVar("TOPDIR"),
+ subprocess.check_output(['git', '-C', d.getVar("TOPDIR"), 'rev-parse', '--git-dir'], stderr=subprocess.DEVNULL).decode("utf-8").rstrip())
if git_dir == top_git_dir:
git_dir = None
except subprocess.CalledProcessError:
@@ -230,7 +230,7 @@
env['GIT_INDEX_FILE'] = tmp_index.name
subprocess.check_output(['git', 'add', '-A', '.'], cwd=s_dir, env=env)
git_sha1 = subprocess.check_output(['git', 'write-tree'], cwd=s_dir, env=env).decode("utf-8")
- if os.path.exists(".gitmodules"):
+ if os.path.exists(os.path.join(s_dir, ".gitmodules")) and os.path.getsize(os.path.join(s_dir, ".gitmodules")) > 0:
submodule_helper = subprocess.check_output(["git", "config", "--file", ".gitmodules", "--get-regexp", "path"], cwd=s_dir, env=env).decode("utf-8")
for line in submodule_helper.splitlines():
module_dir = os.path.join(s_dir, line.rsplit(maxsplit=1)[1])
diff --git a/poky/meta/classes/multilib.bbclass b/poky/meta/classes/multilib.bbclass
index 10a4ef9..8a1a51a 100644
--- a/poky/meta/classes/multilib.bbclass
+++ b/poky/meta/classes/multilib.bbclass
@@ -51,6 +51,7 @@
e.data.setVar("RECIPE_SYSROOT", "${WORKDIR}/recipe-sysroot")
e.data.setVar("STAGING_DIR_TARGET", "${WORKDIR}/recipe-sysroot")
e.data.setVar("STAGING_DIR_HOST", "${WORKDIR}/recipe-sysroot")
+ e.data.setVar("RECIPE_SYSROOT_MANIFEST_SUBDIR", "nativesdk-" + variant)
e.data.setVar("MLPREFIX", variant + "-")
override = ":virtclass-multilib-" + variant
e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override)
diff --git a/poky/meta/classes/recipe_sanity.bbclass b/poky/meta/classes/recipe_sanity.bbclass
index 1c2e24c..a5cc431 100644
--- a/poky/meta/classes/recipe_sanity.bbclass
+++ b/poky/meta/classes/recipe_sanity.bbclass
@@ -16,7 +16,7 @@
for var in d.getVar("__recipe_sanity_badruntimevars").split():
val = d.getVar(var, False)
if val and val != cfgdata.get(var):
- __note("%s should be %s_${PN}" % (var, var), d)
+ __note("%s should be %s:${PN}" % (var, var), d)
__recipe_sanity_reqvars = "DESCRIPTION"
__recipe_sanity_reqdiffvars = ""
diff --git a/poky/meta/classes/report-error.bbclass b/poky/meta/classes/report-error.bbclass
index 2f692fb..2b2ad56 100644
--- a/poky/meta/classes/report-error.bbclass
+++ b/poky/meta/classes/report-error.bbclass
@@ -107,6 +107,31 @@
errorreport_savedata(e, jsondata, "error-report.txt")
bb.utils.unlockfile(lock)
+ elif isinstance(e, bb.event.NoProvider):
+ bb.utils.mkdirhier(logpath)
+ data = {}
+ machine = e.data.getVar("MACHINE")
+ data['machine'] = machine
+ data['build_sys'] = e.data.getVar("BUILD_SYS")
+ data['nativelsb'] = nativelsb()
+ data['distro'] = e.data.getVar("DISTRO")
+ data['target_sys'] = e.data.getVar("TARGET_SYS")
+ data['failures'] = []
+ data['component'] = str(e._item)
+ data['branch_commit'] = str(oe.buildcfg.detect_branch(e.data)) + ": " + str(oe.buildcfg.detect_revision(e.data))
+ data['bitbake_version'] = e.data.getVar("BB_VERSION")
+ data['layer_version'] = get_layers_branch_rev(e.data)
+ data['local_conf'] = get_conf_data(e, 'local.conf')
+ data['auto_conf'] = get_conf_data(e, 'auto.conf')
+ taskdata={}
+ taskdata['log'] = str(e)
+ taskdata['package'] = str(e._item)
+ taskdata['task'] = "Nothing provides " + "'" + str(e._item) + "'"
+ data['failures'].append(taskdata)
+ lock = bb.utils.lockfile(datafile + '.lock')
+ errorreport_savedata(e, data, "error-report.txt")
+ bb.utils.unlockfile(lock)
+
elif isinstance(e, bb.event.BuildCompleted):
lock = bb.utils.lockfile(datafile + '.lock')
jsondata = json.loads(errorreport_getdata(e))
@@ -120,4 +145,4 @@
}
addhandler errorreport_handler
-errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed"
+errorreport_handler[eventmask] = "bb.event.BuildStarted bb.event.BuildCompleted bb.build.TaskFailed bb.event.NoProvider"
diff --git a/poky/meta/classes/rm_work.bbclass b/poky/meta/classes/rm_work.bbclass
index c493eff..8b5fe1b 100644
--- a/poky/meta/classes/rm_work.bbclass
+++ b/poky/meta/classes/rm_work.bbclass
@@ -33,6 +33,13 @@
BB_TASK_IONICE_LEVEL:task-rm_work = "3.0"
do_rm_work () {
+ # Force using the HOSTTOOLS 'rm' - otherwise the SYSROOT_NATIVE 'rm' can be selected depending on PATH
+ # Avoids race-condition accessing 'rm' when deleting WORKDIR folders at the end of this function
+ RM_BIN="$(PATH=${HOSTTOOLS_DIR} command -v rm)"
+ if [ -z "${RM_BIN}" ]; then
+ bbfatal "Binary 'rm' not found in HOSTTOOLS_DIR, cannot remove WORKDIR data."
+ fi
+
# If the recipe name is in the RM_WORK_EXCLUDE, skip the recipe.
for p in ${RM_WORK_EXCLUDE}; do
if [ "$p" = "${PN}" ]; then
@@ -79,7 +86,7 @@
# sstate version since otherwise we'd need to leave 'plaindirs' around
# such as 'packages' and 'packages-split' and these can be large. No end
# of chain tasks depend directly on do_package anymore.
- rm -f -- $i;
+ "${RM_BIN}" -f -- $i;
;;
*_setscene*)
# Skip stamps which are already setscene versions
@@ -96,7 +103,7 @@
;;
esac
done
- rm -f -- $i
+ "${RM_BIN}" -f -- $i
esac
done
@@ -106,12 +113,14 @@
# Retain only logs and other files in temp, safely ignore
# failures of removing pseudo folers on NFS2/3 server.
if [ $dir = 'pseudo' ]; then
- rm -rf -- $dir 2> /dev/null || true
+ "${RM_BIN}" -rf -- $dir 2> /dev/null || true
elif ! echo "$excludes" | grep -q -w "$dir"; then
- rm -rf -- $dir
+ "${RM_BIN}" -rf -- $dir
fi
done
}
+do_rm_work[vardepsexclude] += "SSTATETASKS"
+
do_rm_work_all () {
:
}
@@ -178,7 +187,7 @@
# other recipes and thus will typically run much later than completion of
# work in the recipe itself.
# In practice, addtask() here merely updates the dependencies.
- bb.build.addtask('do_rm_work', 'do_build', ' '.join(deps), d)
+ bb.build.addtask('do_rm_work', 'do_rm_work_all do_build', ' '.join(deps), d)
# Always update do_build_without_rm_work dependencies.
bb.build.addtask('do_build_without_rm_work', '', ' '.join(deps), d)
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf
index 62cdd9a..a1f0f62 100644
--- a/poky/meta/conf/bitbake.conf
+++ b/poky/meta/conf/bitbake.conf
@@ -676,7 +676,7 @@
export PERL_HASH_SEED = "0"
export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}"
# A SOURCE_DATE_EPOCH of '0' might be misinterpreted as no SDE
-export SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400"
+SOURCE_DATE_EPOCH_FALLBACK ??= "1302044400"
REPRODUCIBLE_TIMESTAMP_ROOTFS ??= "1520598896"
##################################################################
diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
index 8b5f8d4..f5d6867 100644
--- a/poky/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -78,9 +78,34 @@
CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887"
# 2020
CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
+# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
+# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
+# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
+CVE_CHECK_IGNORE += "CVE-2020-27784"
+
# 2021
CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
+CVE_CHECK_IGNORE += "CVE-2021-3669"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_IGNORE += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
+CVE_CHECK_IGNORE += "CVE-2021-4218"
+
# 2022
CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
@@ -90,6 +115,193 @@
CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
CVE-2022-29582 CVE-2022-29968"
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
+CVE_CHECK_IGNORE += "CVE-2022-0480"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371
+# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
+# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
+# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
+CVE_CHECK_IGNORE += "CVE-2022-1184"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_IGNORE += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
+# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
+# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
+# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
+# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
+CVE_CHECK_IGNORE += "CVE-2022-2308"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
+CVE_CHECK_IGNORE += "CVE-2022-2327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
+# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43
+# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547
+# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
+# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
+# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
+CVE_CHECK_IGNORE += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
+# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
+# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
+CVE_CHECK_IGNORE += "CVE-2022-2785"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
+# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
+# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
+# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
+CVE_CHECK_IGNORE += "CVE-2022-3176"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
+# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
+# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
+# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
+CVE_CHECK_IGNORE += "CVE-2022-3526"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_IGNORE += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_IGNORE += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
+# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
+# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
+CVE_CHECK_IGNORE += "CVE-2022-3624"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
+# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
+# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902
+# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f
+# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
+# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
+# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
+CVE_CHECK_IGNORE += "CVE-2022-3625"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_IGNORE += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
+# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
+# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
+# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
+CVE_CHECK_IGNORE += "CVE-2022-3630"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_IGNORE += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_IGNORE += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
+# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
+# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
+# The vulnerability has been introduced and patched in rc1 of v5.19.
+CVE_CHECK_IGNORE += "CVE-2022-3636"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_IGNORE += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_IGNORE += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_IGNORE += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_IGNORE += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_IGNORE += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_IGNORE += "CVE-2022-33742"
+
+
+# Wrong CPE in NVD database
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
+# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git
+CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637"
# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255
# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc
index 56088e4..99929ac 100644
--- a/poky/meta/conf/distro/include/ptest-packagelists.inc
+++ b/poky/meta/conf/distro/include/ptest-packagelists.inc
@@ -103,7 +103,7 @@
"
PTESTS_SLOW:remove:riscv64 = "valgrind-ptest"
-PTESTS_PROBLEMS:append:riscv64 = "valgrind-ptest"
+PTESTS_PROBLEMS:append:riscv64 = " valgrind-ptest"
# ruby-ptest \ # Timeout
# lz4-ptest \ # Needs a rewrite
diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc
index 7012db4..8a5cab5 100644
--- a/poky/meta/conf/distro/include/yocto-uninative.inc
+++ b/poky/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.36"
-UNINATIVE_VERSION = "3.7"
+UNINATIVE_MAXGLIBCVERSION = "2.37"
+UNINATIVE_VERSION = "3.9"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "6a29bcae4b5b716d2d520e18800b33943b65f8a835eac1ff8793fc5ee65b4be6"
-UNINATIVE_CHECKSUM[i686] ?= "3f6d52e64996570c716108d49f8108baccf499a283bbefae438c7266b7a93305"
-UNINATIVE_CHECKSUM[x86_64] ?= "b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570"
+UNINATIVE_CHECKSUM[aarch64] ?= "de35708c95c34573af140da910132c3291ba4fd26ebf7b74b755ada432cdf07b"
+UNINATIVE_CHECKSUM[i686] ?= "adac07b08adb88eb26fc7fd87fee0cec9d5be167bf7c5ffd3a549a2a6699c29c"
+UNINATIVE_CHECKSUM[x86_64] ?= "3dd82c3fbdb59e87bf091c3eef555a05fae528eeda3083828f76cd4deaceca8b"
diff --git a/poky/meta/lib/bblayers/buildconf.py b/poky/meta/lib/bblayers/buildconf.py
index e07fc53..ccab332 100644
--- a/poky/meta/lib/bblayers/buildconf.py
+++ b/poky/meta/lib/bblayers/buildconf.py
@@ -64,7 +64,7 @@
oecore = None
for l in layers:
- if l[0] == os.path.abspath(args.layerpath):
+ if os.path.abspath(l[0]) == os.path.abspath(args.layerpath):
targetlayer = l[0]
if l[1] == 'meta':
oecore = os.path.dirname(l[0])
diff --git a/poky/meta/lib/bblayers/makesetup.py b/poky/meta/lib/bblayers/makesetup.py
index 22f89d8..5fb6f14 100644
--- a/poky/meta/lib/bblayers/makesetup.py
+++ b/poky/meta/lib/bblayers/makesetup.py
@@ -45,8 +45,15 @@
return ""
return describe.strip()
+ def _is_submodule(self, repo_path):
+ # This is slightly brittle: git does not offer a way to tell whether
+ # a given repo dir is a submodule checkout, so we need to rely on .git
+ # being a file (rather than a dir like it is in standalone checkouts).
+ # The file typically contains a gitdir pointer to elsewhere.
+ return os.path.isfile(os.path.join(repo_path,".git"))
+
def make_repo_config(self, destdir):
- """ This is a helper function for the writer plugins that discovers currently confugured layers.
+ """ This is a helper function for the writer plugins that discovers currently configured layers.
The writers do not have to use it, but it can save a bit of work and avoid duplicated code, hence it is
available here. """
repos = {}
@@ -63,6 +70,9 @@
logger.error("Layer {name} in {path} has uncommitted modifications or is not in a git repository.".format(name=l_name,path=l_path))
return
repo_path = self._get_repo_path(l_path)
+
+ if self._is_submodule(repo_path):
+ continue
if repo_path not in repos.keys():
repos[repo_path] = {'path':os.path.basename(repo_path),'git-remote':{'rev':l_rev, 'branch':l_branch, 'remotes':self._get_remotes(repo_path), 'describe':self._get_describe(repo_path)}}
if repo_path == destdir_repo:
diff --git a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py
index f6a484b..d5bc19a 100644
--- a/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py
+++ b/poky/meta/lib/bblayers/setupwriters/oe-setup-layers.py
@@ -33,6 +33,8 @@
def do_write(self, parent, args):
""" Writes out a python script and a json config that replicate the directory structure and revisions of the layers in a current build. """
+ if not os.path.exists(args.destdir):
+ os.makedirs(args.destdir)
repos = parent.make_repo_config(args.destdir)
json = {"version":"1.0","sources":repos}
if not repos:
diff --git a/poky/meta/lib/oe/cve_check.py b/poky/meta/lib/oe/cve_check.py
index 4f1d80f..dbaa0b3 100644
--- a/poky/meta/lib/oe/cve_check.py
+++ b/poky/meta/lib/oe/cve_check.py
@@ -179,3 +179,42 @@
if os.path.exists(os.path.realpath(link_path)):
os.remove(link_path)
os.symlink(os.path.basename(target_path), link_path)
+
+
+def convert_cve_version(version):
+ """
+ This function converts from CVE format to Yocto version format.
+ eg 8.3_p1 -> 8.3p1, 6.2_rc1 -> 6.2-rc1
+
+ Unless it is redefined using CVE_VERSION in the recipe,
+ cve_check uses the version in the name of the recipe (${PV})
+ to check vulnerabilities against a CVE in the database downloaded from NVD.
+
+ When the version has an update, i.e.
+ "p1" in OpenSSH 8.3p1,
+ "-rc1" in linux kernel 6.2-rc1,
+ the database stores the version as version_update (8.3_p1, 6.2_rc1).
+ Therefore, we must transform this version before comparing to the
+ recipe version.
+
+ In this case, the parameter of the function is 8.3_p1.
+ If the version uses the Release Candidate format, "rc",
+ this function replaces the '_' by '-'.
+ If the version uses the Update format, "p",
+ this function removes the '_' completely.
+ """
+ import re
+
+ matches = re.match('^([0-9.]+)_((p|rc)[0-9]+)$', version)
+
+ if not matches:
+ return version
+
+ version = matches.group(1)
+ update = matches.group(2)
+
+ if matches.group(3) == "rc":
+ return version + '-' + update
+
+ return version + update
+
diff --git a/poky/meta/lib/oe/gpg_sign.py b/poky/meta/lib/oe/gpg_sign.py
index 613dab8..ede6186 100644
--- a/poky/meta/lib/oe/gpg_sign.py
+++ b/poky/meta/lib/oe/gpg_sign.py
@@ -5,11 +5,12 @@
#
"""Helper module for GPG signing"""
-import os
import bb
-import subprocess
+import os
import shlex
+import subprocess
+import tempfile
class LocalSigner(object):
"""Class for handling local (on the build host) signing"""
@@ -73,8 +74,6 @@
cmd += ['--homedir', self.gpg_path]
if armor:
cmd += ['--armor']
- if output_suffix:
- cmd += ['-o', input_file + "." + output_suffix]
if use_sha256:
cmd += ['--digest-algo', "SHA256"]
@@ -83,19 +82,27 @@
if self.gpg_version > (2,1,):
cmd += ['--pinentry-mode', 'loopback']
- cmd += [input_file]
-
try:
if passphrase_file:
with open(passphrase_file) as fobj:
passphrase = fobj.readline();
- job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
- (_, stderr) = job.communicate(passphrase.encode("utf-8"))
+ if not output_suffix:
+ output_suffix = 'asc' if armor else 'sig'
+ output_file = input_file + "." + output_suffix
+ with tempfile.TemporaryDirectory(dir=os.path.dirname(output_file)) as tmp_dir:
+ tmp_file = os.path.join(tmp_dir, os.path.basename(output_file))
+ cmd += ['-o', tmp_file]
- if job.returncode:
- bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8")))
+ cmd += [input_file]
+ job = subprocess.Popen(cmd, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
+ (_, stderr) = job.communicate(passphrase.encode("utf-8"))
+
+ if job.returncode:
+ bb.fatal("GPG exited with code %d: %s" % (job.returncode, stderr.decode("utf-8")))
+
+ os.rename(tmp_file, output_file)
except IOError as e:
bb.error("IO error (%s): %s" % (e.errno, e.strerror))
raise Exception("Failed to sign '%s'" % input_file)
diff --git a/poky/meta/lib/oe/overlayfs.py b/poky/meta/lib/oe/overlayfs.py
index 8d7a047..8b88900 100644
--- a/poky/meta/lib/oe/overlayfs.py
+++ b/poky/meta/lib/oe/overlayfs.py
@@ -40,7 +40,11 @@
bb.fatal("Missing required mount point for OVERLAYFS_MOUNT_POINT[%s] in your MACHINE configuration" % mountPoint)
for mountPoint in overlayMountPoints:
- for path in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+ mountPointList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+ if not mountPointList:
+ bb.debug(1, "No mount points defined for %s flag, don't add to file list", mountPoint)
+ continue
+ for path in mountPointList.split():
fileList.append(mountUnitName(path))
fileList.append(helperUnitName(path))
diff --git a/poky/meta/lib/oe/package_manager/deb/__init__.py b/poky/meta/lib/oe/package_manager/deb/__init__.py
index c672454..0c23c88 100644
--- a/poky/meta/lib/oe/package_manager/deb/__init__.py
+++ b/poky/meta/lib/oe/package_manager/deb/__init__.py
@@ -82,15 +82,15 @@
return
oe.utils.multiprocess_launch(create_index, index_cmds, self.d)
- if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
- signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
+ if self.d.getVar('PACKAGE_FEED_SIGN') == '1':
+ signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND'))
else:
signer = None
if signer:
for f in index_sign_files:
signer.detach_sign(f,
- self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
- self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
+ self.d.getVar('PACKAGE_FEED_GPG_NAME'),
+ self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE'),
output_suffix="gpg",
use_sha256=True)
diff --git a/poky/meta/lib/oe/reproducible.py b/poky/meta/lib/oe/reproducible.py
index 04a1810..9ac75c0 100644
--- a/poky/meta/lib/oe/reproducible.py
+++ b/poky/meta/lib/oe/reproducible.py
@@ -115,7 +115,8 @@
return None
bb.debug(1, "git repository: %s" % gitpath)
- p = subprocess.run(['git', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'], check=True, stdout=subprocess.PIPE)
+ p = subprocess.run(['git', '-c', 'log.showSignature=false', '--git-dir', gitpath, 'log', '-1', '--pretty=%ct'],
+ check=True, stdout=subprocess.PIPE)
return int(p.stdout.decode('utf-8'))
def get_source_date_epoch_from_youngest_file(d, sourcedir):
diff --git a/poky/meta/lib/oe/rust.py b/poky/meta/lib/oe/rust.py
index 1dc9cf1..185553e 100644
--- a/poky/meta/lib/oe/rust.py
+++ b/poky/meta/lib/oe/rust.py
@@ -8,4 +8,6 @@
def arch_to_rust_arch(arch):
if arch == "ppc64le":
return "powerpc64le"
+ if arch in ('riscv32', 'riscv64'):
+ return arch + 'gc'
return arch
diff --git a/poky/meta/lib/oe/sstatesig.py b/poky/meta/lib/oe/sstatesig.py
index fad10af..fb4abe8 100644
--- a/poky/meta/lib/oe/sstatesig.py
+++ b/poky/meta/lib/oe/sstatesig.py
@@ -32,6 +32,12 @@
depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep)
mc, _ = bb.runqueue.split_mc(fn)
+ # We can skip the rm_work task signature to avoid running the task
+ # when we remove some tasks from the dependencie chain
+ # i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work
+ if task == "do_rm_work":
+ return False
+
# Keep all dependencies between SPDX tasks in the signature. SPDX documents
# are linked together by hashes, which means if a dependent document changes,
# all downstream documents must be re-written (even if they are "safe"
@@ -463,11 +469,15 @@
pkgarchs.append('allarch')
pkgarchs.append('${SDK_ARCH}_${SDK_ARCH}-${SDKPKGSUFFIX}')
+ searched_manifests = []
+
for pkgarch in pkgarchs:
manifest = d2.expand("${SSTATE_MANIFESTS}/manifest-%s-%s.%s" % (pkgarch, taskdata, taskname))
if os.path.exists(manifest):
return manifest, d2
- bb.fatal("Manifest %s not found in %s (variant '%s')?" % (manifest, d2.expand(" ".join(pkgarchs)), variant))
+ searched_manifests.append(manifest)
+ bb.fatal("The sstate manifest for task '%s:%s' (multilib variant '%s') could not be found.\nThe pkgarchs considered were: %s.\nBut none of these manifests exists:\n %s"
+ % (taskdata, taskname, variant, d2.expand(", ".join(pkgarchs)),"\n ".join(searched_manifests)))
return None, d2
def OEOuthashBasic(path, sigfile, task, d):
@@ -652,6 +662,10 @@
if f == 'fixmepath':
continue
process(os.path.join(root, f))
+
+ for dir in dirs:
+ if os.path.islink(os.path.join(root, dir)):
+ process(os.path.join(root, dir))
finally:
os.chdir(prev_dir)
diff --git a/poky/meta/lib/oeqa/core/target/ssh.py b/poky/meta/lib/oeqa/core/target/ssh.py
index f956a77..4ab0cdd 100644
--- a/poky/meta/lib/oeqa/core/target/ssh.py
+++ b/poky/meta/lib/oeqa/core/target/ssh.py
@@ -34,6 +34,8 @@
self.timeout = timeout
self.user = user
ssh_options = [
+ '-o', 'ServerAliveCountMax=2',
+ '-o', 'ServerAliveInterval=30',
'-o', 'UserKnownHostsFile=/dev/null',
'-o', 'StrictHostKeyChecking=no',
'-o', 'LogLevel=ERROR'
@@ -224,27 +226,33 @@
def run():
nonlocal output
nonlocal process
+ output_raw = b''
starttime = time.time()
process = subprocess.Popen(command, **options)
if timeout:
endtime = starttime + timeout
eof = False
+ os.set_blocking(process.stdout.fileno(), False)
while time.time() < endtime and not eof:
- logger.debug('time: %s, endtime: %s' % (time.time(), endtime))
try:
+ logger.debug('Waiting for process output: time: %s, endtime: %s' % (time.time(), endtime))
if select.select([process.stdout], [], [], 5)[0] != []:
- reader = codecs.getreader('utf-8')(process.stdout, 'ignore')
- data = reader.read(1024, 4096)
+ # wait a bit for more data, tries to avoid reading single characters
+ time.sleep(0.2)
+ data = process.stdout.read()
if not data:
- process.stdout.close()
eof = True
else:
- output += data
- logger.debug('Partial data from SSH call: %s' % data)
+ output_raw += data
+ # ignore errors to capture as much as possible
+ logger.debug('Partial data from SSH call:\n%s' % data.decode('utf-8', errors='ignore'))
endtime = time.time() + timeout
except InterruptedError:
+ logger.debug('InterruptedError')
continue
+ process.stdout.close()
+
# process hasn't returned yet
if not eof:
process.terminate()
@@ -252,16 +260,30 @@
try:
process.kill()
except OSError:
+ logger.debug('OSError when killing process')
pass
endtime = time.time() - starttime
lastline = ("\nProcess killed - no output for %d seconds. Total"
" running time: %d seconds." % (timeout, endtime))
- logger.debug('Received data from SSH call %s ' % lastline)
+ logger.debug('Received data from SSH call:\n%s ' % lastline)
output += lastline
else:
- output = process.communicate()[0].decode('utf-8', errors='ignore')
- logger.debug('Data from SSH call: %s' % output.rstrip())
+ output_raw = process.communicate()[0]
+
+ output = output_raw.decode('utf-8', errors='ignore')
+ logger.debug('Data from SSH call:\n%s' % output.rstrip())
+
+ # timout or not, make sure process exits and is not hanging
+ if process.returncode == None:
+ try:
+ process.wait(timeout=5)
+ except TimeoutExpired:
+ try:
+ process.kill()
+ except OSError:
+ logger.debug('OSError')
+ pass
options = {
"stdout": subprocess.PIPE,
@@ -290,4 +312,5 @@
process.kill()
logger.debug('Something went wrong, killing SSH process')
raise
- return (process.wait(), output.rstrip())
+
+ return (process.returncode, output.rstrip())
diff --git a/poky/meta/lib/oeqa/core/utils/concurrencytest.py b/poky/meta/lib/oeqa/core/utils/concurrencytest.py
index 383479c..4f77589 100644
--- a/poky/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/poky/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -59,6 +59,7 @@
self.outputbuf = output
self.finalresult = finalresult
self.finalresult.buffer = True
+ self.target = target
def _add_result_with_semaphore(self, method, test, *args, **kwargs):
self.semaphore.acquire()
@@ -67,13 +68,14 @@
self.result.starttime[test.id()] = self._test_start.timestamp()
self.result.threadprogress[self.threadnum].append(test.id())
totalprogress = sum(len(x) for x in self.result.threadprogress.values())
- self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s)" % (
+ self.result.progressinfo[test.id()] = "%s: %s/%s %s/%s (%ss) (%s failed) (%s)" % (
self.threadnum,
len(self.result.threadprogress[self.threadnum]),
self.totalinprocess,
totalprogress,
self.totaltests,
"{0:.2f}".format(time.time()-self._test_start.timestamp()),
+ self.target.failed_tests,
test.id())
finally:
self.semaphore.release()
diff --git a/poky/meta/lib/oeqa/runtime/cases/apt.py b/poky/meta/lib/oeqa/runtime/cases/apt.py
index 4e09374..8000645 100644
--- a/poky/meta/lib/oeqa/runtime/cases/apt.py
+++ b/poky/meta/lib/oeqa/runtime/cases/apt.py
@@ -39,9 +39,9 @@
self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s/all ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
def setup_source_config_for_package_install_signed(self):
- apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
+ apt_get_source_server = 'http://%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
apt_get_sourceslist_dir = '/etc/apt/'
- self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
+ self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's|\[trusted=yes\] http://bogus_ip:bogus_port|%s|g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
def cleanup_source_config_for_package_install(self):
apt_get_sourceslist_dir = '/etc/apt/'
diff --git a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
index bd3b46d..3728855 100644
--- a/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
+++ b/poky/meta/lib/oeqa/runtime/cases/buildcpio.py
@@ -29,7 +29,10 @@
@OEHasPackage(['autoconf'])
def test_cpio(self):
self.project.download_archive()
- self.project.run_configure('--disable-maintainer-mode',
- 'sed -i -e "/char \*program_name/d" src/global.c;')
+ self.project.run_configure('--disable-maintainer-mode')
+ # This sed is needed until
+ # https://git.savannah.gnu.org/cgit/cpio.git/commit/src/global.c?id=641d3f489cf6238bb916368d4ba0d9325a235afb
+ # is in a release.
+ self.project._run(r'sed -i -e "/char \*program_name/d" %s/src/global.c' % self.project.targetdir)
self.project.run_make()
self.project.run_install()
diff --git a/poky/meta/lib/oeqa/runtime/cases/dnf.py b/poky/meta/lib/oeqa/runtime/cases/dnf.py
index 410d456..3ccb18c 100644
--- a/poky/meta/lib/oeqa/runtime/cases/dnf.py
+++ b/poky/meta/lib/oeqa/runtime/cases/dnf.py
@@ -147,29 +147,21 @@
rootpath = '/home/root/chroot/test'
#Copy necessary files to avoid errors with not yet installed tools on
#installroot directory.
- self.target.run('mkdir -p %s/etc' % rootpath, 1500)
- self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath), 1500)
- self.target.run('ln -sf -r %s/usr/bin %s/bin' % (rootpath, rootpath), 1500)
- self.target.run('ln -sf -r %s/usr/sbin %s/sbin' % (rootpath, rootpath), 1500)
- self.target.run('mkdir -p %s/dev' % rootpath, 1500)
+ self.target.run('mkdir -p %s/etc' % rootpath)
+ self.target.run('mkdir -p %s/usr/bin %s/usr/sbin' % (rootpath, rootpath))
+ self.target.run('ln -sf usr/bin %s/bin' % (rootpath))
+ self.target.run('ln -sf usr/sbin %s/sbin' % (rootpath))
+ self.target.run('mkdir -p %s/dev' % rootpath)
#Handle different architectures lib dirs
- self.target.run('mkdir -p %s/usr/lib' % rootpath, 1500)
- self.target.run('mkdir -p %s/usr/libx32' % rootpath, 1500)
- self.target.run('mkdir -p %s/usr/lib64' % rootpath, 1500)
- self.target.run('cp /lib/libtinfo.so.5 %s/usr/lib' % rootpath, 1500)
- self.target.run('cp /libx32/libtinfo.so.5 %s/usr/libx32' % rootpath, 1500)
- self.target.run('cp /lib64/libtinfo.so.5 %s/usr/lib64' % rootpath, 1500)
- self.target.run('ln -sf -r %s/lib %s/usr/lib' % (rootpath,rootpath), 1500)
- self.target.run('ln -sf -r %s/libx32 %s/usr/libx32' % (rootpath,rootpath), 1500)
- self.target.run('ln -sf -r %s/lib64 %s/usr/lib64' % (rootpath,rootpath), 1500)
- self.target.run('cp -r /etc/rpm %s/etc' % rootpath, 1500)
- self.target.run('cp -r /etc/dnf %s/etc' % rootpath, 1500)
- self.target.run('cp /bin/sh %s/bin' % rootpath, 1500)
- self.target.run('mount -o bind /dev %s/dev/' % rootpath, 1500)
+ self.target.run("for l in /lib*; do mkdir -p %s/usr/$l; ln -s usr/$l %s/$l; done" % (rootpath, rootpath))
+ self.target.run('cp -r /etc/rpm %s/etc' % rootpath)
+ self.target.run('cp -r /etc/dnf %s/etc' % rootpath)
+ self.target.run('cp /bin/busybox %s/bin/sh' % rootpath)
+ self.target.run('mount -o bind /dev %s/dev/' % rootpath)
self.dnf_with_repo('install --installroot=%s -v -y --rpmverbosity=debug busybox' % rootpath)
- status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath, 1500)
+ status, output = self.target.run('test -e %s/var/cache/dnf' % rootpath)
self.assertEqual(0, status, output)
- status, output = self.target.run('test -e %s/bin/busybox' % rootpath, 1500)
+ status, output = self.target.run('test -e %s/bin/busybox' % rootpath)
self.assertEqual(0, status, output)
@OETestDepends(['dnf.DnfRepoTest.test_dnf_makecache'])
diff --git a/poky/meta/lib/oeqa/runtime/cases/ping.py b/poky/meta/lib/oeqa/runtime/cases/ping.py
index 967b441..f72460e 100644
--- a/poky/meta/lib/oeqa/runtime/cases/ping.py
+++ b/poky/meta/lib/oeqa/runtime/cases/ping.py
@@ -5,6 +5,7 @@
#
from subprocess import Popen, PIPE
+from time import sleep
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.oetimeout import OETimeout
@@ -16,6 +17,7 @@
def test_ping(self):
output = ''
count = 0
+ self.assertNotEqual(len(self.target.ip), 0, msg="No target IP address set")
try:
while count < 5:
cmd = 'ping -c 1 %s' % self.target.ip
@@ -25,6 +27,7 @@
count += 1
else:
count = 0
+ sleep(1)
except OEQATimeoutError:
self.fail("Ping timeout error for address %s, count %s, output: %s" % (self.target.ip, count, output))
msg = ('Expected 5 consecutive, got %d.\n'
diff --git a/poky/meta/lib/oeqa/runtime/cases/rpm.py b/poky/meta/lib/oeqa/runtime/cases/rpm.py
index e3cd818..fa86eb0 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rpm.py
@@ -51,21 +51,20 @@
msg = 'status: %s. Cannot run rpm -qa: %s' % (status, output)
self.assertEqual(status, 0, msg=msg)
- def check_no_process_for_user(u):
- _, output = self.target.run(self.tc.target_cmds['ps'])
- if u + ' ' in output:
- return False
- else:
- return True
+ def wait_for_no_process_for_user(u, timeout = 120):
+ timeout_at = time.time() + timeout
+ while time.time() < timeout_at:
+ _, output = self.target.run(self.tc.target_cmds['ps'])
+ if u + ' ' not in output:
+ return
+ time.sleep(1)
+ user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
+ msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
+ assertTrue(True, msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
- timeout = time.time() + 30
- while time.time() < timeout:
- if check_no_process_for_user(u):
- break
- else:
- time.sleep(1)
+ wait_for_no_process_for_user(u)
status, output = self.target.run('userdel -r %s' % u)
msg = 'Failed to erase user: %s' % output
self.assertTrue(status == 0, msg=msg)
diff --git a/poky/meta/lib/oeqa/runtime/cases/rtc.py b/poky/meta/lib/oeqa/runtime/cases/rtc.py
index b2159b1..6e45c5d 100644
--- a/poky/meta/lib/oeqa/runtime/cases/rtc.py
+++ b/poky/meta/lib/oeqa/runtime/cases/rtc.py
@@ -5,6 +5,7 @@
#
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
+from oeqa.core.decorator.data import skipIfFeature
from oeqa.runtime.decorator.package import OEHasPackage
import re
@@ -21,12 +22,14 @@
self.logger.debug('Starting systemd-timesyncd daemon')
self.target.run('systemctl enable --now --runtime systemd-timesyncd')
+ @skipIfFeature('read-only-rootfs',
+ 'Test does not work with read-only-rootfs in IMAGE_FEATURES')
@OETestDepends(['ssh.SSHTest.test_ssh'])
@OEHasPackage(['coreutils', 'busybox'])
def test_rtc(self):
(status, output) = self.target.run('hwclock -r')
self.assertEqual(status, 0, msg='Failed to get RTC time, output: %s' % output)
-
+
(status, current_datetime) = self.target.run('date +"%m%d%H%M%Y"')
self.assertEqual(status, 0, msg='Failed to get system current date & time, output: %s' % current_datetime)
@@ -37,7 +40,6 @@
(status, output) = self.target.run('date %s' % current_datetime)
self.assertEqual(status, 0, msg='Failed to reset system date & time, output: %s' % output)
-
+
(status, output) = self.target.run('hwclock -w')
self.assertEqual(status, 0, msg='Failed to reset RTC time, output: %s' % output)
-
diff --git a/poky/meta/lib/oeqa/runtime/cases/systemd.py b/poky/meta/lib/oeqa/runtime/cases/systemd.py
index 720b4b5..37f2954 100644
--- a/poky/meta/lib/oeqa/runtime/cases/systemd.py
+++ b/poky/meta/lib/oeqa/runtime/cases/systemd.py
@@ -154,7 +154,7 @@
"""
# The expression chain that uniquely identifies the time boot message.
- expr_items=['Startup finished', 'kernel', 'userspace','\.$']
+ expr_items=['Startup finished', 'kernel', 'userspace', r'\.$']
try:
output = self.journalctl(args='-o cat --reverse')
except AssertionError:
diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py
index 8092dd0..0c5d186 100644
--- a/poky/meta/lib/oeqa/runtime/context.py
+++ b/poky/meta/lib/oeqa/runtime/context.py
@@ -67,11 +67,11 @@
% self.default_target_type)
runtime_group.add_argument('--target-ip', action='store',
default=self.default_target_ip,
- help="IP address of device under test, default: %s" \
+ help="IP address and optionally ssh port (default 22) of device under test, for example '192.168.0.7:22'. Default: %s" \
% self.default_target_ip)
runtime_group.add_argument('--server-ip', action='store',
default=self.default_target_ip,
- help="IP address of device under test, default: %s" \
+ help="IP address of the test host from test target machine, default: %s" \
% self.default_server_ip)
runtime_group.add_argument('--host-dumper-dir', action='store',
diff --git a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py
index ee515be..147ee3e 100644
--- a/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/poky/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -35,7 +35,7 @@
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
- log = self._run("meson -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
+ log = self._run("meson --warnlevel 1 -Degl=no -Dglx=no -Dx11=false {build} {source}".format(**dirs))
# Check that Meson thinks we're doing a cross build and not a native
self.assertIn("Build type: cross build", log)
self._run("ninja -C {build} -v".format(**dirs))
diff --git a/poky/meta/lib/oeqa/sdkext/cases/devtool.py b/poky/meta/lib/oeqa/sdkext/cases/devtool.py
index a5c6a76..5ffb732 100644
--- a/poky/meta/lib/oeqa/sdkext/cases/devtool.py
+++ b/poky/meta/lib/oeqa/sdkext/cases/devtool.py
@@ -112,7 +112,7 @@
cmd = 'oe-publish-sdk %s %s' % (tcname_new, self.publish_dir)
subprocess.check_output(cmd, shell=True)
- self.http_service = HTTPService(self.publish_dir)
+ self.http_service = HTTPService(self.publish_dir, logger=self.logger)
self.http_service.start()
self.http_url = "http://127.0.0.1:%d" % self.http_service.port
diff --git a/poky/meta/lib/oeqa/selftest/cases/cve_check.py b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
index ac47af1..9534c97 100644
--- a/poky/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/poky/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -54,6 +54,25 @@
self.assertTrue( result ,msg="Failed to compare version with suffix '1.0_patch2' < '1.0_patch3'")
+ def test_convert_cve_version(self):
+ from oe.cve_check import convert_cve_version
+
+ # Default format
+ self.assertEqual(convert_cve_version("8.3"), "8.3")
+ self.assertEqual(convert_cve_version(""), "")
+
+ # OpenSSL format version
+ self.assertEqual(convert_cve_version("1.1.1t"), "1.1.1t")
+
+ # OpenSSH format
+ self.assertEqual(convert_cve_version("8.3_p1"), "8.3p1")
+ self.assertEqual(convert_cve_version("8.3_p22"), "8.3p22")
+
+ # Linux kernel format
+ self.assertEqual(convert_cve_version("6.2_rc8"), "6.2-rc8")
+ self.assertEqual(convert_cve_version("6.2_rc31"), "6.2-rc31")
+
+
def test_recipe_report_json(self):
config = """
INHERIT += "cve-check"
diff --git a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py
index 3c40119..37f5176 100644
--- a/poky/meta/lib/oeqa/selftest/cases/debuginfod.py
+++ b/poky/meta/lib/oeqa/selftest/cases/debuginfod.py
@@ -12,6 +12,36 @@
class Debuginfod(OESelftestTestCase):
+
+ def wait_for_debuginfod(self, port):
+ """
+ debuginfod takes time to scan the packages and requesting too early may
+ result in a test failure if the right packages haven't been scanned yet.
+
+ Request the metrics endpoint periodically and wait for there to be no
+ busy scanning threads.
+
+ Returns True if debuginfod is ready, False if we timed out
+ """
+ import time, urllib
+
+ # Wait a minute
+ countdown = 6
+ delay = 10
+
+ while countdown:
+ time.sleep(delay)
+ try:
+ with urllib.request.urlopen("http://localhost:%d/metrics" % port) as f:
+ lines = f.read().decode("ascii").splitlines()
+ if "thread_busy{role=\"scan\"} 0" in lines:
+ return True
+ except urllib.error.URLError as e:
+ self.logger.error(e)
+ countdown -= 1
+ return False
+
+
def test_debuginfod(self):
self.write_config(
"""
@@ -25,29 +55,50 @@
cmd = [
os.path.join(native_sysroot, "usr", "bin", "debuginfod"),
"--verbose",
+ # In-memory database, this is a one-shot test
"--database=:memory:",
+ # Don't use all the host cores
+ "--concurrency=8",
+ "--connection-pool=8",
+ # Disable rescanning, this is a one-shot test
+ "--rescan-time=0",
+ "--groom-time=0",
get_bb_var("DEPLOY_DIR"),
]
- for format in get_bb_var("PACKAGE_CLASSES").split():
- if format == "package_deb":
- cmd.append("--scan-deb-dir")
- elif format == "package_ipk":
- cmd.append("--scan-deb-dir")
- elif format == "package_rpm":
- cmd.append("--scan-rpm-dir")
+
+ format = get_bb_var("PACKAGE_CLASSES").split()[0]
+ if format == "package_deb":
+ cmd.append("--scan-deb-dir")
+ elif format == "package_ipk":
+ cmd.append("--scan-deb-dir")
+ elif format == "package_rpm":
+ cmd.append("--scan-rpm-dir")
+ else:
+ self.fail("Unknown package class %s" % format)
+
# Find a free port
with socketserver.TCPServer(("localhost", 0), None) as s:
port = s.server_address[1]
cmd.append("--port=%d" % port)
try:
- debuginfod = subprocess.Popen(cmd)
+ # Remove DEBUGINFOD_URLS from the environment so we don't try
+ # looking in the distro debuginfod
+ env = os.environ.copy()
+ if "DEBUGINFOD_URLS" in env:
+ del env["DEBUGINFOD_URLS"]
+
+ self.logger.info(f"Starting server {cmd}")
+ debuginfod = subprocess.Popen(cmd, env=env)
with runqemu("core-image-minimal", runqemuparams="nographic") as qemu:
+ self.assertTrue(self.wait_for_debuginfod(port))
+
cmd = (
"DEBUGINFOD_URLS=http://%s:%d/ debuginfod-find debuginfo /usr/bin/debuginfod"
% (qemu.server_ip, port)
)
+ self.logger.info(f"Starting client {cmd}")
status, output = qemu.run_serial(cmd)
# This should be more comprehensive
self.assertIn("/.cache/debuginfod_client/", output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/devtool.py b/poky/meta/lib/oeqa/selftest/cases/devtool.py
index 142932e..877d77d 100644
--- a/poky/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/devtool.py
@@ -276,6 +276,7 @@
cls.sstate_conf = 'SSTATE_DIR = "%s"\n' % cls.devtool_sstate
cls.sstate_conf += ('SSTATE_MIRRORS += "file://.* file:///%s/PATH"\n'
% cls.original_sstate)
+ cls.sstate_conf += ('BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"\n')
@classmethod
def tearDownClass(cls):
@@ -954,7 +955,7 @@
def test_devtool_update_recipe_git(self):
# Check preconditions
- testrecipe = 'mtd-utils'
+ testrecipe = 'mtd-utils-selftest'
bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe)
recipefile = bb_vars['FILE']
src_uri = bb_vars['SRC_URI']
@@ -1075,7 +1076,7 @@
def test_devtool_update_recipe_append_git(self):
# Check preconditions
- testrecipe = 'mtd-utils'
+ testrecipe = 'mtd-utils-selftest'
bb_vars = get_bb_vars(['FILE', 'SRC_URI'], testrecipe)
recipefile = bb_vars['FILE']
src_uri = bb_vars['SRC_URI']
diff --git a/poky/meta/lib/oeqa/selftest/cases/externalsrc.py b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py
new file mode 100644
index 0000000..1d800dc
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/externalsrc.py
@@ -0,0 +1,44 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+import shutil
+import tempfile
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import get_bb_var, runCmd
+
+class ExternalSrc(OESelftestTestCase):
+ # test that srctree_hash_files does not crash
+ # we should be actually checking do_compile[file-checksums] but oeqa currently does not support it
+ # so we check only that a recipe with externalsrc can be parsed
+ def test_externalsrc_srctree_hash_files(self):
+ test_recipe = "git-submodule-test"
+ git_url = "git://git.yoctoproject.org/git-submodule-test"
+ externalsrc_dir = tempfile.TemporaryDirectory(prefix="externalsrc").name
+
+ self.write_config(
+ """
+INHERIT += "externalsrc"
+EXTERNALSRC:pn-%s = "%s"
+""" % (test_recipe, externalsrc_dir)
+ )
+
+ # test with git without submodules
+ runCmd('git clone %s %s' % (git_url, externalsrc_dir))
+ os.unlink(externalsrc_dir + "/.gitmodules")
+ open(".gitmodules", 'w').close() # local file .gitmodules in cwd should not affect externalsrc parsing
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
+ os.unlink(".gitmodules")
+
+ # test with git with submodules
+ runCmd('git checkout .gitmodules', cwd=externalsrc_dir)
+ runCmd('git submodule update --init --recursive', cwd=externalsrc_dir)
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
+
+ # test without git
+ shutil.rmtree(os.path.join(externalsrc_dir, ".git"))
+ self.assertEqual(get_bb_var("S", test_recipe), externalsrc_dir, msg = "S does not equal to EXTERNALSRC")
diff --git a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py
index 5897a39..2d0b805 100644
--- a/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py
+++ b/poky/meta/lib/oeqa/selftest/cases/lic_checksum.py
@@ -28,6 +28,7 @@
SRC_URI = "file://%s;md5=d41d8cd98f00b204e9800998ecf8427e"
""" % (urllib.parse.quote(lic_path), urllib.parse.quote(lic_path)))
result = bitbake(bitbake_cmd)
+ self.delete_recipeinc('emptytest')
# Verify that changing a license file that has an absolute path causes
@@ -53,5 +54,6 @@
f.write("data")
result = bitbake(bitbake_cmd, ignore_status=True)
+ self.delete_recipeinc('emptytest')
if error_msg not in result.output:
raise AssertionError(result.output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/locales.py b/poky/meta/lib/oeqa/selftest/cases/locales.py
new file mode 100644
index 0000000..433991a
--- /dev/null
+++ b/poky/meta/lib/oeqa/selftest/cases/locales.py
@@ -0,0 +1,45 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.core.decorator import OETestTag
+from oeqa.utils.commands import bitbake, runqemu
+
+class LocalesTest(OESelftestTestCase):
+
+ @OETestTag("runqemu")
+ def test_locales_on(self):
+ """
+ Summary: Test the locales are generated
+ Expected: 1. Check the locale exist in the locale-archive
+ 2. Check the locale exist for the glibc
+ 3. Check the locale can be generated
+ Product: oe-core
+ Author: Louis Rannou <lrannou@baylibre.com>
+ AutomatedBy: Louis Rannou <lrannou@baylibre.com>
+ """
+
+ features = []
+ features.append('EXTRA_IMAGE_FEATURES = "empty-root-password allow-empty-password allow-root-login"')
+ features.append('IMAGE_INSTALL:append = " glibc-utils localedef"')
+ features.append('GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8"')
+ features.append('IMAGE_LINGUAS:append = " en-us fr-fr"')
+ features.append('ENABLE_BINARY_LOCALE_GENERATION = "1"')
+ self.write_config("\n".join(features))
+
+ # Build a core-image-minimal
+ bitbake('core-image-minimal')
+
+ with runqemu("core-image-minimal", ssh=False, runqemuparams='nographic') as qemu:
+ cmd = "locale -a"
+ status, output = qemu.run_serial(cmd)
+ # output must includes fr_FR or fr_FR.UTF-8
+ self.assertEqual(status, 1, msg='locale test command failed: output: %s' % output)
+ self.assertIn("fr_FR", output, msg='locale -a test failed: output: %s' % output)
+
+ cmd = "localedef --list-archive -v"
+ status, output = qemu.run_serial(cmd)
+ # output must includes fr_FR.utf8
+ self.assertEqual(status, 1, msg='localedef test command failed: output: %s' % output)
+ self.assertIn("fr_FR.utf8", output, msg='localedef test failed: output: %s' % output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/package.py b/poky/meta/lib/oeqa/selftest/cases/package.py
index 2d1b48a..cc09a14 100644
--- a/poky/meta/lib/oeqa/selftest/cases/package.py
+++ b/poky/meta/lib/oeqa/selftest/cases/package.py
@@ -89,6 +89,13 @@
self.assertEqual(status - 100, sort, "%s %s (%d) failed" % (ver1, ver2, sort))
class PackageTests(OESelftestTestCase):
+ # Verify that a recipe cannot rename a package into an existing one
+ def test_package_name_conflict(self):
+ res = bitbake("packagenameconflict", ignore_status=True)
+ self.assertNotEqual(res.status, 0)
+ err = "package name already exists"
+ self.assertTrue(err in res.output)
+
# Verify that a recipe which sets up hardlink files has those preserved into split packages
# Also test file sparseness is preserved
def test_preserve_sparse_hardlinks(self):
diff --git a/poky/meta/lib/oeqa/selftest/cases/prservice.py b/poky/meta/lib/oeqa/selftest/cases/prservice.py
index cb95503..9fe3b80 100644
--- a/poky/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/poky/meta/lib/oeqa/selftest/cases/prservice.py
@@ -77,7 +77,7 @@
exported_db_path = os.path.join(self.builddir, 'export.inc')
export_result = runCmd("bitbake-prserv-tool export %s" % exported_db_path, ignore_status=True)
self.assertEqual(export_result.status, 0, msg="PR Service database export failed: %s" % export_result.output)
- self.assertTrue(os.path.exists(exported_db_path))
+ self.assertTrue(os.path.exists(exported_db_path), msg="%s didn't exist, tool output %s" % (exported_db_path, export_result.output))
if replace_current_db:
current_db_path = os.path.join(get_bb_var('PERSISTENT_DIR'), 'prserv.sqlite3')
diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
index 25b06cd..b193f0f 100644
--- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -581,7 +581,10 @@
commonlicdir = get_bb_var('COMMON_LICENSE_DIR')
- d = bb.tinfoil.TinfoilDataStoreConnector
+ class DataConnectorCopy(bb.tinfoil.TinfoilDataStoreConnector):
+ pass
+
+ d = DataConnectorCopy
d.getVar = Mock(return_value=commonlicdir)
srctree = tempfile.mkdtemp(prefix='recipetoolqa')
diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
index f4dd779..cd7aa8a 100644
--- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -292,9 +292,13 @@
self.copy_file(d.reference, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.reference)]))
self.copy_file(d.test, '/'.join([save_dir, 'packages-excluded', strip_topdir(d.test)]))
- if result.missing or result.different:
- fails.append("The following %s packages are missing or different and not in exclusion list: %s" %
- (c, '\n'.join(r.test for r in (result.missing + result.different))))
+ if result.different:
+ fails.append("The following %s packages are different and not in exclusion list:\n%s" %
+ (c, '\n'.join(r.test for r in (result.different))))
+
+ if result.missing and len(self.sstate_targets) == 0:
+ fails.append("The following %s packages are missing and not in exclusion list:\n%s" %
+ (c, '\n'.join(r.test for r in (result.missing))))
# Clean up empty directories
if self.save_results:
diff --git a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py
index c2e76f1..efdfd98 100644
--- a/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py
+++ b/poky/meta/lib/oeqa/selftest/cases/resulttooltests.py
@@ -71,7 +71,7 @@
self.assertTrue('target_result1' in results['runtime/mydistro/qemux86/image'], msg="Pair not correct:%s" % results)
self.assertTrue('target_result3' in results['runtime/mydistro/qemux86-64/image'], msg="Pair not correct:%s" % results)
- def test_regrresion_can_get_regression_result(self):
+ def test_regression_can_get_regression_result(self):
base_result_data = {'result': {'test1': {'status': 'PASSED'},
'test2': {'status': 'PASSED'},
'test3': {'status': 'FAILED'},
diff --git a/poky/meta/lib/oeqa/selftest/cases/runqemu.py b/poky/meta/lib/oeqa/selftest/cases/runqemu.py
index c1d277a..d3eeee3 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runqemu.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runqemu.py
@@ -4,13 +4,13 @@
# SPDX-License-Identifier: MIT
#
+import os
import re
-import tempfile
import time
import oe.types
from oeqa.core.decorator import OETestTag
from oeqa.selftest.case import OESelftestTestCase
-from oeqa.utils.commands import bitbake, runqemu, get_bb_var, runCmd
+from oeqa.utils.commands import bitbake, runqemu, get_bb_var
@OETestTag("runqemu")
class RunqemuTests(OESelftestTestCase):
@@ -57,14 +57,16 @@
cmd = "%s %s ext4" % (self.cmd_common, self.machine)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('rootfs.ext4', f.read(), "Failed: %s" % cmd)
+ regexp = r'\nROOTFS: .*\.ext4]\n'
+ self.assertRegex(f.read(), regexp, "Failed to find '%s' in '%s' after running '%s'" % (regexp, qemu.qemurunnerlog, cmd))
def test_boot_machine_iso(self):
"""Test runqemu machine iso"""
cmd = "%s %s iso" % (self.cmd_common, self.machine)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('media=cdrom', f.read(), "Failed: %s" % cmd)
+ text_in = 'media=cdrom'
+ self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd))
def test_boot_recipe_image(self):
"""Test runqemu recipe-image"""
@@ -79,14 +81,16 @@
cmd = "%s %s wic.vmdk" % (self.cmd_common, self.recipe)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('format=vmdk', f.read(), "Failed: %s" % cmd)
+ text_in = 'format=vmdk'
+ self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd))
def test_boot_recipe_image_vdi(self):
"""Test runqemu recipe-image vdi"""
cmd = "%s %s wic.vdi" % (self.cmd_common, self.recipe)
with runqemu(self.recipe, ssh=False, launch_cmd=cmd) as qemu:
with open(qemu.qemurunnerlog) as f:
- self.assertIn('format=vdi', f.read(), "Failed: %s" % cmd)
+ text_in = 'format=vdi'
+ self.assertIn(text_in, f.read(), "Failed to find '%s' in '%s' after running '%s'" % (text_in, qemu.qemurunnerlog, cmd))
def test_boot_deploy(self):
"""Test runqemu deploy_dir_image"""
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index fe83b24..533b5d7 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -254,7 +254,8 @@
import subprocess, os
distro = oe.lsb.distro_identifier()
- if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or distro.startswith('almalinux')):
+ if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or
+ distro.startswith('almalinux') or distro.startswith('rocky')):
self.skipTest('virgl headless cannot be tested with %s' %(distro))
render_hint = """If /dev/dri/renderD* is absent due to lack of suitable GPU, 'modprobe vgem' will create one suitable for mesa llvmpipe software renderer."""
@@ -265,7 +266,7 @@
except FileNotFoundError:
self.fail("/dev/dri directory does not exist; no render nodes available on this machine. %s" %(render_hint))
try:
- dripath = subprocess.check_output("pkg-config --variable=dridriverdir dri", shell=True)
+ dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True)
except subprocess.CalledProcessError as e:
self.fail("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.")
qemu_distrofeatures = get_bb_var('DISTRO_FEATURES', 'qemu-system-native')
diff --git a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py
index 0a66615..dd13c20 100644
--- a/poky/meta/lib/oeqa/selftest/cases/tinfoil.py
+++ b/poky/meta/lib/oeqa/selftest/cases/tinfoil.py
@@ -66,6 +66,20 @@
localdata.setVar('PN', 'hello')
self.assertEqual('hello', localdata.getVar('BPN'))
+ # The config_data API tp parse_recipe_file is used by:
+ # layerindex-web layerindex/update_layer.py
+ def test_parse_recipe_custom_data(self):
+ with bb.tinfoil.Tinfoil() as tinfoil:
+ tinfoil.prepare(config_only=False, quiet=2)
+ localdata = bb.data.createCopy(tinfoil.config_data)
+ localdata.setVar("TESTVAR", "testval")
+ testrecipe = 'mdadm'
+ best = tinfoil.find_best_provider(testrecipe)
+ if not best:
+ self.fail('Unable to find recipe providing %s' % testrecipe)
+ rd = tinfoil.parse_recipe_file(best[3], config_data=localdata)
+ self.assertEqual("testval", rd.getVar('TESTVAR'))
+
def test_list_recipes(self):
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=False, quiet=2)
diff --git a/poky/meta/lib/oeqa/selftest/context.py b/poky/meta/lib/oeqa/selftest/context.py
index 78c7a46..0e3244a 100644
--- a/poky/meta/lib/oeqa/selftest/context.py
+++ b/poky/meta/lib/oeqa/selftest/context.py
@@ -86,17 +86,27 @@
oe.path.copytree(builddir + "/cache", newbuilddir + "/cache")
oe.path.copytree(selftestdir, newselftestdir)
+ subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
+
+ # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow
+ subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True)
+
+ # Relative paths in BBLAYERS only works when the new build dir share the same ascending node
+ if self.newbuilddir:
+ bblayers = subprocess.check_output("bitbake-getvar --value BBLAYERS | tail -1", cwd=builddir, shell=True, text=True)
+ if '..' in bblayers:
+ bblayers_abspath = [os.path.abspath(path) for path in bblayers.split()]
+ with open("%s/conf/bblayers.conf" % newbuilddir, "a") as f:
+ newbblayers = "# new bblayers to be used by selftest in the new build dir '%s'\n" % newbuilddir
+ newbblayers += 'BBLAYERS = "%s"\n' % ' '.join(bblayers_abspath)
+ f.write(newbblayers)
+
for e in os.environ:
if builddir + "/" in os.environ[e]:
os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
if os.environ[e].endswith(builddir):
os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
- subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
-
- # Tried to used bitbake-layers add/remove but it requires recipe parsing and hence is too slow
- subprocess.check_output("sed %s/conf/bblayers.conf -i -e 's#%s#%s#g'" % (newbuilddir, selftestdir, newselftestdir), cwd=newbuilddir, shell=True)
-
os.chdir(newbuilddir)
def patch_test(t):
diff --git a/poky/meta/lib/oeqa/targetcontrol.py b/poky/meta/lib/oeqa/targetcontrol.py
index 1fdff82..f5f2ce2 100644
--- a/poky/meta/lib/oeqa/targetcontrol.py
+++ b/poky/meta/lib/oeqa/targetcontrol.py
@@ -7,18 +7,14 @@
# This module is used by testimage.bbclass for setting up and controlling a target machine.
import os
-import shutil
import subprocess
import bb
-import traceback
-import sys
import logging
from oeqa.utils.sshcontrol import SSHControl
from oeqa.utils.qemurunner import QemuRunner
from oeqa.utils.qemutinyrunner import QemuTinyRunner
from oeqa.utils.dump import TargetDumper
from oeqa.utils.dump import MonitorDumper
-from oeqa.controllers.testtargetloader import TestTargetLoader
from abc import ABCMeta, abstractmethod
class BaseTarget(object, metaclass=ABCMeta):
@@ -145,7 +141,7 @@
boottime = int(d.getVar("TEST_QEMUBOOT_TIMEOUT")),
use_kvm = use_kvm,
dump_dir = dump_dir,
- dump_host_cmds = d.getVar("testimage_dump_host"),
+ dump_host_cmds = dump_host_cmds,
logger = logger,
tmpfsdir = d.getVar("RUNQEMU_TMPFS_DIR"),
serial_ports = len(d.getVar("SERIAL_CONSOLES").split()))
@@ -205,7 +201,7 @@
self.server_ip = self.runner.server_ip
self.connection = SSHControl(ip=self.ip, logfile=self.sshlog)
else:
- raise RuntimError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn)
+ raise RuntimeError("%s - FAILED to re-start qemu - check the task log and the boot log" % self.pn)
def run_serial(self, command, timeout=60):
return self.runner.run_serial(command, timeout=timeout)
diff --git a/poky/meta/lib/oeqa/utils/commands.py b/poky/meta/lib/oeqa/utils/commands.py
index f733fcd..473aa38 100644
--- a/poky/meta/lib/oeqa/utils/commands.py
+++ b/poky/meta/lib/oeqa/utils/commands.py
@@ -8,11 +8,8 @@
# This module is mainly used by scripts/oe-selftest and modules under meta/oeqa/selftest
# It provides a class and methods for running commands on the host in a convienent way for tests.
-
-
import os
import sys
-import signal
import subprocess
import threading
import time
@@ -21,6 +18,7 @@
from oeqa.utils import ftools
import re
import contextlib
+import errno
# Export test doesn't require bb
try:
import bb
@@ -85,7 +83,7 @@
except OSError as ex:
# It's not an error when the command does not consume all
# of our data. subprocess.communicate() also ignores that.
- if ex.errno != EPIPE:
+ if ex.errno != errno.EPIPE:
raise
# We write in a separate thread because then we can read
diff --git a/poky/meta/lib/oeqa/utils/dump.py b/poky/meta/lib/oeqa/utils/dump.py
index bcee03b..d420b49 100644
--- a/poky/meta/lib/oeqa/utils/dump.py
+++ b/poky/meta/lib/oeqa/utils/dump.py
@@ -93,37 +93,55 @@
self._write_dump(cmd.split()[0], result.output)
class TargetDumper(BaseDumper):
- """ Class to get dumps from target, it only works with QemuRunner """
+ """ Class to get dumps from target, it only works with QemuRunner.
+ Will give up permanently after 5 errors from running commands over
+ serial console. This helps to end testing when target is really dead, hanging
+ or unresponsive.
+ """
def __init__(self, cmds, parent_dir, runner):
super(TargetDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+ self.errors = 0
def dump_target(self, dump_dir=""):
+ if self.errors >= 5:
+ print("Too many errors when dumping data from target, assuming it is dead! Will not dump data anymore!")
+ return
if dump_dir:
self.dump_dir = dump_dir
for cmd in self.cmds:
# We can continue with the testing if serial commands fail
try:
(status, output) = self.runner.run_serial(cmd)
+ if status == 0:
+ self.errors = self.errors + 1
self._write_dump(cmd.split()[0], output)
except:
+ self.errors = self.errors + 1
print("Tried to dump info from target but "
"serial console failed")
print("Failed CMD: %s" % (cmd))
class MonitorDumper(BaseDumper):
- """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner """
+ """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner
+ Will stop completely if there are more than 5 errors when dumping monitor data.
+ This helps to end testing when target is really dead, hanging or unresponsive.
+ """
def __init__(self, cmds, parent_dir, runner):
super(MonitorDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+ self.errors = 0
def dump_monitor(self, dump_dir=""):
if self.runner is None:
return
if dump_dir:
self.dump_dir = dump_dir
+ if self.errors >= 5:
+ print("Too many errors when dumping data from qemu monitor, assuming it is dead! Will not dump data anymore!")
+ return
for cmd in self.cmds:
cmd_name = cmd.split()[0]
try:
@@ -137,4 +155,5 @@
output = self.runner.run_monitor(cmd_name)
self._write_dump(cmd_name, output)
except Exception as e:
+ self.errors = self.errors + 1
print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e))
diff --git a/poky/meta/lib/oeqa/utils/httpserver.py b/poky/meta/lib/oeqa/utils/httpserver.py
index 8ce1dd4..5860b0a 100644
--- a/poky/meta/lib/oeqa/utils/httpserver.py
+++ b/poky/meta/lib/oeqa/utils/httpserver.py
@@ -40,6 +40,12 @@
self.port = self.server.server_port
self.process = multiprocessing.Process(target=self.server.server_start, args=[self.root_dir, self.logger])
+ def handle_error(self, request, client_address):
+ import traceback
+ exception = traceback.format_exc()
+ self.logger.warn("Exception when handling %s: %s" % (request, exception))
+ self.server.handle_error = handle_error
+
# The signal handler from testimage.bbclass can cause deadlocks here
# if the HTTPServer is terminated before it can restore the standard
#signal behaviour
diff --git a/poky/meta/lib/oeqa/utils/qemurunner.py b/poky/meta/lib/oeqa/utils/qemurunner.py
index 6a85f57..a455b3b 100644
--- a/poky/meta/lib/oeqa/utils/qemurunner.py
+++ b/poky/meta/lib/oeqa/utils/qemurunner.py
@@ -198,7 +198,7 @@
qmp_file = "." + next(tempfile._get_candidate_names())
qmp_param = ' -S -qmp unix:./%s,server,wait' % (qmp_file)
qmp_port = self.tmpdir + "/" + qmp_file
- # Create a second socket connection for debugging use,
+ # Create a second socket connection for debugging use,
# note this will NOT cause qemu to block waiting for the connection
qmp_file2 = "." + next(tempfile._get_candidate_names())
qmp_param += ' -qmp unix:./%s,server,nowait' % (qmp_file2)
@@ -346,6 +346,8 @@
return False
try:
+ # set timeout value for all QMP calls
+ self.qmp.settimeout(self.runqemutime)
self.qmp.connect()
connect_time = time.time()
self.logger.info("QMP connected to QEMU at %s and took %s seconds" %
@@ -463,6 +465,8 @@
socklist.remove(self.server_socket)
self.logger.debug("Connection from %s:%s" % addr)
else:
+ # try to avoid reading only a single character at a time
+ time.sleep(0.1)
data = data + sock.recv(1024)
if data:
bootlog += data
@@ -507,7 +511,7 @@
(status, output) = self.run_serial(self.boot_patterns['send_login_user'], raw=True, timeout=120)
if re.search(self.boot_patterns['search_login_succeeded'], output):
self.logged = True
- self.logger.debug("Logged as root in serial console")
+ self.logger.debug("Logged in as %s in serial console" % self.boot_patterns['send_login_user'].replace("\n", ""))
if netconf:
# configure guest networking
cmd = "ifconfig eth0 %s netmask %s up\n" % (self.ip, self.netmask)
@@ -518,7 +522,7 @@
self.logger.debug("Couldn't configure guest networking")
else:
self.logger.warning("Couldn't login into serial console"
- " as root using blank password")
+ " as %s using blank password" % self.boot_patterns['send_login_user'].replace("\n", ""))
self.logger.warning("The output:\n%s" % output)
except:
self.logger.warning("Serial console failed while trying to login")
@@ -538,10 +542,13 @@
except OSError as e:
if e.errno != errno.ESRCH:
raise
- endtime = time.time() + self.runqemutime
- while self.runqemu.poll() is None and time.time() < endtime:
- time.sleep(1)
- if self.runqemu.poll() is None:
+ try:
+ outs, errs = self.runqemu.communicate(timeout = self.runqemutime)
+ if outs:
+ self.logger.info("Output from runqemu:\n%s", outs.decode("utf-8"))
+ if errs:
+ self.logger.info("Stderr from runqemu:\n%s", errs.decode("utf-8"))
+ except TimeoutExpired:
self.logger.debug("Sending SIGKILL to runqemu")
os.killpg(os.getpgid(self.runqemu.pid), signal.SIGKILL)
if not self.runqemu.stdout.closed:
@@ -618,6 +625,7 @@
def run_monitor(self, command, args=None, timeout=60):
if hasattr(self, 'qmp') and self.qmp:
+ self.qmp.settimeout(timeout)
if args is not None:
return self.qmp.cmd(command, args)
else:
@@ -645,6 +653,8 @@
except InterruptedError:
continue
if sread:
+ # try to avoid reading single character at a time
+ time.sleep(0.1)
answer = self.server_socket.recv(1024)
if answer:
data += answer.decode('utf-8')
diff --git a/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
new file mode 100644
index 0000000..efa00a3
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
@@ -0,0 +1,115 @@
+From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001
+From: Zhang Boyang <zhangboyang.id@gmail.com>
+Date: Fri, 5 Aug 2022 00:51:20 +0800
+Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
+
+The length of memory allocation and file read may overflow. This patch
+fixes the problem by using safemath macros.
+
+There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
+if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
+It is safe replacement for such code. It has safemath-like prototype.
+
+This patch also introduces grub_cast(value, pointer), it casts value to
+typeof(*pointer) then store the value to *pointer. It returns true when
+overflow occurs or false if there is no overflow. The semantics of arguments
+and return value are designed to be consistent with other safemath macros.
+
+Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+
+---
+ grub-core/font/font.c | 17 +++++++++++++----
+ include/grub/bitmap.h | 18 ++++++++++++++++++
+ include/grub/safemath.h | 2 ++
+ 3 files changed, 33 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index d09bb38..876b5b6 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
+ grub_int16_t xoff;
+ grub_int16_t yoff;
+ grub_int16_t dwidth;
+- int len;
++ grub_ssize_t len;
++ grub_size_t sz;
+
+ if (index_entry->glyph)
+ /* Return cached glyph. */
+@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
+ return 0;
+ }
+
+- len = (width * height + 7) / 8;
+- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
+- if (!glyph)
++ /* Calculate real struct size of current glyph. */
++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
++ grub_add (sizeof (struct grub_font_glyph), len, &sz))
++ {
++ remove_font (font);
++ return 0;
++ }
++
++ /* Allocate and initialize the glyph struct. */
++ glyph = grub_malloc (sz);
++ if (glyph == NULL)
+ {
+ remove_font (font);
+ return 0;
+diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
+index 5728f8c..0d9603f 100644
+--- a/include/grub/bitmap.h
++++ b/include/grub/bitmap.h
+@@ -23,6 +23,7 @@
+ #include <grub/symbol.h>
+ #include <grub/types.h>
+ #include <grub/video.h>
++#include <grub/safemath.h>
+
+ struct grub_video_bitmap
+ {
+@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap)
+ return bitmap->mode_info.height;
+ }
+
++/*
++ * Calculate and store the size of data buffer of 1bit bitmap in result.
++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
++ * Return true when overflow occurs or false if there is no overflow.
++ * This function is intentionally implemented as a macro instead of
++ * an inline function. Although a bit awkward, it preserves data types for
++ * safemath macros and reduces macro side effects as much as possible.
++ *
++ * XXX: Will report false overflow if width * height > UINT64_MAX.
++ */
++#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \
++({ \
++ grub_uint64_t _bitmap_pixels; \
++ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \
++ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \
++})
++
+ void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap,
+ struct grub_video_mode_info *mode_info);
+
+diff --git a/include/grub/safemath.h b/include/grub/safemath.h
+index c17b89b..bb0f826 100644
+--- a/include/grub/safemath.h
++++ b/include/grub/safemath.h
+@@ -30,6 +30,8 @@
+ #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
+ #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+
++#define grub_cast(a, res) grub_add ((a), 0, (res))
++
+ #else
+ #error gcc 5.1 or newer or clang 3.8 or newer is required
+ #endif
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch
new file mode 100644
index 0000000..727c509
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-2601.patch
@@ -0,0 +1,85 @@
+From e8060722acf0bcca037982d7fb29472363ccdfd4 Mon Sep 17 00:00:00 2001
+From: Zhang Boyang <zhangboyang.id@gmail.com>
+Date: Fri, 5 Aug 2022 01:58:27 +0800
+Subject: [PATCH] font: Fix several integer overflows in
+ grub_font_construct_glyph()
+
+This patch fixes several integer overflows in grub_font_construct_glyph().
+Glyphs of invalid size, zero or leading to an overflow, are rejected.
+The inconsistency between "glyph" and "max_glyph_size" when grub_malloc()
+returns NULL is fixed too.
+
+Fixes: CVE-2022-2601
+
+Reported-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e]
+CVE: CVE-2022-2601
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+
+---
+ grub-core/font/font.c | 29 +++++++++++++++++------------
+ 1 file changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 876b5b6..0ff5525 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -1515,6 +1515,7 @@ grub_font_construct_glyph (grub_font_t hinted_font,
+ struct grub_video_signed_rect bounds;
+ static struct grub_font_glyph *glyph = 0;
+ static grub_size_t max_glyph_size = 0;
++ grub_size_t cur_glyph_size;
+
+ ensure_comb_space (glyph_id);
+
+@@ -1531,29 +1532,33 @@ grub_font_construct_glyph (grub_font_t hinted_font,
+ if (!glyph_id->ncomb && !glyph_id->attributes)
+ return main_glyph;
+
+- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT)
++ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) ||
++ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size))
++ return main_glyph;
++
++ if (max_glyph_size < cur_glyph_size)
+ {
+ grub_free (glyph);
+- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2;
+- if (max_glyph_size < 8)
+- max_glyph_size = 8;
+- glyph = grub_malloc (max_glyph_size);
++ if (grub_mul (cur_glyph_size, 2, &max_glyph_size))
++ max_glyph_size = 0;
++ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL;
+ }
+ if (!glyph)
+ {
++ max_glyph_size = 0;
+ grub_errno = GRUB_ERR_NONE;
+ return main_glyph;
+ }
+
+- grub_memset (glyph, 0, sizeof (*glyph)
+- + (bounds.width * bounds.height
+- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT);
++ grub_memset (glyph, 0, cur_glyph_size);
+
+ glyph->font = main_glyph->font;
+- glyph->width = bounds.width;
+- glyph->height = bounds.height;
+- glyph->offset_x = bounds.x;
+- glyph->offset_y = bounds.y;
++ if (bounds.width == 0 || bounds.height == 0 ||
++ grub_cast (bounds.width, &glyph->width) ||
++ grub_cast (bounds.height, &glyph->height) ||
++ grub_cast (bounds.x, &glyph->offset_x) ||
++ grub_cast (bounds.y, &glyph->offset_y))
++ return main_glyph;
+
+ if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR)
+ grub_font_blit_glyph_mirror (glyph, main_glyph,
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch
new file mode 100644
index 0000000..5741e53
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch
@@ -0,0 +1,86 @@
+From 04c86e0bb7b58fc2f913f798cdb18934933e532d Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Apr 2022 11:48:58 +0100
+Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex()
+
+This ports the EFI chainloader to use grub_loader_set_ex() in order to fix
+a use-after-free bug that occurs when grub_cmd_chainloader() is executed
+more than once before a boot attempt is performed.
+
+Fixes: CVE-2022-28736
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-28736
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=04c86e0bb7b58fc2f913f798cdb18934933e532d
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/loader/efi/chainloader.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index d1602c89b..7557eb269 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -44,11 +44,10 @@ GRUB_MOD_LICENSE ("GPLv3+");
+
+ static grub_dl_t my_mod;
+
+-static grub_efi_handle_t image_handle;
+-
+ static grub_err_t
+-grub_chainloader_unload (void)
++grub_chainloader_unload (void *context)
+ {
++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
+ grub_efi_loaded_image_t *loaded_image;
+ grub_efi_boot_services_t *b;
+
+@@ -64,8 +63,9 @@ grub_chainloader_unload (void)
+ }
+
+ static grub_err_t
+-grub_chainloader_boot (void)
++grub_chainloader_boot (void *context)
+ {
++ grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
+ grub_efi_boot_services_t *b;
+ grub_efi_status_t status;
+ grub_efi_uintn_t exit_data_size;
+@@ -225,6 +225,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ grub_efi_physical_address_t address = 0;
+ grub_efi_uintn_t pages = 0;
+ grub_efi_char16_t *cmdline = NULL;
++ grub_efi_handle_t image_handle = NULL;
+
+ if (argc == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+@@ -405,7 +406,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ efi_call_2 (b->free_pages, address, pages);
+ grub_free (file_path);
+
+- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
++ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0);
+ return 0;
+
+ fail:
+@@ -423,10 +424,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ efi_call_2 (b->free_pages, address, pages);
+
+ if (image_handle != NULL)
+- {
+- efi_call_1 (b->unload_image, image_handle);
+- image_handle = NULL;
+- }
++ efi_call_1 (b->unload_image, image_handle);
+
+ grub_dl_unref (my_mod);
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch
new file mode 100644
index 0000000..853efd0
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-3775.patch
@@ -0,0 +1,95 @@
+From fdbe7209152ad6f09a1166f64f162017f2145ba3 Mon Sep 17 00:00:00 2001
+From: Zhang Boyang <zhangboyang.id@gmail.com>
+Date: Mon, 24 Oct 2022 08:05:35 +0800
+Subject: [PATCH] font: Fix an integer underflow in blit_comb()
+
+The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may
+evaluate to a very big invalid value even if both ctx.bounds.height and
+combining_glyphs[i]->height are small integers. For example, if
+ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this
+expression evaluates to 2147483647 (expected -1). This is because
+coordinates are allowed to be negative but ctx.bounds.height is an
+unsigned int. So, the subtraction operates on unsigned ints and
+underflows to a very big value. The division makes things even worse.
+The quotient is still an invalid value even if converted back to int.
+
+This patch fixes the problem by casting ctx.bounds.height to int. As
+a result the subtraction will operate on int and grub_uint16_t which
+will be promoted to an int. So, the underflow will no longer happen. Other
+uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int,
+to ensure coordinates are always calculated on signed integers.
+
+Fixes: CVE-2022-3775
+
+Reported-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af]
+CVE: CVE-2022-3775
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+
+---
+ grub-core/font/font.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index 0ff5525..7b1cbde 100644
+--- a/grub-core/font/font.c
++++ b/grub-core/font/font.c
+@@ -1206,12 +1206,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+ ctx.bounds.height = main_glyph->height;
+
+ above_rightx = main_glyph->offset_x + main_glyph->width;
+- above_righty = ctx.bounds.y + ctx.bounds.height;
++ above_righty = ctx.bounds.y + (int) ctx.bounds.height;
+
+ above_leftx = main_glyph->offset_x;
+- above_lefty = ctx.bounds.y + ctx.bounds.height;
++ above_lefty = ctx.bounds.y + (int) ctx.bounds.height;
+
+- below_rightx = ctx.bounds.x + ctx.bounds.width;
++ below_rightx = ctx.bounds.x + (int) ctx.bounds.width;
+ below_righty = ctx.bounds.y;
+
+ comb = grub_unicode_get_comb (glyph_id);
+@@ -1224,7 +1224,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+
+ if (!combining_glyphs[i])
+ continue;
+- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
++ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x;
+ /* CGJ is to avoid diacritics reordering. */
+ if (comb[i].code
+ == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER)
+@@ -1234,8 +1234,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+ case GRUB_UNICODE_COMB_OVERLAY:
+ do_blit (combining_glyphs[i],
+ targetx,
+- (ctx.bounds.height - combining_glyphs[i]->height) / 2
+- - (ctx.bounds.height + ctx.bounds.y), &ctx);
++ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2
++ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx);
+ if (min_devwidth < combining_glyphs[i]->width)
+ min_devwidth = combining_glyphs[i]->width;
+ break;
+@@ -1308,7 +1308,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+ /* Fallthrough. */
+ case GRUB_UNICODE_STACK_ATTACHED_ABOVE:
+ do_blit (combining_glyphs[i], targetx,
+- -(ctx.bounds.height + ctx.bounds.y + space
++ -((int) ctx.bounds.height + ctx.bounds.y + space
+ + combining_glyphs[i]->height), &ctx);
+ if (min_devwidth < combining_glyphs[i]->width)
+ min_devwidth = combining_glyphs[i]->width;
+@@ -1316,7 +1316,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id,
+
+ case GRUB_UNICODE_COMB_HEBREW_DAGESH:
+ do_blit (combining_glyphs[i], targetx,
+- -(ctx.bounds.height / 2 + ctx.bounds.y
++ -((int) ctx.bounds.height / 2 + ctx.bounds.y
+ + combining_glyphs[i]->height / 2), &ctx);
+ if (min_devwidth < combining_glyphs[i]->width)
+ min_devwidth = combining_glyphs[i]->width;
diff --git a/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch
new file mode 100644
index 0000000..a2c0530
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/commands-boot-Add-API-to-pass-context-to-loader.patch
@@ -0,0 +1,168 @@
+From 14ceb3b3ff6db664649138442b6562c114dcf56e Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Apr 2022 10:58:28 +0100
+Subject: [PATCH] commands/boot: Add API to pass context to loader
+
+Loaders rely on global variables for saving context which is consumed
+in the boot hook and freed in the unload hook. In the case where a loader
+command is executed twice, calling grub_loader_set() a second time executes
+the unload hook, but in some cases this runs when the loader's global
+context has already been updated, resulting in the updated context being
+freed and potential use-after-free bugs when the boot hook is subsequently
+called.
+
+This adds a new API, grub_loader_set_ex(), which allows a loader to specify
+context that is passed to its boot and unload hooks. This is an alternative
+to requiring that loaders call grub_loader_unset() before mutating their
+global context.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=14ceb3b3ff6db664649138442b6562c114dcf56e
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/commands/boot.c | 66 ++++++++++++++++++++++++++++++++++-----
+ include/grub/loader.h | 5 +++
+ 2 files changed, 63 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c
+index bbca81e94..61514788e 100644
+--- a/grub-core/commands/boot.c
++++ b/grub-core/commands/boot.c
+@@ -27,10 +27,20 @@
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+-static grub_err_t (*grub_loader_boot_func) (void);
+-static grub_err_t (*grub_loader_unload_func) (void);
++static grub_err_t (*grub_loader_boot_func) (void *context);
++static grub_err_t (*grub_loader_unload_func) (void *context);
++static void *grub_loader_context;
+ static int grub_loader_flags;
+
++struct grub_simple_loader_hooks
++{
++ grub_err_t (*boot) (void);
++ grub_err_t (*unload) (void);
++};
++
++/* Don't heap allocate this to avoid making grub_loader_set() fallible. */
++static struct grub_simple_loader_hooks simple_loader_hooks;
++
+ struct grub_preboot
+ {
+ grub_err_t (*preboot_func) (int);
+@@ -44,6 +54,29 @@ static int grub_loader_loaded;
+ static struct grub_preboot *preboots_head = 0,
+ *preboots_tail = 0;
+
++static grub_err_t
++grub_simple_boot_hook (void *context)
++{
++ struct grub_simple_loader_hooks *hooks;
++
++ hooks = (struct grub_simple_loader_hooks *) context;
++ return hooks->boot ();
++}
++
++static grub_err_t
++grub_simple_unload_hook (void *context)
++{
++ struct grub_simple_loader_hooks *hooks;
++ grub_err_t ret;
++
++ hooks = (struct grub_simple_loader_hooks *) context;
++
++ ret = hooks->unload ();
++ grub_memset (hooks, 0, sizeof (*hooks));
++
++ return ret;
++}
++
+ int
+ grub_loader_is_loaded (void)
+ {
+@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd)
+ }
+
+ void
+-grub_loader_set (grub_err_t (*boot) (void),
+- grub_err_t (*unload) (void),
+- int flags)
++grub_loader_set_ex (grub_err_t (*boot) (void *context),
++ grub_err_t (*unload) (void *context),
++ void *context,
++ int flags)
+ {
+ if (grub_loader_loaded && grub_loader_unload_func)
+- grub_loader_unload_func ();
++ grub_loader_unload_func (grub_loader_context);
+
+ grub_loader_boot_func = boot;
+ grub_loader_unload_func = unload;
++ grub_loader_context = context;
+ grub_loader_flags = flags;
+
+ grub_loader_loaded = 1;
+ }
+
++void
++grub_loader_set (grub_err_t (*boot) (void),
++ grub_err_t (*unload) (void),
++ int flags)
++{
++ grub_loader_set_ex (grub_simple_boot_hook,
++ grub_simple_unload_hook,
++ &simple_loader_hooks,
++ flags);
++
++ simple_loader_hooks.boot = boot;
++ simple_loader_hooks.unload = unload;
++}
++
+ void
+ grub_loader_unset(void)
+ {
+ if (grub_loader_loaded && grub_loader_unload_func)
+- grub_loader_unload_func ();
++ grub_loader_unload_func (grub_loader_context);
+
+ grub_loader_boot_func = 0;
+ grub_loader_unload_func = 0;
++ grub_loader_context = 0;
+
+ grub_loader_loaded = 0;
+ }
+@@ -158,7 +208,7 @@ grub_loader_boot (void)
+ return err;
+ }
+ }
+- err = (grub_loader_boot_func) ();
++ err = (grub_loader_boot_func) (grub_loader_context);
+
+ for (cur = preboots_tail; cur; cur = cur->prev)
+ if (! err)
+diff --git a/include/grub/loader.h b/include/grub/loader.h
+index b20864282..97f231054 100644
+--- a/include/grub/loader.h
++++ b/include/grub/loader.h
+@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
+ grub_err_t (*unload) (void),
+ int flags);
+
++void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *context),
++ grub_err_t (*unload) (void *context),
++ void *context,
++ int flags);
++
+ /* Unset current loader, if any. */
+ void EXPORT_FUNC (grub_loader_unset) (void);
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch
new file mode 100644
index 0000000..a43025d
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/loader-efi-chainloader-Simplify-the-loader-state.patch
@@ -0,0 +1,129 @@
+From 1469983ebb9674753ad333d37087fb8cb20e1dce Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Apr 2022 10:02:04 +0100
+Subject: [PATCH] loader/efi/chainloader: Simplify the loader state
+
+The chainloader command retains the source buffer and device path passed
+to LoadImage(), requiring the unload hook passed to grub_loader_set() to
+free them. It isn't required to retain this state though - they aren't
+required by StartImage() or anything else in the boot hook, so clean them
+up before grub_cmd_chainloader() finishes.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1469983ebb9674753ad333d37087fb8cb20e1dce
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/loader/efi/chainloader.c | 38 +++++++++++++++++-------------
+ 1 file changed, 21 insertions(+), 17 deletions(-)
+
+diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
+index 2bd80f4db..d1602c89b 100644
+--- a/grub-core/loader/efi/chainloader.c
++++ b/grub-core/loader/efi/chainloader.c
+@@ -44,25 +44,20 @@ GRUB_MOD_LICENSE ("GPLv3+");
+
+ static grub_dl_t my_mod;
+
+-static grub_efi_physical_address_t address;
+-static grub_efi_uintn_t pages;
+-static grub_efi_device_path_t *file_path;
+ static grub_efi_handle_t image_handle;
+-static grub_efi_char16_t *cmdline;
+
+ static grub_err_t
+ grub_chainloader_unload (void)
+ {
++ grub_efi_loaded_image_t *loaded_image;
+ grub_efi_boot_services_t *b;
+
++ loaded_image = grub_efi_get_loaded_image (image_handle);
++ if (loaded_image != NULL)
++ grub_free (loaded_image->load_options);
++
+ b = grub_efi_system_table->boot_services;
+ efi_call_1 (b->unload_image, image_handle);
+- efi_call_2 (b->free_pages, address, pages);
+-
+- grub_free (file_path);
+- grub_free (cmdline);
+- cmdline = 0;
+- file_path = 0;
+
+ grub_dl_unref (my_mod);
+ return GRUB_ERR_NONE;
+@@ -140,7 +135,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
+ char *dir_start;
+ char *dir_end;
+ grub_size_t size;
+- grub_efi_device_path_t *d;
++ grub_efi_device_path_t *d, *file_path;
+
+ dir_start = grub_strchr (filename, ')');
+ if (! dir_start)
+@@ -222,11 +217,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ grub_efi_status_t status;
+ grub_efi_boot_services_t *b;
+ grub_device_t dev = 0;
+- grub_efi_device_path_t *dp = 0;
++ grub_efi_device_path_t *dp = NULL, *file_path = NULL;
+ grub_efi_loaded_image_t *loaded_image;
+ char *filename;
+ void *boot_image = 0;
+ grub_efi_handle_t dev_handle = 0;
++ grub_efi_physical_address_t address = 0;
++ grub_efi_uintn_t pages = 0;
++ grub_efi_char16_t *cmdline = NULL;
+
+ if (argc == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
+@@ -234,11 +232,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+
+ grub_dl_ref (my_mod);
+
+- /* Initialize some global variables. */
+- address = 0;
+- image_handle = 0;
+- file_path = 0;
+-
+ b = grub_efi_system_table->boot_services;
+
+ file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE);
+@@ -408,6 +401,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ grub_file_close (file);
+ grub_device_close (dev);
+
++ /* We're finished with the source image buffer and file path now. */
++ efi_call_2 (b->free_pages, address, pages);
++ grub_free (file_path);
++
+ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);
+ return 0;
+
+@@ -419,11 +416,18 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
+ if (file)
+ grub_file_close (file);
+
++ grub_free (cmdline);
+ grub_free (file_path);
+
+ if (address)
+ efi_call_2 (b->free_pages, address, pages);
+
++ if (image_handle != NULL)
++ {
++ efi_call_1 (b->unload_image, image_handle);
++ image_handle = NULL;
++ }
++
+ grub_dl_unref (my_mod);
+
+ return grub_errno;
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index 2545b99..bf7aba6 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -34,6 +34,12 @@
file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \
file://0001-configure-Remove-obsoleted-malign-jumps-loops-functi.patch \
file://0002-configure-Check-for-falign-jumps-1-beside-falign-loo.patch \
+ file://loader-efi-chainloader-Simplify-the-loader-state.patch \
+ file://commands-boot-Add-API-to-pass-context-to-loader.patch \
+ file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch\
+ file://0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch \
+ file://CVE-2022-2601.patch \
+ file://CVE-2022-3775.patch \
"
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
@@ -50,8 +56,8 @@
# Grub doesn't support hard float toolchain and won't be able to forcefully
# disable it on some of the target CPUs. See 'configure.ac' for
# supported/unsupported CPUs in hardfp.
-COMPATIBLE_HOST:armv7a = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}"
-COMPATIBLE_HOST:armv7ve = "${@'null' if d.getVar('TUNE_CCARGS_MFLOAT') == 'hardfp' else d.getVar('GRUB_COMPATIBLE_HOST')}"
+COMPATIBLE_HOST:armv7a = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}"
+COMPATIBLE_HOST:armv7ve = "${@'null' if bb.utils.contains('TUNE_CCARGS_MFLOAT', 'hard', True, False, d) else d.getVar('GRUB_COMPATIBLE_HOST')}"
# configure.ac has code to set this automagically from the target tuple
# but the OE freeform one (core2-foo-bar-linux) don't work with that.
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot.inc b/poky/meta/recipes-bsp/u-boot/u-boot.inc
index 5705e58..4a8d93f 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot.inc
@@ -32,7 +32,7 @@
}
do_savedefconfig[nostamp] = "1"
addtask savedefconfig after do_configure
-
+UBOOT_ARCH_DIR = "${@'arm' if d.getVar('UBOOT_ARCH').startswith('arm') else d.getVar('UBOOT_ARCH')}"
do_compile () {
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ld-is-gold', d)}" ]; then
sed -i 's/$(CROSS_COMPILE)ld$/$(CROSS_COMPILE)ld.bfd/g' ${S}/config.mk
@@ -336,7 +336,7 @@
if [ -n "${UBOOT_DTB}" ]
then
- install -m 644 ${B}/arch/${UBOOT_ARCH}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
+ install -m 644 ${B}/arch/${UBOOT_ARCH_DIR}/dts/${UBOOT_DTB_BINARY} ${DEPLOYDIR}/
fi
}
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-avoid-start-failure-with-bind-user.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/bind9
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/bind9
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/conf.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/generate-rndc-key.sh
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/init.d-add-support-for-read-only-rootfs.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/make-etc-initd-bind-stop-work.patch
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service
similarity index 100%
rename from poky/meta/recipes-connectivity/bind/bind-9.18.7/named.service
rename to poky/meta/recipes-connectivity/bind/bind-9.18.11/named.service
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb
similarity index 95%
rename from poky/meta/recipes-connectivity/bind/bind_9.18.7.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.18.11.bb
index 4ab1148..55a06ea 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.18.7.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.18.11.bb
@@ -4,7 +4,7 @@
SECTION = "console/network"
LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d8cf7bd9c4fd5471a588e7e66e672408"
DEPENDS = "openssl libcap zlib libuv"
@@ -20,7 +20,7 @@
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981"
+SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index f07e318..a8eaba1 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -68,6 +68,8 @@
--without-zsh-completion-dir \
"
+CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\""
+
# bluez5 builds a large number of useful utilities but does not
# install them. Specify which ones we want put into ${PN}-noinst-tools.
NOINST_TOOLS_READLINE ??= ""
diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
index ab6ffe9..579fa95 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
+++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -13,8 +13,13 @@
SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
+ file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
+ file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \
+ file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \
+ file://0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch \
file://dhcpcd.service \
file://dhcpcd@.service \
+ file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
"
SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c"
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
new file mode 100644
index 0000000..6f90c88
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
@@ -0,0 +1,82 @@
+From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 9 Nov 2022 16:33:18 +0800
+Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd
+
+systemd's resolvconf implementation ignores the protocol part.
+See https://github.com/systemd/systemd/issues/25032.
+
+When using 'dhcp server + dns server + dhcpcd + systemd', we
+get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra',
+yet systemd's resolvconf treats it as eth0. This will delete the
+DNS information set by 'resolvconf -a eth0.dhcp'.
+
+Fortunately, 20-resolv.conf has the ability to build the resolv.conf
+file contents itself. We can just pass the generated contents to
+systemd's resolvconf. This way, the DNS information is not incorrectly
+deleted. Also, it does not cause behavior regression for dhcpcd
+in other cases.
+
+Upstream-Status: Inappropriate [OE Specific]
+This patch has been rejected by dhcpcd upstream.
+See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ hooks/20-resolv.conf | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf
+index 504a6c53..eb6e5845 100644
+--- a/hooks/20-resolv.conf
++++ b/hooks/20-resolv.conf
+@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming"
+ NL="
+ "
+ : ${resolvconf:=resolvconf}
++resolvconf_from_systemd=false
+ if type "$resolvconf" >/dev/null 2>&1; then
+ have_resolvconf=true
++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then
++ resolvconf_from_systemd=true
++ fi
+ else
+ have_resolvconf=false
+ fi
+@@ -69,8 +73,13 @@ build_resolv_conf()
+ else
+ echo "# /etc/resolv.conf.tail can replace this line" >> "$cf"
+ fi
+- if change_file /etc/resolv.conf "$cf"; then
+- chmod 644 /etc/resolv.conf
++ if $resolvconf_from_systemd; then
++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
++ "$resolvconf" -a "$ifname" <"$cf"
++ else
++ if change_file /etc/resolv.conf "$cf"; then
++ chmod 644 /etc/resolv.conf
++ fi
+ fi
+ rm -f "$cf"
+ }
+@@ -170,7 +179,7 @@ add_resolv_conf()
+ for x in ${new_domain_name_servers}; do
+ conf="${conf}nameserver $x$NL"
+ done
+- if $have_resolvconf; then
++ if $have_resolvconf && ! $resolvconf_from_systemd; then
+ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
+ printf %s "$conf" | "$resolvconf" -a "$ifname"
+ return $?
+@@ -186,7 +195,7 @@ add_resolv_conf()
+
+ remove_resolv_conf()
+ {
+- if $have_resolvconf; then
++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then
+ "$resolvconf" -d "$ifname" -f
+ else
+ if [ -e "$resolv_conf_dir/$ifname" ]; then
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
new file mode 100644
index 0000000..12998aa
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
@@ -0,0 +1,46 @@
+From 4915a7e52fcea8fe283a842890a1e726b1e26b10 Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@fujitsu.com>
+Date: Fri, 10 Mar 2023 03:48:46 +0000
+Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib.
+
+Error: Transaction test error:
+ file /usr/share/man/man8/dhcpcd.8 conflicts between attempted
+ installs of dhcpcd-doc-9.4.1-r0.cortexa57 and
+ lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon
+
+The differences between the two files are as follows:
+@@ -821,7 +821,7 @@
+ If you always use the same options, put them here.
+ .It Pa /usr/libexec/dhcpcd-run-hooks
+ Bourne shell script that is run to configure or de-configure an interface.
+-.It Pa /usr/lib64/dhcpcd/dev
++.It Pa /usr/lib/dhcpcd/dev
+ Linux
+ .Pa /dev
+ management modules.
+
+It is just a man file, there is no necessary to manage multiple
+versions.
+
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
+---
+ src/dhcpcd.8.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in
+index bc6b3b5..791f2ba 100644
+--- a/src/dhcpcd.8.in
++++ b/src/dhcpcd.8.in
+@@ -821,7 +821,7 @@ Configuration file for dhcpcd.
+ If you always use the same options, put them here.
+ .It Pa @SCRIPT@
+ Bourne shell script that is run to configure or de-configure an interface.
+-.It Pa @LIBDIR@/dhcpcd/dev
++.It Pa /usr/<libdir>/dhcpcd/dev
+ Linux
+ .Pa /dev
+ management modules.
+--
+2.34.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
new file mode 100644
index 0000000..68ab934
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
@@ -0,0 +1,30 @@
+From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Fri, 26 Aug 2022 09:08:36 +0100
+Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc
+
+Fixes #120
+
+Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index b238644b..479a1d82 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_getpid
+ SECCOMP_ALLOW(__NR_getpid),
+ #endif
++#ifdef __NR_getrandom
++ SECCOMP_ALLOW(__NR_getrandom),
++#endif
+ #ifdef __NR_getsockopt
+ /* For route socket overflow */
+ SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET),
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
new file mode 100644
index 0000000..1c514f9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-linux-fix-SECCOMP_AUDIT_ARCH-missing-ppc64le.patch
@@ -0,0 +1,34 @@
+From 7a2d9767585ed2c407d4985bd2d81552034fb90a Mon Sep 17 00:00:00 2001
+From: CHEN Xiangyu <xiangyu.chen@aol.com>
+Date: Thu, 9 Feb 2023 18:41:52 +0800
+Subject: [PATCH] privsep-linux: fix SECCOMP_AUDIT_ARCH missing ppc64le (#181)
+
+when dhcpcd running on ppc64le platform, it would be killed by SIGSYS.
+
+Upstream-Status: Backport [7a2d9767585ed2c407d4985bd2d81552034fb90a]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ src/privsep-linux.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 7372d26b..6a301950 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -232,7 +232,11 @@ ps_root_sendnetlink(struct dhcpcd_ctx *ctx, int protocol, struct msghdr *msg)
+ #elif defined(__or1k__)
+ # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_OPENRISC
+ #elif defined(__powerpc64__)
+-# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++# if (BYTE_ORDER == LITTLE_ENDIAN)
++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE
++# else
++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++# endif
+ #elif defined(__powerpc__)
+ # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC
+ #elif defined(__riscv)
+--
+2.34.1
+
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
new file mode 100644
index 0000000..c5d2cba
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
@@ -0,0 +1,31 @@
+From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Fri, 26 Aug 2022 09:24:50 +0100
+Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well
+
+Allows newer glibc variants to work apparently.
+As reported in #84 and #89.
+
+Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 479a1d82..6327b1bc 100644
+--- a/src/privsep-linux.c
++++ b/src/privsep-linux.c
+@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_nanosleep
+ SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */
+ #endif
++#ifdef __NR_newfstatat
++ SECCOMP_ALLOW(__NR_newfstatat),
++#endif
+ #ifdef __NR_ppoll
+ SECCOMP_ALLOW(__NR_ppoll),
+ #endif
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
deleted file mode 100644
index 3b07515..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001
-From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
-Date: Sat, 3 Sep 2022 16:58:16 +0200
-Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt
-
-Fix telnetd crash if the first two bytes of a new connection
-are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
-
-The problem was reported in:
-<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>.
-
-* NEWS: Mention fix.
-* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and
-zero slctab[SLC_EL].sptr.
-
-CVE: CVE-2022-39028
-Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- telnetd/state.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/telnetd/state.c b/telnetd/state.c
-index ffc6cba..c2d760f 100644
---- a/telnetd/state.c
-+++ b/telnetd/state.c
-@@ -312,15 +312,21 @@ telrcv (void)
- case EC:
- case EL:
- {
-- cc_t ch;
-+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
-
- DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
- ptyflush (); /* half-hearted */
- init_termbuf ();
- if (c == EC)
-- ch = *slctab[SLC_EC].sptr;
-+ {
-+ if (slctab[SLC_EC].sptr)
-+ ch = *slctab[SLC_EC].sptr;
-+ }
- else
-- ch = *slctab[SLC_EL].sptr;
-+ {
-+ if (slctab[SLC_EL].sptr)
-+ ch = *slctab[SLC_EL].sptr;
-+ }
- if (ch != (cc_t) (_POSIX_VDISABLE))
- pty_output_byte ((unsigned char) ch);
- break;
---
-2.37.3
-
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
similarity index 98%
rename from poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb
rename to poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index 2fce843..6519331 100644
--- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.3.bb
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -10,7 +10,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
-SRC_URI[sha256sum] = "0b01bb08e29623c4e3b940f233c961451d9af8c5066301add76a52a95d51772c"
+SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2"
SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
file://inetutils-1.8-0003-wchar.patch \
@@ -21,7 +21,6 @@
file://tftpd.xinetd.inetutils \
file://inetutils-1.9-PATH_PROCNET_DEV.patch \
file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
- file://CVE-2022-39028.patch \
"
inherit autotools gettext update-alternatives texinfo
diff --git a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
index 78f475a..451b409 100644
--- a/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
+++ b/poky/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
@@ -12,7 +12,7 @@
Because they are all commented out, replace the expanded libdir path with
'$libdir' in the config files to avoid conflict.
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb
index 4c1b8ee..27e7927 100644
--- a/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb
+++ b/poky/meta/recipes-connectivity/libuv/libuv_1.44.2.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d"
SRCREV = "0c1fa696aa502eb749c2c4735005f41ba00a27b8"
-SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https"
+SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 2cc92b7..e802bce 100644
--- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -5,8 +5,8 @@
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5"
-PV = "20220725"
+SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f"
+PV = "20221107"
PE = "1"
SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb
index b63ea2b..689952e 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.0p1.bb
@@ -52,15 +52,12 @@
inherit autotools-brokensep ptest
-PACKAGECONFIG ??= "rng-tools"
+PACKAGECONFIG ??= ""
PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
-# Add RRECOMMENDS to rng-tools for sshd package
-PACKAGECONFIG[rng-tools] = ""
-
EXTRA_AUTORECONF += "--exclude=aclocal"
# login path is hardcoded in sshd
@@ -160,10 +157,6 @@
RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RRECOMMENDS:${PN}-sshd:append:class-target = "\
- ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
-"
-
# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
new file mode 100644
index 0000000..3b94c48
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
@@ -0,0 +1,225 @@
+From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 8 Mar 2023 15:28:20 +1100
+Subject: [PATCH] x509: excessive resource use verifying policy constraints
+
+A security vulnerability has been identified in all supported versions
+of OpenSSL related to the verification of X.509 certificate chains
+that include policy constraints. Attackers may be able to exploit this
+vulnerability by creating a malicious certificate chain that triggers
+exponential use of computational resources, leading to a denial-of-service
+(DoS) attack on affected systems.
+
+Fixes CVE-2023-0464
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/20568)
+
+Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1]
+CVE: CVE-2023-0464
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ crypto/x509/pcy_local.h | 8 +++++++-
+ crypto/x509/pcy_node.c | 12 +++++++++---
+ crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++----------
+ 3 files changed, 42 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
+index 18b53cc..cba107c 100644
+--- a/crypto/x509/pcy_local.h
++++ b/crypto/x509/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+
+ struct X509_POLICY_TREE_st {
++ /* The number of nodes in the tree */
++ size_t node_count;
++ /* The maximum number of nodes in the tree */
++ size_t node_maximum;
++
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree);
++ X509_POLICY_TREE *tree,
++ int extra_data);
+ void ossl_policy_node_free(X509_POLICY_NODE *node);
+ int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
+ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
+index 9d9a7ea..450f95a 100644
+--- a/crypto/x509/pcy_node.c
++++ b/crypto/x509/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+- X509_POLICY_TREE *tree)
++ X509_POLICY_TREE *tree,
++ int extra_data)
+ {
+ X509_POLICY_NODE *node;
+
++ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
++ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
++ return NULL;
++
+ node = OPENSSL_zalloc(sizeof(*node));
+ if (node == NULL) {
+ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ node->data = data;
+ node->parent = parent;
+- if (level) {
++ if (level != NULL) {
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (level->anyPolicy)
+ goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
+- if (tree) {
++ if (extra_data) {
+ if (tree->extra_data == NULL)
+ tree->extra_data = sk_X509_POLICY_DATA_new_null();
+ if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+ }
+ }
+
++ tree->node_count++;
+ if (parent)
+ parent->nchild++;
+
+diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
+index fa45da5..f953a05 100644
+--- a/crypto/x509/pcy_tree.c
++++ b/crypto/x509/pcy_tree.c
+@@ -14,6 +14,17 @@
+
+ #include "pcy_local.h"
+
++/*
++ * If the maximum number of nodes in the policy tree isn't defined, set it to
++ * a generous default of 1000 nodes.
++ *
++ * Defining this to be zero means unlimited policy tree growth which opens the
++ * door on CVE-2023-0464.
++ */
++#ifndef OPENSSL_POLICY_TREE_NODES_MAX
++# define OPENSSL_POLICY_TREE_NODES_MAX 1000
++#endif
++
+ static void expected_print(BIO *channel,
+ X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
+ int indent)
+@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ return X509_PCY_TREE_INTERNAL;
+ }
+
++ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
++ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
++
+ /*
+ * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+ *
+@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ if ((data = ossl_policy_data_new(NULL,
+ OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+ goto bad_tree;
+- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
++ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ goto bad_tree;
+ }
+@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ * Return value: 1 on success, 0 otherwise
+ */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+- X509_POLICY_DATA *data)
++ X509_POLICY_DATA *data,
++ X509_POLICY_TREE *tree)
+ {
+ X509_POLICY_LEVEL *last = curr - 1;
+ int i, matched = 0;
+@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+ if (ossl_policy_node_match(last, node, data->valid_policy)) {
+- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
+ return 0;
+ matched = 1;
+ }
+ }
+ if (!matched && last->anyPolicy) {
+- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
++ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ }
+ return 1;
+@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+ * Return value: 1 on success, 0 otherwise.
+ */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+- const X509_POLICY_CACHE *cache)
++ const X509_POLICY_CACHE *cache,
++ X509_POLICY_TREE *tree)
+ {
+ int i;
+
+@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+ X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+ /* Look for matching nodes in previous level */
+- if (!tree_link_matching_nodes(curr, data))
++ if (!tree_link_matching_nodes(curr, data, tree))
+ return 0;
+ }
+ return 1;
+@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
++ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
+ ossl_policy_data_free(data);
+ return 0;
+ }
+@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+ /* Finally add link to anyPolicy */
+ if (last->anyPolicy &&
+ ossl_policy_level_add_node(curr, cache->anyPolicy,
+- last->anyPolicy, NULL) == NULL)
++ last->anyPolicy, tree, 0) == NULL)
+ return 0;
+ return 1;
+ }
+@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+ | POLICY_DATA_FLAG_EXTRA_NODE;
+ node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
+- tree);
++ tree, 1);
+ }
+ if (!tree->user_policies) {
+ tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+
+ for (i = 1; i < tree->nlevel; i++, curr++) {
+ cache = ossl_policy_cache_set(curr->cert);
+- if (!tree_link_nodes(curr, cache))
++ if (!tree_link_nodes(curr, cache, tree))
+ return X509_PCY_TREE_INTERNAL;
+
+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+--
+2.35.7
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
new file mode 100644
index 0000000..57fd494
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
@@ -0,0 +1,56 @@
+From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 7 Mar 2023 16:52:55 +0000
+Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
+ certs
+
+Even though we check the leaf cert to confirm it is valid, we
+later ignored the invalid flag and did not notice that the leaf
+cert was bad.
+
+Fixes: CVE-2023-0465
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20587)
+
+Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb]
+CVE: CVE-2023-0465
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ crypto/x509/x509_vfy.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 9384f1d..a0282c3 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
+ goto memerr;
+ /* Invalid or inconsistent extensions */
+ if (ret == X509_PCY_TREE_INVALID) {
+- int i;
++ int i, cbcalled = 0;
+
+ /* Locate certificates with bad extensions and notify callback. */
+- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+ X509 *x = sk_X509_value(ctx->chain, i);
+
++ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
++ cbcalled = 1;
+ CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
+ ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
+ }
++ if (!cbcalled) {
++ /* Should not be able to get here */
++ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ /* The callback ignored the error so we return success */
+ return 1;
+ }
+ if (ret == X509_PCY_TREE_FAILURE) {
+--
+2.35.7
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
new file mode 100644
index 0000000..a16bfe4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
@@ -0,0 +1,50 @@
+From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 21 Mar 2023 16:15:47 +0100
+Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+The function was incorrectly documented as enabling policy checking.
+
+Fixes: CVE-2023-0466
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20563)
+
+Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908]
+CVE: CVE-2023-0466
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index 75a1677..43c1900 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -98,8 +98,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+ The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
+ and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
+
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
+--
+2.35.7
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 45fd1de..82f3e18 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -12,13 +12,16 @@
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2023-0464.patch \
+ file://CVE-2023-0465.patch \
+ file://CVE-2023-0466.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
new file mode 100644
index 0000000..4325b1d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
@@ -0,0 +1,48 @@
+From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Thu, 4 Aug 2022 12:23:08 +1000
+Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
+
+This fixes a potential vulnerability where data is written to spkt.buf
+and rpkt.buf without a check on the array index. To fix this, we
+check the array index (pkt->cnt) before storing the byte or
+incrementing the count. This also means we no longer have a potential
+signed integer overflow on the increment of pkt->cnt.
+
+Fortunately, pppdump is not used in the normal process of setting up a
+PPP connection, is not installed setuid-root, and is not invoked
+automatically in any scenario that I am aware of.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ pppdump/pppdump.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
+index 2b815fc9..b85a8627 100644
+--- a/pppdump/pppdump.c
++++ b/pppdump/pppdump.c
+@@ -297,6 +297,10 @@ dumpppp(f)
+ printf("%s aborted packet:\n ", dir);
+ q = " ";
+ }
++ if (pkt->cnt >= sizeof(pkt->buf)) {
++ printf("%s over-long packet truncated:\n ", dir);
++ q = " ";
++ }
+ nb = pkt->cnt;
+ p = pkt->buf;
+ pkt->cnt = 0;
+@@ -400,7 +404,8 @@ dumpppp(f)
+ c ^= 0x20;
+ pkt->esc = 0;
+ }
+- pkt->buf[pkt->cnt++] = c;
++ if (pkt->cnt < sizeof(pkt->buf))
++ pkt->buf[pkt->cnt++] = c;
+ break;
+ }
+ }
diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
index 700ece6..7e3ae43 100644
--- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
+++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
@@ -25,6 +25,7 @@
file://provider \
file://ppp@.service \
file://0001-ppp-fix-build-against-5.15-headers.patch \
+ file://CVE-2022-4603.patch \
"
SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d"
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
new file mode 100644
index 0000000..ab32f26
--- /dev/null
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
@@ -0,0 +1,37 @@
+From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Thu, 17 Nov 2022 17:26:30 +0800
+Subject: [PATCH] avoid using -m option for readlink
+
+Use a more widely used option '-f' instead of '-m' here to
+avoid dependency on coreutils.
+
+Looking at the git history of the resolvconf repo, the '-m'
+is deliberately used. And it wants to depend on coreutils.
+But in case of OE, the existence of /etc is ensured, and busybox
+readlink provides '-f' option, so we can just use '-f'. In this
+way, the coreutils dependency is not necessary any more.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ etc/resolvconf/update.d/libc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc
+index 1c4f6bc..f75d22c 100755
+--- a/etc/resolvconf/update.d/libc
++++ b/etc/resolvconf/update.d/libc
+@@ -57,7 +57,7 @@ fi
+ report_warning() { echo "$0: Warning: $*" >&2 ; }
+
+ resolv_conf_is_symlinked_to_dynamic_file() {
+- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
+ }
+
+ if ! resolv_conf_is_symlinked_to_dynamic_file ; then
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
index 94fd2c1..3f1b75d 100644
--- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
@@ -9,10 +9,11 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
AUTHOR = "Thomas Hood"
HOMEPAGE = "http://packages.debian.org/resolvconf"
-RDEPENDS:${PN} = "bash"
+RDEPENDS:${PN} = "bash sed util-linux-flock"
SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
file://99_resolvconf \
+ file://0001-avoid-using-m-option-for-readlink.patch \
"
SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1"
@@ -23,8 +24,6 @@
# so we check the latest upstream from a directory that does get updated
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/"
-inherit allarch
-
do_compile () {
:
}
@@ -39,12 +38,14 @@
fi
install -d ${D}${base_libdir}/${BPN}
install -d ${D}${sysconfdir}/${BPN}
+ install -d ${D}${nonarch_base_libdir}/${BPN}
ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
install -d ${D}${sysconfdir} ${D}${base_sbindir}
install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
cp -pPR etc/resolvconf ${D}${sysconfdir}/
chown -R root:root ${D}${sysconfdir}/
install -m 0755 bin/resolvconf ${D}${base_sbindir}/
+ install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN}
install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
install -d ${D}/${sysconfdir}/network/if-up.d
install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf
@@ -64,4 +65,4 @@
fi
}
-FILES:${PN} += "${base_libdir}/${BPN}"
+FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}"
diff --git a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch b/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
deleted file mode 100644
index fbfb081..0000000
--- a/poky/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d67d6b4f981db9612d808bd723176a1d2996d53a Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 17 Jan 2022 13:21:32 +0100
-Subject: [PATCH] configure.ac: check getprotobynumber_r with AC_TRY_LINK
-
-AC_TRY_COMPILE won't error out if the function is altogether absent
-(e.g. on linux musl C library), the test needs to link all the way.
-
-Upstream-Status: Submitted [via email to socat@dest-unreach.org]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index d4acc9e..973a7f2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -137,13 +137,13 @@ AC_MSG_RESULT($sc_cv_have_prototype_hstrerror)
- # getprotobynumber_r() is not standardized
- AC_MSG_CHECKING(for getprotobynumber_r() variant)
- AC_CACHE_VAL(sc_cv_getprotobynumber_r,
--[AC_TRY_COMPILE([#include <stddef.h>
-+[AC_TRY_LINK([#include <stddef.h>
- #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024,NULL);],
- [sc_cv_getprotobynumber_r=1; tmp_bynum_variant=Linux],
-- [AC_TRY_COMPILE([#include <stddef.h>
-+ [AC_TRY_LINK([#include <stddef.h>
- #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024);],
- [sc_cv_getprotobynumber_r=2; tmp_bynum_variant=Solaris],
-- [AC_TRY_COMPILE([#include <stddef.h>
-+ [AC_TRY_LINK([#include <stddef.h>
- #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL);],
- [sc_cv_getprotobynumber_r=3; tmp_bynum_variant=AIX],
-
diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
similarity index 89%
rename from poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb
rename to poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
index a4a0a89..5a37938 100644
--- a/poky/meta/recipes-connectivity/socat/socat_1.7.4.3.bb
+++ b/poky/meta/recipes-connectivity/socat/socat_1.7.4.4.bb
@@ -9,11 +9,9 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
- file://0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch \
- "
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2"
-SRC_URI[sha256sum] = "d47318104415077635119dfee44bcfb41de3497374a9a001b1aff6e2f0858007"
+SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac"
inherit autotools
diff --git a/poky/meta/recipes-core/base-files/base-files/hosts b/poky/meta/recipes-core/base-files/base-files/hosts
index b94f414..10a5b6c 100644
--- a/poky/meta/recipes-core/base-files/base-files/hosts
+++ b/poky/meta/recipes-core/base-files/base-files/hosts
@@ -1,4 +1,4 @@
-127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc
index 5f1c473..f5d7c3f 100644
--- a/poky/meta/recipes-core/busybox/busybox.inc
+++ b/poky/meta/recipes-core/busybox/busybox.inc
@@ -34,6 +34,7 @@
INITSCRIPT_NAME:${PN}-httpd = "busybox-httpd"
INITSCRIPT_NAME:${PN}-hwclock = "hwclock.sh"
+INITSCRIPT_PARAMS:${PN}-hwclock = "start 40 S . stop 20 0 1 6 ."
INITSCRIPT_NAME:${PN}-mdev = "mdev"
INITSCRIPT_PARAMS:${PN}-mdev = "start 04 S ."
INITSCRIPT_NAME:${PN}-syslog = "syslog"
@@ -138,19 +139,26 @@
do_prepare_config
merge_config.sh -m .config ${@" ".join(find_cfgs(d))}
cml1_do_configure
+
+ # Save a copy of .config and autoconf.h.
+ cp .config .config.orig
+ cp include/autoconf.h include/autoconf.h.orig
}
do_compile() {
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
export KCONFIG_NOTIMESTAMP=1
+ # Ensure we start do_compile with the original .config and autoconf.h.
+ # These files should always have matching timestamps.
+ cp .config.orig .config
+ cp include/autoconf.h.orig include/autoconf.h
+
if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
+ # Guard againt interrupted do_compile: clean temporary files.
+ rm -f .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
+
# split the .config into two parts, and make two busybox binaries
- if [ -e .config.orig ]; then
- # Need to guard again an interrupted do_compile - restore any backup
- cp .config.orig .config
- fi
- cp .config .config.orig
oe_runmake busybox.cfg.suid
oe_runmake busybox.cfg.nosuid
@@ -187,15 +195,18 @@
bbfatal "busybox suid binary incorrectly provides /bin/sh"
fi
- # copy .config.orig back to .config, because the install process may check this file
- cp .config.orig .config
# cleanup
- rm .config.orig .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
+ rm .config.app.suid .config.app.nosuid .config.disable.apps .config.nonapps
else
oe_runmake busybox_unstripped
cp busybox_unstripped busybox
oe_runmake busybox.links
fi
+
+ # restore original .config and autoconf.h, because the install process
+ # may check these files
+ cp .config.orig .config
+ cp include/autoconf.h.orig include/autoconf.h
}
do_install () {
diff --git a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch
index 354f83a..d76118f 100644
--- a/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch
+++ b/poky/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch
@@ -21,7 +21,7 @@
/* Arbitrary. Was sb->st_size, but that breaks .gz etc */
size_t len = (64*1024*1024 - 4096);
-+ if (strstr(fname, ".debug") == NULL)
++ if (strstr(fname, ".debug") != NULL)
+ return TRUE;
+
if (strrstr(fname, ".ko") == NULL)
diff --git a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb
similarity index 95%
rename from poky/meta/recipes-core/dbus/dbus_1.14.0.bb
rename to poky/meta/recipes-core/dbus/dbus_1.14.6.bb
index 0046b9f..a6e18a9 100644
--- a/poky/meta/recipes-core/dbus/dbus_1.14.0.bb
+++ b/poky/meta/recipes-core/dbus/dbus_1.14.6.bb
@@ -6,16 +6,17 @@
inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome
LICENSE = "AFL-2.1 | GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
- file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8"
+LIC_FILES_CHKSUM = "file://COPYING;md5=6423dcd74d7be9715b0db247fd889da3 \
+ file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8 \
+ "
SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \
file://run-ptest \
file://tmpdir.patch \
file://dbus-1.init \
-"
+ "
-SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4"
+SRC_URI[sha256sum] = "fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b"
EXTRA_OECONF = "--disable-xml-docs \
--disable-doxygen-docs \
@@ -182,3 +183,5 @@
rm -rf ${D}${localstatedir}/run
}
BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT += "d-bus_project:d-bus"
diff --git a/poky/meta/recipes-core/expat/expat_2.4.9.bb b/poky/meta/recipes-core/expat/expat_2.5.0.bb
similarity index 91%
rename from poky/meta/recipes-core/expat/expat_2.4.9.bb
rename to poky/meta/recipes-core/expat/expat_2.5.0.bb
index 9561edd..aa8d439 100644
--- a/poky/meta/recipes-core/expat/expat_2.4.9.bb
+++ b/poky/meta/recipes-core/expat/expat_2.5.0.bb
@@ -15,7 +15,7 @@
GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)"
-SRC_URI[sha256sum] = "7f44d1469b110773a94b0d5abeeeffaef79f8bd6406b07e52394bcf48126437a"
+SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67"
EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
diff --git a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb
index c71c083..bb6ef06 100644
--- a/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb
+++ b/poky/meta/recipes-core/glibc/glibc-tests_2.36.bb
@@ -16,7 +16,6 @@
d.setVar("PACKAGES", "${PN} ${PN}-ptest")
d.setVar("PROVIDES", "${PN} ${PN}-ptest")
- d.setVar("RPROVIDES", "${PN} ${PN}-ptest")
bbclassextend = d.getVar("BBCLASSEXTEND").replace("nativesdk", "").strip()
d.setVar("BBCLASSEXTEND", bbclassextend)
@@ -29,6 +28,7 @@
RPROVIDES:${PN} = "${PN}"
RRECOMMENDS:${PN} = ""
RDEPENDS:${PN} = " glibc sed"
+RDEPENDS:${PN}-ptest = "${PN}"
DEPENDS += "sed"
export oe_srcdir="${exec_prefix}/src/debug/glibc/${PV}/"
diff --git a/poky/meta/recipes-core/glibc/glibc.inc b/poky/meta/recipes-core/glibc/glibc.inc
index fdd241d..3b940b8 100644
--- a/poky/meta/recipes-core/glibc/glibc.inc
+++ b/poky/meta/recipes-core/glibc/glibc.inc
@@ -1,7 +1,9 @@
require glibc-common.inc
require glibc-ld.inc
-DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc-initial linux-libc-headers"
+DEPENDS = "virtual/${TARGET_PREFIX}gcc virtual/${TARGET_PREFIX}binutils${BUSUFFIX} libgcc-initial linux-libc-headers"
+BUSUFFIX= ""
+BUSUFFIX:class-nativesdk = "-crosssdk"
PROVIDES = "virtual/libc"
PROVIDES += "virtual/libintl virtual/libiconv"
diff --git a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
similarity index 97%
rename from poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
rename to poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
index 57d4152..7096bc9 100644
--- a/poky/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
+++ b/poky/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
@@ -16,7 +16,7 @@
file://0001-ifupdown-skip-wrong-test-case.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \
"
-SRCREV = "2b4138f36ce3ba37186aa01b502273e0c39ab518"
+SRCREV = "be91dd267b4a8db502a6bbf5758563f7048b8078"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index f3f2bb2..3768133 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,8 +24,8 @@
inherit core-image setuptools3
-SRCREV ?= "4f942c272d4417b5b719df25b80a6a6b54669a73"
-SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
+SRCREV ?= "1516e498fed8eecdb76c60b2cea1f4c17bce9363"
+SRC_URI = "git://git.yoctoproject.org/poky;branch=langdale \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
file://README_VirtualBox_Guest_Additions.txt \
diff --git a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
index aa3ab6e..7662b8f 100644
--- a/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
+++ b/poky/meta/recipes-core/kbd/kbd_2.5.1.bb
@@ -18,6 +18,7 @@
SRC_URI[sha256sum] = "ccdf452387a6380973d2927363e9cbb939fa2068915a6f937ff9d24522024683"
+EXTRA_OECONF = "--disable-tests"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb
similarity index 100%
rename from poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.28.bb
rename to poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.33.bb
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
index 39ba263..61b0381 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -10,7 +10,7 @@
inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
-SRCREV = "50cf2b6dd4fdf04309445f2eec8de7051d953abf"
+SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175"
SRCBRANCH ?= "develop"
SRC_URI += "file://fix_cflags_handling.patch"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb
similarity index 100%
rename from poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.28.bb
rename to poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
new file mode 100644
index 0000000..346ec37
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
@@ -0,0 +1,624 @@
+From 15050f59d2a62b97b34e9cab8b8076a68ef003bd Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 25 Aug 2022 17:43:08 +0200
+Subject: [PATCH] CVE-2022-40303
+
+Fix integer overflows with XML_PARSE_HUGE
+
+Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
+to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
+XML_MAX_HUGE_LENGTH (1 billion bytes).
+
+Move some the length checks to the end of the respective loop to make
+them strict.
+
+xmlParseEntityValue didn't have a length limitation at all. But without
+XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
+
+Thanks to Maddie Stone working with Google Project Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0]
+CVE: CVE-2022-40303
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ parser.c | 233 +++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 121 insertions(+), 112 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 1bc3713..0f76577 100644
+--- a/parser.c
++++ b/parser.c
+@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt);
+ * *
+ ************************************************************************/
+
++#define XML_MAX_HUGE_LENGTH 1000000000
++
+ #define XML_PARSER_BIG_ENTITY 1000
+ #define XML_PARSER_LOT_ENTITY 5000
+
+@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info)
+ errmsg = "Malformed declaration expecting version";
+ break;
+ case XML_ERR_NAME_TOO_LONG:
+- errmsg = "Name too long use XML_PARSE_HUGE option";
++ errmsg = "Name too long";
+ break;
+ #if 0
+ case:
+@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNameComplex++;
+@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3346,7 +3352,10 @@ const xmlChar *
+ xmlParseName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ GROW;
+
+@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) {
+ in++;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+ return(NULL);
+ }
+@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ size_t startPosition = 0;
+
+ #ifdef DEBUG
+@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */
+ (xmlIsNameChar(ctxt, c) && (c != ':'))) {
+ if (count++ > XML_PARSER_CHUNK_SIZE) {
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- return(NULL);
+- }
+ count = 0;
+ GROW;
+ if (ctxt->instate == XML_PARSER_EOF)
+ return(NULL);
+ }
+- len += l;
++ if (len <= INT_MAX - l)
++ len += l;
+ NEXTL(l);
+ c = CUR_CHAR(l);
+ if (c == 0) {
+@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) {
+ c = CUR_CHAR(l);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3467,7 +3473,10 @@ static const xmlChar *
+ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ const xmlChar *in, *e;
+ const xmlChar *ret;
+- int count = 0;
++ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNCName++;
+@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) {
+ goto complex;
+ if ((*in > 0) && (*in < 0x80)) {
+ count = in - ctxt->input->cur;
+- if ((count > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (count > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ const xmlChar *cur = *str;
+ int len = 0, l;
+ int c;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseStringName++;
+@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) {
+ COPY_BUF(l,buffer,len,c);
+ cur += l;
+ c = CUR_SCHAR(cur, l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ *str = cur;
+ return(buffer);
+ }
+ }
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ return(NULL);
+ }
+@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ int len = 0, l;
+ int c;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+
+ #ifdef DEBUG
+ nbParseNmToken++;
+@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ if (len + 10 > max) {
+ xmlChar *tmp;
+
+- if ((max > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+- xmlFree(buffer);
+- return(NULL);
+- }
+ max *= 2;
+ tmp = (xmlChar *) xmlRealloc(buffer,
+ max * sizeof(xmlChar));
+@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ COPY_BUF(l,buffer,len,c);
+ NEXTL(l);
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
++ xmlFree(buffer);
++ return(NULL);
++ }
+ }
+ buffer[len] = 0;
+ return(buffer);
+@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) {
+ }
+ if (len == 0)
+ return(NULL);
+- if ((len > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+ return(NULL);
+ }
+@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int c, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlChar stop;
+ xmlChar *ret = NULL;
+ const xmlChar *cur = NULL;
+@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) {
+ GROW;
+ c = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
++ "entity value too long\n");
++ goto error;
++ }
+ }
+ buf[len] = 0;
+ if (ctxt->instate == XML_PARSER_EOF)
+@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ xmlChar *rep = NULL;
+ size_t len = 0;
+ size_t buf_size = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int c, l, in_space = 0;
+ xmlChar *current = NULL;
+ xmlEntityPtr ent;
+@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ while (((NXT(0) != limit) && /* checked */
+ (IS_CHAR(c)) && (c != '<')) &&
+ (ctxt->instate != XML_PARSER_EOF)) {
+- /*
+- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE
+- * special option is given
+- */
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+ if (c == '&') {
+ in_space = 0;
+ if (NXT(1) == '#') {
+@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ }
+ GROW;
+ c = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
++ "AttValue length too long\n");
++ goto mem_error;
++ }
+ }
+ if (ctxt->instate == XML_PARSER_EOF)
+ goto error;
+@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ } else
+ NEXT;
+
+- /*
+- * There we potentially risk an overflow, don't allow attribute value of
+- * length more than INT_MAX it is a very reasonable assumption !
+- */
+- if (len >= INT_MAX) {
+- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+- "AttValue length too long\n");
+- goto mem_error;
+- }
+-
+ if (attlen != NULL) *attlen = (int) len;
+ return(buf);
+
+@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
+ int cur, l;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar stop;
+ int state = ctxt->instate;
+ int count = 0;
+@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
+- xmlFree(buf);
+- ctxt->instate = (xmlParserInputState) state;
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
++ xmlFree(buf);
++ ctxt->instate = (xmlParserInputState) state;
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = (xmlParserInputState) state;
+@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ int len = 0;
+ int size = XML_PARSER_BUFFER_SIZE;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_TEXT_LENGTH :
++ XML_MAX_NAME_LENGTH;
+ xmlChar cur;
+ xmlChar stop;
+ int count = 0;
+@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ if (len + 1 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_NAME_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
+- xmlFree(buf);
+- return(NULL);
+- }
+ size *= 2;
+ tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
+ if (tmp == NULL) {
+@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) {
+ SHRINK;
+ cur = CUR;
+ }
++ if (len > maxLength) {
++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
++ xmlFree(buf);
++ return(NULL);
++ }
+ }
+ buf[len] = 0;
+ if (cur != stop) {
+@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ int r, rl;
+ int cur, l;
+ size_t count = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int inputid;
+
+ inputid = ctxt->input->id;
+@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ if ((r == '-') && (q == '-')) {
+ xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL);
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+- "Comment too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ if (len + 5 >= size) {
+ xmlChar *new_buf;
+ size_t new_size;
+@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf,
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
++ "Comment too big found", NULL);
++ xmlFree (buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ if (cur == 0) {
+@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t size = XML_PARSER_BUFFER_SIZE;
+ size_t len = 0;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ xmlParserInputState state;
+ const xmlChar *in;
+ size_t nbchar = 0;
+@@ -4966,8 +4983,7 @@ get_more:
+ buf[len] = 0;
+ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment too big found", NULL);
+ xmlFree (buf);
+@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ xmlChar *buf = NULL;
+ size_t len = 0;
+ size_t size = XML_PARSER_BUFFER_SIZE;
++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+ int cur, l;
+ const xmlChar *target;
+ xmlParserInputState state;
+@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ return;
+ }
+ count = 0;
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ }
+ COPY_BUF(l,buf,len,cur);
+ NEXTL(l);
+@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ GROW;
+ cur = CUR_CHAR(l);
+ }
++ if (len > maxLength) {
++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
++ "PI %s too big found", target);
++ xmlFree(buf);
++ ctxt->instate = state;
++ return;
++ }
+ }
+- if ((len > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+- "PI %s too big found", target);
+- xmlFree(buf);
+- ctxt->instate = state;
+- return;
+- }
+ buf[len] = 0;
+ if (cur != '?') {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ const xmlChar *in = NULL, *start, *end, *last;
+ xmlChar *ret = NULL;
+ int line, col;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ GROW;
+ in = (xmlChar *) CUR_PTR;
+@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ start = in;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ if ((*in++ == 0x20) && (*in == 0x20)) break;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ last = last + delta;
+ }
+ end = ctxt->input->end;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+ }
+ }
+ }
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ col++;
+ if (in >= end) {
+ GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc,
+ }
+ }
+ last = in;
+- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
++ if ((in - start) > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ return(NULL);
+@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ int s, sl;
+ int cur, l;
+ int count = 0;
++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
++ XML_MAX_HUGE_LENGTH :
++ XML_MAX_TEXT_LENGTH;
+
+ /* Check 2.6.0 was NXT(0) not RAW */
+ if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) {
+@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ if (len + 5 >= size) {
+ xmlChar *tmp;
+
+- if ((size > XML_MAX_TEXT_LENGTH) &&
+- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
+- "CData section too big found", NULL);
+- xmlFree (buf);
+- return;
+- }
+ tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
+ if (tmp == NULL) {
+ xmlFree(buf);
+@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
+ }
+ NEXTL(l);
+ cur = CUR_CHAR(l);
++ if (len > maxLength) {
++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
++ "CData section too big found\n");
++ xmlFree(buf);
++ return;
++ }
+ }
+ buf[len] = 0;
+ ctxt->instate = XML_PARSER_CONTENT;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
new file mode 100644
index 0000000..b24be03
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
@@ -0,0 +1,106 @@
+From cde95d801abc9405ca821ad814c7730333328d96 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 31 Aug 2022 22:11:25 +0200
+Subject: [PATCH] CVE-2022-40304
+
+Fix dict corruption caused by entity reference cycles
+
+When an entity reference cycle is detected, the entity content is
+cleared by setting its first byte to zero. But the entity content might
+be allocated from a dict. In this case, the dict entry becomes corrupted
+leading to all kinds of logic errors, including memory errors like
+double-frees.
+
+Stop storing entity content, orig, ExternalID and SystemID in a dict.
+These values are unlikely to occur multiple times in a document, so they
+shouldn't have been stored in a dict in the first place.
+
+Thanks to Ned Williamson and Nathan Wachholz working with Google Project
+Zero for the report!
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b]
+CVE: CVE-2022-40304
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ entities.c | 55 ++++++++++++++++--------------------------------------
+ 1 file changed, 16 insertions(+), 39 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 1a8f86f..ec1b9a7 100644
+--- a/entities.c
++++ b/entities.c
+@@ -112,36 +112,19 @@ xmlFreeEntity(xmlEntityPtr entity)
+ if ((entity->children) && (entity->owner == 1) &&
+ (entity == (xmlEntityPtr) entity->children->parent))
+ xmlFreeNodeList(entity->children);
+- if (dict != NULL) {
+- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name)))
+- xmlFree((char *) entity->name);
+- if ((entity->ExternalID != NULL) &&
+- (!xmlDictOwns(dict, entity->ExternalID)))
+- xmlFree((char *) entity->ExternalID);
+- if ((entity->SystemID != NULL) &&
+- (!xmlDictOwns(dict, entity->SystemID)))
+- xmlFree((char *) entity->SystemID);
+- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI)))
+- xmlFree((char *) entity->URI);
+- if ((entity->content != NULL)
+- && (!xmlDictOwns(dict, entity->content)))
+- xmlFree((char *) entity->content);
+- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig)))
+- xmlFree((char *) entity->orig);
+- } else {
+- if (entity->name != NULL)
+- xmlFree((char *) entity->name);
+- if (entity->ExternalID != NULL)
+- xmlFree((char *) entity->ExternalID);
+- if (entity->SystemID != NULL)
+- xmlFree((char *) entity->SystemID);
+- if (entity->URI != NULL)
+- xmlFree((char *) entity->URI);
+- if (entity->content != NULL)
+- xmlFree((char *) entity->content);
+- if (entity->orig != NULL)
+- xmlFree((char *) entity->orig);
+- }
++ if ((entity->name != NULL) &&
++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name))))
++ xmlFree((char *) entity->name);
++ if (entity->ExternalID != NULL)
++ xmlFree((char *) entity->ExternalID);
++ if (entity->SystemID != NULL)
++ xmlFree((char *) entity->SystemID);
++ if (entity->URI != NULL)
++ xmlFree((char *) entity->URI);
++ if (entity->content != NULL)
++ xmlFree((char *) entity->content);
++ if (entity->orig != NULL)
++ xmlFree((char *) entity->orig);
+ xmlFree(entity);
+ }
+
+@@ -177,18 +160,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type,
+ ret->SystemID = xmlStrdup(SystemID);
+ } else {
+ ret->name = xmlDictLookup(dict, name, -1);
+- if (ExternalID != NULL)
+- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1);
+- if (SystemID != NULL)
+- ret->SystemID = xmlDictLookup(dict, SystemID, -1);
++ ret->ExternalID = xmlStrdup(ExternalID);
++ ret->SystemID = xmlStrdup(SystemID);
+ }
+ if (content != NULL) {
+ ret->length = xmlStrlen(content);
+- if ((dict != NULL) && (ret->length < 5))
+- ret->content = (xmlChar *)
+- xmlDictLookup(dict, content, ret->length);
+- else
+- ret->content = xmlStrndup(content, ret->length);
++ ret->content = xmlStrndup(content, ret->length);
+ } else {
+ ret->length = 0;
+ ret->content = NULL;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
index a2ed8d7..947f5b1 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -13,7 +13,7 @@
inherit gnomebase
-SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testtar \
file://libxml-64bit.patch \
file://runtest.patch \
file://run-ptest \
@@ -23,10 +23,12 @@
file://remove-fuzz-from-ptests.patch \
file://libxml-m4-use-pkgconfig.patch \
file://0001-Port-gentest.py-to-Python-3.patch \
+ file://CVE-2022-40303.patch \
+ file://CVE-2022-40304.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
-SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
+SRC_URI[testtar.sha256sum] = "9b2c865aba66c6429ca301a7ef048d7eca2cdb7a9106184416710853c7b37d0d"
BINCONFIG = "${bindir}/xml2-config"
diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb
index 6b59e49..70d740b 100644
--- a/poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -67,12 +67,17 @@
# Generate new (mini) sdk-environment-setup file
script=${1:-${SDK_OUTPUT}/${SDKPATH}/environment-setup-${SDK_SYS}}
touch $script
- echo 'export PATH=${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH' >> $script
+ echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script
echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script
if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+ echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
fi
+ echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script
+ echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script
+ echo 'unset HOST_PKG_PATH'
toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb
index 9b9dbbd..e042e67 100644
--- a/poky/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb
@@ -21,6 +21,8 @@
# Timeout for blocking socket operations, such as the connection attempt.
CVE_SOCKET_TIMEOUT ?= "60"
+CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_1.1.db"
+
python () {
if not bb.data.inherits_class("cve-check", d):
raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -32,25 +34,15 @@
"""
import bb.utils
import bb.progress
- import sqlite3, urllib, urllib.parse, gzip
- from datetime import date
+ import shutil
bb.utils.export_proxies(d)
- YEAR_START = 2002
-
db_file = d.getVar("CVE_CHECK_DB_FILE")
db_dir = os.path.dirname(db_file)
+ db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
- cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
-
- if os.path.exists("{0}-journal".format(db_file)):
- # If a journal is present the last update might have been interrupted. In that case,
- # just wipe any leftovers and force the DB to be recreated.
- os.remove("{0}-journal".format(db_file))
-
- if os.path.exists(db_file):
- os.remove(db_file)
+ cleanup_db_download(db_file, db_tmp_file)
# The NVD database changes once a day, so no need to update more frequently
# Allow the user to force-update
@@ -68,9 +60,60 @@
pass
bb.utils.mkdirhier(db_dir)
+ if os.path.exists(db_file):
+ shutil.copy2(db_file, db_tmp_file)
+
+ if update_db_file(db_tmp_file, d) == True:
+ # Update downloaded correctly, can swap files
+ shutil.move(db_tmp_file, db_file)
+ else:
+ # Update failed, do not modify the database
+ bb.note("CVE database update failed")
+ os.remove(db_tmp_file)
+}
+
+do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[file-checksums] = ""
+do_fetch[vardeps] = ""
+
+def cleanup_db_download(db_file, db_tmp_file):
+ """
+ Cleanup the download space from possible failed downloads
+ """
+
+ # Clean up the updates done on the main file
+ # Remove it only if a journal file exists - it means a complete re-download
+ if os.path.exists("{0}-journal".format(db_file)):
+ # If a journal is present the last update might have been interrupted. In that case,
+ # just wipe any leftovers and force the DB to be recreated.
+ os.remove("{0}-journal".format(db_file))
+
+ if os.path.exists(db_file):
+ os.remove(db_file)
+
+ # Clean-up the temporary file downloads, we can remove both journal
+ # and the temporary database
+ if os.path.exists("{0}-journal".format(db_tmp_file)):
+ # If a journal is present the last update might have been interrupted. In that case,
+ # just wipe any leftovers and force the DB to be recreated.
+ os.remove("{0}-journal".format(db_tmp_file))
+
+ if os.path.exists(db_tmp_file):
+ os.remove(db_tmp_file)
+
+def update_db_file(db_tmp_file, d):
+ """
+ Update the given database file
+ """
+ import bb.utils, bb.progress
+ from datetime import date
+ import urllib, gzip, sqlite3
+
+ YEAR_START = 2002
+ cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT"))
# Connect to database
- conn = sqlite3.connect(db_file)
+ conn = sqlite3.connect(db_tmp_file)
initialize_db(conn)
with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
@@ -87,8 +130,11 @@
response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout)
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
- bb.warn("Failed to fetch CVE data (%s)" % e.reason)
- return
+ bb.warn("Failed to fetch CVE data (%s)" % e)
+ import socket
+ result = socket.getaddrinfo("nvd.nist.gov", 443, proto=socket.IPPROTO_TCP)
+ bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result)))
+ return False
if response:
for l in response.read().decode("utf-8").splitlines():
@@ -98,7 +144,7 @@
break
else:
bb.warn("Cannot parse CVE metadata, update failed")
- return
+ return False
# Compare with current db last modified date
cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
@@ -119,7 +165,7 @@
except urllib.error.URLError as e:
cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
- return
+ return False
else:
bb.debug(2, "Already up to date (last modified %s)" % last_modified)
# Update success, set the date to cve_check file.
@@ -128,11 +174,7 @@
conn.commit()
conn.close()
-}
-
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
-do_fetch[file-checksums] = ""
-do_fetch[vardeps] = ""
+ return True
def initialize_db(conn):
with conn:
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
index 89d9ffa..0c3df4f 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
@@ -10,7 +10,7 @@
with the appropriate location before building.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [oe-core cross compile specific]
---
OvmfPkg/build.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
index f6141c8..2293d7e 100644
--- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
+++ b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
@@ -6,8 +6,13 @@
Prepend the build flags with those of bitbake. This is to build
using the bitbake native sysroot include and library directories.
+Note from Alex: this is not appropriate for upstream submission as
+the recipe already does lots of similar in-place fixups elsewhere, so
+this patch shold be converted to follow that pattern. We're not going
+to fight against how upstream wants to configure the build.
+
Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com>
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [needs to be converted to in-recipe fixups]
---
BaseTools/Source/C/Makefiles/header.makefile | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/poky/meta/recipes-core/psplash/files/psplash-start.service b/poky/meta/recipes-core/psplash/files/psplash-start.service
index 36c2bb3..bec9368 100644
--- a/poky/meta/recipes-core/psplash/files/psplash-start.service
+++ b/poky/meta/recipes-core/psplash/files/psplash-start.service
@@ -2,6 +2,7 @@
Description=Start psplash boot splash screen
DefaultDependencies=no
RequiresMountsFor=/run
+ConditionFileIsExecutable=/usr/bin/psplash
[Service]
Type=notify
diff --git a/poky/meta/recipes-core/psplash/files/psplash-systemd.service b/poky/meta/recipes-core/psplash/files/psplash-systemd.service
index 082207f..e93e3de 100644
--- a/poky/meta/recipes-core/psplash/files/psplash-systemd.service
+++ b/poky/meta/recipes-core/psplash/files/psplash-systemd.service
@@ -4,6 +4,7 @@
After=psplash-start.service
Requires=psplash-start.service
RequiresMountsFor=/run
+ConditionFileIsExecutable=/usr/bin/psplash
[Service]
ExecStart=/usr/bin/psplash-systemd
diff --git a/poky/meta/recipes-core/systemd/systemd-boot_251.4.bb b/poky/meta/recipes-core/systemd/systemd-boot_251.8.bb
similarity index 100%
rename from poky/meta/recipes-core/systemd/systemd-boot_251.4.bb
rename to poky/meta/recipes-core/systemd/systemd-boot_251.8.bb
diff --git a/poky/meta/recipes-core/systemd/systemd.inc b/poky/meta/recipes-core/systemd/systemd.inc
index 71eb93f..3bb6b0e 100644
--- a/poky/meta/recipes-core/systemd/systemd.inc
+++ b/poky/meta/recipes-core/systemd/systemd.inc
@@ -14,7 +14,7 @@
LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
-SRCREV = "2a674b4b66af1a050a0362b646d2fca90c90112e"
+SRCREV = "ae8b249af4acb055f920134f2ac584c4cbc86e3b"
SRCBRANCH = "v251-stable"
SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \
"
diff --git a/poky/meta/recipes-core/systemd/systemd_251.4.bb b/poky/meta/recipes-core/systemd/systemd_251.8.bb
similarity index 98%
rename from poky/meta/recipes-core/systemd/systemd_251.4.bb
rename to poky/meta/recipes-core/systemd/systemd_251.8.bb
index 910ea71..991da07 100644
--- a/poky/meta/recipes-core/systemd/systemd_251.4.bb
+++ b/poky/meta/recipes-core/systemd/systemd_251.8.bb
@@ -144,7 +144,7 @@
PACKAGECONFIG[idn] = "-Didn=true,-Didn=false"
PACKAGECONFIG[ima] = "-Dima=true,-Dima=false"
# importd requires journal-upload/xz/zlib/bzip2/gcrypt
-PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false"
+PACKAGECONFIG[importd] = "-Dimportd=true,-Dimportd=false,glib-2.0"
# Update NAT firewall rules
PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables"
PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl"
@@ -217,7 +217,7 @@
rootlibexecdir = "${rootprefix}/lib"
EXTRA_OEMESON += "-Dnobody-user=nobody \
- -Dnobody-group=nobody \
+ -Dnobody-group=nogroup \
-Drootlibdir=${rootlibdir} \
-Drootprefix=${rootprefix} \
-Ddefault-locale=C \
@@ -395,11 +395,13 @@
SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service"
USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
+ udev \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
"
GROUPADD_PARAM:${PN} = "-r systemd-journal;"
+GROUPADD_PARAM:udev = "-r render;-r sgx;"
GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
@@ -437,9 +439,9 @@
${rootlibexecdir}/systemd/systemd-binfmt \
${systemd_system_unitdir}/proc-sys-fs-binfmt_misc.* \
${systemd_system_unitdir}/systemd-binfmt.service"
-RRECOMMENDS:${PN}-binfmt = "kernel-module-binfmt-misc"
+RRECOMMENDS:${PN}-binfmt = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', 'kernel-module-binfmt-misc', '', d)}"
-RRECOMMENDS:${PN}-vconsole-setup = "kbd kbd-consolefonts kbd-keymaps"
+RRECOMMENDS:${PN}-vconsole-setup = "${@bb.utils.contains('PACKAGECONFIG', 'vconsole', 'kbd kbd-consolefonts kbd-keymaps', '', d)}"
FILES:${PN}-journal-gatewayd = "${rootlibexecdir}/systemd/systemd-journal-gatewayd \
@@ -518,6 +520,8 @@
${bindir}/systemd-path \
${bindir}/systemd-run \
${bindir}/systemd-cat \
+ ${bindir}/systemd-creds \
+ ${bindir}/systemd-cryptenroll \
${bindir}/systemd-delta \
${bindir}/systemd-cgls \
${bindir}/systemd-cgtop \
diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch b/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
deleted file mode 100644
index ad5e59d..0000000
--- a/poky/meta/recipes-core/zlib/zlib/0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Wed, 30 Mar 2022 11:14:53 -0700
-Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
-
-The previous releases of zlib were not sensitive to incorrect CRC
-inputs with bits set above the low 32. This commit restores that
-behavior, so that applications with such bugs will continue to
-operate as before.
-
-Upstream-Status: Backport [https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2]
-Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
----
- crc32.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/crc32.c b/crc32.c
-index a1bdce5..451887b 100644
---- a/crc32.c
-+++ b/crc32.c
-@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
- #endif /* DYNAMIC_CRC_TABLE */
-
- /* Pre-condition the CRC */
-- crc ^= 0xffffffff;
-+ crc = (~crc) & 0xffffffff;
-
- /* Compute the CRC up to a word boundary. */
- while (len && ((z_size_t)buf & 7) != 0) {
-@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
- #endif /* DYNAMIC_CRC_TABLE */
-
- /* Pre-condition the CRC */
-- crc ^= 0xffffffff;
-+ crc = (~crc) & 0xffffffff;
-
- #ifdef W
-
-@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
- #ifdef DYNAMIC_CRC_TABLE
- once(&made, make_crc_table);
- #endif /* DYNAMIC_CRC_TABLE */
-- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
-+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
- }
-
- /* ========================================================================= */
-@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
- uLong crc2;
- uLong op;
- {
-- return multmodp(op, crc1) ^ crc2;
-+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
- }
diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
deleted file mode 100644
index 96ab563..0000000
--- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001
-From: Mark Adler <fork@madler.net>
-Date: Sat, 30 Jul 2022 15:51:11 -0700
-Subject: [PATCH] Fix a bug when getting a gzip header extra field with inflate().
-
-If the extra field was larger than the space the user provided with
-inflateGetHeader(), and if multiple calls of inflate() delivered
-the extra header data, then there could be a buffer overflow of the
-provided space. This commit assures that provided space is not
-exceeded.
-
-CVE: CVE-2022-37434
-Upstream-Status: Backport [https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7be8c63..7a72897 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,9 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-+ len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
-- state->head->extra != Z_NULL) {
-- len = state->head->extra_len - state->length;
-+ state->head->extra != Z_NULL &&
-+ len < state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
---
-2.37.2
-
diff --git a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
deleted file mode 100644
index a0978c5..0000000
--- a/poky/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
-From: Mark Adler <fork@madler.net>
-Date: Mon, 8 Aug 2022 10:50:09 -0700
-Subject: [PATCH] Fix extra field processing bug that dereferences NULL
- state->head.
-
-The recent commit to fix a gzip header extra field processing bug
-introduced the new bug fixed here.
-
-CVE: CVE-2022-37434
-Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- inflate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/inflate.c b/inflate.c
-index 7a72897..2a3c4fe 100644
---- a/inflate.c
-+++ b/inflate.c
-@@ -763,10 +763,10 @@ int flush;
- copy = state->length;
- if (copy > have) copy = have;
- if (copy) {
-- len = state->head->extra_len - state->length;
- if (state->head != Z_NULL &&
- state->head->extra != Z_NULL &&
-- len < state->head->extra_max) {
-+ (len = state->head->extra_len - state->length) <
-+ state->head->extra_max) {
- zmemcpy(state->head->extra + len, next,
- len + copy > state->head->extra_max ?
- state->head->extra_max - len : copy);
---
-2.37.2
-
diff --git a/poky/meta/recipes-core/zlib/zlib/cc.patch b/poky/meta/recipes-core/zlib/zlib/cc.patch
deleted file mode 100644
index 8fb974d..0000000
--- a/poky/meta/recipes-core/zlib/zlib/cc.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 05796d3d8d5546cf1b4dfe2cd72ab746afae505d Mon Sep 17 00:00:00 2001
-From: Mark Adler <madler@alumni.caltech.edu>
-Date: Mon, 28 Mar 2022 18:34:10 -0700
-Subject: [PATCH] Fix configure issue that discarded provided CC definition.
-
----
- configure | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/configure b/configure
-index 52ff4a04e..3fa3e8618 100755
---- a/configure
-+++ b/configure
-@@ -174,7 +174,10 @@ if test -z "$CC"; then
- else
- cc=${CROSS_PREFIX}cc
- fi
-+else
-+ cc=${CC}
- fi
-+
- cflags=${CFLAGS-"-O3"}
- # to force the asm version use: CFLAGS="-O3 -DASMV" ./configure
- case "$cc" in
diff --git a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch b/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch
deleted file mode 100644
index 2863906..0000000
--- a/poky/meta/recipes-core/zlib/zlib/ldflags-tests.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Obey LDFLAGS for tests
-
-Upstream-Status: Submitted [https://github.com/madler/zlib/pull/409]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
---- zlib-1.2.8.orig/Makefile.in
-+++ zlib-1.2.8/Makefile.in
-@@ -26,7 +26,7 @@ CFLAGS=-O
-
- SFLAGS=-O
- LDFLAGS=
--TEST_LDFLAGS=-L. libz.a
-+TEST_LDFLAGS=-L. $(LDFLAGS)
- LDSHARED=$(CC)
- CPP=$(CC) -E
-
-@@ -176,22 +176,22 @@ placebo $(SHAREDLIBV): $(PIC_OBJS) libz.
- -@rmdir objs
-
- example$(EXE): example.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(STATICLIB)
-
- minigzip$(EXE): minigzip.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(STATICLIB)
-
- examplesh$(EXE): example.o $(SHAREDLIBV)
-- $(CC) $(CFLAGS) -o $@ example.o -L. $(SHAREDLIBV)
-+ $(CC) $(CFLAGS) -o $@ example.o $(TEST_LDFLAGS) $(SHAREDLIBV)
-
- minigzipsh$(EXE): minigzip.o $(SHAREDLIBV)
-- $(CC) $(CFLAGS) -o $@ minigzip.o -L. $(SHAREDLIBV)
-+ $(CC) $(CFLAGS) -o $@ minigzip.o $(TEST_LDFLAGS) $(SHAREDLIBV)
-
- example64$(EXE): example64.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ example64.o $(TEST_LDFLAGS) $(STATICLIB)
-
- minigzip64$(EXE): minigzip64.o $(STATICLIB)
-- $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ minigzip64.o $(TEST_LDFLAGS) $(STATICLIB)
-
- install-libs: $(LIBS)
- -@if [ ! -d $(DESTDIR)$(exec_prefix) ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi
diff --git a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb
similarity index 68%
rename from poky/meta/recipes-core/zlib/zlib_1.2.12.bb
rename to poky/meta/recipes-core/zlib/zlib_1.2.13.bb
index 2491cb9..ec977a3 100644
--- a/poky/meta/recipes-core/zlib/zlib_1.2.12.bb
+++ b/poky/meta/recipes-core/zlib/zlib_1.2.13.bb
@@ -8,17 +8,12 @@
# The source tarball needs to be .gz as only the .gz ends up in fossils/
SRC_URI = "https://zlib.net/${BP}.tar.gz \
- file://cc.patch \
- file://ldflags-tests.patch \
file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \
file://run-ptest \
- file://0001-Correct-incorrect-inputs-provided-to-the-CRC-functio.patch \
- file://0001-Fix-a-bug-when-getting-a-gzip-header-extra-field-wit.patch \
- file://0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch \
"
UPSTREAM_CHECK_URI = "http://zlib.net/"
-SRC_URI[sha256sum] = "91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9"
+SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30"
# When a new release is made the previous release is moved to fossils/, so add this
# to PREMIRRORS so it is also searched automatically.
@@ -30,9 +25,12 @@
inherit ptest
+B = "${WORKDIR}/build"
+
do_configure() {
- LDCONFIG=true ./configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU
+ LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU
}
+do_configure[cleandirs] += "${B}"
do_compile() {
oe_runmake shared
diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
index 4b9f804..ef85750 100644
--- a/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
+++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
@@ -38,8 +38,6 @@
# is considered stable, e.g. 1.0, 1.4, 1.8, 2.2, 2.6, etc. As there is no way
# to express 'divisible by 4 plus 2' in regex (that I know of), let's hardcode a few.
UPSTREAM_CHECK_REGEX = "[^\d\.](?P<pver>((2\.2)|(2\.6)|(3\.0)|(3\.4)|(3\.8)|(4\.2))(\.\d+)+)\.tar"
-# needs be marked as unknown until 2.6 is out
-UPSTREAM_VERSION_UNKNOWN = "1"
inherit cmake perlnative bash-completion useradd
@@ -126,6 +124,7 @@
do_install:append:class-nativesdk() {
customize_apt_conf_sample
+ rm -rf ${D}${localstatedir}/log
}
do_install:append:class-target() {
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc
index b040e57..419571d 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.39.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.39.inc
@@ -35,6 +35,7 @@
file://0014-CVE-2022-38128-1.patch \
file://0014-CVE-2022-38128-2.patch \
file://0014-CVE-2022-38128-3.patch \
+ file://0015-CVE-2022-4285.patch \
"
S = "${WORKDIR}/git"
# Already in 2.39 branch
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
index 4fe5520..9c825df 100644
--- a/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
+++ b/poky/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
@@ -65,7 +65,7 @@
info.path = NULL;
info.len = info.alloc = 0;
- tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf",
-+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf",
++ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
(const char *) NULL);
if (!ldelf_parse_ld_so_conf (&info, tmppath))
{
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
new file mode 100644
index 0000000..46ec0b1
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-4285.patch
@@ -0,0 +1,37 @@
+From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 19 Oct 2022 15:09:12 +0100
+Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
+ containing corrupt symbol version information.
+
+ PR 29699
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+ of the section header is zero.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verref;
+ }
+- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++ if (amt == 0)
++ goto error_return_verref;
++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verref == NULL)
+ goto error_return_verref;
+
+--
+2.31.1
+
diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch b/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch
deleted file mode 100644
index 88597cf..0000000
--- a/poky/meta/recipes-devtools/bootchart2/bootchart2/0001-bootchart2-support-usrmerge.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6d1a1ff2de363b1b76c8c70f77ae56a4e4d4b56 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 5 Sep 2019 18:37:31 +0800
-Subject: [PATCH] bootchart2: support usrmerge
-
-Upstream-Status: Inappropriate [oe-specific]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 1cc2974..f988904 100644
---- a/Makefile
-+++ b/Makefile
-@@ -36,7 +36,7 @@ endif
- PY_SITEDIR ?= $(PY_LIBDIR)/site-packages
- LIBC_A_PATH = /usr$(LIBDIR)
- # Always lib, even on systems that otherwise use lib64
--SYSTEMD_UNIT_DIR = $(EARLY_PREFIX)/lib/systemd/system
-+SYSTEMD_UNIT_DIR ?= $(EARLY_PREFIX)/lib/systemd/system
- COLLECTOR = \
- collector/collector.o \
- collector/output.o \
-@@ -99,7 +99,7 @@ install-chroot:
- install -d $(DESTDIR)$(PKGLIBDIR)/tmpfs
-
- install-collector: all install-chroot
-- install -m 755 -D bootchartd $(DESTDIR)$(EARLY_PREFIX)/sbin/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX)
-+ install -m 755 -D bootchartd $(DESTDIR)${BASE_SBINDIR}/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX)
- install -m 644 -D bootchartd.conf $(DESTDIR)/etc/$(PROGRAM_PREFIX)bootchartd$(PROGRAM_SUFFIX).conf
- install -m 755 -D bootchart-collector $(DESTDIR)$(PKGLIBDIR)/$(PROGRAM_PREFIX)bootchart$(PROGRAM_SUFFIX)-collector
-
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index b4d5b7c..297dbfb 100644
--- a/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/poky/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -93,7 +93,6 @@
SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \
file://bootchartd_stop.sh \
file://0001-collector-Allocate-space-on-heap-for-chunks.patch \
- file://0001-bootchart2-support-usrmerge.patch \
file://0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch \
file://0001-Do-not-include-linux-fs.h.patch \
"
@@ -120,12 +119,11 @@
INITSCRIPT_NAME = "bootchartd_stop.sh"
INITSCRIPT_PARAMS = "start 99 2 3 4 5 ."
-EXTRA_OEMAKE = 'BASE_SBINDIR="${base_sbindir}"'
-
do_compile:prepend () {
export PY_LIBDIR="${libdir}/${PYTHON_DIR}"
export BINDIR="${bindir}"
- export LIBDIR="${base_libdir}"
+ export LIBDIR="/${baselib}"
+ export EARLY_PREFIX="${root_prefix}"
}
do_install () {
@@ -133,9 +131,8 @@
export PY_LIBDIR="${libdir}/${PYTHON_DIR}"
export BINDIR="${bindir}"
export DESTDIR="${D}"
- export LIBDIR="${base_libdir}"
- export PKGLIBDIR="${base_libdir}/bootchart"
- export SYSTEMD_UNIT_DIR="${systemd_system_unitdir}"
+ export LIBDIR="/${baselib}"
+ export EARLY_PREFIX="${root_prefix}"
oe_runmake install NO_PYTHON_COMPILE=1
install -d ${D}${sysconfdir}/init.d
diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb
similarity index 98%
rename from poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb
rename to poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb
index 722a486..bcc87eb 100644
--- a/poky/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb
+++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.24.2.bb
@@ -32,6 +32,7 @@
-DCMAKE_USE_SYSTEM_LIBRARY_EXPAT=0 \
-DENABLE_ACL=0 -DHAVE_ACL_LIBACL_H=0 \
-DHAVE_SYS_ACL_H=0 \
+ -DCURL_LIBRARIES=-lcurl \
"
do_configure () {
diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc
index d64afff..1ede8ee 100644
--- a/poky/meta/recipes-devtools/cmake/cmake.inc
+++ b/poky/meta/recipes-devtools/cmake/cmake.inc
@@ -21,7 +21,7 @@
file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \
"
-SRC_URI[sha256sum] = "c2b61f7cdecb1576cad25f918a8f42b8685d88a832fd4b62b9e0fa32e915a658"
+SRC_URI[sha256sum] = "0d9020f06f3ddf17fb537dc228e1a56c927ee506b486f55fe2dc19f69bf0c8db"
UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb b/poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb
similarity index 100%
rename from poky/meta/recipes-devtools/cmake/cmake_3.24.0.bb
rename to poky/meta/recipes-devtools/cmake/cmake_3.24.2.bb
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch
new file mode 100644
index 0000000..a249eaf
--- /dev/null
+++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c/0001-include-rpm-rpmstring.h.patch
@@ -0,0 +1,27 @@
+From 8defe6aaf91613c3fcb540df65a94cd56d377367 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 13 Jan 2023 13:21:51 -0800
+Subject: [PATCH 1/2] include rpm/rpmstring.h
+
+Its needed for rasprintf declaration
+
+Fixes
+src/xml_file.c:341:36: error: call to undeclared functi
+on 'rasprintf'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/createrepo_c/pull/340]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/xml_file.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/xml_file.c
++++ b/src/xml_file.c
+@@ -19,6 +19,7 @@
+
+ #include <glib.h>
+ #include <glib/gstdio.h>
++#include <rpm/rpmstring.h>
+ #include <assert.h>
+ #include "xml_file.h"
+ #include <errno.h>
diff --git a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb
index d309bb8..053198c 100644
--- a/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb
+++ b/poky/meta/recipes-devtools/createrepo-c/createrepo-c_0.20.1.bb
@@ -6,6 +6,7 @@
SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
+ file://0001-include-rpm-rpmstring.h.patch \
"
SRCREV = "af14e164a3e4ab9dfaef1212e852b9ecebc326a2"
diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch
new file mode 100644
index 0000000..f358081
--- /dev/null
+++ b/poky/meta/recipes-devtools/fdisk/gptfdisk/0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch
@@ -0,0 +1,27 @@
+From c640d9011a8330ebaad501784fb0ee1ce5e7a5ef Mon Sep 17 00:00:00 2001
+From: Rod Smith <rodsmith@rodsbooks.com>
+Date: Sat, 16 Apr 2022 09:32:04 -0400
+Subject: [PATCH] Updated guid.cc to deal with minor change in libuuid
+
+Upstream-Status: Backport [https://sourceforge.net/p/gptfdisk/code/ci/6a8416cbd12d55f882bb751993b94f72d338d96f/]
+Signed-off-by: Peter Bergin <peter@berginkonsult.se>
+---
+ guid.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/guid.cc b/guid.cc
+index 1e73ab7..d3e4fd5 100644
+--- a/guid.cc
++++ b/guid.cc
+@@ -141,7 +141,7 @@ void GUIDData::Zero(void) {
+ void GUIDData::Randomize(void) {
+ int i, uuidGenerated = 0;
+
+-#ifdef _UUID_UUID_H
++#if defined (_UUID_UUID_H) || defined (_UL_LIBUUID_UUID_H)
+ uuid_generate(uuidData);
+ ReverseBytes(&uuidData[0], 4);
+ ReverseBytes(&uuidData[4], 2);
+--
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb
index e473b9c..2c093c2 100644
--- a/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb
+++ b/poky/meta/recipes-devtools/fdisk/gptfdisk_1.0.9.bb
@@ -9,6 +9,7 @@
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${PV}/${BP}.tar.gz \
file://0001-gptcurses-correctly-include-curses.h.patch \
+ file://0001-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch \
"
SRC_URI[sha256sum] = "dafead2693faeb8e8b97832b23407f6ed5b3219bc1784f482dd855774e2d50c2"
diff --git a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc
index aac4b49..03f520b 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-shared-source.inc
@@ -9,3 +9,13 @@
do_configure[depends] += "gcc-source-${PV}:do_preconfigure"
do_populate_lic[depends] += "gcc-source-${PV}:do_unpack"
+do_deploy_source_date_epoch[depends] += "gcc-source-${PV}:do_deploy_source_date_epoch"
+
+# Copy the SDE from the shared workdir to the recipe workdir
+do_deploy_source_date_epoch () {
+ sde_file=${SDE_FILE}
+ sde_file=${sde_file#${WORKDIR}/}
+ mkdir -p ${SDE_DEPLOYDIR} $(dirname ${SDE_FILE})
+ cp -p $(dirname ${S})/$sde_file ${SDE_DEPLOYDIR}
+ cp -p $(dirname ${S})/$sde_file ${SDE_FILE}
+}
diff --git a/poky/meta/recipes-devtools/gcc/gcc-source.inc b/poky/meta/recipes-devtools/gcc/gcc-source.inc
index 224b777..265bcf4 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-source.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-source.inc
@@ -17,6 +17,13 @@
INHIBIT_DEFAULT_DEPS = "1"
DEPENDS = ""
PACKAGES = ""
+TARGET_ARCH = "allarch"
+TARGET_AS_ARCH = "none"
+TARGET_CC_ARCH = "none"
+TARGET_LD_ARCH = "none"
+TARGET_OS = "linux"
+baselib = "lib"
+PACKAGE_ARCH = "all"
B = "${WORKDIR}/build"
@@ -25,8 +32,6 @@
import subprocess
cmd = d.expand('cd ${S} && PATH=${PATH} gnu-configize')
subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
- # See 0044-gengtypes.patch, we need to regenerate this file
- bb.utils.remove(d.expand("${S}/gcc/gengtype-lex.c"))
cmd = d.expand("sed -i 's/BUILD_INFO=info/BUILD_INFO=/' ${S}/gcc/configure")
subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
diff --git a/poky/meta/recipes-devtools/git/git_2.37.3.bb b/poky/meta/recipes-devtools/git/git_2.37.6.bb
similarity index 95%
rename from poky/meta/recipes-devtools/git/git_2.37.3.bb
rename to poky/meta/recipes-devtools/git/git_2.37.6.bb
index 2eed85e..302db21 100644
--- a/poky/meta/recipes-devtools/git/git_2.37.3.bb
+++ b/poky/meta/recipes-devtools/git/git_2.37.6.bb
@@ -31,6 +31,10 @@
# in mirrored git repos. Most OE users wouldn't build the docs and
# we don't see this as a major issue for our general users/usecases.
CVE_CHECK_IGNORE += "CVE-2022-24975"
+# This is specific to Git-for-Windows
+CVE_CHECK_IGNORE += "CVE-2022-41953"
+# specific to Git for Windows
+CVE_CHECK_IGNORE += "CVE-2023-22743"
PACKAGECONFIG ??= "expat curl"
PACKAGECONFIG[cvsserver] = ""
@@ -165,4 +169,4 @@
"
EXTRA_OEMAKE += "NO_GETTEXT=1"
-SRC_URI[tarball.sha256sum] = "181f65587155ea48c682f63135678ec53055adf1532428752912d356e46b64a8"
+SRC_URI[tarball.sha256sum] = "626e4c338f72b170e2b3afb1cb2161f6fbe4fb1d0749154f1ebfb5f0a57ec25f"
diff --git a/poky/meta/recipes-devtools/go/go-1.19.inc b/poky/meta/recipes-devtools/go/go-1.19.7.inc
similarity index 85%
rename from poky/meta/recipes-devtools/go/go-1.19.inc
rename to poky/meta/recipes-devtools/go/go-1.19.7.inc
index f733a80..7d76f34 100644
--- a/poky/meta/recipes-devtools/go/go-1.19.inc
+++ b/poky/meta/recipes-devtools/go/go-1.19.7.inc
@@ -14,6 +14,5 @@
file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://filter-build-paths.patch \
- file://stack-protector.patch \
"
-SRC_URI[main.sha256sum] = "9419cc70dc5a2523f29a77053cafff658ed21ef3561d9b6b020280ebceab28b9"
+SRC_URI[main.sha256sum] = "775bdf285ceaba940da8a2fe20122500efd7a0b65dbcee85247854a8d7402633"
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
similarity index 80%
rename from poky/meta/recipes-devtools/go/go-binary-native_1.19.bb
rename to poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
index ca424a6..0e2c8f1 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.19.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.19.7.bb
@@ -7,9 +7,10 @@
PROVIDES = "go-native"
+# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "464b6b66591f6cf055bc5df90a9750bf5fbc9d038722bb84a9d56a2bea974be6"
-SRC_URI[go_linux_arm64.sha256sum] = "efa97fac9574fc6ef6c9ff3e3758fb85f1439b046573bf434cccb5e012bd00c8"
+SRC_URI[go_linux_amd64.sha256sum] = "7a75720c9b066ae1750f6bcc7052aba70fa3813f4223199ee2a2315fd3eb533d"
+SRC_URI[go_linux_arm64.sha256sum] = "071ea7bf386fdd08df524859b878d99fc359e491e7ad65c1c1cc55b67972c882"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb b/poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-cross-canadian_1.19.bb
rename to poky/meta/recipes-devtools/go/go-cross-canadian_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-cross_1.19.bb b/poky/meta/recipes-devtools/go/go-cross_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-cross_1.19.bb
rename to poky/meta/recipes-devtools/go/go-cross_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk.inc b/poky/meta/recipes-devtools/go/go-crosssdk.inc
index cd23cca..7669386 100644
--- a/poky/meta/recipes-devtools/go/go-crosssdk.inc
+++ b/poky/meta/recipes-devtools/go/go-crosssdk.inc
@@ -4,6 +4,8 @@
PN = "go-crosssdk-${SDK_SYS}"
PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
+export GOCACHE = "${B}/.cache"
+
do_configure[noexec] = "1"
do_compile() {
diff --git a/poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb b/poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-crosssdk_1.19.bb
rename to poky/meta/recipes-devtools/go/go-crosssdk_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-native_1.19.bb b/poky/meta/recipes-devtools/go/go-native_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-native_1.19.bb
rename to poky/meta/recipes-devtools/go/go-native_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go-runtime_1.19.bb b/poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb
similarity index 100%
rename from poky/meta/recipes-devtools/go/go-runtime_1.19.bb
rename to poky/meta/recipes-devtools/go/go-runtime_1.19.7.bb
diff --git a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
index 8cbed93..43be5cd 100644
--- a/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
+++ b/poky/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -1,4 +1,4 @@
-From a3db4da51df37d163ff9e8c1e1057280c648c545 Mon Sep 17 00:00:00 2001
+From fb22e586871cc6be0b7041e86d2daceee06ea568 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 28 Mar 2022 10:59:03 -0700
Subject: [PATCH] cmd/go: make content-based hash generation less pedantic
@@ -32,13 +32,13 @@
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
-index 529351d..df791b0 100644
+index 81ee859..2db3898 100644
--- a/src/cmd/go/internal/envcmd/env.go
+++ b/src/cmd/go/internal/envcmd/env.go
@@ -176,7 +176,7 @@ func ExtraEnvVars() []cfg.EnvVar {
func ExtraEnvVarsCostly() []cfg.EnvVar {
- var b work.Builder
- b.Init()
+ b := work.NewBuilder("")
+
- cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{})
+ cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}, false)
if err != nil {
@@ -74,7 +74,7 @@
+ cppflags, cflags, cxxflags, fflags, ldflags, _ := b.CFlags(p, true)
- ccExe := b.ccExe()
-+ ccExe := filterCompilerFlags(b.ccExe())
++ ccExe := filterCompilerFlags(b.ccExe(), true)
fmt.Fprintf(h, "CC=%q %q %q %q\n", ccExe, cppflags, cflags, ldflags)
// Include the C compiler tool ID so that if the C
// compiler changes we rebuild the package.
@@ -83,7 +83,7 @@
}
if len(p.CXXFiles)+len(p.SwigCXXFiles) > 0 {
- cxxExe := b.cxxExe()
-+ cxxExe := filterCompilerFlags(b.cxxExe())
++ cxxExe := filterCompilerFlags(b.cxxExe(), true)
fmt.Fprintf(h, "CXX=%q %q\n", cxxExe, cxxflags)
if cxxID, err := b.gccToolID(cxxExe[0], "c++"); err == nil {
fmt.Fprintf(h, "CXX ID=%q\n", cxxID)
@@ -91,7 +91,7 @@
}
if len(p.FFiles) > 0 {
- fcExe := b.fcExe()
-+ fcExe := filterCompilerFlags(b.fcExe())
++ fcExe := filterCompilerFlags(b.fcExe(), true)
fmt.Fprintf(h, "FC=%q %q\n", fcExe, fflags)
if fcID, err := b.gccToolID(fcExe[0], "f95"); err == nil {
fmt.Fprintf(h, "FC ID=%q\n", fcID)
@@ -104,20 +104,22 @@
}
// Configuration specific to compiler toolchain.
-@@ -2705,8 +2707,23 @@ func envList(key, def string) []string {
+@@ -2705,8 +2707,25 @@ func envList(key, def string) []string {
return args
}
+var filterFlags = os.Getenv("CGO_PEDANTIC") == ""
+
-+func filterCompilerFlags(flags []string) []string {
++func filterCompilerFlags(flags []string, keepfirst bool) []string {
+ var newflags []string
++ var realkeepfirst bool = keepfirst
+ if !filterFlags {
+ return flags
+ }
+ for _, flag := range flags {
-+ if strings.HasPrefix(flag, "-m") {
++ if strings.HasPrefix(flag, "-m") || realkeepfirst {
+ newflags = append(newflags, flag)
++ realkeepfirst = false
+ }
+ }
+ return newflags
@@ -129,21 +131,21 @@
defaults := "-g -O2"
if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil {
-@@ -2724,6 +2741,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
+@@ -2724,6 +2743,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
if ldflags, err = buildFlags("LDFLAGS", defaults, p.CgoLDFLAGS, checkLinkerFlags); err != nil {
return
}
+ if filtered {
-+ cppflags = filterCompilerFlags(cppflags)
-+ cflags = filterCompilerFlags(cflags)
-+ cxxflags = filterCompilerFlags(cxxflags)
-+ fflags = filterCompilerFlags(fflags)
-+ ldflags = filterCompilerFlags(ldflags)
++ cppflags = filterCompilerFlags(cppflags, false)
++ cflags = filterCompilerFlags(cflags, false)
++ cxxflags = filterCompilerFlags(cxxflags, false)
++ fflags = filterCompilerFlags(fflags, false)
++ ldflags = filterCompilerFlags(ldflags, false)
+ }
return
}
-@@ -2739,7 +2763,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
+@@ -2739,7 +2765,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgofiles, gccfiles, gxxfiles, mfiles, ffiles []string) (outGo, outObj []string, err error) {
p := a.Package
@@ -152,7 +154,7 @@
if err != nil {
return nil, nil, err
}
-@@ -3246,7 +3270,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
+@@ -3246,7 +3272,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
// Run SWIG on one SWIG input file.
func (b *Builder) swigOne(a *Action, p *load.Package, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) {
diff --git a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch
index a1aa37c..280f911 100644
--- a/poky/meta/recipes-devtools/go/go/filter-build-paths.patch
+++ b/poky/meta/recipes-devtools/go/go/filter-build-paths.patch
@@ -8,7 +8,8 @@
location. This codepath is hit for statically linked go binaries such as those
on mips/ppc.
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/golang/go/pull/56410]
+
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
diff --git a/poky/meta/recipes-devtools/go/go/stack-protector.patch b/poky/meta/recipes-devtools/go/go/stack-protector.patch
deleted file mode 100644
index cc92a44..0000000
--- a/poky/meta/recipes-devtools/go/go/stack-protector.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c537b87782293fe222f2ef5eb1ae818092118e97 Mon Sep 17 00:00:00 2001
-From: Ian Lance Taylor <iant@golang.org>
-Date: Sun, 07 Aug 2022 19:21:15 -0700
-Subject: [PATCH] runtime/cgo: add -fno-stack-protector to CFLAGS
-
-Some compilers default to having -fstack-protector on, which breaks
-when using internal linking because the linker doesn't know how to
-find the support functions.
-
-Fixes #52919
-Fixes #54313
-
-Change-Id: I6f51d5e906503f61fc768ad8e30c163bad135087
-Upstream-Status: Submitted [https://github.com/golang/go/issues/54313]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
-
-diff --git a/src/runtime/cgo/cgo.go b/src/runtime/cgo/cgo.go
-index 298aa63..4b7046e 100644
---- a/src/runtime/cgo/cgo.go
-+++ b/src/runtime/cgo/cgo.go
-@@ -23,7 +23,9 @@
- #cgo solaris LDFLAGS: -lxnet
- #cgo solaris LDFLAGS: -lsocket
-
--#cgo CFLAGS: -Wall -Werror
-+// We use -fno-stack-protector because internal linking won't find
-+// the support functions. See issues #52919 and #54313.
-+#cgo CFLAGS: -Wall -Werror -fno-stack-protector
-
- #cgo solaris CPPFLAGS: -D_POSIX_PTHREAD_SEMANTICS
-
diff --git a/poky/meta/recipes-devtools/go/go_1.19.bb b/poky/meta/recipes-devtools/go/go_1.19.7.bb
similarity index 66%
rename from poky/meta/recipes-devtools/go/go_1.19.bb
rename to poky/meta/recipes-devtools/go/go_1.19.7.bb
index 9897767..587ee55 100644
--- a/poky/meta/recipes-devtools/go/go_1.19.bb
+++ b/poky/meta/recipes-devtools/go/go_1.19.7.bb
@@ -12,7 +12,7 @@
# mips/rv64 doesn't support -buildmode=pie, so skip the QA checking for mips/riscv32 and its
# variants.
python() {
- if 'mips' in d.getVar('TARGET_ARCH',True) or 'riscv32' in d.getVar('TARGET_ARCH',True):
- d.appendVar('INSANE_SKIP:%s' % d.getVar('PN',True), " textrel")
+ if 'mips' in d.getVar('TARGET_ARCH') or 'riscv32' in d.getVar('TARGET_ARCH'):
+ d.appendVar('INSANE_SKIP:%s' % d.getVar('PN'), " textrel")
}
diff --git a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb
similarity index 88%
rename from poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb
rename to poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb
index 62e1f67..75931a5 100644
--- a/poky/meta/recipes-devtools/help2man/help2man_1.49.2.bb
+++ b/poky/meta/recipes-devtools/help2man/help2man_1.49.3.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464"
SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "9e2e0e213a7e0a36244eed6204d902b6504602a578b6ecd15268b1454deadd36"
+SRC_URI[sha256sum] = "4d7e4fdef2eca6afe07a2682151cea78781e0a4e8f9622142d9f70c083a2fd4f"
inherit autotools
diff --git a/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
new file mode 100644
index 0000000..dd9ebc8
--- /dev/null
+++ b/poky/meta/recipes-devtools/libcomps/libcomps/0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch
@@ -0,0 +1,66 @@
+From 26a9647c832de15248ee649e5b77075521f3d4f0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Mar 2023 08:37:35 -0800
+Subject: [PATCH] libcomps: Use Py_hash_t instead of long in PyCOMPS_hash()
+
+This function is used as a hashfunc callback in
+_typeobject defined python3.11/cpython/object.h
+compilers detect the protype mismatch for function pointers
+with clang16+
+
+Fixes
+libcomps/src/python/src/pycomps_sequence.c:667:5: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (*)(PyObject *)' (aka 'long (*)(struct _object *)') [-Wincompatible-function-pointer-types]
+ &PyCOMPS_hash, /*tp_hash */
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/libcomps/pull/101]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ libcomps/src/python/src/pycomps_hash.c | 4 ++--
+ libcomps/src/python/src/pycomps_hash.h | 2 +-
+ libcomps/src/python/src/pycomps_utils.h | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libcomps/src/python/src/pycomps_hash.c b/libcomps/src/python/src/pycomps_hash.c
+index 474afd5..4577769 100644
+--- a/libcomps/src/python/src/pycomps_hash.c
++++ b/libcomps/src/python/src/pycomps_hash.c
+@@ -20,9 +20,9 @@
+ #include "pycomps_hash.h"
+ #include "pycomps_utils.h"
+
+-long PyCOMPS_hash(PyObject *self) {
++Py_hash_t PyCOMPS_hash(PyObject *self) {
+ char *cstr = NULL;
+- long crc;
++ Py_hash_t crc;
+
+ cstr = comps_object_tostr(((PyCompsObject*)self)->c_obj);
+ crc = crc32(0, cstr, strlen(cstr));
+diff --git a/libcomps/src/python/src/pycomps_hash.h b/libcomps/src/python/src/pycomps_hash.h
+index b664cae..54e08d9 100644
+--- a/libcomps/src/python/src/pycomps_hash.h
++++ b/libcomps/src/python/src/pycomps_hash.h
+@@ -26,6 +26,6 @@
+ #include "pycomps_utils.h"
+
+
+-long PyCOMPS_hash(PyObject *self);
++Py_hash_t PyCOMPS_hash(PyObject *self);
+
+ #endif
+diff --git a/libcomps/src/python/src/pycomps_utils.h b/libcomps/src/python/src/pycomps_utils.h
+index ba9bc2f..b34e4dc 100644
+--- a/libcomps/src/python/src/pycomps_utils.h
++++ b/libcomps/src/python/src/pycomps_utils.h
+@@ -137,7 +137,7 @@ COMPS_Object* __pycomps_bytes_in(PyObject *pobj);
+ PyObject* __pycomps_str_out(COMPS_Object *obj);
+ PyObject *str_to_unicode(void* str);
+
+-long PyCOMPS_hash(PyObject *self);
++Py_hash_t PyCOMPS_hash(PyObject *self);
+
+ PyObject* PyCOMPSSeq_extra_get(PyObject *self, PyObject *key);
+
+--
+2.39.2
+
diff --git a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
index fa1fbc8..f8063d9 100644
--- a/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
+++ b/poky/meta/recipes-devtools/libcomps/libcomps_0.1.19.bb
@@ -5,6 +5,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \
+ file://0001-libcomps-Use-Py_hash_t-instead-of-long-in-PyCOMPS_ha.patch \
file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch b/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch
deleted file mode 100644
index 6f8a3dc..0000000
--- a/poky/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 2f7382b35d59fe08034603497e82ffb943fedef1 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 30 Jun 2021 15:31:16 +0200
-Subject: [PATCH] libdnf/dnf-context.cpp: do not try to access BDB database
-
-Upstream-Status: Inappropriate [upstream needs to rework this to support
-sqlite]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- libdnf/dnf-context.cpp | 14 --------------
- 1 file changed, 14 deletions(-)
-
-diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp
-index 86f71a79..9cdcf769 100644
---- a/libdnf/dnf-context.cpp
-+++ b/libdnf/dnf-context.cpp
-@@ -2264,20 +2264,6 @@ dnf_context_setup(DnfContext *context,
- !dnf_context_set_os_release(context, error))
- return FALSE;
-
-- /* setup a file monitor on the rpmdb, if we're operating on the native / */
-- if (g_strcmp0(priv->install_root, "/") == 0) {
-- rpmdb_path = g_build_filename(priv->install_root, "var/lib/rpm/Packages", NULL);
-- file_rpmdb = g_file_new_for_path(rpmdb_path);
-- priv->monitor_rpmdb = g_file_monitor_file(file_rpmdb,
-- G_FILE_MONITOR_NONE,
-- NULL,
-- error);
-- if (priv->monitor_rpmdb == NULL)
-- return FALSE;
-- g_signal_connect(priv->monitor_rpmdb, "changed",
-- G_CALLBACK(dnf_context_rpmdb_changed_cb), context);
-- }
--
- /* copy any vendor distributed cached metadata */
- if (!dnf_context_copy_vendor_cache(context, error))
- return FALSE;
diff --git a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb
similarity index 92%
rename from poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb
rename to poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb
index da2550d..14d6a37 100644
--- a/poky/meta/recipes-devtools/libdnf/libdnf_0.69.0.bb
+++ b/poky/meta/recipes-devtools/libdnf/libdnf_0.70.0.bb
@@ -10,10 +10,9 @@
file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \
file://enable_test_data_dir_set.patch \
file://0001-drop-FindPythonInstDir.cmake.patch \
- file://0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch \
"
-SRCREV = "5c6d9cd6e5955e7038722f091396607c60fcbdd1"
+SRCREV = "93759bc5cac262906e52b6a173d7b157914ec29e"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/llvm/llvm/llvm-config b/poky/meta/recipes-devtools/llvm/llvm/llvm-config
index a45f38c..5e4ded2 100644
--- a/poky/meta/recipes-devtools/llvm/llvm/llvm-config
+++ b/poky/meta/recipes-devtools/llvm/llvm/llvm-config
@@ -29,6 +29,15 @@
--ldflags)
output="${output} ${LDFLAGS}"
;;
+ --shared-mode)
+ output="${output} shared"
+ ;;
+ --libs)
+ output="${output} -lLLVM"
+ ;;
+ --link-shared)
+ break
+ ;;
*)
remain="${remain} ${arg}"
;;
diff --git a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
index 0b2e754..a39d888 100644
--- a/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/poky/meta/recipes-devtools/lua/lua_5.4.4.bb
@@ -57,3 +57,6 @@
}
BBCLASSEXTEND = "native nativesdk"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}-dev:${includedir}/luaconf.h"
diff --git a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch b/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch
deleted file mode 100644
index 7aaed8b..0000000
--- a/poky/meta/recipes-devtools/meson/meson/disable-rpath-handling.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 18600f7a1cddf23aeabd188f86e66983f27ccfe3 Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Fri, 23 Nov 2018 15:28:28 +0000
-Subject: [PATCH] meson: Disable rpath stripping at install time
-
-We need to allow our rpaths generated through the compiler flags to make it into
-our binaries. Therefore disable the meson manipulations of these unless there
-is a specific directive to do something differently in the project.
-
-RP 2018/11/23
-
-Upstream-Status: Submitted [https://github.com/mesonbuild/meson/issues/2567]
----
- mesonbuild/minstall.py | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
-index 7d0da13..17d50db 100644
---- a/mesonbuild/minstall.py
-+++ b/mesonbuild/minstall.py
-@@ -718,8 +718,11 @@ class Installer:
- if file_copied:
- self.did_install_something = True
- try:
-- self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path,
-- install_name_mappings, verbose=False)
-+ if install_rpath:
-+ self.fix_rpath(outname, t.rpath_dirs_to_remove, install_rpath, final_path,
-+ install_name_mappings, verbose=False)
-+ else:
-+ print("RPATH changes at install time disabled")
- except SystemExit as e:
- if isinstance(e.code, int) and e.code == 0:
- pass
---
-2.20.1
-
diff --git a/poky/meta/recipes-devtools/meson/meson/meson-wrapper b/poky/meta/recipes-devtools/meson/meson/meson-wrapper
index c62007f..7455985 100755
--- a/poky/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/poky/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -5,7 +5,7 @@
fi
if [ -z "$SSL_CERT_DIR" ]; then
- export SSL_CERT_DIR="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/"
+ export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/etc/ssl/certs/"
fi
# If these are set to a cross-compile path, meson will get confused and try to
@@ -13,7 +13,19 @@
# config is already in meson.cross.
unset CC CXX CPP LD AR NM STRIP
+case "$1" in
+setup|configure|dist|install|introspect|init|test|wrap|subprojects|rewrite|compile|devenv|env2mfile|help) MESON_CMD="$1" ;;
+*) echo meson-wrapper: Implicit setup command assumed; MESON_CMD=setup ;;
+esac
+
+if [ "$MESON_CMD" = "setup" ]; then
+ MESON_SETUP_OPTS=" \
+ --cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \
+ --native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \
+ "
+ echo meson-wrapper: Running meson with setup options: \"$MESON_SETUP_OPTS\"
+fi
+
exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
- --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \
- --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \
- "$@"
+ "$@" \
+ $MESON_SETUP_OPTS
diff --git a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb
similarity index 97%
rename from poky/meta/recipes-devtools/meson/meson_0.63.2.bb
rename to poky/meta/recipes-devtools/meson/meson_0.63.3.bb
index 890faac..0d13448 100644
--- a/poky/meta/recipes-devtools/meson/meson_0.63.2.bb
+++ b/poky/meta/recipes-devtools/meson/meson_0.63.3.bb
@@ -12,13 +12,12 @@
file://meson-setup.py \
file://meson-wrapper \
file://0001-python-module-do-not-manipulate-the-environment-when.patch \
- file://disable-rpath-handling.patch \
file://0001-Make-CPU-family-warnings-fatal.patch \
file://0002-Support-building-allarch-recipes-again.patch \
file://0001-is_debianlike-always-return-False.patch \
file://0001-Check-for-clang-before-guessing-gcc-or-lcc.patch \
"
-SRC_URI[sha256sum] = "16222f17ef76be0542c91c07994f9676ae879f46fc21c0c786a21ef2cb518bbf"
+SRC_URI[sha256sum] = "519c0932e1a8b208741f0fdce90aa5c0b528dd297cf337009bf63539846ac056"
inherit python_setuptools_build_meta github-releases
diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch b/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch
deleted file mode 100644
index 73d4a84..0000000
--- a/poky/meta/recipes-devtools/mtd/mtd-utils/0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 6fb10bd18488ed84776675bc1b2982800a51d839 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 6 Aug 2022 20:14:38 -0700
-Subject: [mtd-utils][PATCH] tests: Remove unused linux/fs.h header from includes
-
-This header is not needed, moreover it includes linux/mount.h which is
-now in conflict[1] with glibc provided sys/mount.h from glibc 2.36 onwards
-
-[1] https://sourceware.org/glibc/wiki/Release/2.36
-
-Upstream-Status: Submitted [https://lists.infradead.org/pipermail/linux-mtd/2022-August/094667.html]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- tests/fs-tests/lib/tests.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/tests/fs-tests/lib/tests.c b/tests/fs-tests/lib/tests.c
-index d1a2e0c..3db0426 100644
---- a/tests/fs-tests/lib/tests.c
-+++ b/tests/fs-tests/lib/tests.c
-@@ -35,7 +35,6 @@
- #include <sys/vfs.h>
- #include <sys/mount.h>
- #include <sys/statvfs.h>
--#include <linux/fs.h>
- #include <linux/jffs2.h>
-
- #include "tests.h"
---
-2.37.1
-
diff --git a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 943666e..2d76991 100644
--- a/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/poky/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -11,12 +11,10 @@
DEPENDS = "zlib e2fsprogs util-linux"
RDEPENDS:mtd-utils-tests += "bash"
-PV = "2.1.4"
+PV = "2.1.5"
-SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c"
-SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \
- file://0001-tests-Remove-unused-linux-fs.h-header-from-includes.patch \
- "
+SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c"
+SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
index 8f46174..2d42fa5 100644
--- a/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
+++ b/poky/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
@@ -1,4 +1,4 @@
-From 3a05dc2c0acff1713dd44cef5e9f328f0706eb3e Mon Sep 17 00:00:00 2001
+From c496cad7b7a84e599f521f289648373df9fad80f Mon Sep 17 00:00:00 2001
From: Ed Bartosh <ed.bartosh@linux.intel.com>
Date: Tue, 13 Jun 2017 14:55:52 +0300
Subject: [PATCH] Disabled reading host configs.
@@ -12,10 +12,10 @@
1 file changed, 8 deletions(-)
diff --git a/config.c b/config.c
-index 630f99d..07dbf53 100644
+index 8c5fa83..346048b 100644
--- a/config.c
+++ b/config.c
-@@ -834,14 +834,6 @@ void read_config(void)
+@@ -843,14 +843,6 @@ void read_config(void)
memcpy(devices, const_devices,
nr_const_devices*sizeof(struct device));
diff --git a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb
similarity index 93%
rename from poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb
rename to poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb
index 200c7c7..29e7427 100644
--- a/poky/meta/recipes-devtools/mtools/mtools_4.0.40.bb
+++ b/poky/meta/recipes-devtools/mtools/mtools_4.0.41.bb
@@ -24,7 +24,7 @@
glibc-gconv-ibm866 \
glibc-gconv-ibm869 \
"
-SRC_URI[sha256sum] = "a22fca42354011dd2293a7f51f228b46ebbd802e7740b0975912afecb79d5df4"
+SRC_URI[sha256sum] = "2542152264fb3eff7ed70662abf4f4eef8133bc37d0b7a686c240df2b5f80a13"
SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \
file://mtools-makeinfo.patch \
diff --git a/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
new file mode 100644
index 0000000..f216950
--- /dev/null
+++ b/poky/meta/recipes-devtools/opkg/opkg/0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch
@@ -0,0 +1,34 @@
+From a658e6402382250f0164c5b47b744740e04f3611 Mon Sep 17 00:00:00 2001
+From: Charlie Johnston <charlie.johnston@ni.com>
+Date: Fri, 30 Dec 2022 15:21:14 -0600
+Subject: [PATCH] opkg-key: Remove --no-options flag from gpg calls.
+
+The opkg-key script was always passing the --no-options
+flag to gpg, which uses /dev/null as the options file.
+As a result, the opkg gpg.conf file was not getting
+used. This change removes that flag so that gpg.conf
+in the GPGHOMEDIR for opkg (currently /etc/opkg/gpg/)
+will be used if present.
+
+Upstream-Status: Accepted [https://git.yoctoproject.org/opkg/commit/?id=cee294e72d257417b5e55ef7a76a0fd15313e46b]
+Signed-off-by: Charlie Johnston <charlie.johnston@ni.com>
+---
+ utils/opkg-key | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/opkg-key b/utils/opkg-key
+index e395a59..8645ebc 100755
+--- a/utils/opkg-key
++++ b/utils/opkg-key
+@@ -53,7 +53,7 @@ else
+ exit 1
+ fi
+
+-GPG="$GPGCMD --no-options --homedir $GPGHOMEDIR"
++GPG="$GPGCMD --homedir $GPGHOMEDIR"
+
+ # Gpg home dir isn't created automatically when --homedir option is used
+ if [ ! -e "$GPGHOMEDIR" ]; then
+--
+2.30.2
+
diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
similarity index 85%
rename from poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb
rename to poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
index 4cd589c..712f066 100644
--- a/poky/meta/recipes-devtools/opkg/opkg_0.6.0.bb
+++ b/poky/meta/recipes-devtools/opkg/opkg_0.6.1.bb
@@ -15,10 +15,11 @@
SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
file://opkg.conf \
file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
+ file://0002-opkg-key-remove-no-options-flag-from-gpg-calls.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "56844722eff237daf14aa6e681436f3245213c5590ed0cda37a79df637ff3a4c"
+SRC_URI[sha256sum] = "e87fccb575c64d3ac0559444016a2795f12125986a0da896bab97c4a1a2f1b2a"
# This needs to be before ptest inherit, otherwise all ptest files end packaged
# in libopkg package if OPKGLIBDIR == libdir, because default
@@ -47,7 +48,9 @@
do_install:append () {
install -d ${D}${sysconfdir}/opkg
install -m 0644 ${WORKDIR}/opkg.conf ${D}${sysconfdir}/opkg/opkg.conf
- echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf
+ echo "option lists_dir ${OPKGLIBDIR}/opkg/lists" >>${D}${sysconfdir}/opkg/opkg.conf
+ echo "option info_dir ${OPKGLIBDIR}/opkg/info" >>${D}${sysconfdir}/opkg/opkg.conf
+ echo "option status_file ${OPKGLIBDIR}/opkg/status" >>${D}${sysconfdir}/opkg/opkg.conf
# We need to create the lock directory
install -d ${D}${OPKGLIBDIR}/opkg
diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb
similarity index 96%
rename from poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb
rename to poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb
index 453da89..ab0f371 100644
--- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.3.bb
+++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.9.4.bb
@@ -20,7 +20,7 @@
file://pkg-config-native.in \
file://pkg-config-esdk.in \
"
-SRC_URI[sha256sum] = "5fb355b487d54fb6d341e4f18d4e2f7e813a6622cf03a9e87affa6a40565699d"
+SRC_URI[sha256sum] = "daccf1bbe5a30d149b556c7d2ffffeafd76d7b514e249271abdd501533c1d8ae"
inherit autotools
diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb
similarity index 85%
rename from poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb
rename to poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb
index e3774ee..12acfee 100644
--- a/poky/meta/recipes-devtools/python/python3-mako_1.2.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-mako_1.2.3.bb
@@ -8,7 +8,7 @@
inherit pypi python_setuptools_build_meta
-SRC_URI[sha256sum] = "3724869b363ba630a272a5f89f68c070352137b8fd1757650017b7e06fda163f"
+SRC_URI[sha256sum] = "7fde96466fcfeedb0eed94f187f20b23d85e4cb41444be0e542e2c8c65c396cd"
RDEPENDS:${PN} = "${PYTHON_PN}-html \
${PYTHON_PN}-markupsafe \
diff --git a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb
index 373f7f3..9710242 100644
--- a/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-pytest_7.1.3.bb
@@ -26,7 +26,7 @@
${PYTHON_PN}-py \
${PYTHON_PN}-setuptools \
${PYTHON_PN}-six \
- ${PYTHON_PN}-toml \
+ ${PYTHON_PN}-tomli \
${PYTHON_PN}-wcwidth \
"
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
new file mode 100644
index 0000000..20a13da
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
@@ -0,0 +1,31 @@
+From 9e9f617a83f6593b476669030b0347d48e831c3f Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Mon, 9 Jan 2023 14:45:05 +0000
+Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes
+ #3659.
+
+CVE: CVE-2022-40897
+
+Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ setuptools/package_index.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 270e7f3..e93fcc6 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -197,7 +197,7 @@ def unique_values(func):
+ return wrapper
+
+
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
index 1a639ea..d7cbb99 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools_65.0.2.bb
@@ -9,7 +9,9 @@
SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
SRC_URI += "file://0001-change-shebang-to-python3.patch \
- file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
+ file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \
+ file://0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch \
+"
SRC_URI[sha256sum] = "101bf15ca723beef42c8db91a761f3748d4d697e17fae904db60c0b619d8d094"
diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
index 1f4c982..0ca687d 100644
--- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -56,7 +56,7 @@
try:
m = importlib.import_module(current_module)
# handle python packages which may not include all modules in the __init__
- if os.path.basename(m.__file__) == "__init__.py":
+ if hasattr(m, '__file__') and os.path.basename(m.__file__) == "__init__.py":
modulepath = os.path.dirname(m.__file__)
for i in os.listdir(modulepath):
if i.startswith("_") or not(i.endswith(".py")):
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index aa9e499..e297586 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -7,7 +7,7 @@
SRC_URI = "\
file://tunctl.c \
- file://qemu-oe-bridge-helper \
+ file://qemu-oe-bridge-helper.c \
"
S = "${WORKDIR}"
@@ -16,13 +16,13 @@
do_compile() {
${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl
+ ${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o qemu-oe-bridge-helper
}
do_install() {
install -d ${D}${bindir}
install tunctl ${D}${bindir}/
-
- install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/
+ install qemu-oe-bridge-helper ${D}${bindir}/
}
DEPENDS += "qemu-system-native"
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
deleted file mode 100755
index f057d4e..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
+++ /dev/null
@@ -1,25 +0,0 @@
-#! /bin/sh
-# Copyright 2020 Garmin Ltd. or its subsidiaries
-#
-# SPDX-License-Identifier: GPL-2.0
-#
-# Attempts to find and exec the host qemu-bridge-helper program
-
-# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it.
-if [ -n "$QEMU_BRIDGE_HELPER" ]; then
- exec "$QEMU_BRIDGE_HELPER" "$@"
-fi
-
-# Search common paths for the helper program
-BN="qemu-bridge-helper"
-PATHS="/usr/libexec/ /usr/lib/qemu/"
-
-for p in $PATHS; do
- if [ -e "$p/$BN" ]; then
- exec "$p/$BN" "$@"
- fi
-done
-
-echo "$BN not found!" > /dev/stderr
-exit 1
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
new file mode 100644
index 0000000..9434e1d
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2022 Garmin Ltd. or its subsidiaries
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ *
+ * Attempts to find and exec the host qemu-bridge-helper program
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+void try_program(char const* path, char** args) {
+ if (access(path, X_OK) == 0) {
+ execv(path, args);
+ }
+}
+
+int main(int argc, char** argv) {
+ char* var;
+
+ var = getenv("QEMU_BRIDGE_HELPER");
+ if (var && var[0] != '\0') {
+ execvp(var, argv);
+ return 1;
+ }
+
+ try_program("/usr/libexec/qemu-bridge-helper", argv);
+ try_program("/usr/lib/qemu/qemu-bridge-helper", argv);
+
+ fprintf(stderr, "No bridge helper found\n");
+ return 1;
+}
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 612abd2..f323797 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -29,6 +29,8 @@
file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \
file://0001-net-tulip-Restrict-DMA-engine-to-memories.patch \
file://arm-cpreg-fix.patch \
+ file://CVE-2022-3165.patch \
+ file://CVE-2022-4144.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -147,6 +149,7 @@
PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+"
PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
+PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng"
PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr,"
PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
PACKAGECONFIG[uring] = "--enable-linux-io-uring,--disable-linux-io-uring,liburing"
@@ -198,6 +201,7 @@
PACKAGECONFIG[vde] = "--enable-vde,--disable-vde"
PACKAGECONFIG[slirp] = "--enable-slirp=internal,--disable-slirp"
PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi"
+PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
INSANE_SKIP:${PN} = "arch"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
new file mode 100644
index 0000000..3b4a669
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2022-3165
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From d307040b18bfcb1393b910f1bae753d5c12a4dc7 Mon Sep 17 00:00:00 2001
+From: Mauro Matteo Cascella <mcascell@redhat.com>
+Date: Sun, 25 Sep 2022 22:45:11 +0200
+Subject: [PATCH] ui/vnc-clipboard: fix integer underflow in
+ vnc_client_cut_text_ext
+
+Extended ClientCutText messages start with a 4-byte header. If len < 4,
+an integer underflow occurs in vnc_client_cut_text_ext. The result is
+used to decompress data in a while loop in inflate_buffer, leading to
+CPU consumption and denial of service. Prevent this by checking dlen in
+protocol_client_msg.
+
+Fixes: CVE-2022-3165
+Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support")
+Reported-by: TangPeng <tangpeng@qianxin.com>
+Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Message-Id: <20220925204511.1103214-1-mcascell@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ ui/vnc.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/ui/vnc.c b/ui/vnc.c
+index 6a05d06147..acb3629cd8 100644
+--- a/ui/vnc.c
++++ b/ui/vnc.c
+@@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+ if (len == 1) {
+ return 8;
+ }
++ uint32_t dlen = abs(read_s32(data, 4));
+ if (len == 8) {
+- uint32_t dlen = abs(read_s32(data, 4));
+ if (dlen > (1 << 20)) {
+ error_report("vnc: client_cut_text msg payload has %u bytes"
+ " which exceeds our limit of 1MB.", dlen);
+@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+ }
+
+ if (read_s32(data, 4) < 0) {
+- vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
+- read_u32(data, 8), data + 12);
++ if (dlen < 4) {
++ error_report("vnc: malformed payload (header less than 4 bytes)"
++ " in extended clipboard pseudo-encoding.");
++ vnc_client_error(vs);
++ break;
++ }
++ vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
+ break;
+ }
+ vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
+--
+GitLab
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
new file mode 100644
index 0000000..96052a1
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
@@ -0,0 +1,99 @@
+From 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Mon, 28 Nov 2022 21:27:40 +0100
+Subject: [PATCH] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt
+ (CVE-2022-4144)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Have qxl_get_check_slot_offset() return false if the requested
+buffer size does not fit within the slot memory region.
+
+Similarly qxl_phys2virt() now returns NULL in such case, and
+qxl_dirty_one_surface() aborts.
+
+This avoids buffer overrun in the host pointer returned by
+memory_region_get_ram_ptr().
+
+Fixes: CVE-2022-4144 (out-of-bounds read)
+Reported-by: Wenxu Yin (@awxylitol)
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
+
+CVE: CVE-2022-4144
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622]
+Comments: Deleted patch hunk in qxl.h,as it contains change
+in comments which is not present in current version of qemu
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20221128202741.4945-5-philmd@linaro.org>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ hw/display/qxl.c | 27 +++++++++++++++++++++++----
+ 1 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/qxl.c b/hw/display/qxl.c
+index 231d733250..0b21626aad 100644
+--- a/hw/display/qxl.c
++++ b/hw/display/qxl.c
+@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d)
+
+ /* can be also called from spice server thread context */
+ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+- uint32_t *s, uint64_t *o)
++ uint32_t *s, uint64_t *o,
++ size_t size_requested)
+ {
+ uint64_t phys = le64_to_cpu(pqxl);
+ uint32_t slot = (phys >> (64 - 8)) & 0xff;
+ uint64_t offset = phys & 0xffffffffffff;
++ uint64_t size_available;
+
+ if (slot >= NUM_MEMSLOTS) {
+ qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
+@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ slot, offset, qxl->guest_slots[slot].size);
+ return false;
+ }
++ size_available = memory_region_size(qxl->guest_slots[slot].mr);
++ if (qxl->guest_slots[slot].offset + offset >= size_available) {
++ qxl_set_guest_bug(qxl,
++ "slot %d offset %"PRIu64" > region size %"PRIu64"\n",
++ slot, qxl->guest_slots[slot].offset + offset,
++ size_available);
++ return false;
++ }
++ size_available -= qxl->guest_slots[slot].offset + offset;
++ if (size_requested > size_available) {
++ qxl_set_guest_bug(qxl,
++ "slot %d offset %"PRIu64" size %zu: "
++ "overrun by %"PRIu64" bytes\n",
++ slot, offset, size_requested,
++ size_requested - size_available);
++ return false;
++ }
+
+ *s = slot;
+ *o = offset;
+@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
+ offset = le64_to_cpu(pqxl) & 0xffffffffffff;
+ return (void *)(intptr_t)offset;
+ case MEMSLOT_GROUP_GUEST:
+- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
++ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
+ return NULL;
+ }
+ ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
+@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ uint32_t slot;
+ bool rc;
+
+- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
+- assert(rc == true);
+ size = (uint64_t)height * abs(stride);
++ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size);
++ assert(rc == true);
+ trace_qxl_surfaces_dirty(qxl->id, offset, size);
+ qxl_set_dirty(qxl->guest_slots[slot].mr,
+ qxl->guest_slots[slot].offset + offset,
diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc
index 07611e6..fce8101 100644
--- a/poky/meta/recipes-devtools/quilt/quilt.inc
+++ b/poky/meta/recipes-devtools/quilt/quilt.inc
@@ -12,6 +12,8 @@
file://Makefile \
file://test.sh \
file://0001-tests-Allow-different-output-from-mv.patch \
+ file://fix-grep-3.8.patch \
+ file://faildiff-order.patch \
"
SRC_URI:append:class-target = " file://gnu_patch_test_fix_target.patch"
diff --git a/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch
new file mode 100644
index 0000000..f22065a
--- /dev/null
+++ b/poky/meta/recipes-devtools/quilt/quilt/faildiff-order.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4dfe7f9e702c85243a71e4de267a13e434b6d6c2 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Fri, 20 Jan 2023 12:56:08 +0100
+Subject: [PATCH] test: Fix a race condition
+
+The test suite does not differentiate between stdout and stderr. When
+messages are printed to both, the order in which they will reach us
+is apparently not guaranteed. Ideally this would be deterministic, but
+until then, explicitly test stdout and stderr separately in the test
+case itself. Otherwise the test suite fails randomly, which is a pain
+for distribution package maintainers.
+
+This fixes bug #63651 reported by Ross Burton:
+https://savannah.nongnu.org/bugs/index.php?63651
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+---
+ test/faildiff.test | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/test/faildiff.test b/test/faildiff.test
+index 5afb8e3..0444c15 100644
+--- a/test/faildiff.test
++++ b/test/faildiff.test
+@@ -27,8 +27,9 @@ What happens on binary files?
+ > File test.bin added to patch %{P}test.diff
+
+ $ printf "\\003\\000\\001" > test.bin
+- $ quilt diff -pab --no-index
++ $ quilt diff -pab --no-index 2>/dev/null
+ >~ (Files|Binary files) a/test\.bin and b/test\.bin differ
++ $ quilt diff -pab --no-index >/dev/null
+ > Diff failed on file 'test.bin', aborting
+ $ echo %{?}
+ > 1
+--
+2.34.1
+
diff --git a/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
new file mode 100644
index 0000000..68a4b4c
--- /dev/null
+++ b/poky/meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
@@ -0,0 +1,144 @@
+From f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Fri, 9 Sep 2022 10:10:37 +0200
+Subject: Avoid warnings with grep 3.8
+
+GNU grep version 3.8 became more strict about needless quoting in
+patterns. We have one occurrence of that in quilt, where "/"
+characters are being quoted by default. There are cases where they
+indeed need to be quoted (typically when used in a sed s/// command)
+but most of the time they do not, and this results in the following
+warning:
+
+grep: warning: stray \ before /
+
+So rename quote_bre() to quote_sed_re(), and introduce
+quote_grep_re() which does not quote "/".
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=f73f8d7f71de2878d3f92881a5fcb8eafd78cb5f]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ quilt/diff.in | 2 +-
+ quilt/patches.in | 2 +-
+ quilt/scripts/patchfns.in | 20 +++++++++++++-------
+ quilt/upgrade.in | 4 ++--
+ 4 files changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/quilt/diff.in b/quilt/diff.in
+index e90dc33..07788ff 100644
+--- a/quilt/diff.in
++++ b/quilt/diff.in
+@@ -255,7 +255,7 @@ then
+ # Add all files in the snapshot into the file list (they may all
+ # have changed).
+ files=( $(find $QUILT_PC/$snap_subdir -type f \
+- | sed -e "s/^$(quote_bre $QUILT_PC/$snap_subdir/)//" \
++ | sed -e "s/^$(quote_sed_re $QUILT_PC/$snap_subdir/)//" \
+ | sort) )
+ printf "%s\n" "${files[@]}" >&4
+ unset files
+diff --git a/quilt/patches.in b/quilt/patches.in
+index bb17a46..eac45a9 100644
+--- a/quilt/patches.in
++++ b/quilt/patches.in
+@@ -60,7 +60,7 @@ scan_unapplied()
+ # Quote each file name only once
+ for file in "${opt_files[@]}"
+ do
+- files_bre[${#files_bre[@]}]=$(quote_bre "$file")
++ files_bre[${#files_bre[@]}]=$(quote_grep_re "$file")
+ done
+
+ # "Or" all files in a single pattern
+diff --git a/quilt/scripts/patchfns.in b/quilt/scripts/patchfns.in
+index c2d5f9d..1bd7233 100644
+--- a/quilt/scripts/patchfns.in
++++ b/quilt/scripts/patchfns.in
+@@ -78,8 +78,14 @@ array_join()
+ done
+ }
+
+-# Quote a string for use in a basic regular expression.
+-quote_bre()
++# Quote a string for use in a regular expression for a grep pattern.
++quote_grep_re()
++{
++ echo "$1" | sed -e 's:\([][^$.*\\]\):\\\1:g'
++}
++
++# Quote a string for use in a regular expression for a sed s/// command.
++quote_sed_re()
+ {
+ echo "$1" | sed -e 's:\([][^$/.*\\]\):\\\1:g'
+ }
+@@ -215,7 +221,7 @@ patch_in_series()
+
+ if [ -e "$SERIES" ]
+ then
+- grep -q "^$(quote_bre $patch)\([ \t]\|$\)" "$SERIES"
++ grep -q "^$(quote_grep_re $patch)\([ \t]\|$\)" "$SERIES"
+ else
+ return 1
+ fi
+@@ -365,7 +371,7 @@ is_applied()
+ {
+ local patch=$1
+ [ -e $DB ] || return 1
+- grep -q "^$(quote_bre $patch)\$" $DB
++ grep -q "^$(quote_grep_re $patch)\$" $DB
+ }
+
+ applied_patches()
+@@ -465,7 +471,7 @@ remove_from_db()
+ local tmpfile
+ if tmpfile=$(gen_tempfile)
+ then
+- grep -v "^$(quote_bre $patch)\$" $DB > $tmpfile
++ grep -v "^$(quote_grep_re $patch)\$" $DB > $tmpfile
+ cat $tmpfile > $DB
+ rm -f $tmpfile
+ [ -s $DB ] || rm -f $DB
+@@ -520,7 +526,7 @@ find_patch()
+ fi
+
+ local patch=${1#$SUBDIR_DOWN$QUILT_PATCHES/}
+- local bre=$(quote_bre "$patch")
++ local bre=$(quote_sed_re "$patch")
+ set -- $(sed -e "/^$bre\(\|\.patch\|\.diff\?\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|\.lz\)\([ "$'\t'"]\|$\)/!d" \
+ -e 's/[ '$'\t''].*//' "$SERIES")
+ if [ $# -eq 1 ]
+@@ -631,7 +637,7 @@ files_in_patch()
+ then
+ find "$path" -type f \
+ -a ! -path "$(quote_glob "$path")/.timestamp" |
+- sed -e "s/$(quote_bre "$path")\///"
++ sed -e "s/$(quote_sed_re "$path")\///"
+ fi
+ }
+
+diff --git a/quilt/upgrade.in b/quilt/upgrade.in
+index dbf7d05..866aa33 100644
+--- a/quilt/upgrade.in
++++ b/quilt/upgrade.in
+@@ -74,7 +74,7 @@ printf $"Converting meta-data to version %s\n" "$DB_VERSION"
+
+ for patch in $(applied_patches)
+ do
+- proper_name="$(grep "^$(quote_bre $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)"
++ proper_name="$(grep "^$(quote_grep_re $patch)"'\(\|\.patch\|\.diff?\)\(\|\.gz\|\.bz2\)\([ \t]\|$\)' $SERIES)"
+ proper_name=${proper_name#$QUILT_PATCHES/}
+ proper_name=${proper_name%% *}
+ if [ -z "$proper_name" ]
+@@ -84,7 +84,7 @@ do
+ fi
+
+ if [ "$patch" != "$proper_name" -a -d $QUILT_PC/$patch ] \
+- && grep -q "^$(quote_bre $patch)\$" \
++ && grep -q "^$(quote_grep_re $patch)\$" \
+ $QUILT_PC/applied-patches
+ then
+ mv $QUILT_PC/$patch $QUILT_PC/$proper_name \
+--
+cgit v1.1
+
diff --git a/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
new file mode 100644
index 0000000..d0e6371
--- /dev/null
+++ b/poky/meta/recipes-devtools/rpm/files/0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch
@@ -0,0 +1,35 @@
+From 6ef189c45b763aedac5ef57ed6a5fc125fa95b41 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Mar 2023 09:54:48 -0800
+Subject: [PATCH] python: Use Py_hash_t instead of long in hdr_hash
+
+Fixes
+python/header-py.c:744:2: error: incompatible function pointer types initializing 'hashfunc' (aka 'int (*)(struct _object *)') with an expression of type 'long (PyObject *)' (aka 'long (struct _object *)') [-Wincompatible-function-pointer-types]
+| hdr_hash, /* tp_hash */
+| ^~~~~~~~
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2409]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ python/header-py.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/python/header-py.c b/python/header-py.c
+index 0aed0c9267..c15503f359 100644
+--- a/python/header-py.c
++++ b/python/header-py.c
+@@ -316,9 +316,9 @@ static PyObject * hdr_dsOfHeader(PyObject * s)
+ "(Oi)", s, RPMTAG_NEVR);
+ }
+
+-static long hdr_hash(PyObject * h)
++static Py_hash_t hdr_hash(PyObject * h)
+ {
+- return (long) h;
++ return (Py_hash_t) h;
+ }
+
+ static PyObject * hdr_reduce(hdrObject *s)
+--
+2.39.2
+
diff --git a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb
index 5f3986d..db83a8c 100644
--- a/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb
+++ b/poky/meta/recipes-devtools/rpm/rpm_4.18.0.bb
@@ -40,6 +40,7 @@
file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \
file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
file://fifofix.patch \
+ file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \
"
PE = "1"
diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc
deleted file mode 100644
index ebff5ef..0000000
--- a/poky/meta/recipes-devtools/ruby/ruby.inc
+++ /dev/null
@@ -1,39 +0,0 @@
-SUMMARY = "An interpreter of object-oriented scripting language"
-DESCRIPTION = "Ruby is an interpreted scripting language for quick \
-and easy object-oriented programming. It has many features to process \
-text files and to do system management tasks (as in Perl). \
-It is simple, straight-forward, and extensible. \
-"
-HOMEPAGE = "http://www.ruby-lang.org/"
-SECTION = "devel/ruby"
-LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \
- file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \
- file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \
- "
-
-DEPENDS = "zlib openssl libyaml gdbm readline libffi"
-DEPENDS:append:class-target = " ruby-native"
-
-SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
-SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
- file://0001-extmk-fix-cross-compilation-of-external-gems.patch \
- file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
- "
-UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
-
-inherit autotools ptest pkgconfig
-
-
-# This snippet lets compiled extensions which rely on external libraries,
-# such as zlib, compile properly. If we don't do this, then when extmk.rb
-# runs, it uses the native libraries instead of the target libraries, and so
-# none of the linking operations succeed -- which makes extconf.rb think
-# that the libraries aren't available and hence that the extension can't be
-# built.
-
-do_configure:prepend() {
- sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk
- rm -rf ${S}/ruby/
-}
diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
deleted file mode 100644
index 5d0f8fc..0000000
--- a/poky/meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 222203297966f312109e8eaa2520f2cf2f59c09d Mon Sep 17 00:00:00 2001
-From: Alan Wu <XrXr@users.noreply.github.com>
-Date: Thu, 31 Mar 2022 17:26:28 -0400
-Subject: [PATCH] Remove dependency on libcapstone
-
-We have received reports of build failures due to this configuration
-check modifying compile flags. Since only YJIT devs use this library
-we can remove it to make Ruby easier to build for users.
-
-See: https://github.com/rbenv/ruby-build/discussions/1933
-
-Upstream-Status: Backport
----
- configure.ac | 9 ---------
- 1 file changed, 9 deletions(-)
-
-Index: ruby-3.1.2/configure.ac
-===================================================================
---- ruby-3.1.2.orig/configure.ac
-+++ ruby-3.1.2/configure.ac
-@@ -1244,15 +1244,6 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linki
- AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
- AC_CHECK_LIB(socket, shutdown) # SunOS/Solaris
-
--if pkg-config --exists capstone; then
-- CAPSTONE_CFLAGS=`pkg-config --cflags capstone`
-- CAPSTONE_LIB_L=`pkg-config --libs-only-L capstone`
-- LDFLAGS="$LDFLAGS $CAPSTONE_LIB_L"
-- CFLAGS="$CFLAGS $CAPSTONE_CFLAGS"
--fi
--
--AC_CHECK_LIB(capstone, cs_open) # Capstone disassembler for debugging YJIT
--
- dnl Checks for header files.
- AC_HEADER_DIRENT
- dnl AC_HEADER_STDC has been checked in AC_USE_SYSTEM_EXTENSIONS
diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
similarity index 68%
rename from poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb
rename to poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 387bfa9..c8454da 100644
--- a/poky/meta/recipes-devtools/ruby/ruby_3.1.2.bb
+++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -1,8 +1,25 @@
-require ruby.inc
+SUMMARY = "An interpreter of object-oriented scripting language"
+DESCRIPTION = "Ruby is an interpreted scripting language for quick \
+and easy object-oriented programming. It has many features to process \
+text files and to do system management tasks (as in Perl). \
+It is simple, straight-forward, and extensible. \
+"
+HOMEPAGE = "http://www.ruby-lang.org/"
+SECTION = "devel/ruby"
+LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPL-2.0-only | ISC | MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5b8c87559868796979806100db3f3805 \
+ file://BSDL;md5=8b50bc6de8f586dc66790ba11d064d75 \
+ file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://LEGAL;md5=f260190bc1e92e363f0ee3c0463d4c7c \
+ "
-DEPENDS:append:libc-musl = " libucontext"
+DEPENDS = "zlib openssl libyaml gdbm readline libffi"
+DEPENDS:append:class-target = " ruby-native"
-SRC_URI += " \
+SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
+SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
+ file://0001-extmk-fix-cross-compilation-of-external-gems.patch \
+ file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
file://remove_has_include_macros.patch \
file://run-ptest \
file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
@@ -12,10 +29,27 @@
file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \
file://0006-Make-gemspecs-reproducible.patch \
file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
- file://0001-Remove-dependency-on-libcapstone.patch \
"
+UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
-SRC_URI[sha256sum] = "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e"
+inherit autotools ptest pkgconfig
+
+
+# This snippet lets compiled extensions which rely on external libraries,
+# such as zlib, compile properly. If we don't do this, then when extmk.rb
+# runs, it uses the native libraries instead of the target libraries, and so
+# none of the linking operations succeed -- which makes extconf.rb think
+# that the libraries aren't available and hence that the extension can't be
+# built.
+
+do_configure:prepend() {
+ sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk
+ rm -rf ${S}/ruby/
+}
+
+DEPENDS:append:libc-musl = " libucontext"
+
+SRC_URI[sha256sum] = "5ea498a35f4cd15875200a52dde42b6eb179e1264e17d78732c3a57cd1c6ab9e"
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
index 7f72f33..b6b81d5 100644
--- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
+++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
@@ -1,7 +1,7 @@
[Unit]
Description=Run pending postinsts
DefaultDependencies=no
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service
Before=sysinit.target
[Service]
diff --git a/poky/meta/recipes-devtools/rust/rust.inc b/poky/meta/recipes-devtools/rust/rust.inc
index 9563010..7d87e8e 100644
--- a/poky/meta/recipes-devtools/rust/rust.inc
+++ b/poky/meta/recipes-devtools/rust/rust.inc
@@ -72,7 +72,7 @@
config = configparser.RawConfigParser()
# [target.ARCH-poky-linux]
- host_section = "target.{}".format(d.getVar('RUST_HOST_SYS', True))
+ host_section = "target.{}".format(d.getVar('RUST_HOST_SYS'))
config.add_section(host_section)
llvm_config_target = d.expand("${RUST_ALTERNATE_EXE_PATH}")
@@ -87,7 +87,7 @@
# If we don't do this rust-native will compile it's own llvm for BUILD.
# [target.${BUILD_ARCH}-unknown-linux-gnu]
- build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS', True))
+ build_section = "target.{}".format(d.getVar('RUST_BUILD_SYS'))
if build_section != host_section:
config.add_section(build_section)
@@ -97,7 +97,7 @@
config.set(build_section, "cc", e(d.expand("${RUST_BUILD_CC}")))
config.set(build_section, "linker", e(d.expand("${RUST_BUILD_CCLD}")))
- target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS', True))
+ target_section = "target.{}".format(d.getVar('RUST_TARGET_SYS'))
if target_section != host_section and target_section != build_section:
config.add_section(target_section)
@@ -143,26 +143,26 @@
config.set("build", "vendor", e(True))
if not "targets" in locals():
- targets = [d.getVar("RUST_TARGET_SYS", True)]
+ targets = [d.getVar("RUST_TARGET_SYS")]
config.set("build", "target", e(targets))
if not "hosts" in locals():
- hosts = [d.getVar("RUST_HOST_SYS", True)]
+ hosts = [d.getVar("RUST_HOST_SYS")]
config.set("build", "host", e(hosts))
# We can't use BUILD_SYS since that is something the rust snapshot knows
# nothing about when trying to build some stage0 tools (like fabricate)
- config.set("build", "build", e(d.getVar("RUST_BUILD_SYS", True)))
+ config.set("build", "build", e(d.getVar("RUST_BUILD_SYS")))
# [install]
config.add_section("install")
# ./x.py install doesn't have any notion of "destdir"
# but we can prepend ${D} to all the directories instead
- config.set("install", "prefix", e(d.getVar("D", True) + d.getVar("prefix", True)))
- config.set("install", "bindir", e(d.getVar("D", True) + d.getVar("bindir", True)))
- config.set("install", "libdir", e(d.getVar("D", True) + d.getVar("libdir", True)))
- config.set("install", "datadir", e(d.getVar("D", True) + d.getVar("datadir", True)))
- config.set("install", "mandir", e(d.getVar("D", True) + d.getVar("mandir", True)))
+ config.set("install", "prefix", e(d.getVar("D") + d.getVar("prefix")))
+ config.set("install", "bindir", e(d.getVar("D") + d.getVar("bindir")))
+ config.set("install", "libdir", e(d.getVar("D") + d.getVar("libdir")))
+ config.set("install", "datadir", e(d.getVar("D") + d.getVar("datadir")))
+ config.set("install", "mandir", e(d.getVar("D") + d.getVar("mandir")))
with open("config.toml", "w") as f:
f.write('changelog-seen = 2\n\n')
diff --git a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch
index 7097bb9..31a76d9 100644
--- a/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch
+++ b/poky/meta/recipes-devtools/rust/rust/crossbeam_atomic.patch
@@ -14,7 +14,7 @@
and compare against the architecture/processor, or replace -unknown with a glob
to create a patch that upstream might accept.
-Upstream-Status: Inappropriate [OE Specific tweak but could be rewritten]
+Upstream-Status: Submitted [https://github.com/crossbeam-rs/crossbeam/pull/922]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Index: rustc-1.63.0-src/vendor/crossbeam-utils/build.rs
diff --git a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb
index 1f9dbd3..dbf74ce 100644
--- a/poky/meta/recipes-devtools/rust/rust_1.63.0.bb
+++ b/poky/meta/recipes-devtools/rust/rust_1.63.0.bb
@@ -57,7 +57,6 @@
}
EXTRA_TOOLS ?= "cargo-clippy clippy-driver rustfmt"
-EXTRA_TOOLS:remove:riscv32 = "rustfmt"
rust_do_install:class-target() {
export PSEUDO_UNLOAD=1
rust_runx install
diff --git a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch
index 44b2ce0..5a10c93 100644
--- a/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch
+++ b/poky/meta/recipes-devtools/tcltk/tcl/fix_non_native_build_issue.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [upstream does not support installed tests]
Index: unix/Makefile.in
===================================================================
diff --git a/poky/meta/recipes-devtools/vala/vala.inc b/poky/meta/recipes-devtools/vala/vala.inc
index 974baa3..162e99b 100644
--- a/poky/meta/recipes-devtools/vala/vala.inc
+++ b/poky/meta/recipes-devtools/vala/vala.inc
@@ -42,20 +42,23 @@
# Vapigen wrapper needs to be available system-wide, because it will be used
# to build vapi files from all other packages with vala support
do_install:append:class-target() {
- install -d ${D}${bindir}/
- install ${B}/vapigen-wrapper ${D}${bindir}/
+ install -d ${D}${bindir_crossscripts}/
+ install ${B}/vapigen-wrapper ${D}${bindir_crossscripts}/
}
# Put vapigen wrapper into target sysroot so that it can be used when building
# vapi files.
-SYSROOT_DIRS:append:class-target = " ${bindir}"
+SYSROOT_DIRS += "${bindir_crossscripts}"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}:${bindir}/vala-gen-introspect-0.56"
SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess"
vapigen_sysroot_preprocess() {
# Tweak the vapigen name in the vapigen pkgconfig file, so that it picks
# up our wrapper.
sed -i \
- -e "s|vapigen=.*|vapigen=${bindir}/vapigen-wrapper|" \
+ -e "s|vapigen=.*|vapigen=${bindir_crossscripts}/vapigen-wrapper|" \
${SYSROOT_DESTDIR}${libdir}/pkgconfig/vapigen-${SHRT_VER}.pc
}
@@ -64,5 +67,5 @@
PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess"
vala_package_preprocess () {
- sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir}/vapigen-wrapper
+ rm -rf ${PKGD}${bindir_crossscripts}
}
diff --git a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
index 887bfd2..432dcc9 100644
--- a/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
+++ b/poky/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
@@ -1,3 +1,4 @@
+drd/tests/boost_thread
gdbserver_tests/hgtls
cachegrind/tests/ann1
callgrind/tests/simwork1
diff --git a/poky/meta/recipes-extended/at/at_3.2.5.bb b/poky/meta/recipes-extended/at/at_3.2.5.bb
index 87a4361..c0c876a 100644
--- a/poky/meta/recipes-extended/at/at_3.2.5.bb
+++ b/poky/meta/recipes-extended/at/at_3.2.5.bb
@@ -52,8 +52,10 @@
SYSTEMD_SERVICE:${PN} = "atd.service"
-do_configure:prepend() {
- cp -f ${WORKDIR}/posixtm.[ch] ${S}
+do_patch[postfuncs] += "copy_posix_files"
+
+copy_posix_files() {
+ cp -f ${WORKDIR}/posixtm.[ch] ${S}
}
do_install () {
diff --git a/poky/meta/recipes-extended/bc/bc_1.07.1.bb b/poky/meta/recipes-extended/bc/bc_1.07.1.bb
index 1bec76b..5a03751 100644
--- a/poky/meta/recipes-extended/bc/bc_1.07.1.bb
+++ b/poky/meta/recipes-extended/bc/bc_1.07.1.bb
@@ -32,4 +32,4 @@
ALTERNATIVE:${PN} = "bc dc"
ALTERNATIVE_PRIORITY = "100"
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
new file mode 100644
index 0000000..4b96e43
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
@@ -0,0 +1,39 @@
+From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001
+From: Stefano Babic <sbabic@denx.de>
+Date: Fri, 28 Jul 2017 13:20:52 +0200
+Subject: [PATCH] Wrong CRC with ASCII CRC for large files
+
+Due to signedness, the checksum is not computed when filesize is bigger
+a 2GB.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html]
+Signed-off-by: Stefano Babic <sbabic@denx.de>
+---
+ src/copyout.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..727aeca 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -34,13 +34,13 @@
+ compute and return a checksum for them. */
+
+ static uint32_t
+-read_for_checksum (int in_file_des, int file_size, char *file_name)
++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name)
+ {
+ uint32_t crc;
+ char buf[BUFSIZ];
+- int bytes_left;
+- int bytes_read;
+- int i;
++ unsigned int bytes_left;
++ unsigned int bytes_read;
++ unsigned int i;
+
+ crc = 0;
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
index e72a114..dd35410 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
@@ -10,6 +10,7 @@
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \
file://CVE-2021-38185.patch \
+ file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \
"
SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810"
diff --git a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb
index 786940a..a3db6eb 100644
--- a/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb
+++ b/poky/meta/recipes-extended/cracklib/cracklib_2.9.8.bb
@@ -9,7 +9,7 @@
EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
-SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \
+SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \
file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
file://0002-craklib-fix-testnum-and-teststr-failed.patch \
"
diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc
index 9c920bb..da320b1 100644
--- a/poky/meta/recipes-extended/cups/cups.inc
+++ b/poky/meta/recipes-extended/cups/cups.inc
@@ -47,6 +47,7 @@
PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
+PACKAGECONFIG[webif] = "--enable-webif,--disable-webif"
EXTRA_OECONF = " \
--enable-dbus \
@@ -66,7 +67,7 @@
EXTRA_AUTORECONF += "--exclude=autoheader"
do_install () {
- oe_runmake "DESTDIR=${D}" install
+ oe_runmake "BUILDROOT=${D}" install
# Remove /var/run from package as cupsd will populate it on startup
rm -fr ${D}/${localstatedir}/run
@@ -74,7 +75,7 @@
rmdir ${D}/${libexecdir}/${BPN}/driver
# Fix the pam configuration file permissions
- if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
+ if ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then
chmod 0644 ${D}${sysconfdir}/pam.d/cups
fi
@@ -92,7 +93,7 @@
fi
}
-PACKAGES =+ "${PN}-lib ${PN}-libimage"
+PACKAGES =+ "${PN}-lib ${PN}-libimage ${PN}-webif"
RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}"
FILES:${PN} += "${libexecdir}/cups/"
@@ -101,13 +102,10 @@
FILES:${PN}-libimage = "${libdir}/libcupsimage.so.*"
-#package the html for the webgui inside the main packages (~1MB uncompressed)
+# put the html for the web interface into its own PACKAGE
+FILES:${PN}-webif += "${datadir}/doc/cups/ ${datadir}/icons/"
+RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'webif', '${PN}-webif', '', d)}"
-FILES:${PN} += "${datadir}/doc/cups/images \
- ${datadir}/doc/cups/*html \
- ${datadir}/doc/cups/*.css \
- ${datadir}/icons/ \
- "
CONFFILES:${PN} += "${sysconfdir}/cups/cupsd.conf"
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/cups-config"
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index aac1c43..8b88c30 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/poky/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From bd7fb8be2ae2d75347cf7733302d5093046ffa85 Mon Sep 17 00:00:00 2001
+From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -10,19 +10,21 @@
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
+
---
tests/Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 83a7c9d..04d51b5 100644
+index d98df82..757ea52 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,8 +21,10 @@ TESTS = \
+@@ -21,9 +21,11 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
+ timezone \
colors
+# Skipping this test since it requires valgrind
+# and thus is too heavy for diffutils package
@@ -30,6 +32,3 @@
XFAIL_TESTS = large-subopt
---
-2.21.0
-
diff --git a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch b/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
deleted file mode 100644
index 4928e1e..0000000
--- a/poky/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From f385ad6639380eb6dfa8b8eb4a5ba65dd12db744 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 25 Mar 2022 13:43:19 -0700
-Subject: [PATCH] mcontext is not a standard layout so glibc and musl differ
-
-This is already applied to libsigsegv upstream, hopefully next version
-of grep will update its internal copy and we can drop this patch
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=libsigsegv.git;a=commitdiff;h=a6ff69873110c0a8ba6f7fd90532dbc11224828c]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- lib/sigsegv.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/sigsegv.c b/lib/sigsegv.c
-index 998c827..b6f4841 100644
---- a/lib/sigsegv.c
-+++ b/lib/sigsegv.c
-@@ -219,8 +219,8 @@ int libsigsegv_version = LIBSIGSEGV_VERSION;
- # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gp_regs[1]
- # else /* 32-bit */
- /* both should be equivalent */
--# if 0
--# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1]
-+# if ! defined __GLIBC__
-+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_regs->gregs[1]
- # else
- # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1]
- # endif
---
-2.35.1
-
diff --git a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
similarity index 88%
rename from poky/meta/recipes-extended/diffutils/diffutils_3.8.bb
rename to poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
index 8889c83..2bb9e6f 100644
--- a/poky/meta/recipes-extended/diffutils/diffutils_3.8.bb
+++ b/poky/meta/recipes-extended/diffutils/diffutils_3.9.bb
@@ -6,10 +6,9 @@
SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://run-ptest \
file://0001-Skip-strip-trailing-cr-test-case.patch \
- file://0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch \
"
-SRC_URI[sha256sum] = "a6bdd7d1b31266d11c4f4de6c1b748d4607ab0231af5188fc2533d0ae2438fec"
+SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
diff --git a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch
index 9105da6..c3cfc7c 100644
--- a/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch
+++ b/poky/meta/recipes-extended/groff/files/0001-Make-manpages-mulitlib-identical.patch
@@ -3,7 +3,7 @@
Date: Sat, 7 Mar 2020 00:59:13 +0000
Subject: [PATCH] Make manpages mulitlib identical
-Upstream-Status: Pending
+Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com]
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
---
Makefile.am | 2 +-
diff --git a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
index eda6a40..b028fa2 100644
--- a/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
+++ b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
@@ -15,7 +15,7 @@
So replace "perl -w" with "use warnings" to make it work.
-Upstream-Status: Pending
+Upstream-Status: Submitted [by email to g.branden.robinson@gmail.com]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
diff --git a/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch
new file mode 100644
index 0000000..20f9d89
--- /dev/null
+++ b/poky/meta/recipes-extended/less/files/CVE-2022-46663.patch
@@ -0,0 +1,28 @@
+CVE: CVE-2022-46663
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49ae..cba7bdd1 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ /* Hyperlink ends with \7 or ESC-backslash. */
+ if (ch == '\7')
+ return ANSI_END;
+- if (pansi->prev_esc && ch == '\\')
+- return ANSI_END;
++ if (pansi->prev_esc)
++ return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ pansi->prev_esc = (ch == ESC);
+ return ANSI_MID;
+ }
diff --git a/poky/meta/recipes-extended/less/less_608.bb b/poky/meta/recipes-extended/less/less_608.bb
index f411a8f..f907a81 100644
--- a/poky/meta/recipes-extended/less/less_608.bb
+++ b/poky/meta/recipes-extended/less/less_608.bb
@@ -26,6 +26,7 @@
DEPENDS = "ncurses"
SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+ file://CVE-2022-46663.patch \
"
SRC_URI[sha256sum] = "a69abe2e0a126777e021d3b73aa3222e1b261f10e64624d41ec079685a6ac209"
diff --git a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch b/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch
deleted file mode 100644
index 0d21799..0000000
--- a/poky/meta/recipes-extended/libarchive/libarchive/0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 25 Jul 2022 10:56:53 -0700
-Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is
- present
-
-These headers are in conflict and only one is needed by
-archive_read_disk_posix.c therefore include linux/fs.h if it exists
-otherwise include sys/mount.h
-
-It also helps compiling with glibc 2.36
-where sys/mount.h conflicts with linux/mount.h see [1]
-
-[1] https://sourceware.org/glibc/wiki/Release/2.36
-
-Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/1761]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libarchive/archive_read_disk_posix.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c
-index 2b39e672..a96008db 100644
---- a/libarchive/archive_read_disk_posix.c
-+++ b/libarchive/archive_read_disk_posix.c
-@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$");
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
- #endif
--#ifdef HAVE_SYS_MOUNT_H
--#include <sys/mount.h>
--#endif
- #ifdef HAVE_SYS_STAT_H
- #include <sys/stat.h>
- #endif
-@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$");
- #endif
- #ifdef HAVE_LINUX_FS_H
- #include <linux/fs.h>
-+#elif HAVE_SYS_MOUNT_H
-+#include <sys/mount.h>
- #endif
- /*
- * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
---
-2.25.1
-
diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
similarity index 90%
rename from poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
rename to poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 24d7918..f447035 100644
--- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
+++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -30,14 +30,12 @@
PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
-EXTRA_OECONF += "--enable-largefile"
+EXTRA_OECONF += "--enable-largefile --without-iconv"
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
- file://0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch \
- "
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
-SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2"
+SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3"
inherit autotools update-alternatives pkgconfig
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
index 8c6c207..f55e0b0 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
@@ -22,7 +22,7 @@
EXTRA_OECONF = "--disable-gssapi"
do_install:append() {
- chown root:root ${D}${sysconfdir}/netconfig
+ test -e ${D}${sysconfdir}/netconfig && chown root:root ${D}${sysconfdir}/netconfig
}
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
deleted file mode 100644
index 284a5a3..0000000
--- a/poky/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-CVE: CVE-2022-41556
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <gstrauss@gluelogic.com>
-Date: Sun, 11 Sep 2022 22:31:34 -0400
-Subject: [PATCH] [core] handle RDHUP when collecting chunked body
-
-handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
-request body (and when not streaming request body to backend)
-
-x-ref:
- https://github.com/lighttpd/lighttpd1.4/pull/115
----
- src/gw_backend.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gw_backend.c b/src/gw_backend.c
-index df9d8217..5db56287 100644
---- a/src/gw_backend.c
-+++ b/src/gw_backend.c
-@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
- * and module is flagged to stream request body to backend) */
- return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
- ? http_response_reqbody_read_error(r, 411)
-- : HANDLER_WAIT_FOR_EVENT;
-+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
- }
-
- if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
similarity index 96%
rename from poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
rename to poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
index 7897810..838881f 100644
--- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
+++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.67.bb
@@ -14,13 +14,12 @@
lighttpd-module-accesslog"
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
- file://CVE-2022-41556.patch \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \
"
-SRC_URI[sha256sum] = "47ac6e60271aa0196e65472d02d019556dc7c6d09df3b65df2c1ab6866348e3b"
+SRC_URI[sha256sum] = "7e04d767f51a8d824b32e2483ef2950982920d427d1272ef4667f49d6f89f358"
DEPENDS = "virtual/crypt"
diff --git a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb
index f380de0..f59fe00 100644
--- a/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb
+++ b/poky/meta/recipes-extended/lsof/lsof_4.95.0.bb
@@ -19,6 +19,15 @@
S = "${WORKDIR}/git"
+
+inherit update-alternatives
+
+ALTERNATIVE:${PN} = "lsof"
+ALTERNATIVE_LINK_NAME[lsof] = "${sbindir}/lsof"
+# Make our priority higher than busybox
+ALTERNATIVE_PRIORITY = "100"
+
+
export LSOF_INCLUDE = "${STAGING_INCDIR}"
do_configure () {
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch
new file mode 100644
index 0000000..186d1e7
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-mdadm-Fix-optional-write-behind-parameter.patch
@@ -0,0 +1,45 @@
+From 41edf6f45895193f4a523cb0a08d639c9ff9ccc9 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:12 -0600
+Subject: [PATCH] mdadm: Fix optional --write-behind parameter
+
+The commit noted below changed the behaviour of --write-behind to
+require an argument. This broke the 06wrmostly test with the error:
+
+ mdadm: Invalid value for maximum outstanding write-behind writes: (null).
+ Must be between 0 and 16383.
+
+To fix this, check if optarg is NULL before parising it, as the origial
+code did.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=41edf6f45895193f4a523cb0a08d639c9ff9ccc9]
+
+Fixes: 60815698c0ac ("Refactor parse_num and use it to parse optarg.")
+Cc: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ mdadm.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/mdadm.c b/mdadm.c
+index d0c5e6de..56722ed9 100644
+--- a/mdadm.c
++++ b/mdadm.c
+@@ -1201,8 +1201,9 @@ int main(int argc, char *argv[])
+ case O(BUILD, WriteBehind):
+ case O(CREATE, WriteBehind):
+ s.write_behind = DEFAULT_MAX_WRITE_BEHIND;
+- if (parse_num(&s.write_behind, optarg) != 0 ||
+- s.write_behind < 0 || s.write_behind > 16383) {
++ if (optarg &&
++ (parse_num(&s.write_behind, optarg) != 0 ||
++ s.write_behind < 0 || s.write_behind > 16383)) {
+ pr_err("Invalid value for maximum outstanding write-behind writes: %s.\n\tMust be between 0 and 16383.\n",
+ optarg);
+ exit(2);
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch
new file mode 100644
index 0000000..1c95834
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch
@@ -0,0 +1,41 @@
+From 7539254342bc591717b0051734cc6c09c1b88640 Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:13 -0600
+Subject: [PATCH] tests/00raid0: add a test that validates raid0 with layout
+ fails for 0.9
+
+329dfc28debb disallows the creation of raid0 with layouts for 0.9
+metadata. This test confirms the new behavior.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7539254342bc591717b0051734cc6c09c1b88640]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/00raid0 | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/tests/00raid0 b/tests/00raid0
+index 8bc18985..e6b21cc4 100644
+--- a/tests/00raid0
++++ b/tests/00raid0
+@@ -6,11 +6,9 @@ check raid0
+ testdev $md0 3 $mdsize2_l 512
+ mdadm -S $md0
+
+-# now with version-0.90 superblock
++# verify raid0 with layouts fail for 0.90
+ mdadm -CR $md0 -e0.90 -l0 -n4 $dev0 $dev1 $dev2 $dev3
+-check raid0
+-testdev $md0 4 $mdsize0 512
+-mdadm -S $md0
++check opposite_result
+
+ # now with no superblock
+ mdadm -B $md0 -l0 -n5 $dev0 $dev1 $dev2 $dev3 $dev4
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch
new file mode 100644
index 0000000..c621c08
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch
@@ -0,0 +1,39 @@
+From 39b381252c32275079344d30de18b76fda4bba26 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 27 Jul 2022 15:52:45 -0600
+Subject: [PATCH] tests/00readonly: Run udevadm settle before setting ro
+
+In some recent kernel versions, 00readonly fails with:
+
+ mdadm: failed to set readonly for /dev/md0: Device or resource busy
+ ERROR: array is not read-only!
+
+This was traced down to a race condition with udev holding a reference
+to the block device at the same time as trying to set it read only.
+
+To fix this, call udevadm settle before setting the array read only.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=39b381252c32275079344d30de18b76fda4bba26]
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jsorensen@fb.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/00readonly | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/00readonly b/tests/00readonly
+index 39202487..afe243b3 100644
+--- a/tests/00readonly
++++ b/tests/00readonly
+@@ -12,6 +12,7 @@ do
+ $dev1 $dev2 $dev3 $dev4 --assume-clean
+ check nosync
+ check $level
++ udevadm settle
+ mdadm -ro $md0
+ check readonly
+ state=$(cat /sys/block/md0/md/array_state)
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch
new file mode 100644
index 0000000..1a7104b
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch
@@ -0,0 +1,33 @@
+From a2c832465fc75202e244327b2081231dfa974617 Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:16 -0600
+Subject: [PATCH] tests/02lineargrow: clear the superblock at every iteration
+
+This fixes 02lineargrow test as prior metadata causes --add operation
+to misbehave.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=a2c832465fc75202e244327b2081231dfa974617]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/02lineargrow | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/02lineargrow b/tests/02lineargrow
+index e05c219d..595bf9f2 100644
+--- a/tests/02lineargrow
++++ b/tests/02lineargrow
+@@ -20,4 +20,6 @@ do
+ testdev $md0 3 $sz 1
+
+ mdadm -S $md0
++ mdadm --zero /dev/loop2
++ mdadm --zero /dev/loop3
+ done
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch
new file mode 100644
index 0000000..9098fb2
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch
@@ -0,0 +1,41 @@
+From de045db607b1ac4b70fc2a8878463e029c2ab1dc Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:15 -0600
+Subject: [PATCH] tests/04update-metadata: avoid passing chunk size to raid1
+
+'04update-metadata' test fails with error, "specifying chunk size is
+forbidden for this level" added by commit, 5b30a34aa4b5e. Hence,
+correcting the test to ignore passing chunk size to raid1.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=de045db607b1ac4b70fc2a8878463e029c2ab1dc]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+[logang@deltatee.com: fix if/then style and dropped unrelated hunk]
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/04update-metadata | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tests/04update-metadata b/tests/04update-metadata
+index 08c14af7..2b72a303 100644
+--- a/tests/04update-metadata
++++ b/tests/04update-metadata
+@@ -11,7 +11,11 @@ dlist="$dev0 $dev1 $dev2 $dev3"
+ for ls in linear/4 raid1/1 raid5/3 raid6/2
+ do
+ s=${ls#*/} l=${ls%/*}
+- mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist
++ if [[ $l == 'raid1' ]]; then
++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 $dlist
++ else
++ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist
++ fi
+ testdev $md0 $s 19904 64
+ mdadm -S $md0
+ mdadm -A $md0 --update=metadata $dlist
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch
new file mode 100644
index 0000000..d2e7d8e
--- /dev/null
+++ b/poky/meta/recipes-extended/mdadm/files/0001-tests-fix-raid0-tests-for-0.90-metadata.patch
@@ -0,0 +1,102 @@
+From 14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7 Mon Sep 17 00:00:00 2001
+From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Date: Wed, 22 Jun 2022 14:25:14 -0600
+Subject: [PATCH] tests: fix raid0 tests for 0.90 metadata
+
+Some of the test cases fail because raid0 creation fails with the error,
+"0.90 metadata does not support layouts for RAID0" added by commit,
+329dfc28debb. Fix some of the test cases by switching from raid0 to
+linear level for 0.9 metadata where possible.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=14c2161edb77d7294199e8aa7daa9f9d1d0ad5d7]
+
+Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
+Signed-off-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ tests/00raid0 | 4 ++--
+ tests/00readonly | 4 ++++
+ tests/03r0assem | 6 +++---
+ tests/04r0update | 4 ++--
+ tests/04update-metadata | 2 +-
+ 5 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/tests/00raid0 b/tests/00raid0
+index e6b21cc4..9b8896cb 100644
+--- a/tests/00raid0
++++ b/tests/00raid0
+@@ -20,8 +20,8 @@ mdadm -S $md0
+ # now same again with different chunk size
+ for chunk in 4 32 256
+ do
+- mdadm -CR $md0 -e0.90 -l raid0 --chunk $chunk -n3 $dev0 $dev1 $dev2
+- check raid0
++ mdadm -CR $md0 -e0.90 -l linear --chunk $chunk -n3 $dev0 $dev1 $dev2
++ check linear
+ testdev $md0 3 $mdsize0 $chunk
+ mdadm -S $md0
+
+diff --git a/tests/00readonly b/tests/00readonly
+index 28b0fa13..39202487 100644
+--- a/tests/00readonly
++++ b/tests/00readonly
+@@ -4,6 +4,10 @@ for metadata in 0.9 1.0 1.1 1.2
+ do
+ for level in linear raid0 raid1 raid4 raid5 raid6 raid10
+ do
++ if [[ $metadata == "0.9" && $level == "raid0" ]];
++ then
++ continue
++ fi
+ mdadm -CR $md0 -l $level -n 4 --metadata=$metadata \
+ $dev1 $dev2 $dev3 $dev4 --assume-clean
+ check nosync
+diff --git a/tests/03r0assem b/tests/03r0assem
+index 6744e322..44df0645 100644
+--- a/tests/03r0assem
++++ b/tests/03r0assem
+@@ -68,9 +68,9 @@ mdadm -S $md2
+ ### Now for version 0...
+
+ mdadm --zero-superblock $dev0 $dev1 $dev2
+-mdadm -CR $md2 -l0 --metadata=0.90 -n3 $dev0 $dev1 $dev2
+-check raid0
+-tst="testdev $md2 3 $mdsize0 512"
++mdadm -CR $md2 -llinear --metadata=0.90 -n3 $dev0 $dev1 $dev2
++check linear
++tst="testdev $md2 3 $mdsize0 1"
+ $tst
+
+ uuid=`mdadm -Db $md2 | sed 's/.*UUID=//'`
+diff --git a/tests/04r0update b/tests/04r0update
+index 73ee3b9f..b95efb06 100644
+--- a/tests/04r0update
++++ b/tests/04r0update
+@@ -1,7 +1,7 @@
+
+ # create a raid0, re-assemble with a different super-minor
+-mdadm -CR -e 0.90 $md0 -l0 -n3 $dev0 $dev1 $dev2
+-testdev $md0 3 $mdsize0 512
++mdadm -CR -e 0.90 $md0 -llinear -n3 $dev0 $dev1 $dev2
++testdev $md0 3 $mdsize0 1
+ minor1=`mdadm -E $dev0 | sed -n -e 's/.*Preferred Minor : //p'`
+ mdadm -S /dev/md0
+
+diff --git a/tests/04update-metadata b/tests/04update-metadata
+index 232fc1ff..08c14af7 100644
+--- a/tests/04update-metadata
++++ b/tests/04update-metadata
+@@ -8,7 +8,7 @@ set -xe
+
+ dlist="$dev0 $dev1 $dev2 $dev3"
+
+-for ls in raid0/4 linear/4 raid1/1 raid5/3 raid6/2
++for ls in linear/4 raid1/1 raid5/3 raid6/2
+ do
+ s=${ls#*/} l=${ls%/*}
+ mdadm -CR --assume-clean -e 0.90 $md0 --level $l -n 4 -c 64 $dlist
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 19035ca..4aa3737 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -24,6 +24,12 @@
file://0001-mdadm-skip-test-11spare-migration.patch \
file://0001-Fix-parsing-of-r-in-monitor-manager-mode.patch \
file://0001-Makefile-install-mdcheck.patch \
+ file://0001-mdadm-Fix-optional-write-behind-parameter.patch \
+ file://0001-tests-02lineargrow-clear-the-superblock-at-every-ite.patch \
+ file://0001-tests-00raid0-add-a-test-that-validates-raid0-with-l.patch \
+ file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
+ file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
+ file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
diff --git a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch
index a4b3afd..090ed5c 100644
--- a/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch
+++ b/poky/meta/recipes-extended/newt/files/0001-detect-gold-as-GNU-linker-too.patch
@@ -1,4 +1,4 @@
-From 58245b859ffbcb1780575bf1b0a018d55e74e434 Mon Sep 17 00:00:00 2001
+From 08ba909500412611953aea0fa2fe0d8fe76b6e24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@googlemail.com>
Date: Wed, 21 Sep 2016 21:14:40 +0200
Subject: [PATCH] detect gold as GNU linker too
@@ -9,23 +9,21 @@
Upstream-Status: Pending
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
+
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 03e8bda..c2fce51 100644
+index 468c718..cd93f30 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ AC_CHECK_SIZEOF([void *])
AC_MSG_CHECKING([for GNU ld])
- LD=`$CC -print-prog-name=ld 2>&5`
+ LD=$($CC -print-prog-name=ld 2>&5)
--if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld"` = 0; then
-+if test `$LD -v 2>&1 | $ac_cv_path_GREP -c "GNU "` = 0; then
+-if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ld") = 0; then
++if test $($LD -v 2>&1 | $ac_cv_path_GREP -c "GNU ") = 0; then
# Not
GNU_LD=""
AC_MSG_RESULT([no])
---
-2.5.5
-
diff --git a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch b/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch
deleted file mode 100644
index ca235d5..0000000
--- a/poky/meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From f60dc1063607ca1f201ba4cbda467d8af3f78f64 Mon Sep 17 00:00:00 2001
-From: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Tue, 1 Oct 2019 16:37:55 +0200
-Subject: [PATCH] don't ignore CFLAGS when building snack
-
-In addition to the flags returned by python-config --cflags, use the
-user-specified CFLAGS when building the snack object.
-
-Upstream-Status: Backport from master
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index be5f87b..6facd5e 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -96,8 +96,8 @@ _snack.$(SOEXT): snack.c $(LIBNEWTSH)
- PIFLAGS=`$$pyconfig --includes`; \
- PLDFLAGS=`$$pyconfig --ldflags`; \
- PLFLAGS=`$$pyconfig --libs`; \
-- echo $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
-- $(CC) $(SHCFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
-+ echo $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
-+ $(CC) $(SHCFLAGS) $(CFLAGS) $(CPPFLAGS) $$PIFLAGS $$PCFLAGS -c -o $$ver/snack.o snack.c; \
- echo $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \
- $(CC) --shared $$PLDFLAGS $$PLFLAGS $(LDFLAGS) -o $$ver/_snack.$(SOEXT) $$ver/snack.o -L. -lnewt $(LIBS); \
- done || :
diff --git a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb
similarity index 87%
rename from poky/meta/recipes-extended/newt/libnewt_0.52.21.bb
rename to poky/meta/recipes-extended/newt/libnewt_0.52.23.bb
index 430e481..cd3731c 100644
--- a/poky/meta/recipes-extended/newt/libnewt_0.52.21.bb
+++ b/poky/meta/recipes-extended/newt/libnewt_0.52.23.bb
@@ -21,11 +21,9 @@
file://cross_ar.patch \
file://Makefile.in-Add-tinfo-library-to-the-linking-librari.patch \
file://0001-detect-gold-as-GNU-linker-too.patch \
- file://0002-don-t-ignore-CFLAGS-when-building-snack.patch \
"
-SRC_URI[md5sum] = "a0a5fd6b53bb167a65e15996b249ebb5"
-SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac5abb31"
+SRC_URI[sha256sum] = "caa372907b14ececfe298f0d512a62f41d33b290610244a58aed07bbc5ada12a"
S = "${WORKDIR}/newt-${PV}"
diff --git a/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
new file mode 100644
index 0000000..e7bf03f
--- /dev/null
+++ b/poky/meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
@@ -0,0 +1,205 @@
+From 23393bef92c1e768eda329813d7af55481c6ca9f Mon Sep 17 00:00:00 2001
+From: Thorsten Kukuk <kukuk@suse.com>
+Date: Thu, 24 Feb 2022 10:37:32 +0100
+Subject: [PATCH 2/2] pam_access: handle hostnames in access.conf
+
+According to the manual page, the following entry is valid but does not
+work:
+-:root:ALL EXCEPT localhost
+
+See https://bugzilla.suse.com/show_bug.cgi?id=1019866
+
+Patched is based on PR#226 from Josef Moellers
+
+Upstream-Status: Backport
+CVE: CVE-2022-28321
+
+Reference to upstream patch:
+[https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f]
+
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+---
+ modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++-------
+ 1 file changed, 76 insertions(+), 19 deletions(-)
+
+diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
+index 277192b..bca424f 100644
+--- a/modules/pam_access/pam_access.c
++++ b/modules/pam_access/pam_access.c
+@@ -637,7 +637,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+ if ((str_len = strlen(string)) > tok_len
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return YES;
+- } else if (tok[tok_len - 1] == '.') {
++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */
+ struct addrinfo hint;
+
+ memset (&hint, '\0', sizeof (hint));
+@@ -678,7 +678,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+ return NO;
+ }
+
+- /* Assume network/netmask with an IP of a host. */
++ /* Assume network/netmask, IP address or hostname. */
+ return network_netmask_match(pamh, tok, string, item);
+ }
+
+@@ -696,7 +696,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+- * "NONE" token matches NULL string.
++ * "NONE" token matches NULL string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+@@ -714,7 +714,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string,
+
+ /* network_netmask_match - match a string against one token
+ * where string is a hostname or ip (v4,v6) address and tok
+- * represents either a single ip (v4,v6) address or a network/netmask
++ * represents either a hostname, a single ip (v4,v6) address
++ * or a network/netmask
+ */
+ static int
+ network_netmask_match (pam_handle_t *pamh,
+@@ -723,10 +724,12 @@ network_netmask_match (pam_handle_t *pamh,
+ char *netmask_ptr;
+ char netmask_string[MAXHOSTNAMELEN + 1];
+ int addr_type;
++ struct addrinfo *ai = NULL;
+
+ if (item->debug)
+- pam_syslog (pamh, LOG_DEBUG,
++ pam_syslog (pamh, LOG_DEBUG,
+ "network_netmask_match: tok=%s, item=%s", tok, string);
++
+ /* OK, check if tok is of type addr/mask */
+ if ((netmask_ptr = strchr(tok, '/')) != NULL)
+ {
+@@ -760,54 +763,108 @@ network_netmask_match (pam_handle_t *pamh,
+ netmask_ptr = number_to_netmask(netmask, addr_type,
+ netmask_string, MAXHOSTNAMELEN);
+ }
+- }
++
++ /*
++ * Construct an addrinfo list from the IP address.
++ * This should not fail as the input is a correct IP address...
++ */
++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
++ {
++ return NO;
++ }
++ }
+ else
+- /* NO, then check if it is only an addr */
+- if (isipaddr(tok, NULL, NULL) != YES)
++ {
++ /*
++ * It is either an IP address or a hostname.
++ * Let getaddrinfo sort everything out
++ */
++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
+ {
++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
++
+ return NO;
+ }
++ netmask_ptr = NULL;
++ }
+
+ if (isipaddr(string, NULL, NULL) != YES)
+ {
+- /* Assume network/netmask with a name of a host. */
+ struct addrinfo hint;
+
++ /* Assume network/netmask with a name of a host. */
+ memset (&hint, '\0', sizeof (hint));
+ hint.ai_flags = AI_CANONNAME;
+ hint.ai_family = AF_UNSPEC;
+
+ if (item->gai_rv != 0)
++ {
++ freeaddrinfo(ai);
+ return NO;
++ }
+ else if (!item->res &&
+ (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0)
++ {
++ freeaddrinfo(ai);
+ return NO;
++ }
+ else
+ {
+ struct addrinfo *runp = item->res;
++ struct addrinfo *runp1;
+
+ while (runp != NULL)
+ {
+ char buf[INET6_ADDRSTRLEN];
+
+- DIAG_PUSH_IGNORE_CAST_ALIGN;
+- inet_ntop (runp->ai_family,
+- runp->ai_family == AF_INET
+- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
+- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
+- buf, sizeof (buf));
+- DIAG_POP_IGNORE_CAST_ALIGN;
++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0)
++ {
++ freeaddrinfo(ai);
++ return NO;
++ }
+
+- if (are_addresses_equal(buf, tok, netmask_ptr))
++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
+ {
+- return YES;
++ char buf1[INET6_ADDRSTRLEN];
++
++ if (runp->ai_family != runp1->ai_family)
++ continue;
++
++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0)
++ {
++ freeaddrinfo(ai);
++ return NO;
++ }
++
++ if (are_addresses_equal (buf, buf1, netmask_ptr))
++ {
++ freeaddrinfo(ai);
++ return YES;
++ }
+ }
+ runp = runp->ai_next;
+ }
+ }
+ }
+ else
+- return (are_addresses_equal(string, tok, netmask_ptr));
++ {
++ struct addrinfo *runp1;
++
++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
++ {
++ char buf1[INET6_ADDRSTRLEN];
++
++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
++
++ if (are_addresses_equal(string, buf1, netmask_ptr))
++ {
++ freeaddrinfo(ai);
++ return YES;
++ }
++ }
++ }
++
++ freeaddrinfo(ai);
+
+ return NO;
+ }
+--
+2.37.3
+
diff --git a/poky/meta/recipes-extended/screen/screen/signal-permission.patch b/poky/meta/recipes-extended/screen/screen/signal-permission.patch
new file mode 100644
index 0000000..77dc649
--- /dev/null
+++ b/poky/meta/recipes-extended/screen/screen/signal-permission.patch
@@ -0,0 +1,40 @@
+From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: fix: missing signal sending permission check on failed query messages
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+
+CVE: CVE-2023-24626
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/socket.c b/src/socket.c
+index 147dc54..54d8cb8 100644
+--- a/socket.c
++++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+ else
+ queryflag = -1;
+
+- Kill(m.m.command.apid,
++ if (CheckPid(m.m.command.apid)) {
++ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
++ }
++ else {
++ Kill(m.m.command.apid,
+ (queryflag >= 0)
+ ? SIGCONT
+ : SIG_BYE); /* Send SIG_BYE if an error happened */
+- queryflag = -1;
++ queryflag = -1;
++ }
+ }
+ break;
+ case MSG_COMMAND:
+--
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/screen/screen_4.9.0.bb b/poky/meta/recipes-extended/screen/screen_4.9.0.bb
index 77e8000..235cd8c 100644
--- a/poky/meta/recipes-extended/screen/screen_4.9.0.bb
+++ b/poky/meta/recipes-extended/screen/screen_4.9.0.bb
@@ -22,6 +22,7 @@
file://0001-fix-for-multijob-build.patch \
file://0001-Remove-more-compatibility-stuff.patch \
file://0001-configure-Add-needed-system-headers-in-checks.patch \
+ file://signal-permission.patch \
"
SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
new file mode 100644
index 0000000..37ba5f3
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
@@ -0,0 +1,41 @@
+commit 670cae834827a8f794e6f7464fa57790d911b63c
+Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com>
+Date: Tue Dec 27 17:40:17 2022 +0530
+
+ shadow: Fix can not print full login timeout message
+
+ Login timed out message prints only first few bytes when write is immediately followed by exit.
+ Calling exit from new handler provides enough time to display full message.
+
+Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
+
+diff --git a/src/login.c b/src/login.c
+index 116e2cb3..c55f4de0 100644
+--- a/src/login.c
++++ b/src/login.c
+@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user);
+
+ static void init_env (void);
+ static void alarm_handler (int);
++static void exit_handler (int);
+
+ /*
+ * usage - print login command usage and exit
+@@ -391,11 +392,16 @@ static void init_env (void)
+ #endif /* !USE_PAM */
+ }
+
++static void exit_handler (unused int sig)
++{
++ _exit (0);
++}
+
+ static void alarm_handler (unused int sig)
+ {
+ write (STDERR_FILENO, tmsg, strlen (tmsg));
+- _exit (0);
++ signal(SIGALRM, exit_handler);
++ alarm(2);
+ }
+
+ #ifdef USE_PAM
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index a87e235..0ed220a 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -15,6 +15,7 @@
file://0001-shadow-use-relaxed-usernames.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
file://useradd \
+ file://0001-Fix-can-not-print-full-login.patch \
"
SRC_URI:append:class-target = " \
@@ -30,7 +31,7 @@
SRC_URI:append:class-nativesdk = " \
file://0001-Disable-use-of-syslog-for-sysroot.patch \
"
-SRC_URI[sha256sum] = "9fdb73b5d2b44e8ba9fcee1b4493ac75dd5040bda35b9ac8b06570cd192e7ee3"
+SRC_URI[sha256sum] = "f525154adc5605e4ebf03d3e7ee8be4d7f3c7cf9df2c2244043406b6eefca2da"
# Additional Policy files for PAM
diff --git a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb
similarity index 83%
rename from poky/meta/recipes-extended/shadow/shadow_4.12.1.bb
rename to poky/meta/recipes-extended/shadow/shadow_4.12.3.bb
index 40b1134..d1a3fd5 100644
--- a/poky/meta/recipes-extended/shadow/shadow_4.12.1.bb
+++ b/poky/meta/recipes-extended/shadow/shadow_4.12.3.bb
@@ -9,3 +9,6 @@
# Severity is low and marked as closed and won't fix.
# https://bugzilla.redhat.com/show_bug.cgi?id=884658
CVE_CHECK_IGNORE += "CVE-2013-4235"
+
+# This is an issue for a different shadow
+CVE_CHECK_IGNORE += "CVE-2016-15024"
diff --git a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
index f4fc376..041c717 100644
--- a/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
+++ b/poky/meta/recipes-extended/sudo/files/0001-sudo.conf.in-fix-conflict-with-multilib.patch
@@ -1,4 +1,7 @@
-sudo.conf.in: fix conflict with multilib
+From 6e835350b7413210c410d3578cfab804186b7a4f Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Tue, 17 Nov 2020 11:13:40 +0800
+Subject: [PATCH] sudo.conf.in: fix conflict with multilib
When pass ${libdir} to --libexecdir of sudo, it fails to install sudo
and lib32-sudo at same time:
@@ -12,12 +15,13 @@
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Upstream-Status: Inappropriate [OE configuration specific]
+
---
examples/sudo.conf.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
-index 6535d3a..50afc8f 100644
+index 2187457..0908d24 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -4,7 +4,7 @@
@@ -33,8 +37,8 @@
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_intercept.so file.
#
--#Path intercept @plugindir@/sudo_intercept.so
-+#Path intercept $plugindir/sudo_intercept.so
+-#Path intercept @intercept_file@
++#Path intercept $intercept_file
#
# Sudo noexec:
@@ -42,8 +46,8 @@
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_noexec.so file.
#
--#Path noexec @plugindir@/sudo_noexec.so
-+#Path noexec $plugindir/sudo_noexec.so
+-#Path noexec @noexec_file@
++#Path noexec $noexec_file
#
# Sudo plugin directory:
@@ -55,7 +59,4 @@
+#Path plugin_dir $plugindir
#
- # Sudo developer mode:
---
-2.17.1
-
+ # Core dumps:
diff --git a/poky/meta/recipes-extended/sudo/sudo.inc b/poky/meta/recipes-extended/sudo/sudo.inc
index 8947c46..f22b3ea 100644
--- a/poky/meta/recipes-extended/sudo/sudo.inc
+++ b/poky/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=16cf60b466f3a0606427a7b624a3a670 \
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=5100e20d35f9015f9eef6bdb27ba194f \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f \
diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
similarity index 96%
rename from poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb
rename to poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
index ba610ee..2e11739 100644
--- a/poky/meta/recipes-extended/sudo/sudo_1.9.11p3.bb
+++ b/poky/meta/recipes-extended/sudo/sudo_1.9.13p3.bb
@@ -8,7 +8,7 @@
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "4687e7d2f56721708f59cca2e1352c056cb23de526c22725615a42bb094f1f70"
+SRC_URI[sha256sum] = "92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb
similarity index 65%
rename from poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb
rename to poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb
index 273c5c1..6df7bdb 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat_12.6.0.bb
+++ b/poky/meta/recipes-extended/sysstat/sysstat_12.6.1.bb
@@ -4,4 +4,4 @@
SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
-SRC_URI[sha256sum] = "699fd948836d77f9ad0541fd5dcf75cd2505f9da4ec14df669286ad047c23d97"
+SRC_URI[sha256sum] = "18ff5a4e149e2568e43385637f72437fe6bafcc1322a93d13d1981e9464a0342"
diff --git a/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
new file mode 100644
index 0000000..b2f40f3
--- /dev/null
+++ b/poky/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
@@ -0,0 +1,43 @@
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 11 Feb 2023 11:57:39 +0200
+Subject: Fix boundary checking in base-256 decoder
+
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
+long.
+
+Upstream-Status: Backport [see reference below]
+CVE: CVE-2022-48303
+
+Reference to upstream patch:
+https://savannah.gnu.org/bugs/?62387
+https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
+
+Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ src/list.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+
+
+(limited to 'src/list.c')
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc42..86bcfdd 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
+ where++;
+ }
+ }
+- else if (*where == '\200' /* positive base-256 */
+- || *where == '\377' /* negative base-256 */)
++ else if (where <= lim - 2
++ && (*where == '\200' /* positive base-256 */
++ || *where == '\377' /* negative base-256 */))
+ {
+ /* Parse base-256 output. A nonnegative number N is
+ represented as (256**DIGS)/2 + N; a negative number -N is
+--
+cgit v1.1
+
diff --git a/poky/meta/recipes-extended/tar/tar_1.34.bb b/poky/meta/recipes-extended/tar/tar_1.34.bb
index 7307cd5..1ef5fe2 100644
--- a/poky/meta/recipes-extended/tar/tar_1.34.bb
+++ b/poky/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
+ file://CVE-2022-48303.patch \
+"
SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc
index d3c78e9..14a1ce1 100644
--- a/poky/meta/recipes-extended/timezone/timezone.inc
+++ b/poky/meta/recipes-extended/timezone/timezone.inc
@@ -6,14 +6,15 @@
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2022d"
+PV = "2023c"
-SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
- http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
+SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
+ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
"
+S = "${WORKDIR}/tz"
+
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "d644ba0f938899374ea8cb554e35fb4afa0f7bd7b716c61777cd00500b8759e0"
-SRC_URI[tzdata.sha256sum] = "6ecdbee27fa43dcfa49f3d4fd8bb1dfef54c90da1abcd82c9abcf2dc4f321de0"
-
+SRC_URI[tzcode.sha256sum] = "46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7"
+SRC_URI[tzdata.sha256sum] = "3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c"
diff --git a/poky/meta/recipes-extended/timezone/tzcode-native.bb b/poky/meta/recipes-extended/timezone/tzcode-native.bb
index e3582ba..d0b23a9 100644
--- a/poky/meta/recipes-extended/timezone/tzcode-native.bb
+++ b/poky/meta/recipes-extended/timezone/tzcode-native.bb
@@ -1,10 +1,7 @@
require timezone.inc
-#
SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
-S = "${WORKDIR}"
-
inherit native
EXTRA_OEMAKE += "cc='${CC}'"
diff --git a/poky/meta/recipes-extended/timezone/tzdata.bb b/poky/meta/recipes-extended/timezone/tzdata.bb
index 7f4322d..dd1960f 100644
--- a/poky/meta/recipes-extended/timezone/tzdata.bb
+++ b/poky/meta/recipes-extended/timezone/tzdata.bb
@@ -4,8 +4,6 @@
inherit allarch
-S = "${WORKDIR}"
-
DEFAULT_TIMEZONE ?= "Universal"
INSTALL_TIMEZONE_FILE ?= "1"
@@ -18,17 +16,21 @@
# "fat" is needed by e.g. MariaDB's mysql_tzinfo_to_sql
ZIC_FMT ?= "slim"
+do_configure[cleandirs] = "${B}"
+B = "${WORKDIR}/build"
+
do_compile() {
for zone in ${TZONES}; do
- ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo -L /dev/null ${S}/${zone}
- ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/posix -L /dev/null ${S}/${zone}
- ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${WORKDIR}${datadir}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone}
+ ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone}
+ ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone}
+ ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/right -L ${S}/leapseconds ${S}/${zone}
done
}
do_install() {
- install -d ${D}$exec_prefix ${D}${datadir}/zoneinfo
- cp -pPR ${WORKDIR}$exec_prefix ${D}${base_prefix}
+ install -d ${D}${datadir}/zoneinfo
+ cp -pPR ${B}/zoneinfo/* ${D}${datadir}/zoneinfo
+
# libc is removing zoneinfo files from package
cp -pP "${S}/zone.tab" ${D}${datadir}/zoneinfo
cp -pP "${S}/zone1970.tab" ${D}${datadir}/zoneinfo
diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch
new file mode 100644
index 0000000..b236030
--- /dev/null
+++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch
@@ -0,0 +1,145 @@
+xdg-email does not parse mailto uris properly for thunderbird
+
+When using thunderbird as mailto handler xdg-email translates mailto uris into an 'thunderbird -compose' argument. While to, cc and bcc values are properly enclosed in single quotes this is not the case for subject or body. This breaks functionality and allows to use all thunderbird -compose arguments within a mailto uri, e.g.
+
+xdg-email 'mailto:test@example.com?subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt'
+
+translates into
+
+thunderbird -compose to='test@example.com,',subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt
+
+with working attachment and message. (And, yes, ~ expands to the home directory.)
+
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205]
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+CVE: CVE-2022-4055
+
+
+Index: xdg-utils-1.1.3/scripts/xdg-email.in
+===================================================================
+--- xdg-utils-1.1.3.orig/scripts/xdg-email.in
++++ xdg-utils-1.1.3/scripts/xdg-email.in
+@@ -30,53 +30,6 @@ _USAGE
+
+ #@xdg-utils-common@
+
+-run_thunderbird()
+-{
+- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY
+- THUNDERBIRD="$1"
+- MAILTO=$(echo "$2" | sed 's/^mailto://')
+- echo "$MAILTO" | grep -qs "^?"
+- if [ "$?" = "0" ] ; then
+- MAILTO=$(echo "$MAILTO" | sed 's/^?//')
+- else
+- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/')
+- fi
+-
+- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g')
+- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1)
+- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1)
+-
+- if [ -z "$TO" ] ; then
+- NEWMAILTO=
+- else
+- NEWMAILTO="to='$TO'"
+- fi
+- if [ -n "$CC" ] ; then
+- NEWMAILTO="${NEWMAILTO},cc='$CC'"
+- fi
+- if [ -n "$BCC" ] ; then
+- NEWMAILTO="${NEWMAILTO},bcc='$BCC'"
+- fi
+- if [ -n "$SUBJECT" ] ; then
+- NEWMAILTO="${NEWMAILTO},$SUBJECT"
+- fi
+- if [ -n "$BODY" ] ; then
+- NEWMAILTO="${NEWMAILTO},$BODY"
+- fi
+-
+- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//')
+- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\""
+- "$THUNDERBIRD" -compose "$NEWMAILTO"
+- if [ $? -eq 0 ]; then
+- exit_success
+- else
+- exit_failure_operation_failed
+- fi
+-}
+-
+ open_kde()
+ {
+ if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then
+@@ -130,15 +83,6 @@ open_kde()
+
+ open_gnome3()
+ {
+- local client
+- local desktop
+- desktop=`xdg-mime query default "x-scheme-handler/mailto"`
+- client=`desktop_file_to_binary "$desktop"`
+- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
+- if [ $? -eq 0 ] ; then
+- run_thunderbird "$client" "$1"
+- fi
+-
+ if gio help open 2>/dev/null 1>&2; then
+ DEBUG 1 "Running gio open \"$1\""
+ gio open "$1"
+@@ -159,13 +103,6 @@ open_gnome3()
+
+ open_gnome()
+ {
+- local client
+- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || ""
+- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
+- if [ $? -eq 0 ] ; then
+- run_thunderbird "$client" "$1"
+- fi
+-
+ if gio help open 2>/dev/null 1>&2; then
+ DEBUG 1 "Running gio open \"$1\""
+ gio open "$1"
+@@ -231,15 +168,6 @@ open_flatpak()
+
+ open_generic()
+ {
+- local client
+- local desktop
+- desktop=`xdg-mime query default "x-scheme-handler/mailto"`
+- client=`desktop_file_to_binary "$desktop"`
+- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1
+- if [ $? -eq 0 ] ; then
+- run_thunderbird "$client" "$1"
+- fi
+-
+ xdg-open "$1"
+ local ret=$?
+
+@@ -364,21 +292,6 @@ while [ $# -gt 0 ] ; do
+ shift
+ ;;
+
+- --attach)
+- if [ -z "$1" ] ; then
+- exit_failure_syntax "file argument missing for --attach option"
+- fi
+- check_input_file "$1"
+- file=`readlink -f "$1"` # Normalize path
+- if [ -z "$file" ] || [ ! -f "$file" ] ; then
+- exit_failure_file_missing "file '$1' does not exist"
+- fi
+-
+- url_encode "$file"
+- options="${options}attach=${result}&"
+- shift
+- ;;
+-
+ -*)
+ exit_failure_syntax "unexpected option '$parm'"
+ ;;
diff --git a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
index 73acf6b..4d93180 100644
--- a/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
+++ b/poky/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
@@ -21,6 +21,7 @@
file://0001-Reinstate-xdg-terminal.patch \
file://0001-Don-t-build-the-in-script-manual.patch \
file://1f199813e0eb0246f63b54e9e154970e609575af.patch \
+ file://CVE-2022-4055.patch \
"
SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff"
diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb
index 9efd280..98923a3 100644
--- a/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb
+++ b/poky/meta/recipes-gnome/epiphany/epiphany_42.4.bb
@@ -27,6 +27,7 @@
file://0002-help-meson.build-disable-the-use-of-yelp.patch \
file://migrator.patch \
file://distributor.patch \
+ file://CVE-2023-26081.patch \
"
SRC_URI[archive.sha256sum] = "370938ad2920eeb28bc2435944776b7ba55a0e2ede65836f79818cfb7e8f0860"
diff --git a/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
new file mode 100644
index 0000000..af1e20b
--- /dev/null
+++ b/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
@@ -0,0 +1,90 @@
+From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 3 Feb 2023 13:07:15 -0600
+Subject: [PATCH] Don't autofill passwords in sandboxed contexts
+
+If using the sandbox CSP or iframe tag, the web content is supposed to
+be not trusted by the main resource origin. Therefore, we'd better
+disable the password manager entirely so the untrusted web content
+cannot exfiltrate passwords.
+
+https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
+CVE: CVE-2023-26081
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ .../resources/js/ephy.js | 26 +++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js
+index 38b806f..44d1792 100644
+--- a/embed/web-process-extension/resources/js/ephy.js
++++ b/embed/web-process-extension/resources/js/ephy.js
+@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function()
+ }
+ };
+
++Ephy.isSandboxedWebContent = function()
++{
++ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
++ return self.origin === null || self.origin === 'null';
++};
++
+ Ephy.PasswordManager = class PasswordManager
+ {
+ constructor(pageID, frameID)
+@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ query(origin, targetOrigin, username, usernameField, passwordField)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`);
+
+ return new Promise((resolver, reject) => {
+@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ save(origin, targetOrigin, username, password, usernameField, passwordField, isNew)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerSave.postMessage({
+@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager
+ // FIXME: Why is pageID a parameter here?
+ requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`);
++ return;
++ }
++
+ Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
+
+ window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
+@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager
+
+ queryUsernames(origin)
+ {
++ if (Ephy.isSandboxedWebContent()) {
++ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`);
++ return Promise.resolve(null);
++ }
++
+ Ephy.log(`Requesting usernames for origin=${origin}`);
+
+ return new Promise((resolver, reject) => {
+--
+2.35.5
+
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch
deleted file mode 100644
index 02cc9a2..0000000
--- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-Add-use_prebuilt_tools-option.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From f81b60ebcbbfd9548c8aa1e388662c429068d1e3 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Sat, 8 May 2021 21:58:54 +0200
-Subject: [PATCH] Add use_prebuilt_tools option
-
-This allows using the gdk-pixbuf tools from the host to
-build and install tests in a cross-compile scenarion.
-
-Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/119]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
----
- gdk-pixbuf/meson.build | 11 +++++++++--
- meson.build | 6 +++---
- meson_options.txt | 4 ++++
- tests/meson.build | 16 ++++++++--------
- thumbnailer/meson.build | 24 ++++++++++++++++++------
- 5 files changed, 42 insertions(+), 19 deletions(-)
-
-diff --git a/gdk-pixbuf/meson.build b/gdk-pixbuf/meson.build
-index 54ff9dd..2e321cf 100644
---- a/gdk-pixbuf/meson.build
-+++ b/gdk-pixbuf/meson.build
-@@ -342,13 +342,20 @@ foreach bin: gdkpixbuf_bin
- include_directories: [ root_inc, gdk_pixbuf_inc ],
- c_args: common_cflags + gdk_pixbuf_cflags,
- install: true)
-- meson.override_find_program(bin_name, bin)
-+ if not get_option('use_prebuilt_tools')
-+ meson.override_find_program(bin_name, bin)
-+ endif
-
- # Used in tests
- set_variable(bin_name.underscorify(), bin)
- endforeach
-
--if not meson.is_cross_build()
-+if get_option('use_prebuilt_tools')
-+ gdk_pixbuf_query_loaders = find_program('gdk-pixbuf-query-loaders', required: true)
-+ gdk_pixbuf_pixdata = find_program('gdk-pixbuf-pixdata', required: true)
-+endif
-+
-+if not meson.is_cross_build() or get_option('use_prebuilt_tools')
- # The 'loaders.cache' used for testing, so we don't accidentally
- # load the installed cache; we always build it by default
- loaders_cache = custom_target('loaders.cache',
-diff --git a/meson.build b/meson.build
-index 813bd43..a93e6f7 100644
---- a/meson.build
-+++ b/meson.build
-@@ -369,18 +369,18 @@ subdir('gdk-pixbuf')
- # i18n
- subdir('po')
-
--if not meson.is_cross_build()
-+if not meson.is_cross_build() or get_option('use_prebuilt_tools')
- if get_option('tests')
- subdir('tests')
- endif
-- subdir('thumbnailer')
- endif
-+subdir('thumbnailer')
-
- # Documentation
- build_docs = get_option('gtk_doc') or get_option('docs')
- subdir('docs')
-
--if not meson.is_cross_build()
-+if not meson.is_cross_build() or get_option('use_prebuilt_tools')
- meson.add_install_script('build-aux/post-install.py',
- gdk_pixbuf_bindir,
- gdk_pixbuf_libdir,
-diff --git a/meson_options.txt b/meson_options.txt
-index d198d99..1c899e9 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -53,4 +53,8 @@ option('gio_sniffing',
- description: 'Perform file type detection using GIO (Unused on MacOS and Windows)',
- type: 'boolean',
- value: true)
-+option('use_prebuilt_tools',
-+ description: 'Use prebuilt gdk-pixbuf tools from the host for cross-compilation',
-+ type: 'boolean',
-+ value: false)
-
-diff --git a/tests/meson.build b/tests/meson.build
-index 28c2525..d97c02d 100644
---- a/tests/meson.build
-+++ b/tests/meson.build
-@@ -5,6 +5,12 @@
- # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with
- # this problem: See https://github.com/mesonbuild/meson/issues/8266.
- if enabled_loaders.contains('png') and host_system != 'windows'
-+
-+ resources_deps = [loaders_cache,]
-+ if not get_option('use_prebuilt_tools')
-+ resources_deps += [gdk_pixbuf_pixdata,]
-+ endif
-+
- # Resources; we cannot use gnome.compile_resources() here, because we need to
- # override the environment in order to use the utilities we just built instead
- # of the system ones
-@@ -21,10 +27,7 @@ if enabled_loaders.contains('png') and host_system != 'windows'
- '@INPUT@',
- '@OUTPUT@',
- ],
-- depends: [
-- gdk_pixbuf_pixdata,
-- loaders_cache,
-- ],
-+ depends: resources_deps,
- )
-
- resources_h = custom_target('resources.h',
-@@ -40,10 +43,7 @@ if enabled_loaders.contains('png') and host_system != 'windows'
- '@INPUT@',
- '@OUTPUT@',
- ],
-- depends: [
-- gdk_pixbuf_pixdata,
-- loaders_cache,
-- ],
-+ depends: resources_deps,
- )
- no_resources = false
- else
-diff --git a/thumbnailer/meson.build b/thumbnailer/meson.build
-index b6a206d..9336c21 100644
---- a/thumbnailer/meson.build
-+++ b/thumbnailer/meson.build
-@@ -6,13 +6,29 @@ bin = executable('gdk-pixbuf-thumbnailer',
- ],
- dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ],
- install: true)
--meson.override_find_program('gdk-pixbuf-thumbnailer', bin)
-+if not get_option('use_prebuilt_tools')
-+ meson.override_find_program('gdk-pixbuf-thumbnailer', bin)
-+endif
-
- gdk_pixbuf_print_mime_types = executable('gdk-pixbuf-print-mime-types',
- 'gdk-pixbuf-print-mime-types.c',
-+ install: true,
- c_args: common_cflags,
- dependencies: gdk_pixbuf_deps + [ gdkpixbuf_dep ])
-
-+if get_option('use_prebuilt_tools')
-+ gdk_pixbuf_print_mime_types = find_program('gdk-pixbuf-print-mime-types', required: true)
-+endif
-+
-+thumbnailer_deps = [loaders_cache,]
-+
-+if not get_option('use_prebuilt_tools')
-+ thumbnailer_deps += [
-+ gdk_pixbuf_print_mime_types,
-+ gdk_pixbuf_pixdata,
-+ ]
-+endif
-+
- custom_target('thumbnailer',
- input: 'gdk-pixbuf-thumbnailer.thumbnailer.in',
- output: 'gdk-pixbuf-thumbnailer.thumbnailer',
-@@ -25,10 +41,6 @@ custom_target('thumbnailer',
- '@INPUT@',
- '@OUTPUT@',
- ],
-- depends: [
-- gdk_pixbuf_print_mime_types,
-- gdk_pixbuf_pixdata,
-- loaders_cache,
-- ],
-+ depends: thumbnailer_deps,
- install: true,
- install_dir: join_paths(gdk_pixbuf_datadir, 'thumbnailers'))
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch
new file mode 100644
index 0000000..7250fa3
--- /dev/null
+++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch
@@ -0,0 +1,66 @@
+From 9d3b374e75692da3d1d05344a1693c85a3098f47 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Thu, 26 Jan 2023 20:29:46 +0100
+Subject: [PATCH] meson.build: allow (a subset of) tests in cross compile
+ settings
+
+There is no need to completely disable tests: most of them
+do not require running target executables at build time,
+and so can be built and installed.
+
+This requires inserting a couple of specific guards around
+items that do require running target executables.
+
+Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/150]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ meson.build | 6 +++---
+ tests/meson.build | 10 ++++++----
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 8a16c8f..7c8b20f 100644
+--- a/meson.build
++++ b/meson.build
+@@ -369,10 +369,10 @@ subdir('gdk-pixbuf')
+ # i18n
+ subdir('po')
+
++if get_option('tests')
++ subdir('tests')
++endif
+ if not meson.is_cross_build()
+- if get_option('tests')
+- subdir('tests')
+- endif
+ subdir('thumbnailer')
+ endif
+
+diff --git a/tests/meson.build b/tests/meson.build
+index 28c2525..c45e765 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -4,7 +4,7 @@
+ # gdk-pixbuf-pixdata from build directory because it needs all DLL locations in
+ # $PATH. Ideally we should use gnome.compile_resources() and let Meson deal with
+ # this problem: See https://github.com/mesonbuild/meson/issues/8266.
+-if enabled_loaders.contains('png') and host_system != 'windows'
++if enabled_loaders.contains('png') and host_system != 'windows' and not meson.is_cross_build()
+ # Resources; we cannot use gnome.compile_resources() here, because we need to
+ # override the environment in order to use the utilities we just built instead
+ # of the system ones
+@@ -166,9 +166,11 @@ endif
+ test_deps = gdk_pixbuf_deps + [ gdkpixbuf_dep, ]
+ test_args = [ '-k' ]
+ test_env = environment()
+-test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
+-test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
+-test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path())
++if not meson.is_cross_build()
++ test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
++ test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
++ test_env.set('GDK_PIXBUF_MODULE_FILE', loaders_cache.full_path())
++endif
+
+ foreach test_name, test_data: installed_tests
+ test_sources = [ test_name + '.c', 'test-common.c' ]
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
similarity index 87%
rename from poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
rename to poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
index d33718e..cca89a9 100644
--- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
+++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
@@ -12,18 +12,17 @@
SECTION = "libs"
-DEPENDS = "glib-2.0 gdk-pixbuf-native shared-mime-info"
-DEPENDS:remove:class-native = "gdk-pixbuf-native"
+DEPENDS = "glib-2.0 shared-mime-info"
MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
- file://0001-Add-use_prebuilt_tools-option.patch \
+ file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
"
-SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962"
+SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"
inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package
@@ -46,14 +45,6 @@
EXTRA_OEMESON = "-Dman=false"
-EXTRA_OEMESON:append:class-target = " \
- -Duse_prebuilt_tools=true \
-"
-
-EXTRA_OEMESON:append:class-nativesdk = " \
- -Duse_prebuilt_tools=true \
-"
-
PACKAGES =+ "${PN}-xlib"
# For GIO image type sniffing
@@ -115,10 +106,6 @@
XDG_DATA_DIRS=${STAGING_DATADIR} \
GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache
- create_wrapper ${D}/${bindir}/gdk-pixbuf-print-mime-types \
- XDG_DATA_DIRS=${STAGING_DATADIR} \
- GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache
-
create_wrapper ${D}/${libdir}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders \
XDG_DATA_DIRS=${STAGING_DATADIR} \
GDK_PIXBUF_MODULE_FILE=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/${LIBV}/loaders.cache \
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
index fc52ae6..59278d1 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
+++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.54.5.bb
@@ -56,8 +56,10 @@
CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
PACKAGECONFIG ??= "gdkpixbuf"
+PACKAGECONFIG:append:class-target = " ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vala', '', d)}"
# The gdk-pixbuf loader
PACKAGECONFIG[gdkpixbuf] = "--enable-pixbuf-loader,--disable-pixbuf-loader,gdk-pixbuf-native"
+PACKAGECONFIG[vala] = "--enable-vala,--disable-vala"
do_install:append() {
# Loadable modules don't need .a or .la on Linux
diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
index 5232cf7..a2dba6c 100644
--- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
@@ -1,19 +1,20 @@
-There is a potential infinite-loop in function _arc_error_normalized().
+There is an assertion in function _cairo_arc_in_direction().
CVE: CVE-2019-6461
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..f9249dbeb 100644
+index 390397bae..1bde774a4 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
-@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
- do {
- angle = M_PI / i++;
- error = _arc_error_normalized (angle);
-- } while (error > tolerance);
-+ } while (error > tolerance && error > __DBL_EPSILON__);
+@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
- return angle;
- }
+- assert (angle_max >= angle_min);
++ if (angle_max < angle_min)
++ return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
index 4e4598c..7c32092 100644
--- a/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ b/poky/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
@@ -1,20 +1,40 @@
-There is an assertion in function _cairo_arc_in_direction().
-
CVE: CVE-2019-6462
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
+Upstream-Status: Backport
+Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
+
+From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <hlewin@gmx.de>
+Date: Sun, 1 Aug 2021 11:16:03 +0000
+Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
+
+---
+ src/cairo-arc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1bde774a4 100644
+index 390397bae..1c891d1a0 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
-@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
- if (cairo_status (cr))
- return;
+@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ { M_PI / 11.0, 9.81410988043554039085e-09 },
+ };
+ int table_size = ARRAY_LENGTH (table);
++ const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
-- assert (angle_max >= angle_min);
-+ if (angle_max < angle_min)
-+ return;
+ for (i = 0; i < table_size; i++)
+ if (table[i].error < tolerance)
+ return table[i].angle;
- if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
- angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+ ++i;
++
+ do {
+ angle = M_PI / i++;
+ error = _arc_error_normalized (angle);
+- } while (error > tolerance);
++ } while (error > tolerance && i < max_segments);
+
+ return angle;
+ }
+--
+2.38.1
+
diff --git a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb
index 959ef68..613d343 100644
--- a/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb
+++ b/poky/meta/recipes-graphics/drm/libdrm_2.4.113.bb
@@ -39,7 +39,7 @@
ALLOW_EMPTY:${PN}-drivers = "1"
PACKAGES =+ "${PN}-tests ${PN}-drivers ${PN}-radeon ${PN}-nouveau ${PN}-omap \
- ${PN}-intel ${PN}-exynos ${PN}-kms ${PN}-freedreno ${PN}-amdgpu \
+ ${PN}-intel ${PN}-exynos ${PN}-freedreno ${PN}-amdgpu \
${PN}-etnaviv"
RRECOMMENDS:${PN}-drivers = "${PN}-radeon ${PN}-nouveau ${PN}-omap ${PN}-intel \
@@ -52,7 +52,6 @@
FILES:${PN}-omap = "${libdir}/libdrm_omap.so.*"
FILES:${PN}-intel = "${libdir}/libdrm_intel.so.*"
FILES:${PN}-exynos = "${libdir}/libdrm_exynos.so.*"
-FILES:${PN}-kms = "${libdir}/libkms*.so.*"
FILES:${PN}-freedreno = "${libdir}/libdrm_freedreno.so.*"
FILES:${PN}-amdgpu = "${libdir}/libdrm_amdgpu.so.* ${datadir}/${PN}/amdgpu.ids"
FILES:${PN}-etnaviv = "${libdir}/libdrm_etnaviv.so.*"
diff --git a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb
index 69d9a0a..5b3b85b 100644
--- a/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb
+++ b/poky/meta/recipes-graphics/glslang/glslang_1.3.216.0.bb
@@ -9,7 +9,7 @@
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2a2b5acd7bc4844964cfda45fe807dc3"
SRCREV = "adbf0d3106b26daa237b10b9bf72b1af7c31092d"
-SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \
+SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=main \
file://0001-generate-glslang-pkg-config.patch"
PE = "1"
UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
new file mode 100644
index 0000000..47d2d7c
--- /dev/null
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
@@ -0,0 +1,135 @@
+From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 13:08:52 -0700
+Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match()
+
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324]
+Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH, NOT_MATCH and SKIP.
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ src/hb-ot-layout-gsubgpos.hh | 94 +++++++++++++++++++++---------------
+ 1 file changed, 54 insertions(+), 40 deletions(-)
+
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index c77ec12..04b823e 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -532,33 +532,52 @@ struct hb_ot_apply_context_t :
+ may_skip (const hb_glyph_info_t &info) const
+ { return matcher.may_skip (c, info); }
+
++ enum match_t {
++ MATCH,
++ NOT_MATCH,
++ SKIP
++ };
++
++ match_t match (hb_glyph_info_t &info)
++ {
++ matcher_t::may_skip_t skip = matcher.may_skip (c, info);
++ if (unlikely (skip == matcher_t::SKIP_YES))
++ return SKIP;
++
++ matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ());
++ if (match == matcher_t::MATCH_YES ||
++ (match == matcher_t::MATCH_MAYBE &&
++ skip == matcher_t::SKIP_NO))
++ return MATCH;
++
++ if (skip == matcher_t::SKIP_NO)
++ return NOT_MATCH;
++
++ return SKIP;
++ }
++
+ bool next (unsigned *unsafe_to = nullptr)
+ {
+ assert (num_items > 0);
+ while (idx + num_items < end)
+ {
+ idx++;
+- hb_glyph_info_t &info = c->buffer->info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+- continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ());
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+- num_items--;
+- advance_glyph_data ();
+- return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->info[idx]))
+ {
+- if (unsafe_to)
+- *unsafe_to = idx + 1;
+- return false;
++ case MATCH:
++ {
++ num_items--;
++ advance_glyph_data ();
++ return true;
++ }
++ case NOT_MATCH:
++ {
++ if (unsafe_to)
++ *unsafe_to = idx + 1;
++ return false;
++ }
++ case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_to)
+@@ -571,27 +590,22 @@ struct hb_ot_apply_context_t :
+ while (idx > num_items - 1)
+ {
+ idx--;
+- hb_glyph_info_t &info = c->buffer->out_info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+- continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info, get_glyph_data ());
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+- num_items--;
+- advance_glyph_data ();
+- return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->out_info[idx]))
+ {
+- if (unsafe_from)
+- *unsafe_from = hb_max (1u, idx) - 1u;
+- return false;
++ case MATCH:
++ {
++ num_items--;
++ advance_glyph_data ();
++ return true;
++ }
++ case NOT_MATCH:
++ {
++ if (unsafe_from)
++ *unsafe_from = hb_max (1u, idx) - 1u;
++ return false;
++ }
++ case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_from)
+--
+2.25.1
+
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
new file mode 100644
index 0000000..f5c5cf4
--- /dev/null
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
@@ -0,0 +1,192 @@
+From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <behdad@behdad.org>
+Date: Mon, 6 Feb 2023 14:51:25 -0700
+Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment
+
+Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
+Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc] causes regression and was reverted. This Patch completes the fix.
+CVE: CVE-2023-25193
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+
+---
+ src/OT/Layout/GPOS/MarkBasePosFormat1.hh | 76 +++++++++++++++---------
+ src/OT/Layout/GPOS/MarkLigPosFormat1.hh | 24 ++++++--
+ src/hb-ot-layout-gsubgpos.hh | 5 +-
+ 3 files changed, 69 insertions(+), 36 deletions(-)
+
+diff --git a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
+index ebb8c31..73839a4 100644
+--- a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
++++ b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
+@@ -90,6 +90,25 @@ struct MarkBasePosFormat1_2
+
+ const Coverage &get_coverage () const { return this+markCoverage; }
+
++ static inline bool accept (hb_buffer_t *buffer, unsigned idx)
++ {
++ /* We only want to attach to the first of a MultipleSubst sequence.
++ * https://github.com/harfbuzz/harfbuzz/issues/740
++ * Reject others...
++ * ...but stop if we find a mark in the MultipleSubst sequence:
++ * https://github.com/harfbuzz/harfbuzz/issues/1020 */
++ return !_hb_glyph_info_multiplied (&buffer->info[idx]) ||
++ 0 == _hb_glyph_info_get_lig_comp (&buffer->info[idx]) ||
++ (idx == 0 ||
++ _hb_glyph_info_is_mark (&buffer->info[idx - 1]) ||
++ !_hb_glyph_info_multiplied (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_id (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_id (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx - 1]) + 1
++ );
++ }
++
+ bool apply (hb_ot_apply_context_t *c) const
+ {
+ TRACE_APPLY (this);
+@@ -97,48 +116,47 @@ struct MarkBasePosFormat1_2
+ unsigned int mark_index = (this+markCoverage).get_coverage (buffer->cur().codepoint);
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+- /* Now we search backwards for a non-mark glyph */
++ /* Now we search backwards for a non-mark glyph.
++ * We don't use skippy_iter.prev() to avoid O(n^2) behavior. */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+- skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+- do {
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++
++ unsigned j;
++ for (j = buffer->idx; j > c->last_base_until; j--)
++ {
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1);
+- return_trace (false);
++ if (!accept (buffer, j - 1))
++ match = skippy_iter.SKIP;
+ }
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++ }
++ c->last_base_until = buffer->idx;
++ if (c->last_base == -1)
++ {
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
++ return_trace (false);
++ }
+
+- /* We only want to attach to the first of a MultipleSubst sequence.
+- * https://github.com/harfbuzz/harfbuzz/issues/740
+- * Reject others...
+- * ...but stop if we find a mark in the MultipleSubst sequence:
+- * https://github.com/harfbuzz/harfbuzz/issues/1020 */
+- if (!_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx]) ||
+- 0 == _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) ||
+- (skippy_iter.idx == 0 ||
+- _hb_glyph_info_is_mark (&buffer->info[skippy_iter.idx - 1]) ||
+- !_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx - 1]) + 1
+- ))
+- break;
+- skippy_iter.reject ();
+- } while (true);
++ unsigned idx = (unsigned) c->last_base;
+
+ /* Checking that matched glyph is actually a base glyph by GDEF is too strong; disabled */
+- //if (!_hb_glyph_info_is_base_glyph (&buffer->info[skippy_iter.idx])) { return_trace (false); }
++ //if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); }
+
+- unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[skippy_iter.idx].codepoint);
++ unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[idx].codepoint);
+ if (base_index == NOT_COVERED)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (skippy_iter.idx, buffer->idx + 1);
++ buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1);
+ return_trace (false);
+ }
+
+- return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, skippy_iter.idx));
++ return_trace ((this+markArray).apply (c, mark_index, base_index, this+baseArray, classCount, idx));
+ }
+
+ bool subset (hb_subset_context_t *c) const
+diff --git a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
+index 1a80212..4471871 100644
+--- a/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
++++ b/src/OT/Layout/GPOS/MarkLigPosFormat1.hh
+@@ -100,20 +100,32 @@ struct MarkLigPosFormat1_2
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+ /* Now we search backwards for a non-mark glyph */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+- skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++
++ unsigned j;
++ for (j = buffer->idx; j > c->last_base_until; j--)
+ {
+- buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx + 1);
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++ }
++ c->last_base_until = buffer->idx;
++ if (c->last_base == -1)
++ {
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
+ return_trace (false);
+ }
+
++ j = (unsigned) c->last_base;
++
+ /* Checking that matched glyph is actually a ligature by GDEF is too strong; disabled */
+- //if (!_hb_glyph_info_is_ligature (&buffer->info[skippy_iter.idx])) { return_trace (false); }
++ //if (!_hb_glyph_info_is_ligature (&buffer->info[j])) { return_trace (false); }
+
+- unsigned int j = skippy_iter.idx;
+ unsigned int lig_index = (this+ligatureCoverage).get_coverage (buffer->info[j].codepoint);
+ if (lig_index == NOT_COVERED)
+ {
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index 04b823e..dc3c4b6 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
++++ b/src/hb-ot-layout-gsubgpos.hh
+@@ -701,6 +701,9 @@ struct hb_ot_apply_context_t :
+ uint32_t random_state = 1;
+ unsigned new_syllables = (unsigned) -1;
+
++ signed last_base = -1; // GPOS uses
++ unsigned last_base_until = 0; // GPOS uses
++
+ hb_ot_apply_context_t (unsigned int table_index_,
+ hb_font_t *font_,
+ hb_buffer_t *buffer_) :
+@@ -738,7 +741,7 @@ struct hb_ot_apply_context_t :
+ iter_context.init (this, true);
+ }
+
+- void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; init_iters (); }
++ void set_lookup_mask (hb_mask_t mask) { lookup_mask = mask; last_base = -1; last_base_until = 0; init_iters (); }
+ void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); }
+ void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); }
+ void set_per_syllable (bool per_syllable_) { per_syllable = per_syllable_; init_iters (); }
+--
+2.25.1
+
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb
index 4905e8e..0d68a4b 100644
--- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_5.1.0.bb
@@ -10,6 +10,8 @@
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz \
file://0001-fix-signedness-of-char-in-tests.patch \
+ file://CVE-2023-25193-pre1.patch \
+ file://CVE-2023-25193.patch \
"
SRC_URI[sha256sum] = "2edb95db668781aaa8d60959d21be2ff80085f31b12053cdd660d9a50ce84f05"
@@ -32,9 +34,9 @@
LEAD_SONAME = "libharfbuzz.so"
do_install:append() {
- # If no tools are installed due to PACKAGECONFIG then this directory is
- #still installed, so remove it to stop packaging wanings.
- rmdir --ignore-fail-on-non-empty ${D}${bindir}
+ # If no tools are installed due to PACKAGECONFIG then this directory might
+ # still be installed, so remove it to stop packaging warnings.
+ [ ! -d ${D}${bindir} ] || rmdir --ignore-fail-on-non-empty ${D}${bindir}
}
FILES:${PN}-icu = "${libdir}/libharfbuzz-icu.so.*"
diff --git a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
similarity index 96%
rename from poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb
rename to poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
index 1708fa9..e086830 100644
--- a/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb
+++ b/poky/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
@@ -14,7 +14,7 @@
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
"
-SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b"
+SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf"
UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/"
UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/"
diff --git a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch b/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch
deleted file mode 100644
index 971a3f5..0000000
--- a/poky/meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 7211120d1e2f059d900f3379b9790484dbcf7761 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <Martin.Jansa@gmail.com>
-Date: Fri, 25 Oct 2019 11:09:34 +0000
-Subject: [PATCH] dispatch_common.h: define also EGL_NO_X11
-
-MESA_EGL_NO_X11_HEADERS was renamed to EGL_NO_X11 in:
-https://github.com/mesa3d/mesa/commit/6202a13b71e18dc31ba7e2f4ea915b67eacc1ddb
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-Upstream-Status: Pending
-
----
- src/dispatch_common.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/dispatch_common.h b/src/dispatch_common.h
-index a136943..448c9b1 100644
---- a/src/dispatch_common.h
-+++ b/src/dispatch_common.h
-@@ -55,6 +55,7 @@
- * as EGL_NO_X11
- */
- # define MESA_EGL_NO_X11_HEADERS 1
-+# define EGL_NO_X11 1
- # endif
- #include "epoxy/egl.h"
- #endif
diff --git a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
similarity index 76%
rename from poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
rename to poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
index 1210f73..384afa6 100644
--- a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
+++ b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
@@ -9,11 +9,9 @@
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
-SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.xz \
- file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \
- "
-SRC_URI[sha256sum] = "d168a19a6edfdd9977fef1308ccf516079856a4275cf876de688fb7927e365e4"
-GITHUB_BASE_URI = "https://github.com/anholt/libepoxy/releases"
+SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https"
+SRCREV = "c84bc9459357a40e46e2fec0408d04fbdde2c973"
+S = "${WORKDIR}/git"
inherit meson pkgconfig features_check github-releases
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch
index 57bc522..f34b870 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Disable-libunwind-in-native-OE-builds-by-not-looking.patch
@@ -1,4 +1,4 @@
-From 0234c546d86174fafe9ab280cf5f44de50b73676 Mon Sep 17 00:00:00 2001
+From 77093de6a12c24a60fc447698900d18d0a3943af Mon Sep 17 00:00:00 2001
From: Carlos Rafael Giani <crg7475@mailbox.org>
Date: Fri, 18 Mar 2022 12:06:23 +0100
Subject: [PATCH] Disable libunwind in native OE builds by not looking for
@@ -22,10 +22,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 644715a..bbf2e28 100644
+index 7617205..d9b1522 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -869,7 +869,7 @@ if(SDL_LIBC)
+@@ -952,7 +952,7 @@ if(SDL_LIBC)
check_include_file(sys/types.h HAVE_SYS_TYPES_H)
foreach(_HEADER
stdio.h stdlib.h stddef.h stdarg.h malloc.h memory.h string.h limits.h float.h
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb
similarity index 97%
rename from poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb
rename to poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb
index d5cbf73..ce5a8aa 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.0.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.24.2.bb
@@ -27,7 +27,7 @@
S = "${WORKDIR}/SDL2-${PV}"
-SRC_URI[sha256sum] = "91e4c34b1768f92d399b078e171448c6af18cafda743987ed2064a28954d6d97"
+SRC_URI[sha256sum] = "b35ef0a802b09d90ed3add0dcac0e95820804202914f5bb7b0feb710f1a1329f"
inherit cmake lib_package binconfig-disabled pkgconfig upstream-version-is-even
diff --git a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
index 6e9b95e..12f41d7 100644
--- a/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
+++ b/poky/meta/recipes-graphics/mesa/mesa-demos_8.5.0.bb
@@ -30,7 +30,7 @@
PACKAGECONFIG[gles2] = "-Dgles2=enabled,-Dgles2=disabled,virtual/libgles2"
PACKAGECONFIG[glut] = "-Dwith-glut=${STAGING_EXECPREFIXDIR},,freeglut"
PACKAGECONFIG[osmesa] = "-Dosmesa=enabled,-Dosmesa=disabled,"
-PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native"
+PACKAGECONFIG[wayland] = "-Dwayland=enabled,-Dwayland=disabled,virtual/libgl wayland wayland-native wayland-protocols"
PACKAGECONFIG[x11] = "-Dx11=enabled,-Dx11=disabled,virtual/libx11 libglu"
do_install:append() {
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb
deleted file mode 100644
index f2bc8f6..0000000
--- a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.0.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require mesa.inc
-
-SUMMARY += " (OpenGL only, no EGL/GLES)"
-
-PROVIDES = "virtual/libgl virtual/mesa"
-
-S = "${WORKDIR}/mesa-${PV}"
-
-# At least one DRI rendering engine is required to build mesa.
-# When no X11 is available, use osmesa for the rendering engine.
-PACKAGECONFIG ??= "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}"
-PACKAGECONFIG:class-target = "opengl ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa gallium', d)}"
-
diff --git a/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb
new file mode 100644
index 0000000..c7c7aa7
--- /dev/null
+++ b/poky/meta/recipes-graphics/mesa/mesa-gl_22.2.3.bb
@@ -0,0 +1,13 @@
+require mesa.inc
+
+SUMMARY += " (OpenGL only, no EGL/GLES)"
+
+PROVIDES = "virtual/libgl virtual/mesa"
+
+S = "${WORKDIR}/mesa-${PV}"
+
+# At least one DRI rendering engine is required to build mesa.
+# When no X11 is available, use osmesa for the rendering engine.
+PACKAGECONFIG ??= "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}"
+PACKAGECONFIG:class-target = "opengl gallium ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'osmesa', d)}"
+
diff --git a/poky/meta/recipes-graphics/mesa/mesa.inc b/poky/meta/recipes-graphics/mesa/mesa.inc
index 8a74e0a..f9007f3 100644
--- a/poky/meta/recipes-graphics/mesa/mesa.inc
+++ b/poky/meta/recipes-graphics/mesa/mesa.inc
@@ -19,10 +19,12 @@
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \
file://0001-util-format-Check-for-NEON-before-using-it.patch \
- file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch \
"
-SRC_URI[sha256sum] = "b1f9c8fd08f2cae3adf83355bef4d2398e8025f44947332880f2d0066bdafa8c"
+# required by mesa-native on Ubuntu 18.04 with gcc 7.5 when DEBUG_BUILD enabled
+SRC_URI:append:class-native = " file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch"
+
+SRC_URI[sha256sum] = "ee7d026f7b1991dbae0861d359b671145c3a86f2a731353b885d2ea2d5c098d6"
UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"
@@ -52,17 +54,7 @@
PLATFORMS ??= "${@bb.utils.filter('PACKAGECONFIG', 'x11 wayland', d)}"
-# By placing llvm-config in the target sysroot bindir, it will then map values
-# to the target libdir magically. We can safely add to path as there are no other binaries
-# there.
-PATH:prepend = "${STAGING_BINDIR_CROSS}:${STAGING_BINDIR}:"
MESA_LLVM_RELEASE ?= "${LLVMVERSION}"
-do_configure:prepend () {
- if [ -e ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ]; then
- cp ${STAGING_BINDIR_NATIVE}/llvm-config${MESA_LLVM_RELEASE} ${STAGING_BINDIR}
- cp ${STAGING_BINDIR_NATIVE}/llvm-config ${STAGING_BINDIR}
- fi
-}
# set the MESA_BUILD_TYPE to either 'release' (default) or 'debug'
# by default the upstream mesa sources build a debug release
@@ -179,6 +171,8 @@
PACKAGECONFIG[osmesa] = "-Dosmesa=true,-Dosmesa=false"
+PACKAGECONFIG[perfetto] = "-Dperfetto=true,-Dperfetto=false,libperfetto"
+
PACKAGECONFIG[unwind] = "-Dlibunwind=enabled,-Dlibunwind=disabled,libunwind"
PACKAGECONFIG[lmsensors] = "-Dlmsensors=enabled,-Dlmsensors=disabled,lmsensors"
diff --git a/poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb b/poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb
similarity index 100%
rename from poky/meta/recipes-graphics/mesa/mesa_22.2.0.bb
rename to poky/meta/recipes-graphics/mesa/mesa_22.2.3.bb
diff --git a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb
similarity index 89%
rename from poky/meta/recipes-graphics/pango/pango_1.50.9.bb
rename to poky/meta/recipes-graphics/pango/pango_1.50.13.bb
index 03e2ca6..e673366 100644
--- a/poky/meta/recipes-graphics/pango/pango_1.50.9.bb
+++ b/poky/meta/recipes-graphics/pango/pango_1.50.13.bb
@@ -21,10 +21,10 @@
GIR_MESON_DISABLE_FLAG = "disabled"
SRC_URI += "file://run-ptest \
- file://0001-Skip-running-test-layout-test.patch \
-"
+ file://0001-Skip-running-test-layout-test.patch \
+ "
-SRC_URI[archive.sha256sum] = "1b636aabf905130d806372136f5e137b6a27f26d47defd9240bf444f6a4fe610"
+SRC_URI[archive.sha256sum] = "5cdcf6d761d26a3eb9412b6cb069b32bd1d9b07abf116321167d94c2189299fd"
DEPENDS = "glib-2.0 glib-2.0-native fontconfig freetype virtual/libiconv cairo harfbuzz fribidi"
@@ -38,7 +38,7 @@
GIR_MESON_OPTION = 'introspection'
do_configure:prepend() {
- chmod +x ${S}/tests/*.py
+ chmod +x ${S}/tests/*.py
}
LEAD_SONAME = "libpango-1.0*"
diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb
index f758208..4a4e44f 100644
--- a/poky/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb
@@ -39,7 +39,7 @@
PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 glx', '', d)}"
PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut,"
PACKAGECONFIG[glx] = "-DPIGLIT_BUILD_GLX_TESTS=ON,-DPIGLIT_BUILD_GLX_TESTS=OFF"
-PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,opencl-icd-loader"
+PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,virtual/opencl-icd"
PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}"
PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader"
diff --git a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb
index 94500a9..ce47206 100644
--- a/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb
+++ b/poky/meta/recipes-graphics/spir/spirv-headers_1.3.216.0.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d"
SRCREV = "b2a156e1c0434bc8c99aaebba1c7be98be7ac580"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master"
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=main"
PE = "1"
UPSTREAM_CHECK_GITTAGREGEX = "sdk-(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb
index fc1074d..c6fba38 100644
--- a/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb
+++ b/poky/meta/recipes-graphics/spir/spirv-tools_1.3.216.0.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "c94501352d545e84c821ce031399e76d1af32d18"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=main;protocol=https \
file://0001-Remove-default-copy-constructor-in-header.-4879.patch \
"
PE = "1"
diff --git a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
index 332411b..d5d285c 100644
--- a/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
+++ b/poky/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a"
-SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \
+SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=main;protocol=https;lfs=0 \
file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \
file://debugfix.patch \
file://0001-Qualify-move-as-std-move.patch;patchdir=third_party/spirv-cross \
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
new file mode 100644
index 0000000..722116c
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2022-3554
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Tue, 4 Oct 2022 18:26:17 -0400
+Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback
+
+Analysis:
+
+ _XimRegisterIMInstantiateCallback() opens an XIM and closes it using
+ the internal function pointers, but the internal close function does
+ not free the pointer to the XIM (this would be done in XCloseIM()).
+
+Report/patch:
+
+ Date: Mon, 03 Oct 2022 18:47:32 +0800
+ From: Po Lu <luangruo@yahoo.com>
+ To: xorg-devel@lists.x.org
+ Subject: Re: Yet another leak in Xlib
+
+ For reference, here's how I'm calling XRegisterIMInstantiateCallback:
+
+ XSetLocaleModifiers ("");
+ XRegisterIMInstantiateCallback (compositor.display,
+ XrmGetDatabase (compositor.display),
+ (char *) compositor.resource_name,
+ (char *) compositor.app_name,
+ IMInstantiateCallback, NULL);
+
+ and XMODIFIERS is:
+
+ @im=ibus
+
+Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
+---
+ modules/im/ximcp/imInsClbk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
+index 95b379cb..c10e347f 100644
+--- a/modules/im/ximcp/imInsClbk.c
++++ b/modules/im/ximcp/imInsClbk.c
+@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback(
+ if( xim ) {
+ lock = True;
+ xim->methods->close( (XIM)xim );
++ /* XIMs must be freed manually after being opened; close just
++ does the protocol to deinitialize the IM. */
++ XFree( xim );
+ lock = False;
+ icb->call = True;
+ callback( display, client_data, NULL );
+--
+2.34.1
+
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
index 1dcc3ab..9ff196c 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
@@ -15,6 +15,7 @@
SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.xz"
SRC_URI += "file://disable_tests.patch \
+ file://0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch \
"
SRC_URI[sha256sum] = "1bc41aa1bbe01401f330d76dfa19f386b79c51881c7bbfee9eb4e27f22f2d9f7"
diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
new file mode 100644
index 0000000..d226766
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
@@ -0,0 +1,33 @@
+CVE: CVE-2022-44638
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001
+From: Matt Turner <mattst88@gmail.com>
+Date: Wed, 2 Nov 2022 12:07:32 -0400
+Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write
+
+Thanks to Maddie Stone and Google's Project Zero for discovering this
+issue, providing a proof-of-concept, and a great analysis.
+
+Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
+---
+ pixman/pixman-trap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c
+index 91766fd..7560405 100644
+--- a/pixman/pixman-trap.c
++++ b/pixman/pixman-trap.c
+@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y,
+
+ if (f < Y_FRAC_FIRST (n))
+ {
+- if (pixman_fixed_to_int (i) == 0x8000)
++ if (pixman_fixed_to_int (i) == 0xffff8000)
+ {
+ f = 0; /* saturate */
+ }
+--
+GitLab
+
diff --git a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
index ccfe277..c56733e 100644
--- a/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/pixman_0.40.0.bb
@@ -9,6 +9,7 @@
SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \
file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \
+ file://CVE-2022-44638.patch \
"
SRC_URI[md5sum] = "73858c0862dd9896fb5f62ae267084a4"
SRC_URI[sha256sum] = "6d200dec3740d9ec4ec8d1180e25779c00bc749f94278c8b9021f5534db223fc"
diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch
new file mode 100644
index 0000000..4209139
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto/0001-Fix-install-conflict-when-enable-multilib.patch
@@ -0,0 +1,32 @@
+From fc28149b6b198042c8d29e0931415adad7ed3231 Mon Sep 17 00:00:00 2001
+From: Wang Mingyu <wangmy@fujitsu.com>
+Date: Thu, 16 Mar 2023 08:03:47 +0000
+Subject: [PATCH] Fix install conflict when enable multilib.
+
+Automake defines pythondir in terms of libdir (rather than hardcode 'lib' or query it from python as automake upstream does)
+https://git.yoctoproject.org/poky/tree/meta/recipes-devtools/automake/automake/0001-automake-Update-for-python.m4-to-respect-libdir.patch
+
+So libdir needs to be defined when pythondir is defined.
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 8b57a83..580f5bc 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = src xcbgen
+
+-pkgconfigdir = $(datarootdir)/pkgconfig
++pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = xcb-proto.pc
+
+ EXTRA_DIST=doc xcb-proto.pc.in autogen.sh README.md
+--
+2.34.1
+
diff --git a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
index 4e4472a..e60e795 100644
--- a/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
+++ b/poky/meta/recipes-graphics/xorg-proto/xcb-proto_1.15.2.bb
@@ -13,6 +13,7 @@
SRC_URI = "https://xorg.freedesktop.org/archive/individual/proto/${BP}.tar.xz \
file://0001-xcb-proto.pc.in-reinstate-libdir.patch \
+ file://0001-Fix-install-conflict-when-enable-multilib.patch \
"
SRC_URI[sha256sum] = "7072beb1f680a2fe3f9e535b797c146d22528990c72f63ddb49d2f350a3653ed"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 057a1ba..ecb164d 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -28,6 +28,8 @@
# impossible or difficult to exploit. There is currently no upstream patch
# available for this flaw.
CVE_CHECK_IGNORE += "CVE-2020-25697"
+# This is specific to XQuartz, which is the macOS X server port
+CVE_CHECK_IGNORE += "CVE-2022-3553"
S = "${WORKDIR}/${XORG_PN}-${PV}"
@@ -80,9 +82,9 @@
SUMMARY:xf86-video-modesetting = "X.Org X server -- modesetting display driver"
INSANE_SKIP:${MLPREFIX}xf86-video-modesetting = "xorg-driver-abi"
-XSERVER_RRECOMMENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput"
-RRECOMMENDS:${PN} += "${XSERVER_RRECOMMENDS}"
-RRECOMMENDS:${PN}-xwayland += "${XSERVER_RRECOMMENDS}"
+XSERVER_RDEPENDS = "xkeyboard-config rgb xserver-xf86-config xkbcomp xf86-input-libinput"
+RDEPENDS:${PN} += "${XSERVER_RDEPENDS}"
+RDEPENDS:${PN}-xwayland += "${XSERVER_RDEPENDS}"
RDEPENDS:${PN}-xvfb += "xkeyboard-config"
RDEPENDS:${PN}-module-exa = "${PN} (= ${EXTENDPKGV})"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
new file mode 100644
index 0000000..fc426da
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
@@ -0,0 +1,46 @@
+From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Mar 2023 11:08:47 +0100
+Subject: [PATCH] composite: Fix use-after-free of the COW
+
+ZDI-CAN-19866/CVE-2023-1393
+
+If a client explicitly destroys the compositor overlay window (aka COW),
+we would leave a dangling pointer to that window in the CompScreen
+structure, which will trigger a use-after-free later.
+
+Make sure to clear the CompScreen pointer to the COW when the latter gets
+destroyed explicitly by the client.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+
+CVE: CVE-2023-1393
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ composite/compwindow.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/composite/compwindow.c b/composite/compwindow.c
+index 4e2494b86..b30da589e 100644
+--- a/composite/compwindow.c
++++ b/composite/compwindow.c
+@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
+ ret = (*pScreen->DestroyWindow) (pWin);
+ cs->DestroyWindow = pScreen->DestroyWindow;
+ pScreen->DestroyWindow = compDestroyWindow;
++
++ /* Did we just destroy the overlay window? */
++ if (pWin == cs->pOverlayWin)
++ cs->pOverlayWin = NULL;
++
+ /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
+ return ret;
+ }
+--
+2.34.1
+
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
similarity index 79%
rename from poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
rename to poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
index b9cbc99..f0771cc 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
@@ -1,9 +1,10 @@
require xserver-xorg.inc
SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
- file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+ file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+ file://0001-composite-Fix-use-after-free-of-the-COW.patch \
"
-SRC_URI[sha256sum] = "5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587"
+SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.
diff --git a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
similarity index 92%
rename from poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
rename to poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
index da1b275..6919ba4 100644
--- a/poky/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
+++ b/poky/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
@@ -10,7 +10,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5"
+SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
@@ -23,7 +23,7 @@
PACKAGECONFIG ??= "${XORG_CRYPTO} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', '${OPENGL_PKGCONFIGS}', '', d)} \
"
-PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false"
+PACKAGECONFIG[dri3] = "-Ddri3=true,-Ddri3=false,libxshmfence"
PACKAGECONFIG[glx] = "-Dglx=true,-Dglx=false,virtual/libgl virtual/libx11"
PACKAGECONFIG[glamor] = "-Dglamor=true,-Dglamor=false,libepoxy virtual/libgbm,libegl"
PACKAGECONFIG[unwind] = "-Dlibunwind=true,-Dlibunwind=false,libunwind"
diff --git a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index dea7b65..12f1cf5 100644
--- a/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/poky/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -11,7 +11,7 @@
DEPENDS = "git-native"
-SRCREV = "ba600ef61a85966596126a6e8d936971905e8749"
+SRCREV = "2d01f24bc78256c709728eb3f204491bce13e0e5"
PV = "0.3+git${SRCPV}"
inherit native
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
similarity index 94%
rename from poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
rename to poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
index 45c9d0e..bf5d4f5 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
@@ -45,6 +45,7 @@
& Firmware-phanfw \
& Firmware-qat \
& Firmware-qcom \
+ & Firmware-qcom-yamato \
& Firmware-qla1280 \
& Firmware-qla2xxx \
& Firmware-qualcommAthos_ar3k \
@@ -70,8 +71,8 @@
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \
- file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
+ file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
+ file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
@@ -109,6 +110,7 @@
file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
+ file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
@@ -132,7 +134,7 @@
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20"
+WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -177,6 +179,7 @@
NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw"
NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware"
NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom"
+NO_GENERIC_LICENSE[Firmware-qcom-yamato] = "LICENSE.qcom_yamato"
NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280"
NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx"
NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k"
@@ -209,7 +212,7 @@
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9"
+SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a"
inherit allarch
@@ -228,6 +231,7 @@
PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-mt7601u-license ${PN}-mt7601u \
${PN}-radeon-license ${PN}-radeon \
+ ${PN}-amdgpu-license ${PN}-amdgpu \
${PN}-marvell-license ${PN}-pcie8897 ${PN}-pcie8997 \
${PN}-sd8686 ${PN}-sd8688 ${PN}-sd8787 ${PN}-sd8797 ${PN}-sd8801 \
${PN}-sd8887 ${PN}-sd8897 ${PN}-sd8997 ${PN}-usb8997 \
@@ -235,6 +239,7 @@
${PN}-vt6656-license ${PN}-vt6656 \
${PN}-rs9113 ${PN}-rs9116 \
${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
+ ${PN}-rtl8761 \
${PN}-rtl8168 \
${PN}-cypress-license \
${PN}-broadcom-license \
@@ -305,7 +310,7 @@
${PN}-nvidia-gpu \
${PN}-netronome-license ${PN}-netronome \
${PN}-qat ${PN}-qat-license \
- ${PN}-qcom-license \
+ ${PN}-qcom-license ${PN}-qcom-yamato-license \
${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
@@ -428,6 +433,17 @@
RDEPENDS:${PN}-radeon += "${PN}-radeon-license"
+# For amdgpu
+LICENSE:${PN}-amdgpu = "Firmware-amdgpu"
+LICENSE:${PN}-amdgpu-license = "Firmware-amdgpu"
+
+FILES:${PN}-amdgpu-license = "${nonarch_base_libdir}/firmware/LICENSE.amdgpu"
+FILES:${PN}-amdgpu = " \
+ ${nonarch_base_libdir}/firmware/amdgpu \
+"
+
+RDEPENDS:${PN}-amdgpu += "${PN}-amdgpu-license"
+
# For lontium
LICENSE:${PN}-lt9611uxc = "Firmware-Lontium"
@@ -563,6 +579,7 @@
LICENSE:${PN}-rtl8192ce = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
+LICENSE:${PN}-rtl8761 = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl-license = "Firmware-rtlwifi_firmware"
LICENSE:${PN}-rtl8168 = "WHENCE"
@@ -588,6 +605,9 @@
FILES:${PN}-rtl8821 = " \
${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
"
+FILES:${PN}-rtl8761 = " \
+ ${nonarch_base_libdir}/firmware/rtl_bt/rtl8761*.bin \
+"
FILES:${PN}-rtl8168 = " \
${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
"
@@ -598,6 +618,7 @@
RDEPENDS:${PN}-rtl8192su = "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8723 += "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS:${PN}-rtl8761 += "${PN}-rtl-license"
RDEPENDS:${PN}-rtl8168 += "${PN}-whence-license"
# For ti-connectivity
@@ -965,17 +986,44 @@
# For QCOM VPU/GPU and SDM845
LICENSE:${PN}-qcom-license = "Firmware-qcom"
+LICENSE:${PN}-qcom-yamato-license = "Firmware-qcom-yamato"
+LICENSE:${PN}-qcom-venus-1.8 = "Firmware-qcom"
+LICENSE:${PN}-qcom-venus-4.2 = "Firmware-qcom"
+LICENSE:${PN}-qcom-venus-5.2 = "Firmware-qcom"
+LICENSE:${PN}-qcom-venus-5.4 = "Firmware-qcom"
+LICENSE:${PN}-qcom-vpu-1.0 = "Firmware-qcom"
+LICENSE:${PN}-qcom-vpu-2.0 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a2xx = "Firmware-qcom Firmware-qcom-yamato"
+LICENSE:${PN}-qcom-adreno-a3xx = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a4xx = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a530 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a630 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a650 = "Firmware-qcom"
+LICENSE:${PN}-qcom-adreno-a660 = "Firmware-qcom"
+LICENSE:${PN}-qcom-apq8096-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-apq8096-modem = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom"
+LICENSE:${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom"
+LICENSE:${PN}-qcom-sdm845-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-sdm845-compute = "Firmware-qcom"
+LICENSE:${PN}-qcom-sdm845-modem = "Firmware-qcom"
+LICENSE:${PN}-qcom-sm8250-audio = "Firmware-qcom"
+LICENSE:${PN}-qcom-sm8250-compute = "Firmware-qcom"
+
FILES:${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
+FILES:${PN}-qcom-yamato-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom_yamato"
FILES:${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
FILES:${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
-FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw"
+FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw"
FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
-FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
+FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/a530*.*"
FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
@@ -991,13 +1039,14 @@
FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
FILES:${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*"
FILES:${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*"
+
RDEPENDS:${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
-RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
+RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license ${PN}-qcom-yamato-license"
RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
@@ -1103,3 +1152,6 @@
# Don't warn about already stripped files
INSANE_SKIP:${PN} = "already-stripped"
+
+# No need to put firmware into the sysroot
+SYSROOT_DIRS_IGNORE += "${nonarch_base_libdir}/firmware"
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
new file mode 100644
index 0000000..53d5379
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -0,0 +1,90 @@
+# CVE exclusions specific to version 5.15 of the kernel.
+
+# 2021
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
+# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438
+# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f
+# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_IGNORE += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
+# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
+# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749
+# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
+# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
+# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
+CVE_CHECK_IGNORE += "CVE-2022-3534"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_IGNORE += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
+# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
+# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
+# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
+CVE_CHECK_IGNORE += "CVE-2022-3619"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
+# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
+# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624
+# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea
+# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4
+# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533
+# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
+# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
+# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
+CVE_CHECK_IGNORE += "CVE-2022-3640"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
+# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_IGNORE += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+CVE_CHECK_IGNORE += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4
+# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
+# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
+# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
+CVE_CHECK_IGNORE += "CVE-2022-42896"
+
+
+# 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
+# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
+# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
+# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
+CVE_CHECK_IGNORE += "CVE-2023-0266"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_IGNORE += "CVE-2023-0394"
+
+
diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
index 46d706b..17ae744 100644
--- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -308,6 +308,13 @@
# external modules can be built
touch -r $kerneldir/build/Makefile $kerneldir/build/include/generated/uapi/linux/version.h
+ # This fixes a warning that the compilers don't match when building a module
+ # Change: CONFIG_CC_VERSION_TEXT="x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0"
+ # #define CONFIG_CC_VERSION_TEXT "x86_64-poky-linux-gcc (GCC) 12.2.0" to "gcc (GCC) 12.2.0"
+ sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' "$kerneldir/build/.config"
+ sed -i 's/#define CONFIG_CC_VERSION_TEXT ".*\(gcc.*\)"/#define CONFIG_CC_VERSION_TEXT "\1"/' $kerneldir/build/include/generated/autoconf.h
+ sed -i 's/CONFIG_CC_VERSION_TEXT=".*\(gcc.*\)"/CONFIG_CC_VERSION_TEXT="\1"/' $kerneldir/build/include/config/auto.conf
+
# make sure these are at least as old as the .config, or rebuilds will trigger
touch -r $kerneldir/build/.config $kerneldir/build/include/generated/autoconf.h 2>/dev/null || :
touch -r $kerneldir/build/.config $kerneldir/build/include/config/auto.conf* 2>/dev/null || :
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
index b1b57be..f01931d 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -10,8 +10,6 @@
inherit kernel
require recipes-kernel/linux/linux-yocto.inc
-# for ncurses tests
-inherit pkgconfig
# provide this .inc to set specific revisions
include recipes-kernel/linux/linux-yocto-dev-revisions.inc
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 6f8648e0..2117e1f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -2,6 +2,9 @@
require recipes-kernel/linux/linux-yocto.inc
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_5.15.inc
+
# Skip processing of this recipe if it is not explicitly specified as the
# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
# to build multiple virtual/kernel providers, e.g. as dependency of
@@ -11,13 +14,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "dba1b7d90813231782bdeda1bd169c93b35c94e0"
-SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99"
+SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.68"
+LINUX_VERSION ?= "5.15.108"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb
index b3e9fba..f4d205e 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.19.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "bc8af638c00f28a46e77e34056079087638f6e65"
-SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455"
+SRCREV_machine ?= "3101c367eab8952721086b545ad37c301b2a7452"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.19.9"
+LINUX_VERSION ?= "5.19.17"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 4f2bb48..277a6a6 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,10 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.68"
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_5.15.inc
+
+LINUX_VERSION ?= "5.15.108"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +17,8 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "33e7eea5c4545a973cf01a849c2b45fa0cd1fa13"
-SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99"
+SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb
index 466b706..95a8a46 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.19.bb
@@ -5,7 +5,7 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.19.9"
+LINUX_VERSION ?= "5.19.17"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455"
+SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc
index 091003e..9bca0e7 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc
@@ -47,7 +47,6 @@
# Pick up shared functions
inherit kernel
inherit kernel-yocto
-inherit pkgconfig
B = "${WORKDIR}/linux-${PACKAGE_ARCH}-${LINUX_KERNEL_TYPE}-build"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 2f91fb7..b58ca03 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -2,6 +2,9 @@
require recipes-kernel/linux/linux-yocto.inc
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion_5.15.inc
+
# board specific branches
KBRANCH:qemuarm ?= "v5.15/standard/arm-versatile-926ejs"
KBRANCH:qemuarm64 ?= "v5.15/standard/qemuarm64"
@@ -13,24 +16,24 @@
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "efe28b4b16d4a1a19f59b4650a0bfb23ffc8c40e"
-SRCREV_machine:qemuarm64 ?= "66986670c45f63d2ed2078e07aa817ede88025ad"
-SRCREV_machine:qemumips ?= "aeeb80fd7f684aca830adb7daf32cfd80637cf3a"
-SRCREV_machine:qemuppc ?= "5c6387a562af89ec92546c1374a120ac240f14e6"
-SRCREV_machine:qemuriscv64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemuriscv32 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemux86 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemux86-64 ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_machine:qemumips64 ?= "20ec37851f4ee9965120937dcf2567f15e72e07a"
-SRCREV_machine ?= "0e51e571701842db33ad96f6ddc8cc6b23230627"
-SRCREV_meta ?= "1128d7bcdcde490d4f35cc00c97f5410bb240d99"
+SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010"
+SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5"
+SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf"
+SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558"
+SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5"
+SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "dd20085f2a88b6cdb12bdcdbd2d7a761c86b184a"
+SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +41,7 @@
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.68"
+LINUX_VERSION ?= "5.15.108"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb
index f882972..5baa0c1 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb
@@ -13,24 +13,24 @@
KBRANCH:qemux86-64 ?= "v5.19/standard/base"
KBRANCH:qemumips64 ?= "v5.19/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "446661f6a3b07535304497c1a51d9cab95f48f0b"
-SRCREV_machine:qemuarm64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemumips ?= "98da147618fca3da29cf1c6ab9c53f24de2c587c"
-SRCREV_machine:qemuppc ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemuriscv64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemuriscv32 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemux86 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemux86-64 ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_machine:qemumips64 ?= "53842054198d851b5deb5810afaf126156efbb54"
-SRCREV_machine ?= "65a9a22786a6710fc7b4edb7cfae80dd83f591f1"
-SRCREV_meta ?= "350b544d077955b599b54ab364f6227d96a90455"
+SRCREV_machine:qemuarm ?= "f30404d233fc4cc461a0800fd635f4e9650a20a5"
+SRCREV_machine:qemuarm64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemumips ?= "ceaf2134635845794c24b750f15004096a597256"
+SRCREV_machine:qemuppc ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemuriscv64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemuriscv32 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemux86 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemux86-64 ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_machine:qemumips64 ?= "acf9ebb1e7d1ceb61a89ec33ca4cc3613287630b"
+SRCREV_machine ?= "84f2f8e7a625aae0fa9e7027a2e774b99b646cf7"
+SRCREV_meta ?= "239a6c0d3c3b046971909f1e066380465b0c331d"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "d1105a680e66b0482bd18048534c58ecabb5c284"
+SRCREV_machine:class-devupstream ?= "2b525314c7b57eac29fe8b77a6589428e4a4f6dd"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.19/base"
@@ -38,7 +38,7 @@
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.19;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.19.9"
+LINUX_VERSION ?= "5.19.17"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
similarity index 98%
rename from poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
rename to poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index 19601e7..8e2fe41 100644
--- a/poky/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
+++ b/poky/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -10,7 +10,7 @@
SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \
file://run-ptest \
"
-SRCREV = "054a54ae10b01a271afc4f19496c041b10fb414c"
+SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>1(\.\d+)+)$"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
deleted file mode 100644
index 21e27ff..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 8e42c4821fb5f5cb816b6ddf73d9a13ba3298a63 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 10 Aug 2022 11:07:14 -0400
-Subject: [PATCH] fix: tie compaction probe build to CONFIG_COMPACTION
-
-The definition of 'struct compact_control' in 'mm/internal.h' depends on
-CONFIG_COMPACTION being defined. Only build the compaction probe when
-this configuration option is enabled.
-
-Thanks to Bruce Ashfield <bruce.ashfield@gmail.com> for reporting this
-issue.
-
-Upstream-Status: Backport [https://review.lttng.org/c/lttng-modules/+/8660]
-
-Change-Id: I81e77aa9c1bf10452c152d432fe5224df0db42c9
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
----
- src/probes/Kbuild | 34 ++++++++++++++++++----------------
- 1 file changed, 18 insertions(+), 16 deletions(-)
-
-diff --git a/src/probes/Kbuild b/src/probes/Kbuild
-index 2908cf75..3e556b8e 100644
---- a/src/probes/Kbuild
-+++ b/src/probes/Kbuild
-@@ -167,22 +167,24 @@ ifneq ($(CONFIG_BTRFS_FS),)
- endif # $(wildcard $(btrfs_dep))
- endif # CONFIG_BTRFS_FS
-
--# A dependency on internal header 'mm/internal.h' was introduced in v5.18
--compaction_dep = $(srctree)/mm/internal.h
--compaction_dep_wildcard = $(wildcard $(compaction_dep))
--compaction_dep_check = $(shell \
--if [ \( $(VERSION) -ge 6 \
-- -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \
-- -z "$(compaction_dep_wildcard)" ] ; then \
-- echo "warn" ; \
--else \
-- echo "ok" ; \
--fi ;)
--ifeq ($(compaction_dep_check),ok)
-- obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o
--else
-- $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.)
--endif # $(wildcard $(compaction_dep))
-+ifneq ($(CONFIG_COMPACTION),)
-+ # A dependency on internal header 'mm/internal.h' was introduced in v5.18
-+ compaction_dep = $(srctree)/mm/internal.h
-+ compaction_dep_wildcard = $(wildcard $(compaction_dep))
-+ compaction_dep_check = $(shell \
-+ if [ \( $(VERSION) -ge 6 \
-+ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \
-+ -z "$(compaction_dep_wildcard)" ] ; then \
-+ echo "warn" ; \
-+ else \
-+ echo "ok" ; \
-+ fi ;)
-+ ifeq ($(compaction_dep_check),ok)
-+ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o
-+ else
-+ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.)
-+ endif # $(wildcard $(compaction_dep))
-+endif # CONFIG_COMPACTION
-
- ifneq ($(CONFIG_EXT4_FS),)
- ext4_dep = $(srctree)/fs/ext4/*.h
---
-2.34.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
deleted file mode 100644
index 6237680..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 8d5da4d2a3d7d9173208f4e8dc7a709f0bfc9820 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 8 Jun 2022 12:56:36 -0400
-Subject: [PATCH 1/3] fix: mm/page_alloc: fix tracepoint
- mm_page_alloc_zone_locked() (v5.19)
-
-See upstream commit :
-
- commit 10e0f7530205799e7e971aba699a7cb3a47456de
- Author: Wonhyuk Yang <vvghjk1234@gmail.com>
- Date: Thu May 19 14:08:54 2022 -0700
-
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
-
- Currently, trace point mm_page_alloc_zone_locked() doesn't show correct
- information.
-
- First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated
- from MIGRATE_HIGHATOMIC/MIGRATE_CMA. Nevertheless, tracepoint use
- requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA.
-
- Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages
- to be stored on the per-cpu lists") percpu-list can store high order
- pages. But trace point determine whether it is a refiil of percpu-list by
- comparing requested order and 0.
-
- To handle these problems, make mm_page_alloc_zone_locked() only be called
- by __rmqueue_smallest with correct migration type. With a new argument
- called percpu_refill, it can show roughly whether it is a refill of
- percpu-list.
-
-Upstream-Status: Backport
-
-Change-Id: I2e4a57393757f12b9c5a4566c4d1102ee2474a09
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/instrumentation/events/kmem.h | 45 +++++++++++++++++++++++++++
- 1 file changed, 45 insertions(+)
-
-diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h
-index 29c0fb7f..8c19e962 100644
---- a/include/instrumentation/events/kmem.h
-+++ b/include/instrumentation/events/kmem.h
-@@ -218,6 +218,50 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc,
- )
- )
-
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0))
-+LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page,
-+
-+ TP_PROTO(struct page *page, unsigned int order, int migratetype,
-+ int percpu_refill),
-+
-+ TP_ARGS(page, order, migratetype, percpu_refill),
-+
-+ TP_FIELDS(
-+ ctf_integer_hex(struct page *, page, page)
-+ ctf_integer(unsigned long, pfn,
-+ page ? page_to_pfn(page) : -1UL)
-+ ctf_integer(unsigned int, order, order)
-+ ctf_integer(int, migratetype, migratetype)
-+ ctf_integer(int, percpu_refill, percpu_refill)
-+ )
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked,
-+
-+ kmem_mm_page_alloc_zone_locked,
-+
-+ TP_PROTO(struct page *page, unsigned int order, int migratetype,
-+ int percpu_refill),
-+
-+ TP_ARGS(page, order, migratetype, percpu_refill)
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_MAP(mm_page_pcpu_drain,
-+
-+ kmem_mm_page_pcpu_drain,
-+
-+ TP_PROTO(struct page *page, unsigned int order, int migratetype),
-+
-+ TP_ARGS(page, order, migratetype),
-+
-+ TP_FIELDS(
-+ ctf_integer(unsigned long, pfn,
-+ page ? page_to_pfn(page) : -1UL)
-+ ctf_integer(unsigned int, order, order)
-+ ctf_integer(int, migratetype, migratetype)
-+ )
-+)
-+#else
- LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page,
-
- TP_PROTO(struct page *page, unsigned int order, int migratetype),
-@@ -250,6 +294,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_pcpu_drain,
-
- TP_ARGS(page, order, migratetype)
- )
-+#endif
-
- #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,19,2) \
- || LTTNG_KERNEL_RANGE(3,14,36, 3,15,0) \
---
-2.19.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
deleted file mode 100644
index ca6abea..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From d8254360c7f2ff9b3f945e9668d89c0b56b9bd91 Mon Sep 17 00:00:00 2001
-From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
-Date: Fri, 29 Jul 2022 15:37:43 -0400
-Subject: [PATCH] fix: net: skb: introduce kfree_skb_reason() (v5.15.58..v5.16)
-
-See upstream commit :
-
- commit c504e5c2f9648a1e5c2be01e8c3f59d394192bd3
- Author: Menglong Dong <imagedong@tencent.com>
- Date: Sun Jan 9 14:36:26 2022 +0800
-
- net: skb: introduce kfree_skb_reason()
-
- Introduce the interface kfree_skb_reason(), which is able to pass
- the reason why the skb is dropped to 'kfree_skb' tracepoint.
-
- Add the 'reason' field to 'trace_kfree_skb', therefor user can get
- more detail information about abnormal skb with 'drop_monitor' or
- eBPF.
-
- All drop reasons are defined in the enum 'skb_drop_reason', and
- they will be print as string in 'kfree_skb' tracepoint in format
- of 'reason: XXX'.
-
- ( Maybe the reasons should be defined in a uapi header file, so that
- user space can use them? )
-
-Upstream-Status: Backport
-
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
-Change-Id: Ib3c039207739dad10f097cf76474e0822e351273
----
- include/instrumentation/events/skb.h | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/include/instrumentation/events/skb.h b/include/instrumentation/events/skb.h
-index 237e54ad..186732ea 100644
---- a/include/instrumentation/events/skb.h
-+++ b/include/instrumentation/events/skb.h
-@@ -13,7 +13,9 @@
- /*
- * Tracepoint for free an sk_buff:
- */
--#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0))
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0) \
-+ || LTTNG_KERNEL_RANGE(5,15,58, 5,16,0))
-+
- LTTNG_TRACEPOINT_ENUM(skb_drop_reason,
- TP_ENUM_VALUES(
- ctf_enum_value("NOT_SPECIFIED", SKB_DROP_REASON_NOT_SPECIFIED)
---
-2.17.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
deleted file mode 100644
index 84c97d5..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From b5d1c38665cd69d7d1c94231fe0609da5c8afbc3 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 8 Jun 2022 13:07:59 -0400
-Subject: [PATCH 2/3] fix: fs: Remove flags parameter from aops->write_begin
- (v5.19)
-
-See upstream commit :
-
- commit 9d6b0cd7579844761ed68926eb3073bab1dca87b
- Author: Matthew Wilcox (Oracle) <willy@infradead.org>
- Date: Tue Feb 22 14:31:43 2022 -0500
-
- fs: Remove flags parameter from aops->write_begin
-
- There are no more aop flags left, so remove the parameter.
-
-Upstream-Status: Backport
-
-Change-Id: I82725b93e13d749f52a631b2ac60df81a5e839f8
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/instrumentation/events/ext4.h | 30 +++++++++++++++++++++++++++
- 1 file changed, 30 insertions(+)
-
-diff --git a/include/instrumentation/events/ext4.h b/include/instrumentation/events/ext4.h
-index 513762c0..222416ec 100644
---- a/include/instrumentation/events/ext4.h
-+++ b/include/instrumentation/events/ext4.h
-@@ -122,6 +122,35 @@ LTTNG_TRACEPOINT_EVENT(ext4_begin_ordered_truncate,
- )
- )
-
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0))
-+LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin,
-+
-+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len),
-+
-+ TP_ARGS(inode, pos, len),
-+
-+ TP_FIELDS(
-+ ctf_integer(dev_t, dev, inode->i_sb->s_dev)
-+ ctf_integer(ino_t, ino, inode->i_ino)
-+ ctf_integer(loff_t, pos, pos)
-+ ctf_integer(unsigned int, len, len)
-+ )
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_write_begin,
-+
-+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len),
-+
-+ TP_ARGS(inode, pos, len)
-+)
-+
-+LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin,
-+
-+ TP_PROTO(struct inode *inode, loff_t pos, unsigned int len),
-+
-+ TP_ARGS(inode, pos, len)
-+)
-+#else
- LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_begin,
-
- TP_PROTO(struct inode *inode, loff_t pos, unsigned int len,
-@@ -153,6 +182,7 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(ext4__write_begin, ext4_da_write_begin,
-
- TP_ARGS(inode, pos, len, flags)
- )
-+#endif
-
- LTTNG_TRACEPOINT_EVENT_CLASS(ext4__write_end,
- TP_PROTO(struct inode *inode, loff_t pos, unsigned int len,
---
-2.19.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch b/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
deleted file mode 100644
index 63f9c40..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 526f13c844cd29f89bd3e924867d9ddfe3c40ade Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Wed, 15 Jun 2022 12:07:16 -0400
-Subject: [PATCH 3/3] fix: workqueue: Fix type of cpu in trace event (v5.19)
-
-See upstream commit :
-
- commit 873a400938b31a1e443c4d94b560b78300787540
- Author: Wonhyuk Yang <vvghjk1234@gmail.com>
- Date: Wed May 4 11:32:03 2022 +0900
-
- workqueue: Fix type of cpu in trace event
-
- The trace event "workqueue_queue_work" use unsigned int type for
- req_cpu, cpu. This casue confusing cpu number like below log.
-
- $ cat /sys/kernel/debug/tracing/trace
- cat-317 [001] ...: workqueue_queue_work: ... req_cpu=8192 cpu=4294967295
-
- So, change unsigned type to signed type in the trace event. After
- applying this patch, cpu number will be printed as -1 instead of
- 4294967295 as folllows.
-
- $ cat /sys/kernel/debug/tracing/trace
- cat-1338 [002] ...: workqueue_queue_work: ... req_cpu=8192 cpu=-1
-
-Upstream-Status: Backport
-
-Change-Id: I478083c350b6ec314d87e9159dc5b342b96daed7
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/instrumentation/events/workqueue.h | 49 ++++++++++++++++++++--
- 1 file changed, 46 insertions(+), 3 deletions(-)
-
-diff --git a/include/instrumentation/events/workqueue.h b/include/instrumentation/events/workqueue.h
-index 023b65a8..5693cf89 100644
---- a/include/instrumentation/events/workqueue.h
-+++ b/include/instrumentation/events/workqueue.h
-@@ -28,10 +28,35 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work,
- )
- )
-
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0))
- /**
- * workqueue_queue_work - called when a work gets queued
- * @req_cpu: the requested cpu
-- * @cwq: pointer to struct cpu_workqueue_struct
-+ * @pwq: pointer to struct pool_workqueue
-+ * @work: pointer to struct work_struct
-+ *
-+ * This event occurs when a work is queued immediately or once a
-+ * delayed work is actually queued on a workqueue (ie: once the delay
-+ * has been reached).
-+ */
-+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
-+
-+ TP_PROTO(int req_cpu, struct pool_workqueue *pwq,
-+ struct work_struct *work),
-+
-+ TP_ARGS(req_cpu, pwq, work),
-+
-+ TP_FIELDS(
-+ ctf_integer_hex(void *, work, work)
-+ ctf_integer_hex(void *, function, work->func)
-+ ctf_integer(int, req_cpu, req_cpu)
-+ )
-+)
-+#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0))
-+/**
-+ * workqueue_queue_work - called when a work gets queued
-+ * @req_cpu: the requested cpu
-+ * @pwq: pointer to struct pool_workqueue
- * @work: pointer to struct work_struct
- *
- * This event occurs when a work is queued immediately or once a
-@@ -40,17 +65,34 @@ LTTNG_TRACEPOINT_EVENT_CLASS(workqueue_work,
- */
- LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
-
--#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,9,0))
- TP_PROTO(unsigned int req_cpu, struct pool_workqueue *pwq,
- struct work_struct *work),
-
- TP_ARGS(req_cpu, pwq, work),
-+
-+ TP_FIELDS(
-+ ctf_integer_hex(void *, work, work)
-+ ctf_integer_hex(void *, function, work->func)
-+ ctf_integer(unsigned int, req_cpu, req_cpu)
-+ )
-+)
- #else
-+/**
-+ * workqueue_queue_work - called when a work gets queued
-+ * @req_cpu: the requested cpu
-+ * @cwq: pointer to struct cpu_workqueue_struct
-+ * @work: pointer to struct work_struct
-+ *
-+ * This event occurs when a work is queued immediately or once a
-+ * delayed work is actually queued on a workqueue (ie: once the delay
-+ * has been reached).
-+ */
-+LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
-+
- TP_PROTO(unsigned int req_cpu, struct cpu_workqueue_struct *cwq,
- struct work_struct *work),
-
- TP_ARGS(req_cpu, cwq, work),
--#endif
-
- TP_FIELDS(
- ctf_integer_hex(void *, work, work)
-@@ -58,6 +100,7 @@ LTTNG_TRACEPOINT_EVENT(workqueue_queue_work,
- ctf_integer(unsigned int, req_cpu, req_cpu)
- )
- )
-+#endif
-
- /**
- * workqueue_activate_work - called when a work gets activated
---
-2.19.1
-
diff --git a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb
similarity index 76%
rename from poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb
rename to poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb
index f60ab3b..a08386b 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.4.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-modules_2.13.9.bb
@@ -11,17 +11,12 @@
SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0009-Rename-genhd-wrapper-to-blkdev.patch \
- file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \
- file://0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch \
- file://0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch \
- file://0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch \
- file://0001-fix-compaction.patch \
"
# Use :append here so that the patch is applied also when using devupstream
SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch"
-SRC_URI[sha256sum] = "6159d00e4e1d59546eec8d4a67e1aa39c1084ceb5e5afeb666eab4b8a5b5a9ee"
+SRC_URI[sha256sum] = "bf808b113544287cfe837a6382887fa66354ef5cc8216460cebbef3d27dc3581"
export INSTALL_MOD_DIR="kernel/lttng-modules"
diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch b/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch
deleted file mode 100644
index b2ab880..0000000
--- a/poky/meta/recipes-kernel/lttng/lttng-tools/determinism.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-This is a bit ugly. Specifing abs_builddir as an RPATH is plain wrong when
-cross compiling. Sadly, removing the rpath makes libtool/automake do
-weird things and breaks the build as shared libs are no longer generated.
-
-We already try and delete the RPATH at do_install with chrpath however
-that does leave the path in the string table so it doesn't help us
-with reproducibility.
-
-Instead, hack in a bogus but harmless path, then delete it later in
-our do_install. Ultimately we may want to pass a specific path to use
-to configure if we really do need to set an RPATH at all. It is unclear
-to me whether the tests need that or not.
-
-Fixes reproducibility issues for lttng-tools.
-
-Upstream-Status: Pending [needs discussion with upstream about the correct solution]
-RP 2021/3/1
-
-Index: lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am
-===================================================================
---- lttng-tools-2.12.2.orig/tests/regression/ust/ust-dl/Makefile.am
-+++ lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am
-@@ -27,16 +27,16 @@ noinst_LTLIBRARIES = libzzz.la libbar.la
-
- libzzz_la_SOURCES = libzzz.c libzzz.h
- libzzz_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
-
- libbar_la_SOURCES = libbar.c libbar.h
- libbar_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
- libbar_la_LIBADD = libzzz.la
-
- libfoo_la_SOURCES = libfoo.c libfoo.h
- libfoo_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
- libfoo_la_LIBADD = libbar.la
-
- CLEANFILES = libfoo.so libfoo.so.debug libbar.so libbar.so.debug \
-@@ -44,7 +44,7 @@ CLEANFILES = libfoo.so libfoo.so.debug l
-
- libtp_la_SOURCES = libbar-tp.h libbar-tp.c libfoo-tp.h libfoo-tp.c \
- libzzz-tp.h libzzz-tp.c
--libtp_la_LDFLAGS = -module -shared -rpath $(abs_builddir)
-+libtp_la_LDFLAGS = -module -shared -rpath /usr/lib
-
- # Extract debug symbols
- libfoo.so.debug: libfoo.la
-Index: lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-===================================================================
---- lttng-tools-2.12.2.orig/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-+++ lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-@@ -5,7 +5,7 @@ AM_CFLAGS += -O0
- noinst_LTLIBRARIES = libfoo.la
-
- libfoo_la_SOURCES = foo.c foo.h
--libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath $(abs_builddir)/.libs/
-+libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath /usr/lib
-
- noinst_PROGRAMS = userspace-probe-elf-binary
- userspace_probe_elf_binary_SOURCES = userspace-probe-elf-binary.c
diff --git a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
similarity index 98%
rename from poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb
rename to poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
index a814eb7..1f6929e 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
@@ -35,11 +35,10 @@
file://0001-tests-do-not-strip-a-helper-library.patch \
file://run-ptest \
file://lttng-sessiond.service \
- file://determinism.patch \
file://disable-tests.patch \
"
-SRC_URI[sha256sum] = "b1e959579b260790930b20f3c7aa7cefb8a40e0de80d4a777c2bf78c6b353dc1"
+SRC_URI[sha256sum] = "8d94dc95b608cf70216b01203a3f8242b97a232db2e23421a2f43708da08f337"
inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
diff --git a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
similarity index 95%
rename from poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb
rename to poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
index 56200ac..916408b 100644
--- a/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.4.bb
+++ b/poky/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
@@ -34,7 +34,7 @@
file://0001-Makefile.am-update-rpath-link.patch \
"
-SRC_URI[sha256sum] = "698f82ec5dc56e981c0bb08c46ebabaf31c60e877c2e365b9fd6d3a9fff8b398"
+SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
CVE_PRODUCT = "ust"
diff --git a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
index 9afd671..38282e5 100644
--- a/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
+++ b/poky/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
@@ -3,7 +3,7 @@
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
-inherit kernel-arch
+inherit kernel-arch linux-kernel-base
inherit pkgconfig
PACKAGE_ARCH = "${MACHINE_ARCH}"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 5b2f595..691268d 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -356,6 +356,16 @@
"
FILES:${PN}-perl = "${libexecdir}/perf-core/scripts/perl"
-
-INHIBIT_PACKAGE_DEBUG_SPLIT="1"
DEBUG_OPTIMIZATION:append = " -Wno-error=maybe-uninitialized"
+
+PACKAGESPLITFUNCS =+ "perf_fix_sources"
+
+perf_fix_sources () {
+ for f in util/parse-events-flex.h util/parse-events-flex.c util/pmu-flex.c \
+ util/expr-flex.h util/expr-flex.c; do
+ f=${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/$f
+ if [ -e $f ]; then
+ sed -i -e 's#${S}/##g' $f
+ fi
+ done
+}
diff --git a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb
similarity index 94%
rename from poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
rename to poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb
index 357e79d..ce60154 100644
--- a/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.08.12.bb
+++ b/poky/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.02.13.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84"
+SRC_URI[sha256sum] = "fe81e8a8694dc4753a45087a1c4c7e1b48dee5a59f5f796ce374ea550f0b2e73"
inherit bin_package allarch
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 0000000..2775a81
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,89 @@
+From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 12 Nov 2022 16:12:00 +0100
+Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
+
+Signed-off-by: <narpat.mali@windriver.com>
+
+---
+ libavcodec/rpzaenc.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
+index d710eb4f82..4ced9523e2 100644
+--- a/libavcodec/rpzaenc.c
++++ b/libavcodec/rpzaenc.c
+@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt
+
+ // loop thru and compare pixels
+ for (y = 0; y < bi->block_height; y++) {
+- for (x = 0; x < bi->block_width; x++){
++ for (x = 0; x < bi->block_width; x++) {
+ // TODO: optimize
+ min_r = FFMIN(R(block_ptr[x]), min_r);
+ min_g = FFMIN(G(block_ptr[x]), min_g);
+@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi,
+ return -1;
+
+ for (i = 0; i < bi->block_height; i++) {
+- for (j = 0; j < bi->block_width; j++){
++ for (j = 0; j < bi->block_width; j++) {
+ x = GET_CHAN(block_ptr[j], xchannel);
+ y = GET_CHAN(block_ptr[j], ychannel);
+ sumx += x;
+@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi
+ int max_err = 0;
+
+ for (i = 0; i < bi->block_height; i++) {
+- for (j = 0; j < bi->block_width; j++){
++ for (j = 0; j < bi->block_width; j++) {
+ int x_inc, lin_y, lin_x;
+ x = GET_CHAN(block_ptr[j], xchannel);
+ y = GET_CHAN(block_ptr[j], ychannel);
+@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels,
+ uint16_t *dest_pixels,
+ const BlockInfo *bi, int block_counter)
+ {
+- for (int y = 0; y < 4; y++) {
++ const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
++
++ for (int y = 0; y < y_size; y++) {
+ memcpy(dest_pixels, src_pixels, 8);
+ dest_pixels += bi->rowstride;
+ src_pixels += bi->rowstride;
+@@ -730,14 +732,15 @@ post_skip :
+
+ if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
+ uint16_t *row_ptr;
+- int rgb555;
++ int y_size, rgb555;
+
+ block_offset = get_block_info(&bi, block_counter);
+
+ row_ptr = &src_pixels[block_offset];
++ y_size = FFMIN(4, bi.image_height - bi.row * 4);
+
+- for (int y = 0; y < 4; y++) {
+- for (int x = 0; x < 4; x++){
++ for (int y = 0; y < y_size; y++) {
++ for (int x = 0; x < 4; x++) {
+ rgb555 = row_ptr[x] & ~0x8000;
+
+ put_bits(&s->pb, 16, rgb555);
+@@ -745,6 +748,11 @@ post_skip :
+ row_ptr += bi.rowstride;
+ }
+
++ for (int y = y_size; y < 4; y++) {
++ for (int x = 0; x < 4; x++)
++ put_bits(&s->pb, 16, 0);
++ }
++
+ block_counter++;
+ } else { // FOUR COLOR BLOCK
+ block_counter += encode_four_color_block(min_color, max_color,
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 0000000..923fc6a
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,108 @@
+From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 12 Nov 2022 15:19:21 +0100
+Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd]
+
+Signed-off-by: <narpat.mali@windriver.com>
+
+---
+ libavcodec/smcenc.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c
+index f3d26a4e8d..33549b8ab4 100644
+--- a/libavcodec/smcenc.c
++++ b/libavcodec/smcenc.c
+@@ -61,6 +61,7 @@ typedef struct SMCContext {
+ { \
+ row_ptr += stride * 4; \
+ pixel_ptr = row_ptr; \
++ cur_y += 4; \
+ } \
+ } \
+ }
+@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0];
+ uint8_t *distinct_values = s->distinct_values;
+ const uint8_t *pixel_ptr, *row_ptr;
++ const int height = frame->height;
+ const int width = frame->width;
+ uint8_t block_values[16];
+ int block_counter = 0;
+@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ int color_octet_index = 0;
+ int color_table_index; /* indexes to color pair, quad, or octet tables */
+ int total_blocks;
++ int cur_y = 0;
+
+ memset(s->color_pairs, 0, sizeof(s->color_pairs));
+ memset(s->color_quads, 0, sizeof(s->color_quads));
+ memset(s->color_octets, 0, sizeof(s->color_octets));
+
+ /* Number of 4x4 blocks in frame. */
+- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4);
++ total_blocks = ((width + 3) / 4) * ((height + 3) / 4);
+
+ pixel_ptr = row_ptr = src_pixels;
+
+@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ int cache_index;
+ int distinct = 0;
+ int blocks = 0;
++ int frame_y = cur_y;
+
+ while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) {
++ const int y_size = FFMIN(4, height - cur_y);
+ int compare = 0;
+
+- for (int y = 0; y < 4; y++) {
++ for (int y = 0; y < y_size; y++) {
+ const ptrdiff_t offset = pixel_ptr - src_pixels;
+ const uint8_t *prev_pixel_ptr = prev_pixels + offset;
+
+@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++ cur_y = frame_y;
+
+ while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) {
++ const int y_size = FFMIN(4, height - cur_y);
+ const ptrdiff_t offset = pixel_ptr - src_pixels;
+ const int sy = offset / stride;
+ const int sx = offset % stride;
+@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride;
+ int compare = 0;
+
+- for (int y = 0; y < 4; y++) {
++ for (int y = 0; y < y_size; y++) {
+ compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4);
+ if (compare)
+ break;
+@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++ cur_y = frame_y;
+
+ while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) {
+- for (int y = 0; y < 4; y++)
++ const int y_size = FFMIN(4, height - cur_y);
++ for (int y = 0; y < y_size; y++)
+ memcpy(block_values + y * 4, pixel_ptr + y * stride, 4);
+
+ qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values);
+@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++ cur_y = frame_y;
+
+ blocks = coded_blocks;
+ distinct = coded_distinct;
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
new file mode 100644
index 0000000..95bd608
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/ffmpeg-fix-vulkan.patch
@@ -0,0 +1,34 @@
+From: Lynne <dev@lynne.ee>
+Date: Sun, 25 Dec 2022 00:03:30 +0000 (+0100)
+Subject: hwcontext_vulkan: remove optional encode/decode extensions from the list
+X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690
+
+hwcontext_vulkan: remove optional encode/decode extensions from the list
+
+They're not currently used, so they don't need to be there.
+Vulkan stabilized the decode extensions less than a week ago, and their
+name prefixes were changed from EXT to KHR. It's a bit too soon to be
+depending on it, so rather than bumping, just remove these for now.
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690]
+---
+
+diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c
+index f1db1c7291..2a9b5f4aac 100644
+--- a/libavutil/hwcontext_vulkan.c
++++ b/libavutil/hwcontext_vulkan.c
+@@ -358,14 +358,6 @@ static const VulkanOptExtension optional_device_exts[] = {
+ { VK_KHR_EXTERNAL_MEMORY_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_MEMORY },
+ { VK_KHR_EXTERNAL_SEMAPHORE_WIN32_EXTENSION_NAME, FF_VK_EXT_EXTERNAL_WIN32_SEM },
+ #endif
+-
+- /* Video encoding/decoding */
+- { VK_KHR_VIDEO_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_KHR_VIDEO_DECODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_KHR_VIDEO_ENCODE_QUEUE_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_ENCODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_DECODE_H264_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+- { VK_EXT_VIDEO_DECODE_H265_EXTENSION_NAME, FF_VK_EXT_NO_FLAG },
+ };
+
+ /* Converts return values to strings */
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb
rename to poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
index 2306fe4..2ab3416 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.1.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.1.2.bb
@@ -22,8 +22,13 @@
file://COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \
file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02"
-SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
-SRC_URI[sha256sum] = "95bf3ff8c496511e71e958fb249e663c8c9c3de583c5bebc0f5a9745abbc0435"
+SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
+ file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
+ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
+ file://ffmpeg-fix-vulkan.patch \
+ "
+
+SRC_URI[sha256sum] = "619e706d662c8420859832ddc259cd4d4096a48a2ce1eefd052db9e440eef3dc"
# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
ARM_INSTRUCTION_SET:armv4 = "arm"
@@ -137,6 +142,8 @@
EXTRA_OEMAKE = "V=1"
do_configure() {
+ export TMPDIR="${B}/tmp"
+ mkdir -p ${B}/tmp
${S}/configure ${EXTRA_OECONF}
}
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
index c515e17..9db31c1 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
@@ -12,7 +12,7 @@
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "bbbd45ead703367ea8f4be9b3c082d7b62bef47b240a39083f27844e28758c47"
+SRC_URI[sha256sum] = "5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
index e8da49a..e5925c6 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
@@ -12,7 +12,7 @@
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "3fedd10560fcdfaa1b6462cbf79a38c4e7b57d7f390359393fc0cef6dbf27dfe"
+SRC_URI[sha256sum] = "b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
index fb48562..ec5efcd 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
@@ -10,7 +10,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "8db48040bb41f09edf8d17ff6d16c54888d7777ba4501c2c69f0083350ea9a15"
+SRC_URI[sha256sum] = "bcccbc02548cdc123fd49944dd44a4f1adc5d107e36f010d320eb526e2107806"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
similarity index 98%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
index 39d5e08..2f1793d 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
@@ -10,7 +10,7 @@
file://0002-avoid-including-sys-poll.h-directly.patch \
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
"
-SRC_URI[sha256sum] = "7a11c13b55dd1d2386dd902219e41cbfcdda8e1e0aa3e738186c95074b35da4f"
+SRC_URI[sha256sum] = "f431214b0754d7037adcde93c3195106196588973e5b32dcb24938805f866363"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch
deleted file mode 100644
index 23c1048..0000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-include-required-system-headers-for-isspace-and-ssca.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c85a53a41d4e6bfc49c377217ece12a1f330a690 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 12 Aug 2022 22:50:06 -0700
-Subject: [PATCH] include required system headers for isspace() and sscanf()
- functions
-
-Newer compilers ( clang 15 ) has turned stricter and errors out instead
-of warning on implicit function declations
-Fixes
-gstssaparse.c:297:12: error: call to undeclared library function 'isspace' with type 'int (int)'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
-while (isspace(*t))
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2879]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- gst/subparse/gstssaparse.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
-index ff802fa..5ebe678 100755
---- a/gst/subparse/gstssaparse.c
-+++ b/gst/subparse/gstssaparse.c
-@@ -24,6 +24,8 @@
- #include "config.h"
- #endif
-
-+#include <ctype.h> /* isspace() */
-+#include <stdio.h> /* sscanf() */
- #include <stdlib.h> /* atoi() */
- #include <string.h>
-
---
-2.37.1
-
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
index e5e346e..c37b542 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
@@ -10,9 +10,8 @@
file://0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch \
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
- file://0001-include-required-system-headers-for-isspace-and-ssca.patch \
"
-SRC_URI[sha256sum] = "7e30b3dd81a70380ff7554f998471d6996ff76bbe6fc5447096f851e24473c9f"
+SRC_URI[sha256sum] = "11f911ef65f3095d7cf698a1ad1fc5242ac3ad6c9270465fb5c9e7f4f9c19b35"
S = "${WORKDIR}/gst-plugins-base-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
similarity index 97%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
index 0235935..80aed01 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
@@ -8,7 +8,7 @@
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
"
-SRC_URI[sha256sum] = "f8f3c206bf5cdabc00953920b47b3575af0ef15e9f871c0b6966f6d0aa5868b7"
+SRC_URI[sha256sum] = "e83ab4d12ca24959489bbb0ec4fac9b90e32f741d49cda357cb554b2cb8b97f9"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
index ad7b84b..f765e62 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
@@ -14,7 +14,7 @@
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "8caa20789a09c304b49cf563d33cca9421b1875b84fcc187e4a385fa01d6aefd"
+SRC_URI[sha256sum] = "af67d8ba7cab230f64d0594352112c2c443e2aa36a87c35f9f98a43d11430b87"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
index 57026ba..05e9ace 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "db348120eae955b8cc4de3560a7ea06e36d6e1ddbaa99a7ad96b59846601cfdc"
+SRC_URI[sha256sum] = "27487652318659cfd7dc42784b713c78d29cc7a7df4fb397134c8c125f65e3b2"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
similarity index 90%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
index fd4f82f..c9cf429 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
@@ -10,7 +10,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "ee402718be9b127f0e5e66ca4c1b4f42e4926ec93ba307b7ccca5dc6cc9794ca"
+SRC_URI[sha256sum] = "ba398a7ddd559cce56ef4b91f448d174e0dccad98a493563d2d59c41a2ef39c5"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
index 6e580f9..716f50e 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
@@ -11,7 +11,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "6ee99eb316abdde9ad37002915bd8c3867918f6fdc74b7cf2ac4c1ae0d690b45"
+SRC_URI[sha256sum] = "510c6fb4ff3f676d7946ce1800e04ccf5aabe5a586d4e164d1961808fab8c94b"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
new file mode 100644
index 0000000..f1fac2d
--- /dev/null
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
@@ -0,0 +1,300 @@
+From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 21 Jun 2022 11:51:35 +0300
+Subject: [PATCH] bin: Fix race conditions in tests
+
+The latency messages are non-deterministic and can arrive before/after
+async-done or during state-changes as they are posted by e.g. sinks from
+their streaming thread but bins are finishing asynchronous state changes
+from a secondary helper thread.
+
+To solve this, expect latency messages at any time and assert that we
+receive one at some point during the test.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643]
+Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
+---
+ .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------
+ 1 file changed, 92 insertions(+), 40 deletions(-)
+
+diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c
+index e366d5fe20f..88ff44db0c3 100644
+--- a/subprojects/gstreamer/tests/check/gst/gstbin.c
++++ b/subprojects/gstreamer/tests/check/gst/gstbin.c
+@@ -27,50 +27,95 @@
+ #include <gst/base/gstbasesrc.h>
+
+ static void
+-pop_async_done (GstBus * bus)
++pop_async_done (GstBus * bus, gboolean * had_latency)
+ {
+ GstMessage *message;
++ GstMessageType types = GST_MESSAGE_ASYNC_DONE;
++
++ if (!*had_latency)
++ types |= GST_MESSAGE_LATENCY;
+
+ GST_DEBUG ("popping async-done message");
+- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1);
+
+- fail_unless (message && GST_MESSAGE_TYPE (message)
+- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
++ do {
++ message = gst_bus_poll (bus, types, -1);
+
+- gst_message_unref (message);
+- GST_DEBUG ("popped message");
++ fail_unless (message);
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++
++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
++ fail_unless (*had_latency == FALSE);
++ *had_latency = TRUE;
++ gst_clear_message (&message);
++ types &= ~GST_MESSAGE_LATENCY;
++ continue;
++ }
++
++ fail_unless (GST_MESSAGE_TYPE (message)
++ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
++
++ gst_clear_message (&message);
++ break;
++ } while (TRUE);
+ }
+
+ static void
+-pop_latency (GstBus * bus)
++pop_latency (GstBus * bus, gboolean * had_latency)
+ {
+ GstMessage *message;
+
+- GST_DEBUG ("popping async-done message");
++ if (*had_latency)
++ return;
++
++ GST_DEBUG ("popping latency message");
+ message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1);
+
+- fail_unless (message && GST_MESSAGE_TYPE (message)
++ fail_unless (message);
++ fail_unless (GST_MESSAGE_TYPE (message)
+ == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY");
+
+- gst_message_unref (message);
+- GST_DEBUG ("popped message");
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++ gst_clear_message (&message);
++
++ *had_latency = TRUE;
+ }
+
+ static void
+-pop_state_changed (GstBus * bus, int count)
++pop_state_changed (GstBus * bus, int count, gboolean * had_latency)
+ {
+ GstMessage *message;
+-
++ GstMessageType types = GST_MESSAGE_STATE_CHANGED;
+ int i;
+
++ if (!*had_latency)
++ types |= GST_MESSAGE_LATENCY;
++
+ GST_DEBUG ("popping %d messages", count);
+ for (i = 0; i < count; ++i) {
+- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1);
+-
+- fail_unless (message && GST_MESSAGE_TYPE (message)
+- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED");
+-
+- gst_message_unref (message);
++ do {
++ message = gst_bus_poll (bus, types, -1);
++
++ fail_unless (message);
++ GST_DEBUG ("popped message %s",
++ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
++
++ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
++ fail_unless (*had_latency == FALSE);
++ *had_latency = TRUE;
++ gst_clear_message (&message);
++ types &= ~GST_MESSAGE_LATENCY;
++ continue;
++ }
++
++ fail_unless (GST_MESSAGE_TYPE (message)
++ == GST_MESSAGE_STATE_CHANGED,
++ "did not get GST_MESSAGE_STATE_CHANGED");
++
++ gst_message_unref (message);
++ break;
++ } while (TRUE);
+ }
+ GST_DEBUG ("popped %d messages", count);
+ }
+@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children)
+ GstBus *bus;
+ GstStateChangeReturn ret;
+ GstState current, pending;
++ gboolean had_latency = FALSE;
+
+ pipeline = GST_PIPELINE (gst_pipeline_new (NULL));
+ fail_unless (pipeline != NULL, "Could not create pipeline");
+@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT (sink, "sink", 2);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ fail_if (gst_bus_have_pending (bus), "unexpected pending messages");
+
+ ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
+@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children)
+ * its state_change message */
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4);
+
+- pop_state_changed (bus, 3);
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_state_changed (bus, 3, &had_latency);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3);
+@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
+@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children)
+ ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4);
+ ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
+
+- pop_state_changed (bus, 6);
++ pop_state_changed (bus, 6, &had_latency);
+ fail_if ((gst_bus_pop (bus)) != NULL);
+
+ ASSERT_OBJECT_REFCOUNT (src, "src", 1);
+@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change)
+ GstElement *src, *sink, *bin;
+ GstBus *bus;
+ GstStateChangeReturn ret;
++ gboolean had_latency = FALSE;
+
+ bin = gst_element_factory_make ("bin", NULL);
+ fail_unless (bin != NULL, "Could not create bin");
+@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change)
+ GST_CLOCK_TIME_NONE);
+ fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
+
+- pop_state_changed (bus, 6);
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_state_changed (bus, 6, &had_latency);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+
+ fail_unless (gst_bus_have_pending (bus) == FALSE,
+ "Unexpected messages on bus");
+@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change)
+ ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
+ fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+
++ had_latency = FALSE;
+ /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
+ ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
+ gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
+
+- pop_state_changed (bus, 3);
++ pop_state_changed (bus, 3, &had_latency);
+ if (ret == GST_STATE_CHANGE_ASYNC) {
+- pop_async_done (bus);
+- pop_latency (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ }
+
+ fail_unless (gst_bus_have_pending (bus) == FALSE,
+@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ GstStateChangeReturn ret;
+ GstState current, pending;
+ GstBus *bus;
++ gboolean had_latency = FALSE;
+
+ pipeline = gst_pipeline_new (NULL);
+ fail_unless (pipeline != NULL, "Could not create pipeline");
+@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107);
+ #else
+
+- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
+ ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
+ 108);
+- pop_async_done (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+ #endif
+ /* PAUSED => PLAYING */
+ GST_DEBUG ("popping PAUSED -> PLAYING messages");
+@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
+ fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
+
+ /* TODO: do we need to check downwards state change order as well? */
+- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
+- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
+
+ while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
+ THREAD_SWITCH ();
+@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ GstStateChangeReturn ret;
+ GstState current, pending;
+ GstBus *bus;
++ gboolean had_latency = FALSE;
+
+ /* (2) Now again, but check other code path where we don't have
+ * a proper sink correctly flagged as such, but a 'semi-sink' */
+@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206);
+ ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207);
+ #else
+- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
++ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
+ ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
+ 208);
+- pop_async_done (bus);
++ pop_async_done (bus, &had_latency);
++ pop_latency (bus, &had_latency);
+
+ /* PAUSED => PLAYING */
+ GST_DEBUG ("popping PAUSED -> PLAYING messages");
+@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
+ fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
+
+ /* TODO: do we need to check downwards state change order as well? */
+- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
+- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
++ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
+
+ GST_DEBUG ("waiting for pipeline to reach refcount 1");
+ while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
+--
+GitLab
+
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
deleted file mode 100644
index f51df6d..0000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-tests-remove-gstbin-test_watch_for_state_change-test.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From b935abba3d8fa3ea1ce384c08e650afd8c20b78a Mon Sep 17 00:00:00 2001
-From: Claudius Heine <ch@denx.de>
-Date: Wed, 2 Feb 2022 13:47:02 +0100
-Subject: [PATCH] tests: remove gstbin:test_watch_for_state_change testcase
-
-This testcase seems to be flaky, and upstream marked it as such:
-https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/778
-
-This patch removes the testcase to avoid it interfering with out ptest.
-
-Signed-off-by: Claudius Heine <ch@denx.de>
-
-Upstream-Status: Inappropriate [needs proper upstream fix]
----
- tests/check/gst/gstbin.c | 69 -------------------
- 1 file changed, 69 deletions(-)
-
-diff --git a/tests/check/gst/gstbin.c b/tests/check/gst/gstbin.c
-index e366d5fe20..ac29d81474 100644
---- a/tests/check/gst/gstbin.c
-+++ b/tests/check/gst/gstbin.c
-@@ -691,74 +691,6 @@ GST_START_TEST (test_message_state_changed_children)
-
- GST_END_TEST;
-
--GST_START_TEST (test_watch_for_state_change)
--{
-- GstElement *src, *sink, *bin;
-- GstBus *bus;
-- GstStateChangeReturn ret;
--
-- bin = gst_element_factory_make ("bin", NULL);
-- fail_unless (bin != NULL, "Could not create bin");
--
-- bus = g_object_new (gst_bus_get_type (), NULL);
-- gst_object_ref_sink (bus);
-- gst_element_set_bus (GST_ELEMENT_CAST (bin), bus);
--
-- src = gst_element_factory_make ("fakesrc", NULL);
-- fail_if (src == NULL, "Could not create fakesrc");
-- sink = gst_element_factory_make ("fakesink", NULL);
-- fail_if (sink == NULL, "Could not create fakesink");
--
-- gst_bin_add (GST_BIN (bin), sink);
-- gst_bin_add (GST_BIN (bin), src);
--
-- fail_unless (gst_element_link (src, sink), "could not link src and sink");
--
-- /* change state, spawning two times three messages */
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
-- fail_unless (ret == GST_STATE_CHANGE_ASYNC);
-- ret =
-- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL,
-- GST_CLOCK_TIME_NONE);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- pop_state_changed (bus, 6);
-- pop_async_done (bus);
-- pop_latency (bus);
--
-- fail_unless (gst_bus_have_pending (bus) == FALSE,
-- "Unexpected messages on bus");
--
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- pop_state_changed (bus, 3);
--
-- /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
-- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
--
-- pop_state_changed (bus, 3);
-- if (ret == GST_STATE_CHANGE_ASYNC) {
-- pop_async_done (bus);
-- pop_latency (bus);
-- }
--
-- fail_unless (gst_bus_have_pending (bus) == FALSE,
-- "Unexpected messages on bus");
--
-- gst_bus_set_flushing (bus, TRUE);
--
-- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_NULL);
-- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
--
-- /* clean up */
-- gst_object_unref (bus);
-- gst_object_unref (bin);
--}
--
--GST_END_TEST;
--
- GST_START_TEST (test_state_change_error_message)
- {
- GstElement *src, *sink, *bin;
-@@ -1956,7 +1888,6 @@ gst_bin_suite (void)
- tcase_add_test (tc_chain, test_message_state_changed);
- tcase_add_test (tc_chain, test_message_state_changed_child);
- tcase_add_test (tc_chain, test_message_state_changed_children);
-- tcase_add_test (tc_chain, test_watch_for_state_change);
- tcase_add_test (tc_chain, test_state_change_error_message);
- tcase_add_test (tc_chain, test_add_linked);
- tcase_add_test (tc_chain, test_add_self);
---
-2.33.1
-
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
index 1f4576c..ce9c1c1 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
@@ -21,9 +21,9 @@
file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \
file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
- file://0005-tests-remove-gstbin-test_watch_for_state_change-test.patch \
+ file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \
"
-SRC_URI[sha256sum] = "607daf64bbbd5fb18af9d17e21c0d22c4d702fffe83b23cb22d1b1af2ca23a2a"
+SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
similarity index 78%
rename from poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb
rename to poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
index dc62720..a6c229f 100644
--- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.38.bb
+++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.39.bb
@@ -11,7 +11,7 @@
LIBV = "16"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "b3683e8b8111ebf6f1ac004ebb6b0c975cd310ec469d98364388e9cedbfa68be"
+SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937"
MIRRORS += "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/older-releases/"
@@ -22,7 +22,9 @@
inherit autotools binconfig-disabled pkgconfig
# Work around missing symbols
-EXTRA_OECONF:append:class-target = " ${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}"
+ARMNEON = "${@bb.utils.contains("TUNE_FEATURES", "neon", "--enable-arm-neon=on", "--enable-arm-neon=off", d)}"
+ARMNEON:aarch64 = "--enable-hardware-optimizations=on"
+EXTRA_OECONF += "${ARMNEON}"
PACKAGES =+ "${PN}-tools"
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
new file mode 100644
index 0000000..ce72c86
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
@@ -0,0 +1,266 @@
+CVE: CVE-2022-3599
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From f00484b9519df933723deb38fff943dc291a793d Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Tue, 30 Aug 2022 16:56:48 +0200
+Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related
+ TIFFTAG_NUMBEROFINKS value
+
+In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed:
+
+Behaviour for writing:
+ `NumberOfInks` MUST fit to the number of inks in the `InkNames` string.
+ `NumberOfInks` is automatically set when `InkNames` is set.
+ If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
+ If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
+
+Behaviour for reading:
+ When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string.
+ If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
+ If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
+
+This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow
+
+This MR will close the following issues: #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456.
+
+It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue.
+---
+ libtiff/tif_dir.c | 119 ++++++++++++++++++++++++-----------------
+ libtiff/tif_dir.h | 2 +
+ libtiff/tif_dirinfo.c | 2 +-
+ libtiff/tif_dirwrite.c | 5 ++
+ libtiff/tif_print.c | 4 ++
+ 5 files changed, 82 insertions(+), 50 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 793e8a79..816f7756 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -136,32 +136,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32_t* v)
+ }
+
+ /*
+- * Confirm we have "samplesperpixel" ink names separated by \0. Returns
++ * Count ink names separated by \0. Returns
+ * zero if the ink names are not as expected.
+ */
+-static uint32_t
+-checkInkNamesString(TIFF* tif, uint32_t slen, const char* s)
++static uint16_t
++countInkNamesString(TIFF *tif, uint32_t slen, const char *s)
+ {
+- TIFFDirectory* td = &tif->tif_dir;
+- uint16_t i = td->td_samplesperpixel;
++ uint16_t i = 0;
++ const char *ep = s + slen;
++ const char *cp = s;
+
+ if (slen > 0) {
+- const char* ep = s+slen;
+- const char* cp = s;
+- for (; i > 0; i--) {
++ do {
+ for (; cp < ep && *cp != '\0'; cp++) {}
+ if (cp >= ep)
+ goto bad;
+ cp++; /* skip \0 */
+- }
+- return ((uint32_t)(cp - s));
++ i++;
++ } while (cp < ep);
++ return (i);
+ }
+ bad:
+ TIFFErrorExt(tif->tif_clientdata, "TIFFSetField",
+- "%s: Invalid InkNames value; expecting %"PRIu16" names, found %"PRIu16,
+- tif->tif_name,
+- td->td_samplesperpixel,
+- (uint16_t)(td->td_samplesperpixel-i));
++ "%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink",
++ tif->tif_name, slen, i);
+ return (0);
+ }
+
+@@ -478,13 +476,61 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
+ _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6);
+ break;
+ case TIFFTAG_INKNAMES:
+- v = (uint16_t) va_arg(ap, uint16_vap);
+- s = va_arg(ap, char*);
+- v = checkInkNamesString(tif, v, s);
+- status = v > 0;
+- if( v > 0 ) {
+- _TIFFsetNString(&td->td_inknames, s, v);
+- td->td_inknameslen = v;
++ {
++ v = (uint16_t) va_arg(ap, uint16_vap);
++ s = va_arg(ap, char*);
++ uint16_t ninksinstring;
++ ninksinstring = countInkNamesString(tif, v, s);
++ status = ninksinstring > 0;
++ if(ninksinstring > 0 ) {
++ _TIFFsetNString(&td->td_inknames, s, v);
++ td->td_inknameslen = v;
++ /* Set NumberOfInks to the value ninksinstring */
++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS))
++ {
++ if (td->td_numberofinks != ninksinstring) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n -> NumberOfInks value adapted to %"PRIu16"",
++ tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring);
++ td->td_numberofinks = ninksinstring;
++ }
++ } else {
++ td->td_numberofinks = ninksinstring;
++ TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS);
++ }
++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL))
++ {
++ if (td->td_numberofinks != td->td_samplesperpixel) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Warning %s; Tag %s:\n Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"",
++ tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel);
++ }
++ }
++ }
++ }
++ break;
++ case TIFFTAG_NUMBEROFINKS:
++ v = (uint16_t)va_arg(ap, uint16_vap);
++ /* If InkNames already set also NumberOfInks is set accordingly and should be equal */
++ if (TIFFFieldSet(tif, FIELD_INKNAMES))
++ {
++ if (v != td->td_numberofinks) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Error %s; Tag %s:\n It is not possible to set the value %"PRIu32" for NumberOfInks\n which is different from the number of inks in the InkNames tag (%"PRIu16")",
++ tif->tif_name, fip->field_name, v, td->td_numberofinks);
++ /* Do not set / overwrite number of inks already set by InkNames case accordingly. */
++ status = 0;
++ }
++ } else {
++ td->td_numberofinks = (uint16_t)v;
++ if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL))
++ {
++ if (td->td_numberofinks != td->td_samplesperpixel) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Warning %s; Tag %s:\n Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"",
++ tif->tif_name, fip->field_name, v, td->td_samplesperpixel);
++ }
++ }
+ }
+ break;
+ case TIFFTAG_PERSAMPLE:
+@@ -986,34 +1032,6 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
+ if (fip->field_bit == FIELD_CUSTOM) {
+ standard_tag = 0;
+ }
+-
+- if( standard_tag == TIFFTAG_NUMBEROFINKS )
+- {
+- int i;
+- for (i = 0; i < td->td_customValueCount; i++) {
+- uint16_t val;
+- TIFFTagValue *tv = td->td_customValues + i;
+- if (tv->info->field_tag != standard_tag)
+- continue;
+- if( tv->value == NULL )
+- return 0;
+- val = *(uint16_t *)tv->value;
+- /* Truncate to SamplesPerPixel, since the */
+- /* setting code for INKNAMES assume that there are SamplesPerPixel */
+- /* inknames. */
+- /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
+- if( val > td->td_samplesperpixel )
+- {
+- TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
+- "Truncating NumberOfInks from %u to %"PRIu16,
+- val, td->td_samplesperpixel);
+- val = td->td_samplesperpixel;
+- }
+- *va_arg(ap, uint16_t*) = val;
+- return 1;
+- }
+- return 0;
+- }
+
+ switch (standard_tag) {
+ case TIFFTAG_SUBFILETYPE:
+@@ -1195,6 +1213,9 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
+ case TIFFTAG_INKNAMES:
+ *va_arg(ap, const char**) = td->td_inknames;
+ break;
++ case TIFFTAG_NUMBEROFINKS:
++ *va_arg(ap, uint16_t *) = td->td_numberofinks;
++ break;
+ default:
+ {
+ int i;
+diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
+index 09065648..0c251c9e 100644
+--- a/libtiff/tif_dir.h
++++ b/libtiff/tif_dir.h
+@@ -117,6 +117,7 @@ typedef struct {
+ /* CMYK parameters */
+ int td_inknameslen;
+ char* td_inknames;
++ uint16_t td_numberofinks; /* number of inks in InkNames string */
+
+ int td_customValueCount;
+ TIFFTagValue *td_customValues;
+@@ -174,6 +175,7 @@ typedef struct {
+ #define FIELD_TRANSFERFUNCTION 44
+ #define FIELD_INKNAMES 46
+ #define FIELD_SUBIFD 49
++#define FIELD_NUMBEROFINKS 50
+ /* FIELD_CUSTOM (see tiffio.h) 65 */
+ /* end of support for well-known tags; codec-private tags follow */
+ #define FIELD_CODEC 66 /* base of codec-private tags */
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 3371cb5c..3b4bcd33 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -114,7 +114,7 @@ tiffFields[] = {
+ { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray },
+ { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL },
+ { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL },
+- { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL },
++ { TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL },
+ { TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL },
+ { TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL },
+ { TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL },
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 6c86fdca..062e4610 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -626,6 +626,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64_t* pdiroff)
+ if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames))
+ goto bad;
+ }
++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS))
++ {
++ if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks))
++ goto bad;
++ }
+ if (TIFFFieldSet(tif,FIELD_SUBIFD))
+ {
+ if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir))
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 16ce5780..a91b9e7b 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -397,6 +397,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ }
+ fputs("\n", fd);
+ }
++ if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) {
++ fprintf(fd, " NumberOfInks: %d\n",
++ td->td_numberofinks);
++ }
+ if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) {
+ fprintf(fd, " Thresholding: ");
+ switch (td->td_threshholding) {
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
new file mode 100644
index 0000000..02642ec
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
@@ -0,0 +1,36 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 20 Aug 2022 23:35:26 +0200
+Subject: [PATCH] tiffcrop -S option: Make decision simpler.
+
+---
+ tools/tiffcrop.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c3b758ec..8fd856dc 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2133,11 +2133,11 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ }
+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
+ char XY, Z, R, S;
+- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
+- Z = (crop_data->crop_mode & CROP_ZONES);
+- R = (crop_data->crop_mode & CROP_REGIONS);
+- S = (page->mode & PAGE_MODE_ROWSCOLS);
+- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
++ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0;
++ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
++ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
++ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
++ if (XY + Z + R + S > 1) {
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
+ exit(EXIT_FAILURE);
+ }
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
new file mode 100644
index 0000000..3e33f4a
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Thu, 25 Aug 2022 16:11:41 +0200
+Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options
+ with any PAGE_MODE_x option (fixes #411 and #413)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S.
+
+Code analysis:
+
+With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[].
+In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) .
+
+Execution of the else-clause often leads to buffer-overflows.
+
+Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows.
+
+The MR solves issues #411 and #413.
+---
+ doc/tools/tiffcrop.rst | 8 ++++++++
+ tools/tiffcrop.c | 32 +++++++++++++++++++++++++-------
+ 2 files changed, 33 insertions(+), 7 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 8fd856dc..41a2ea36 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
+ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
+ if (XY + Z + R + S > 1) {
+- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
++ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit");
+ exit(EXIT_FAILURE);
+ }
++
++ /* Check for not allowed combination:
++ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
++ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
++. */
++ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) {
++ TIFFError("tiffcrop input error",
++ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit");
++ exit(EXIT_FAILURE);
++ }
++
+ } /* end process_command_opts */
+
+ /* Start a new output file if one has not been previously opened or
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
new file mode 100644
index 0000000..e44b9bc
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
@@ -0,0 +1,653 @@
+CVE: CVE-2022-3570 CVE-2022-3598
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From afd7086090dafd3949afd172822cbcec4ed17d56 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Thu, 13 Oct 2022 14:33:27 +0000
+Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271,
+ #381, #386, #388, #389, #435)
+
+---
+ tools/tiffcrop.c | 209 ++++++++++++++++++++++++++---------------------
+ 1 file changed, 118 insertions(+), 91 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 41a2ea36..deab5feb 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -212,6 +212,10 @@ static char tiffcrop_rev_date[] = "26-08-2022";
+
+ #define TIFF_DIR_MAX 65534
+
++/* Some conversion subroutines require image buffers, which are at least 3 bytes
++ * larger than the necessary size for the image itself. */
++#define NUM_BUFF_OVERSIZE_BYTES 3
++
+ /* Offsets into buffer for margins and fixed width and length segments */
+ struct offset {
+ uint32_t tmargin;
+@@ -233,7 +237,7 @@ struct offset {
+ */
+
+ struct buffinfo {
+- uint32_t size; /* size of this buffer */
++ size_t size; /* size of this buffer */
+ unsigned char *buffer; /* address of the allocated buffer */
+ };
+
+@@ -810,8 +814,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf,
+ uint32_t dst_rowsize, shift_width;
+ uint32_t bytes_per_sample, bytes_per_pixel;
+ uint32_t trailing_bits, prev_trailing_bits;
+- uint32_t tile_rowsize = TIFFTileRowSize(in);
+- uint32_t src_offset, dst_offset;
++ tmsize_t tile_rowsize = TIFFTileRowSize(in);
++ tmsize_t src_offset, dst_offset;
+ uint32_t row_offset, col_offset;
+ uint8_t *bufp = (uint8_t*) buf;
+ unsigned char *src = NULL;
+@@ -861,7 +865,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf,
+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
+ exit(EXIT_FAILURE);
+ }
+- tilebuf = limitMalloc(tile_buffsize + 3);
++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (tilebuf == 0)
+ return 0;
+ tilebuf[tile_buffsize] = 0;
+@@ -1024,7 +1028,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8_t *obuf,
+ for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++)
+ {
+ srcbuffs[sample] = NULL;
+- tbuff = (unsigned char *)limitMalloc(tilesize + 8);
++ tbuff = (unsigned char *)limitMalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!tbuff)
+ {
+ TIFFError ("readSeparateTilesIntoBuffer",
+@@ -1217,7 +1221,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+ }
+ rowstripsize = rowsperstrip * bytes_per_sample * (width + 1);
+
+- obuf = limitMalloc (rowstripsize);
++ /* Add 3 padding bytes for extractContigSamples32bits */
++ obuf = limitMalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (obuf == NULL)
+ return 1;
+
+@@ -1229,7 +1234,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+
+ stripsize = TIFFVStripSize(out, nrows);
+ src = buf + (row * rowsize);
+- memset (obuf, '\0', rowstripsize);
++ memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump))
+ {
+ _TIFFfree(obuf);
+@@ -1237,10 +1242,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+ }
+ if ((dump->outfile != NULL) && (dump->level == 1))
+ {
+- dump_info(dump->outfile, dump->format,"",
++ if (scanlinesize > 0x0ffffffffULL) {
++ dump_info(dump->infile, dump->format, "loadImage",
++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.",
++ scanlinesize);
++ }
++ dump_info(dump->outfile, dump->format,"",
+ "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d",
+- s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf);
+- dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf);
++ s + 1, strip + 1, stripsize, row + 1, (uint32_t)scanlinesize, src - buf);
++ dump_buffer(dump->outfile, dump->format, nrows, (uint32_t)scanlinesize, row, obuf);
+ }
+
+ if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0)
+@@ -1267,7 +1277,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng
+ uint32_t tl, tw;
+ uint32_t row, col, nrow, ncol;
+ uint32_t src_rowsize, col_offset;
+- uint32_t tile_rowsize = TIFFTileRowSize(out);
++ tmsize_t tile_rowsize = TIFFTileRowSize(out);
+ uint8_t* bufp = (uint8_t*) buf;
+ tsize_t tile_buffsize = 0;
+ tsize_t tilesize = TIFFTileSize(out);
+@@ -1310,9 +1320,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng
+ }
+ src_rowsize = ((imagewidth * spp * bps) + 7U) / 8;
+
+- tilebuf = limitMalloc(tile_buffsize);
++ /* Add 3 padding bytes for extractContigSamples32bits */
++ tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (tilebuf == 0)
+ return 1;
++ memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ for (row = 0; row < imagelength; row += tl)
+ {
+ nrow = (row + tl > imagelength) ? imagelength - row : tl;
+@@ -1358,7 +1370,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele
+ uint32_t imagewidth, tsample_t spp,
+ struct dump_opts * dump)
+ {
+- tdata_t obuf = limitMalloc(TIFFTileSize(out));
++ /* Add 3 padding bytes for extractContigSamples32bits */
++ tdata_t obuf = limitMalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES);
+ uint32_t tl, tw;
+ uint32_t row, col, nrow, ncol;
+ uint32_t src_rowsize, col_offset;
+@@ -1368,6 +1381,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele
+
+ if (obuf == NULL)
+ return 1;
++ memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES);
+
+ if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) ||
+ !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) ||
+@@ -1793,14 +1807,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+
+ *opt_offset = '\0';
+ /* convert option to lowercase */
+- end = strlen (opt_ptr);
++ end = (unsigned int)strlen (opt_ptr);
+ for (i = 0; i < end; i++)
+ *(opt_ptr + i) = tolower((int) *(opt_ptr + i));
+ /* Look for dump format specification */
+ if (strncmp(opt_ptr, "for", 3) == 0)
+ {
+ /* convert value to lowercase */
+- end = strlen (opt_offset + 1);
++ end = (unsigned int)strlen (opt_offset + 1);
+ for (i = 1; i <= end; i++)
+ *(opt_offset + i) = tolower((int) *(opt_offset + i));
+ /* check dump format value */
+@@ -2273,6 +2287,8 @@ main(int argc, char* argv[])
+ size_t length;
+ char temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */
+
++ assert(NUM_BUFF_OVERSIZE_BYTES >= 3);
++
+ little_endian = *((unsigned char *)&little_endian) & '1';
+
+ initImageData(&image);
+@@ -3227,13 +3243,13 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ /* If we have a full buffer's worth, write it out */
+ if (ready_bits >= 32)
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -3642,13 +3658,13 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+ }
+ else /* If we have a full buffer's worth, write it out */
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -3825,10 +3841,10 @@ extractContigSamplesToTileBuffer(uint8_t *out, uint8_t *in, uint32_t rows, uint3
+ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf)
+ {
+ uint8_t* bufp = buf;
+- int32_t bytes_read = 0;
++ tmsize_t bytes_read = 0;
+ uint32_t strip, nstrips = TIFFNumberOfStrips(in);
+- uint32_t stripsize = TIFFStripSize(in);
+- uint32_t rows = 0;
++ tmsize_t stripsize = TIFFStripSize(in);
++ tmsize_t rows = 0;
+ uint32_t rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
+ tsize_t scanline_size = TIFFScanlineSize(in);
+
+@@ -3841,11 +3857,11 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf)
+ bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1);
+ rows = bytes_read / scanline_size;
+ if ((strip < (nstrips - 1)) && (bytes_read != (int32_t)stripsize))
+- TIFFError("", "Strip %"PRIu32": read %"PRId32" bytes, strip size %"PRIu32,
++ TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64,
+ strip + 1, bytes_read, stripsize);
+
+ if (bytes_read < 0 && !ignore) {
+- TIFFError("", "Error reading strip %"PRIu32" after %"PRIu32" rows",
++ TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows",
+ strip, rows);
+ return 0;
+ }
+@@ -4310,13 +4326,13 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ /* If we have a full buffer's worth, write it out */
+ if (ready_bits >= 32)
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -4359,10 +4375,10 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d",
+ row + 1, col + 1, src_byte, src_bit, dst - out);
+
+- dump_long (dumpfile, format, "Match bits ", matchbits);
++ dump_wide (dumpfile, format, "Match bits ", matchbits);
+ dump_data (dumpfile, format, "Src bits ", src, 4);
+- dump_long (dumpfile, format, "Buff1 bits ", buff1);
+- dump_long (dumpfile, format, "Buff2 bits ", buff2);
++ dump_wide (dumpfile, format, "Buff1 bits ", buff1);
++ dump_wide (dumpfile, format, "Buff2 bits ", buff2);
+ dump_byte (dumpfile, format, "Write bits1", bytebuff1);
+ dump_byte (dumpfile, format, "Write bits2", bytebuff2);
+ dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits);
+@@ -4835,13 +4851,13 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ /* If we have a full buffer's worth, write it out */
+ if (ready_bits >= 32)
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -4884,10 +4900,10 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ "Row %3d, Col %3d, Src byte offset %3d bit offset %2d Dst offset %3d",
+ row + 1, col + 1, src_byte, src_bit, dst - out);
+
+- dump_long (dumpfile, format, "Match bits ", matchbits);
++ dump_wide (dumpfile, format, "Match bits ", matchbits);
+ dump_data (dumpfile, format, "Src bits ", src, 4);
+- dump_long (dumpfile, format, "Buff1 bits ", buff1);
+- dump_long (dumpfile, format, "Buff2 bits ", buff2);
++ dump_wide (dumpfile, format, "Buff1 bits ", buff1);
++ dump_wide (dumpfile, format, "Buff2 bits ", buff2);
+ dump_byte (dumpfile, format, "Write bits1", bytebuff1);
+ dump_byte (dumpfile, format, "Write bits2", bytebuff2);
+ dump_info (dumpfile, format, "", "Ready bits: %2d", ready_bits);
+@@ -4910,7 +4926,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+ {
+ int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
+ uint32_t j;
+- int32_t bytes_read = 0;
++ tmsize_t bytes_read = 0;
+ uint16_t bps = 0, planar;
+ uint32_t nstrips;
+ uint32_t strips_per_sample;
+@@ -4976,7 +4992,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
+ {
+ srcbuffs[s] = NULL;
+- buff = limitMalloc(stripsize + 3);
++ buff = limitMalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!buff)
+ {
+ TIFFError ("readSeparateStripsIntoBuffer",
+@@ -4999,7 +5015,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+ buff = srcbuffs[s];
+ strip = (s * strips_per_sample) + j;
+ bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize);
+- rows_this_strip = bytes_read / src_rowsize;
++ rows_this_strip = (uint32_t)(bytes_read / src_rowsize);
+ if (bytes_read < 0 && !ignore)
+ {
+ TIFFError(TIFFFileName(in),
+@@ -6062,13 +6078,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ uint16_t input_compression = 0, input_photometric = 0;
+ uint16_t subsampling_horiz, subsampling_vert;
+ uint32_t width = 0, length = 0;
+- uint32_t stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0;
++ tmsize_t stsize = 0, tlsize = 0, buffsize = 0;
++ tmsize_t scanlinesize = 0;
+ uint32_t tw = 0, tl = 0; /* Tile width and length */
+- uint32_t tile_rowsize = 0;
++ tmsize_t tile_rowsize = 0;
+ unsigned char *read_buff = NULL;
+ unsigned char *new_buff = NULL;
+ int readunit = 0;
+- static uint32_t prev_readsize = 0;
++ static tmsize_t prev_readsize = 0;
+
+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp);
+@@ -6325,6 +6342,8 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ /* The buffsize_check and the possible adaptation of buffsize
+ * has to account also for padding of each line to a byte boundary.
+ * This is assumed by mirrorImage() and rotateImage().
++ * Furthermore, functions like extractContigSamplesShifted32bits()
++ * need a buffer, which is at least 3 bytes larger than the actual image.
+ * Otherwise buffer-overflow might occur there.
+ */
+ buffsize_check = length * (uint32_t)(((width * spp * bps) + 7) / 8);
+@@ -6376,7 +6395,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+ return (-1);
+ }
+- read_buff = (unsigned char *)limitMalloc(buffsize+3);
++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ {
+@@ -6387,11 +6406,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+ return (-1);
+ }
+- new_buff = _TIFFrealloc(read_buff, buffsize+3);
++ new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!new_buff)
+ {
+ free (read_buff);
+- read_buff = (unsigned char *)limitMalloc(buffsize+3);
++ read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ read_buff = new_buff;
+@@ -6464,8 +6483,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ dump_info (dump->infile, dump->format, "",
+ "Bits per sample %"PRIu16", Samples per pixel %"PRIu16, bps, spp);
+
++ if (scanlinesize > 0x0ffffffffULL) {
++ dump_info(dump->infile, dump->format, "loadImage",
++ "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.",
++ scanlinesize);
++ }
+ for (i = 0; i < length; i++)
+- dump_buffer(dump->infile, dump->format, 1, scanlinesize,
++ dump_buffer(dump->infile, dump->format, 1, (uint32_t)scanlinesize,
+ i, read_buff + (i * scanlinesize));
+ }
+ return (0);
+@@ -7485,13 +7509,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image,
+ if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) {
+ TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks);
+ if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) {
+- int inknameslen = strlen(inknames) + 1;
++ int inknameslen = (int)strlen(inknames) + 1;
+ const char* cp = inknames;
+ while (ninks > 1) {
+ cp = strchr(cp, '\0');
+ if (cp) {
+ cp++;
+- inknameslen += (strlen(cp) + 1);
++ inknameslen += ((int)strlen(cp) + 1);
+ }
+ ninks--;
+ }
+@@ -7554,23 +7578,23 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+
+ if (!sect_buff)
+ {
+- sect_buff = (unsigned char *)limitMalloc(sectsize);
++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!sect_buff)
+ {
+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+ return (-1);
+ }
+- _TIFFmemset(sect_buff, 0, sectsize);
++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ {
+ if (prev_sectsize < sectsize)
+ {
+- new_buff = _TIFFrealloc(sect_buff, sectsize);
++ new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!new_buff)
+ {
+ _TIFFfree (sect_buff);
+- sect_buff = (unsigned char *)limitMalloc(sectsize);
++ sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ sect_buff = new_buff;
+@@ -7580,7 +7604,7 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+ return (-1);
+ }
+- _TIFFmemset(sect_buff, 0, sectsize);
++ _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ }
+
+@@ -7611,17 +7635,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ cropsize = crop->bufftotal;
+ crop_buff = seg_buffs[0].buffer;
+ if (!crop_buff)
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+ prev_cropsize = seg_buffs[0].size;
+ if (prev_cropsize < cropsize)
+ {
+- next_buff = _TIFFrealloc(crop_buff, cropsize);
++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (! next_buff)
+ {
+ _TIFFfree (crop_buff);
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ crop_buff = next_buff;
+@@ -7634,7 +7658,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ return (-1);
+ }
+
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ seg_buffs[0].buffer = crop_buff;
+ seg_buffs[0].size = cropsize;
+
+@@ -7714,17 +7738,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ cropsize = crop->bufftotal;
+ crop_buff = seg_buffs[i].buffer;
+ if (!crop_buff)
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+ prev_cropsize = seg_buffs[0].size;
+ if (prev_cropsize < cropsize)
+ {
+- next_buff = _TIFFrealloc(crop_buff, cropsize);
++ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (! next_buff)
+ {
+ _TIFFfree (crop_buff);
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ crop_buff = next_buff;
+@@ -7737,7 +7761,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ return (-1);
+ }
+
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ seg_buffs[i].buffer = crop_buff;
+ seg_buffs[i].size = cropsize;
+
+@@ -7853,24 +7877,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ crop_buff = *crop_buff_ptr;
+ if (!crop_buff)
+ {
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!crop_buff)
+ {
+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+ return (-1);
+ }
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ prev_cropsize = cropsize;
+ }
+ else
+ {
+ if (prev_cropsize < cropsize)
+ {
+- new_buff = _TIFFrealloc(crop_buff, cropsize);
++ new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (!new_buff)
+ {
+ free (crop_buff);
+- crop_buff = (unsigned char *)limitMalloc(cropsize);
++ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ else
+ crop_buff = new_buff;
+@@ -7879,7 +7903,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+ return (-1);
+ }
+- _TIFFmemset(crop_buff, 0, cropsize);
++ _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ }
+ }
+
+@@ -8177,13 +8201,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image,
+ if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) {
+ TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks);
+ if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) {
+- int inknameslen = strlen(inknames) + 1;
++ int inknameslen = (int)strlen(inknames) + 1;
+ const char* cp = inknames;
+ while (ninks > 1) {
+ cp = strchr(cp, '\0');
+ if (cp) {
+ cp++;
+- inknameslen += (strlen(cp) + 1);
++ inknameslen += ((int)strlen(cp) + 1);
+ }
+ ninks--;
+ }
+@@ -8568,13 +8592,13 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+ }
+ else /* If we have a full buffer's worth, write it out */
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -8643,12 +8667,13 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+ return (-1);
+ }
+
+- if (!(rbuff = (unsigned char *)limitMalloc(buffsize)))
++ /* Add 3 padding bytes for extractContigSamplesShifted32bits */
++ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES)))
+ {
+- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize);
++ TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ return (-1);
+ }
+- _TIFFmemset(rbuff, '\0', buffsize);
++ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES);
+
+ ibuff = *ibuff_ptr;
+ switch (rotation)
+@@ -9176,13 +9201,13 @@ reverseSamples32bits (uint16_t spp, uint16_t bps, uint32_t width,
+ }
+ else /* If we have a full buffer's worth, write it out */
+ {
+- bytebuff1 = (buff2 >> 56);
++ bytebuff1 = (uint8_t)(buff2 >> 56);
+ *dst++ = bytebuff1;
+- bytebuff2 = (buff2 >> 48);
++ bytebuff2 = (uint8_t)(buff2 >> 48);
+ *dst++ = bytebuff2;
+- bytebuff3 = (buff2 >> 40);
++ bytebuff3 = (uint8_t)(buff2 >> 40);
+ *dst++ = bytebuff3;
+- bytebuff4 = (buff2 >> 32);
++ bytebuff4 = (uint8_t)(buff2 >> 32);
+ *dst++ = bytebuff4;
+ ready_bits -= 32;
+
+@@ -9273,12 +9298,13 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ {
+ case MIRROR_BOTH:
+ case MIRROR_VERT:
+- line_buff = (unsigned char *)limitMalloc(rowsize);
++ line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ if (line_buff == NULL)
+ {
+- TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize);
++ TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ return (-1);
+ }
++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+
+ dst = ibuff + (rowsize * (length - 1));
+ for (row = 0; row < length / 2; row++)
+@@ -9310,11 +9336,12 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ }
+ else
+ { /* non 8 bit per sample data */
+- if (!(line_buff = (unsigned char *)limitMalloc(rowsize + 1)))
++ if (!(line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES)))
+ {
+ TIFFError("mirrorImage", "Unable to allocate mirror line buffer");
+ return (-1);
+ }
++ _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ bytes_per_sample = (bps + 7) / 8;
+ bytes_per_pixel = ((bps * spp) + 7) / 8;
+ if (bytes_per_pixel < (bytes_per_sample + 1))
+@@ -9326,7 +9353,7 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ {
+ row_offset = row * rowsize;
+ src = ibuff + row_offset;
+- _TIFFmemset (line_buff, '\0', rowsize);
++ _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ switch (shift_width)
+ {
+ case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff))
+--
+2.34.1
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
index 98020ff..e673945 100644
--- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
@@ -1,4 +1,4 @@
-CVE: CVE-2022-2053
+CVE: CVE-2022-2953
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch
new file mode 100644
index 0000000..b3352ba
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-3970.patch
@@ -0,0 +1,39 @@
+From 227500897dfb07fb7d27f7aa570050e62617e3be Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 8 Nov 2022 15:16:58 +0100
+Subject: [PATCH] TIFFReadRGBATileExt(): fix (unsigned) integer overflow on
+ strips/tiles > 2 GB
+
+Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
+Upstream-Status: Accepted
+---
+ libtiff/tif_getimage.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index a4d0c1d6..60b94d8e 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -3016,15 +3016,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t col, uint32_t row, uint32_t * raster, in
+ return( ok );
+
+ for( i_row = 0; i_row < read_ysize; i_row++ ) {
+- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize,
+- raster + (read_ysize - i_row - 1) * read_xsize,
++ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
++ raster + (size_t)(read_ysize - i_row - 1) * read_xsize,
+ read_xsize * sizeof(uint32_t) );
+- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize,
++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize,
+ 0, sizeof(uint32_t) * (tile_xsize - read_xsize) );
+ }
+
+ for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) {
+- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize,
++ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
+ 0, sizeof(uint32_t) * tile_xsize );
+ }
+
+--
+2.33.0
+
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
new file mode 100644
index 0000000..4f8dc35
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
@@ -0,0 +1,26 @@
+From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sat, 21 Jan 2023 15:58:10 +0000
+Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
+
+
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz]
+CVE: CVE-2022-48281
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: tiff-4.2.0/tools/tiffcrop.c
+===================================================================
+--- tiff-4.2.0.orig/tools/tiffcrop.c
++++ tiff-4.2.0/tools/tiffcrop.c
+@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data
+ crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+- prev_cropsize = seg_buffs[0].size;
++ prev_cropsize = seg_buffs[1].size;
+ if (prev_cropsize < cropsize)
+ {
+ next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch
new file mode 100644
index 0000000..926df68
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0795_0796_0797_0798_0799.patch
@@ -0,0 +1,154 @@
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 21 Feb 2023 14:26:43 +0100
+Subject: CVE-2023-0795
+
+This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798,
+CVE-2023-0799.
+
+Bug-Debian: https://bugs.debian.org/1031632
+Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+
+CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
+Upstream-Status: Backport [import from ubuntu debian/patches/CVE-2023-0795.patch http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.4.0-4ubuntu3.3.debian.tar.xz ]
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+--- tiff-4.4.0.orig/tools/tiffcrop.c
++++ tiff-4.4.0/tools/tiffcrop.c
+@@ -269,7 +269,6 @@ struct region {
+ uint32_t width; /* width in pixels */
+ uint32_t length; /* length in pixels */
+ uint32_t buffsize; /* size of buffer needed to hold the cropped region */
+- unsigned char *buffptr; /* address of start of the region */
+ };
+
+ /* Cropping parameters from command line and image data
+@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uin
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **);
++ unsigned char **, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps)
+ cps->regionlist[i].width = 0;
+ cps->regionlist[i].length = 0;
+ cps->regionlist[i].buffsize = 0;
+- cps->regionlist[i].buffptr = NULL;
+ cps->zonelist[i].position = 0;
+ cps->zonelist[i].total = 0;
+ }
+@@ -6551,8 +6549,13 @@ static int correct_orientation(struct i
+ (uint16_t) (image->adjustments & ROTATE_ANY));
+ return (-1);
+ }
+-
+- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr))
++
++ /* Dummy variable in order not to switch two times the
++ * image->width,->length within rotateImage(),
++ * but switch xres, yres there. */
++ uint32_t width = image->width;
++ uint32_t length = image->length;
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE))
+ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -6661,7 +6664,6 @@ extractCompositeRegions(struct image_dat
+ /* These should not be needed for composite images */
+ crop->regionlist[i].width = crop_width;
+ crop->regionlist[i].length = crop_length;
+- crop->regionlist[i].buffptr = crop_buff;
+
+ src_rowsize = ((img_width * bps * spp) + 7) / 8;
+ dst_rowsize = (((crop_width * bps * count) + 7) / 8);
+@@ -6900,7 +6902,6 @@ extractSeparateRegion(struct image_data
+
+ crop->regionlist[region].width = crop_width;
+ crop->regionlist[region].length = crop_length;
+- crop->regionlist[region].buffptr = crop_buff;
+
+ src = read_buff;
+ dst = crop_buff;
+@@ -7778,7 +7779,7 @@ processCropSelections(struct image_data
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff))
++ &crop->combined_length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+@@ -7888,7 +7889,7 @@ processCropSelections(struct image_data
+ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
+ */
+ if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff))
++ &crop->regionlist[i].length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -8020,7 +8021,7 @@ createCroppedImage(struct image_data *im
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr))
++ &crop->combined_length, crop_buff_ptr, TRUE))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8683,7 +8684,7 @@ rotateContigSamples32bits(uint16_t rotat
+ /* Rotate an image by a multiple of 90 degrees clockwise */
+ static int
+ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+- uint32_t *img_length, unsigned char **ibuff_ptr)
++ uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params)
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+@@ -8874,11 +8875,15 @@ rotateImage(uint16_t rotation, struct im
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+
+ case 270: if ((bps % 8) == 0) /* byte aligned data */
+@@ -8951,11 +8956,15 @@ rotateImage(uint16_t rotation, struct im
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+ default:
+ break;
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
new file mode 100644
index 0000000..8372bc3
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/files/CVE-2023-0800_0801_0802_0803_0804.patch
@@ -0,0 +1,128 @@
+From 82a7fbb1fa7228499ffeb3a57a1d106a9626d57c Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sun, 5 Feb 2023 15:53:15 +0000
+Subject: [PATCH] tiffcrop: added check for assumption on composite images
+ (fixes #496)
+
+tiffcrop: For composite images with more than one region, the combined_length or combined_width always needs to be equal, respectively. Otherwise, even the first section/region copy action might cause buffer overrun. This is now checked before the first copy action.
+
+Closes #496, #497, #498, #500, #501.
+
+Upstream-Status: Backport [import from fedora https://src.fedoraproject.org/rpms/libtiff/c/91856895aadf3cce6353f40c2feef9bf0b486440 ]
+CVE: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ tools/tiffcrop.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 66 insertions(+), 2 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 84e26ac6..480b927c 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -5329,18 +5329,39 @@
+
+ crop->regionlist[i].buffsize = buffsize;
+ crop->bufftotal += buffsize;
++ /* For composite images with more than one region, the
++ * combined_length or combined_width always needs to be equal,
++ * respectively.
++ * Otherwise, even the first section/region copy
++ * action might cause buffer overrun. */
+ if (crop->img_mode == COMPOSITE_IMAGES)
+ {
+ switch (crop->edge_ref)
+ {
+ case EDGE_LEFT:
+ case EDGE_RIGHT:
++ if (i > 0 && zlength != crop->combined_length)
++ {
++ TIFFError(
++ "computeInputPixelOffsets",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (-1);
++ }
+ crop->combined_length = zlength;
+ crop->combined_width += zwidth;
+ break;
+ case EDGE_BOTTOM:
+ case EDGE_TOP: /* width from left, length from top */
+ default:
++ if (i > 0 && zwidth != crop->combined_width)
++ {
++ TIFFError("computeInputPixelOffsets",
++ "Only equal width regions can be "
++ "combined for -E "
++ "top or bottom");
++ return (-1);
++ }
+ crop->combined_width = zwidth;
+ crop->combined_length += zlength;
+ break;
+@@ -6546,6 +6567,46 @@
+ crop->combined_width = 0;
+ crop->combined_length = 0;
+
++ /* If there is more than one region, check beforehand whether all the width
++ * and length values of the regions are the same, respectively. */
++ switch (crop->edge_ref)
++ {
++ default:
++ case EDGE_TOP:
++ case EDGE_BOTTOM:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_width0 =
++ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1;
++ uint32_t crop_width1 =
++ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++ if (crop_width0 != crop_width1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal width regions can be combined for -E "
++ "top or bottom");
++ return (1);
++ }
++ }
++ break;
++ case EDGE_LEFT:
++ case EDGE_RIGHT:
++ for (i = 1; i < crop->selections; i++)
++ {
++ uint32_t crop_length0 =
++ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1;
++ uint32_t crop_length1 =
++ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
++ if (crop_length0 != crop_length1)
++ {
++ TIFFError("extractCompositeRegions",
++ "Only equal length regions can be combined for "
++ "-E left or right");
++ return (1);
++ }
++ }
++ }
++
+ for (i = 0; i < crop->selections; i++)
+ {
+ /* rows, columns, width, length are expressed in pixels */
+@@ -6570,7 +6631,8 @@
+ default:
+ case EDGE_TOP:
+ case EDGE_BOTTOM:
+- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width))
++ if ((crop->selections > i + 1) &&
++ (crop_width != crop->regionlist[i + 1].width))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal width regions can be combined for -E top or bottom");
+@@ -6651,7 +6713,8 @@
+ break;
+ case EDGE_LEFT: /* splice the pieces of each row together, side by side */
+ case EDGE_RIGHT:
+- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length))
++ if ((crop->selections > i + 1) &&
++ (crop_length != crop->regionlist[i + 1].length))
+ {
+ TIFFError ("extractCompositeRegions",
+ "Only equal length regions can be combined for -E left or right");
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
index caf6f60..9df3c5a 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
@@ -12,6 +12,14 @@
file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
file://CVE-2022-34526.patch \
file://CVE-2022-2953.patch \
+ file://CVE-2022-3970.patch \
+ file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \
+ file://0001-tiffcrop-S-option-Make-decision-simpler.patch \
+ file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \
+ file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
+ file://CVE-2022-48281.patch \
+ file://CVE-2023-0800_0801_0802_0803_0804.patch \
+ file://CVE-2023-0795_0796_0797_0798_0799.patch \
"
SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed"
@@ -25,7 +33,6 @@
# These issues only affect libtiff post-4.3.0 but before 4.4.0,
# caused by 3079627e and fixed by b4e79bfa.
CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
-
# Issue is in jbig which we don't enable
CVE_CHECK_IGNORE += "CVE-2022-1210"
@@ -41,6 +48,7 @@
PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg,"
PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib,"
PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz,"
+PACKAGECONFIG[webp] = "--enable-webp,--disable-webp,libwebp,"
# Convert single-strip uncompressed images to multiple strips of specified
# size (default: 8192) to reduce memory usage
diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
similarity index 90%
rename from poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb
rename to poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
index 5f776c1..7082010 100644
--- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.12.1.bb
+++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
@@ -13,7 +13,7 @@
REQUIRED_DISTRO_FEATURES = "opengl"
SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "45aa833c44ec292f31fa943b01b8cc75e54eb623ad7ba6a66fc2f118fe69e629"
+SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155"
# Especially helps compiling with clang which enable this as error when
# using c++11
diff --git a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch b/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
deleted file mode 100644
index 6f27876..0000000
--- a/poky/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 6b638fa9afbeb54dfa19378e391465a5284ce1ad Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 12 Sep 2018 17:16:36 +0800
-Subject: [PATCH] Fix error handling in gdbm
-
-Only check for gdbm_errno if the return value of the called gdbm_*
-function says so. This fixes apr-util with gdbm 1.14, which does not
-seem to always reset gdbm_errno.
-
-Also make the gdbm driver return error codes starting with
-APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is
-what the berkleydb driver already does.
-
-Also ensure that dsize is 0 if dptr == NULL.
-
-Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1825311]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- dbm/apr_dbm_gdbm.c | 47 +++++++++++++++++++++++++++++------------------
- 1 file changed, 29 insertions(+), 18 deletions(-)
-
-diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c
-index 749447a..1c86327 100644
---- a/dbm/apr_dbm_gdbm.c
-+++ b/dbm/apr_dbm_gdbm.c
-@@ -36,13 +36,25 @@
- static apr_status_t g2s(int gerr)
- {
- if (gerr == -1) {
-- /* ### need to fix this */
-- return APR_EGENERAL;
-+ if (gdbm_errno == GDBM_NO_ERROR)
-+ return APR_SUCCESS;
-+ return APR_OS_START_USEERR + gdbm_errno;
- }
-
- return APR_SUCCESS;
- }
-
-+static apr_status_t gdat2s(datum d)
-+{
-+ if (d.dptr == NULL) {
-+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND)
-+ return APR_SUCCESS;
-+ return APR_OS_START_USEERR + gdbm_errno;
-+ }
-+
-+ return APR_SUCCESS;
-+}
-+
- static apr_status_t datum_cleanup(void *dptr)
- {
- if (dptr)
-@@ -53,22 +65,15 @@ static apr_status_t datum_cleanup(void *dptr)
-
- static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said)
- {
-- apr_status_t rv = APR_SUCCESS;
-
-- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */
-+ dbm->errcode = dbm_said;
-
-- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) {
-+ if (dbm_said == APR_SUCCESS)
- dbm->errmsg = NULL;
-- }
-- else {
-- dbm->errmsg = gdbm_strerror(gdbm_errno);
-- rv = APR_EGENERAL; /* ### need something better */
-- }
--
-- /* captured it. clear it now. */
-- gdbm_errno = GDBM_NO_ERROR;
-+ else
-+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR);
-
-- return rv;
-+ return dbm_said;
- }
-
- /* --------------------------------------------------------------------------
-@@ -107,7 +112,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname,
- NULL);
-
- if (file == NULL)
-- return APR_EGENERAL; /* ### need a better error */
-+ return APR_OS_START_USEERR + gdbm_errno; /* ### need a better error */
-
- /* we have an open database... return it */
- *pdb = apr_pcalloc(pool, sizeof(**pdb));
-@@ -141,10 +146,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key,
- if (pvalue->dptr)
- apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pvalue->dsize = 0;
-
- /* store the error info into DBM, and return a status code. Also, note
- that *pvalue should have been cleared on error. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key,
-@@ -201,9 +208,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey)
- if (pkey->dptr)
- apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pkey->dsize = 0;
-
- /* store any error info into DBM, and return a status code. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
-@@ -221,9 +230,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
- if (pkey->dptr)
- apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pkey->dsize = 0;
-
- /* store any error info into DBM, and return a status code. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data)
---
-2.7.4
-
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb
similarity index 93%
rename from poky/meta/recipes-support/apr/apr-util_1.6.1.bb
rename to poky/meta/recipes-support/apr/apr-util_1.6.3.bb
index b851d46..7c6fcc6 100644
--- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/poky/meta/recipes-support/apr/apr-util_1.6.3.bb
@@ -13,11 +13,9 @@
file://configfix.patch \
file://configure_fixes.patch \
file://run-ptest \
- file://0001-Fix-error-handling-in-gdbm.patch \
-"
+ "
-SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
-SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
+SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983"
EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
--without-odbc \
diff --git a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
index abff4e9..a274f3a 100644
--- a/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
+++ b/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
@@ -1,14 +1,15 @@
-From 2bbe20b4f69e84e7a18bc79d382486953f479328 Mon Sep 17 00:00:00 2001
+From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman <jpuhlman@mvista.com>
Date: Thu, 26 Mar 2020 18:30:36 +0000
Subject: [PATCH] Add option to disable timed dependant tests
-The disabled tests rely on timing to pass correctly. On a virtualized
+The disabled tests rely on timing to pass correctly. On a virtualized
system under heavy load, these tests randomly fail because they miss
a timer or other timing related issues.
Upstream-Status: Pending
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+
---
configure.in | 6 ++++++
include/apr.h.in | 1 +
@@ -16,10 +17,10 @@
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
-index d9f32d6..f0c5661 100644
+index bfd488b..3663220 100644
--- a/configure.in
+++ b/configure.in
-@@ -2886,6 +2886,12 @@ AC_ARG_ENABLE(timedlocks,
+@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks,
)
AC_SUBST(apr_has_timedlocks)
@@ -45,10 +46,10 @@
#define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@
diff --git a/test/testlock.c b/test/testlock.c
-index a43f477..6233d0b 100644
+index e3437c1..04e01b9 100644
--- a/test/testlock.c
+++ b/test/testlock.c
-@@ -396,13 +396,13 @@ abts_suite *testlock(abts_suite *suite)
+@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, threads_not_impl, NULL);
#else
abts_run_test(suite, test_thread_mutex, NULL);
@@ -56,6 +57,8 @@
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_thread_timedmutex, NULL);
#endif
+ abts_run_test(suite, test_thread_nestedmutex, NULL);
+@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, test_thread_rwlock, NULL);
abts_run_test(suite, test_cond, NULL);
abts_run_test(suite, test_timeoutcond, NULL);
@@ -63,7 +66,4 @@
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_timeoutmutex, NULL);
#endif
- #endif
---
-2.23.0
-
+ #ifdef WIN32
diff --git a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
deleted file mode 100644
index d0a9bd9..0000000
--- a/poky/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 23 Aug 2022 22:42:03 -0700
-Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type
-
-APR's configure script uses AC_TRY_RUN to detect whether the return type
-of strerror_r is int. When cross-compiling this defaults to no.
-
-This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
-influence the outcome with a configure variable.
-
-Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- build/apr_common.m4 | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/build/apr_common.m4 b/build/apr_common.m4
-index cbf2a4c..42e75cf 100644
---- a/build/apr_common.m4
-+++ b/build/apr_common.m4
-@@ -525,8 +525,9 @@ dnl string.
- dnl
- dnl
- AC_DEFUN([APR_CHECK_STRERROR_R_RC], [
--AC_MSG_CHECKING(for type of return code from strerror_r)
--AC_TRY_RUN([
-+AC_CACHE_CHECK([whether return code from strerror_r has type int],
-+[ac_cv_strerror_r_rc_int],
-+[AC_TRY_RUN([
- #include <errno.h>
- #include <string.h>
- #include <stdio.h>
-@@ -542,14 +543,10 @@ main()
- }], [
- ac_cv_strerror_r_rc_int=yes ], [
- ac_cv_strerror_r_rc_int=no ], [
-- ac_cv_strerror_r_rc_int=no ] )
-+ ac_cv_strerror_r_rc_int=no ] ) ] )
- if test "x$ac_cv_strerror_r_rc_int" = xyes; then
- AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int])
-- msg="int"
--else
-- msg="pointer"
- fi
--AC_MSG_RESULT([$msg])
- ] )
-
- dnl
---
-2.37.2
-
diff --git a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
index fa6202d..a78b162 100644
--- a/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
+++ b/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
@@ -1,4 +1,4 @@
-From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001
+From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 26 Aug 2022 00:28:08 -0700
Subject: [PATCH] configure: Remove runtime test for mmap that can map
@@ -10,24 +10,25 @@
Upstream-Status: Inappropriate [Cross-compile specific]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
---
- configure.in | 32 --------------------------------
- 1 file changed, 32 deletions(-)
+ configure.in | 30 ------------------------------
+ 1 file changed, 30 deletions(-)
diff --git a/configure.in b/configure.in
-index a99049d..f1f55c7 100644
+index 3663220..dce9789 100644
--- a/configure.in
+++ b/configure.in
-@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
+@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
APR_CHECK_DEFINE(MAP_ANON, sys/mman.h)
AC_CHECK_FILE(/dev/zero)
-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that.
-if test "$ac_cv_func_mmap" = "yes" &&
-- test "$ac_cv_file__dev_zero" = "yes"; then
-- AC_MSG_CHECKING(for mmap that can map /dev/zero)
-- AC_TRY_RUN([
--#include <sys/types.h>
+- test "$ac_cv_file__dev_zero" = "yes"; then
+- AC_CACHE_CHECK([for mmap that can map /dev/zero],
+- [ac_cv_mmap__dev_zero],
+- [AC_TRY_RUN([#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#ifdef HAVE_SYS_MMAN_H
@@ -49,14 +50,9 @@
- return 3;
- }
- return 0;
-- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])
--
-- AC_MSG_RESULT($ac_cv_file__dev_zero)
+- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])])
-fi
-
# Now we determine which one is our anonymous shmem preference.
haveshmgetanon="0"
havemmapzero="0"
---
-2.37.2
-
diff --git a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
index 72e706f..d63423f 100644
--- a/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
+++ b/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
@@ -1,8 +1,7 @@
-From 5925b20da8bbc34d9bf5a5dca123ef38864d43c6 Mon Sep 17 00:00:00 2001
+From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 30 Jan 2018 09:39:06 +0800
-Subject: [PATCH 2/7] apr: Remove workdir path references from installed apr
- files
+Subject: [PATCH] apr: Remove workdir path references from installed apr files
Upstream-Status: Inappropriate [configuration]
@@ -14,20 +13,23 @@
Rebase to 1.6.3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
- apr-config.in | 26 ++------------------------
- 1 file changed, 2 insertions(+), 24 deletions(-)
+ apr-config.in | 32 ++------------------------------
+ 1 file changed, 2 insertions(+), 30 deletions(-)
diff --git a/apr-config.in b/apr-config.in
-index 84b4073..bbbf651 100644
+index bed47ca..47874e5 100644
--- a/apr-config.in
+++ b/apr-config.in
-@@ -152,14 +152,7 @@ while test $# -gt 0; do
+@@ -164,16 +164,7 @@ while test $# -gt 0; do
flags="$flags $LDFLAGS"
;;
--includes)
- if test "$location" = "installed"; then
flags="$flags -I$includedir $EXTRA_INCLUDES"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES"
- elif test "$location" = "source"; then
- flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES"
- else
@@ -37,13 +39,15 @@
;;
--srcdir)
echo $APR_SOURCE_DIR
-@@ -181,29 +174,14 @@ while test $# -gt 0; do
+@@ -197,33 +188,14 @@ while test $# -gt 0; do
exit 0
;;
--link-ld)
- if test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
- flags="$flags -L$libdir -l${APR_LIBNAME}"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}"
- else
- ### this surely can't work since the library is in .libs?
- flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}"
@@ -62,6 +66,8 @@
- # Since the user is specifying they are linking with libtool, we
- # *know* that -R will be recognized by libtool.
- flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}"
- else
- flags="$flags $LA_FILE"
- fi
@@ -69,6 +75,3 @@
;;
--shlib-path-var)
echo "$SHLIBPATH_VAR"
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch b/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
deleted file mode 100644
index 4dd53bd..0000000
--- a/poky/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d5028c10f156c224475b340cfb1ba025d6797243 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Fri, 2 Feb 2018 15:51:42 +0800
-Subject: [PATCH 3/7] Makefile.in/configure.in: support cross compiling
-
-While cross compiling, the tools/gen_test_char could not
-be executed at build time, use AX_PROG_CC_FOR_BUILD to
-build native tools/gen_test_char
-
-Upstream-Status: Submitted [https://github.com/apache/apr/pull/8]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- Makefile.in | 10 +++-------
- configure.in | 3 +++
- 2 files changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 5fb760e..8675f90 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -46,7 +46,7 @@ LT_VERSION = @LT_VERSION@
-
- CLEAN_TARGETS = apr-config.out apr.exp exports.c export_vars.c .make.dirs \
- build/apr_rules.out tools/gen_test_char@EXEEXT@ \
-- tools/gen_test_char.o tools/gen_test_char.lo \
-+ tools/gen_test_char.o \
- include/private/apr_escape_test_char.h
- DISTCLEAN_TARGETS = config.cache config.log config.status \
- include/apr.h include/arch/unix/apr_private.h \
-@@ -131,13 +131,9 @@ check: $(TARGET_LIB)
- etags:
- etags `find . -name '*.[ch]'`
-
--OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS)
--tools/gen_test_char.lo: tools/gen_test_char.c
-+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c
- $(APR_MKDIR) tools
-- $(LT_COMPILE)
--
--tools/gen_test_char@EXEEXT@: $(OBJECTS_gen_test_char)
-- $(LINK_PROG) $(OBJECTS_gen_test_char) $(ALL_LIBS)
-+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@
-
- include/private/apr_escape_test_char.h: tools/gen_test_char@EXEEXT@
- $(APR_MKDIR) include/private
-diff --git a/configure.in b/configure.in
-index 719f331..361120f 100644
---- a/configure.in
-+++ b/configure.in
-@@ -183,6 +183,9 @@ dnl can only be used once within a configure script, so this prevents a
- dnl preload section from invoking the macro to get compiler info.
- AC_PROG_CC
-
-+dnl Check build CC for gen_test_char compiling which is executed at build time.
-+AX_PROG_CC_FOR_BUILD
-+
- dnl AC_PROG_SED is only avaliable in recent autoconf versions.
- dnl Use AC_CHECK_PROG instead if AC_PROG_SED is not present.
- ifdef([AC_PROG_SED],
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch b/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
deleted file mode 100644
index d1a2ebe..0000000
--- a/poky/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 49661ea3858cf8494926cccf57d3e8c6dcb47117 Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Wed, 14 Dec 2016 18:13:08 +0800
-Subject: [PATCH] apr: fix off_t size doesn't match in glibc when cross
- compiling
-
-In configure.in, it contains the following:
-
- APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
-
-the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4,
-it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross
-compiling enable.
-
-So it was hardcoded for cross compiling, we should detect it dynamic based on
-the sysroot's glibc. We change it to the following:
-
- AC_CHECK_SIZEOF(off_t)
-
-The same for the following hardcoded types for cross compiling:
-
- pid_t 8
- ssize_t 8
- size_t 8
- off_t 8
-
-Change the above correspondingly.
-
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
-
-Upstream-Status: Pending
-
----
- configure.in | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 27b8539..fb408d1 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1801,7 +1801,7 @@ else
- socklen_t_value="int"
- fi
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], pid_t, 8)
-+AC_CHECK_SIZEOF(pid_t)
-
- if test "$ac_cv_sizeof_pid_t" = "$ac_cv_sizeof_short"; then
- pid_t_fmt='#define APR_PID_T_FMT "hd"'
-@@ -1873,7 +1873,7 @@ APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned long, lu, [size_t_fmt="lu"], [
- APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned int, u, [size_t_fmt="u"])
- ])
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], ssize_t, 8)
-+AC_CHECK_SIZEOF(ssize_t)
-
- dnl the else cases below should no longer occur;
- AC_MSG_CHECKING([which format to use for apr_ssize_t])
-@@ -1891,7 +1891,7 @@ fi
-
- ssize_t_fmt="#define APR_SSIZE_T_FMT \"$ssize_t_fmt\""
-
--APR_CHECK_SIZEOF_EXTENDED([#include <stddef.h>], size_t, 8)
-+AC_CHECK_SIZEOF(size_t)
-
- # else cases below should no longer occur;
- AC_MSG_CHECKING([which format to use for apr_size_t])
-@@ -1909,7 +1909,7 @@ fi
-
- size_t_fmt="#define APR_SIZE_T_FMT \"$size_t_fmt\""
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
-+AC_CHECK_SIZEOF(off_t)
-
- if test "${ac_cv_sizeof_off_t}${apr_cv_use_lfs64}" = "4yes"; then
- # Enable LFS
diff --git a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch
deleted file mode 100644
index 00befda..0000000
--- a/poky/meta/recipes-support/apr/apr/CVE-2021-35940.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-
-SECURITY: CVE-2021-35940 (cve.mitre.org)
-
-Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
-was addressed in 1.6.x in 1.6.3 and later via r1807976.
-
-The fix was merged back to 1.7.x in r1891198.
-
-Since this was a regression in 1.7.0, a new CVE name has been assigned
-to track this, CVE-2021-35940.
-
-Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
-
-https://svn.apache.org/viewvc?view=revision&revision=1891198
-
-Upstream-Status: Backport
-CVE: CVE-2021-35940
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-
-Index: time/unix/time.c
-===================================================================
---- a/time/unix/time.c (revision 1891197)
-+++ b/time/unix/time.c (revision 1891198)
-@@ -142,6 +142,9 @@
- static const int dayoffset[12] =
- {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
-
-+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
-+ return APR_EBADDATE;
-+
- /* shift new year to 1st March in order to make leap year calc easy */
-
- if (xt->tm_mon < 2)
-Index: time/win32/time.c
-===================================================================
---- a/time/win32/time.c (revision 1891197)
-+++ b/time/win32/time.c (revision 1891198)
-@@ -54,6 +54,9 @@
- static const int dayoffset[12] =
- {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
-
-+ if (tm->wMonth < 1 || tm->wMonth > 12)
-+ return APR_EBADDATE;
-+
- /* Note; the caller is responsible for filling in detailed tm_usec,
- * tm_gmtoff and tm_isdst data when applicable.
- */
-@@ -228,6 +231,9 @@
- static const int dayoffset[12] =
- {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
-
-+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
-+ return APR_EBADDATE;
-+
- /* shift new year to 1st March in order to make leap year calc easy */
-
- if (xt->tm_mon < 2)
diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch
deleted file mode 100644
index 9f7b5c6..0000000
--- a/poky/meta/recipes-support/apr/apr/autoconf270.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-With autoconf 2.70 confdefs.h is already included. Including it twice generates
-compiler warnings and since this macros is to error on warnings, it breaks.
-
-Fix by not including the file.
-
-Upstream-Status: Pending
-RP - 2021/1/28
-
-Index: apr-1.7.0/build/apr_common.m4
-===================================================================
---- apr-1.7.0.orig/build/apr_common.m4
-+++ apr-1.7.0/build/apr_common.m4
-@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
- fi
- AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE(
-- [#include "confdefs.h"
-- ]
-+ []
- [[$1]]
- [int main(int argc, const char *const *argv) {]
- [[$2]]
diff --git a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch
index 740792e..80ce43c 100644
--- a/poky/meta/recipes-support/apr/apr/libtoolize_check.patch
+++ b/poky/meta/recipes-support/apr/apr/libtoolize_check.patch
@@ -1,6 +1,7 @@
+From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
-Subject: check for libtoolize rather than libtool
-Last-Update: 2014-09-19
+Date: Tue, 7 Feb 2023 07:04:00 +0000
+Subject: [PATCH] check for libtoolize rather than libtool
libtool is now in package libtool-bin, but apr only needs libtoolize.
@@ -8,14 +9,22 @@
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---- apr.orig/build/buildcheck.sh
-+++ apr/build/buildcheck.sh
-@@ -39,11 +39,11 @@ fi
+---
+ build/buildcheck.sh | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/build/buildcheck.sh b/build/buildcheck.sh
+index 44921b5..08bc8a8 100755
+--- a/build/buildcheck.sh
++++ b/build/buildcheck.sh
+@@ -39,13 +39,11 @@ fi
# ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a
# output is multiline from 1.5 onwards
-# Require libtool 1.4 or newer
--libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+-if test -z "$libtool"; then
+- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+-fi
-lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
+# Require libtoolize 1.4 or newer
+libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14`
diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.2.bb
similarity index 91%
rename from poky/meta/recipes-support/apr/apr_1.7.0.bb
rename to poky/meta/recipes-support/apr/apr_1.7.2.bb
index cb4bb93..c9059c9 100644
--- a/poky/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/poky/meta/recipes-support/apr/apr_1.7.2.bb
@@ -16,21 +16,15 @@
SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://run-ptest \
file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \
- file://0003-Makefile.in-configure.in-support-cross-compiling.patch \
file://0004-Fix-packet-discards-HTTP-redirect.patch \
file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \
- file://0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch \
file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
- file://autoconf270.patch \
- file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \
file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \
- file://CVE-2021-35940.patch \
"
-SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-SRC_URI[sha256sum] = "e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea"
+SRC_URI[sha256sum] = "75e77cc86776c030c0a5c408dfbd0bf2a0b75eed5351e52d5439fa1e5509a43e"
inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script
diff --git a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb
index 78c51e7..89b7bf2 100644
--- a/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb
+++ b/poky/meta/recipes-support/bmap-tools/bmap-tools_git.bb
@@ -9,7 +9,7 @@
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https"
+SRC_URI = "git://github.com/intel/${BPN};branch=main;protocol=https"
SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch
new file mode 100644
index 0000000..03a7ac5
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch
@@ -0,0 +1,27 @@
+From dd31455d46dcf9e3a1b8bd37e671af1a6af52807 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 15 Sep 2022 09:22:45 +0200
+Subject: [PATCH] setopt: when POST is set, reset the 'upload' field
+
+Reported-by: RobBotic1 on github
+Fixes #9507
+Closes #9511
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d6]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/setopt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index d5e3b50..b8793b4 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -696,6 +696,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+ }
+ else
+ data->set.method = HTTPREQ_GET;
++ data->set.upload = FALSE;
+ break;
+
+ case CURLOPT_HTTPPOST:
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch
new file mode 100644
index 0000000..a4aae69
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-35260.patch
@@ -0,0 +1,73 @@
+From 9169e54444bdca7b5e7b44034c463fe5fc801e88 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 4 Oct 2022 14:37:24 +0200
+Subject: [PATCH] netrc: replace fgets with Curl_get_line
+
+Make the parser only accept complete lines and avoid problems with
+overly long lines.
+
+Reported-by: Hiroki Kurosawa
+
+Closes #9789
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa86]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/curl_get_line.c | 6 +++---
+ lib/netrc.c | 5 +++--
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c
+index 6a26bb2..22e3705 100644
+--- a/lib/curl_get_line.c
++++ b/lib/curl_get_line.c
+@@ -25,7 +25,7 @@
+ #include "curl_setup.h"
+
+ #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \
+- !defined(CURL_DISABLE_HSTS)
++ !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC)
+
+ #include "curl_get_line.h"
+ #include "curl_memory.h"
+@@ -33,8 +33,8 @@
+ #include "memdebug.h"
+
+ /*
+- * get_line() makes sure to only return complete whole lines that fit in 'len'
+- * bytes and end with a newline.
++ * Curl_get_line() makes sure to only return complete whole lines that fit in
++ * 'len' bytes and end with a newline.
+ */
+ char *Curl_get_line(char *buf, int len, FILE *input)
+ {
+diff --git a/lib/netrc.c b/lib/netrc.c
+index 62a6a10..5d17482 100644
+--- a/lib/netrc.c
++++ b/lib/netrc.c
+@@ -33,6 +33,7 @@
+ #include "netrc.h"
+ #include "strtok.h"
+ #include "strcase.h"
++#include "curl_get_line.h"
+
+ /* The last 3 #include files should be in this order */
+ #include "curl_printf.h"
+@@ -84,7 +85,7 @@ static int parsenetrc(const char *host,
+ char netrcbuffer[4096];
+ int netrcbuffsize = (int)sizeof(netrcbuffer);
+
+- while(!done && fgets(netrcbuffer, netrcbuffsize, file)) {
++ while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) {
+ char *tok;
+ char *tok_end;
+ bool quoted;
+@@ -243,7 +244,7 @@ static int parsenetrc(const char *host,
+ } /* switch (state) */
+ tok = ++tok_end;
+ }
+- } /* while fgets() */
++ } /* while Curl_get_line() */
+
+ out:
+ if(!retcode) {
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch
new file mode 100644
index 0000000..43de6e6
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch
@@ -0,0 +1,53 @@
+From 3ede0e72aaad6447d2a5ab07dac43e1b9d7e617b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 6 Oct 2022 14:13:36 +0200
+Subject: [PATCH] http_proxy: restore the protocol pointer on error
+
+Reported-by: Trail of Bits
+
+Closes #9790
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315ce]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/http_proxy.c | 6 ++----
+ lib/url.c | 9 ---------
+ 2 files changed, 2 insertions(+), 13 deletions(-)
+
+diff --git a/lib/http_proxy.c b/lib/http_proxy.c
+index 1f87f6c..cc20b3a 100644
+--- a/lib/http_proxy.c
++++ b/lib/http_proxy.c
+@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data)
+ Curl_dyn_free(&s->rcvbuf);
+ Curl_dyn_free(&s->req);
+
+- /* restore the protocol pointer, if not already done */
+- if(s->prot_save)
+- data->req.p.http = s->prot_save;
+- s->prot_save = NULL;
++ /* restore the protocol pointer */
++ data->req.p.http = s->prot_save;
+ data->info.httpcode = 0; /* clear it as it might've been used for the
+ proxy */
+ data->req.ignorebody = FALSE;
+diff --git a/lib/url.c b/lib/url.c
+index bfc784f..61c99d2 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -746,15 +746,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
+ DEBUGASSERT(data);
+ infof(data, "Closing connection %ld", conn->connection_id);
+
+-#ifndef USE_HYPER
+- if(conn->connect_state && conn->connect_state->prot_save) {
+- /* If this was closed with a CONNECT in progress, cleanup this temporary
+- struct arrangement */
+- data->req.p.http = NULL;
+- Curl_safefree(conn->connect_state->prot_save);
+- }
+-#endif
+-
+ /* possible left-overs from the async name resolvers */
+ Curl_resolver_cancel(data);
+
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch
new file mode 100644
index 0000000..000af69
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-42916.patch
@@ -0,0 +1,134 @@
+From 401455229a5006bed0346fedc99791ccb53e146c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 12 Oct 2022 10:47:59 +0200
+Subject: [PATCH] url: use IDN decoded names for HSTS checks
+
+Reported-by: Hiroki Kurosawa
+
+Closes #9791
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/53bcf55b4538067e6]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/url.c | 91 ++++++++++++++++++++++++++++---------------------------
+ 1 file changed, 47 insertions(+), 44 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 61c99d2..6426fa7 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -2024,10 +2024,56 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+ failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN);
+ return CURLE_URL_MALFORMAT;
+ }
++ hostname = data->state.up.hostname;
++
++ if(hostname && hostname[0] == '[') {
++ /* This looks like an IPv6 address literal. See if there is an address
++ scope. */
++ size_t hlen;
++ conn->bits.ipv6_ip = TRUE;
++ /* cut off the brackets! */
++ hostname++;
++ hlen = strlen(hostname);
++ hostname[hlen - 1] = 0;
++
++ zonefrom_url(uh, data, conn);
++ }
++
++ /* make sure the connect struct gets its own copy of the host name */
++ conn->host.rawalloc = strdup(hostname ? hostname : "");
++ if(!conn->host.rawalloc)
++ return CURLE_OUT_OF_MEMORY;
++ conn->host.name = conn->host.rawalloc;
++
++ /*************************************************************
++ * IDN-convert the hostnames
++ *************************************************************/
++ result = Curl_idnconvert_hostname(data, &conn->host);
++ if(result)
++ return result;
++ if(conn->bits.conn_to_host) {
++ result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
++ if(result)
++ return result;
++ }
++#ifndef CURL_DISABLE_PROXY
++ if(conn->bits.httpproxy) {
++ result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
++ if(result)
++ return result;
++ }
++ if(conn->bits.socksproxy) {
++ result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
++ if(result)
++ return result;
++ }
++#endif
+
+ #ifndef CURL_DISABLE_HSTS
++ /* HSTS upgrade */
+ if(data->hsts && strcasecompare("http", data->state.up.scheme)) {
+- if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) {
++ /* This MUST use the IDN decoded name */
++ if(Curl_hsts(data->hsts, conn->host.name, TRUE)) {
+ char *url;
+ Curl_safefree(data->state.up.scheme);
+ uc = curl_url_set(uh, CURLUPART_SCHEME, "https", 0);
+@@ -2133,26 +2179,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
+
+ (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0);
+
+- hostname = data->state.up.hostname;
+- if(hostname && hostname[0] == '[') {
+- /* This looks like an IPv6 address literal. See if there is an address
+- scope. */
+- size_t hlen;
+- conn->bits.ipv6_ip = TRUE;
+- /* cut off the brackets! */
+- hostname++;
+- hlen = strlen(hostname);
+- hostname[hlen - 1] = 0;
+-
+- zonefrom_url(uh, data, conn);
+- }
+-
+- /* make sure the connect struct gets its own copy of the host name */
+- conn->host.rawalloc = strdup(hostname ? hostname : "");
+- if(!conn->host.rawalloc)
+- return CURLE_OUT_OF_MEMORY;
+- conn->host.name = conn->host.rawalloc;
+-
+ #ifdef ENABLE_IPV6
+ if(data->set.scope_id)
+ /* Override any scope that was set above. */
+@@ -3781,29 +3807,6 @@ static CURLcode create_conn(struct Curl_easy *data,
+ if(result)
+ goto out;
+
+- /*************************************************************
+- * IDN-convert the hostnames
+- *************************************************************/
+- result = Curl_idnconvert_hostname(data, &conn->host);
+- if(result)
+- goto out;
+- if(conn->bits.conn_to_host) {
+- result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
+- if(result)
+- goto out;
+- }
+-#ifndef CURL_DISABLE_PROXY
+- if(conn->bits.httpproxy) {
+- result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
+- if(result)
+- goto out;
+- }
+- if(conn->bits.socksproxy) {
+- result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
+- if(result)
+- goto out;
+- }
+-#endif
+
+ /*************************************************************
+ * Check whether the host and the "connect to host" are equal.
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch
new file mode 100644
index 0000000..7c617ef
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43551.patch
@@ -0,0 +1,32 @@
+From 08aa76b7b24454a89866aaef661ea90ae3d57900 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 19 Dec 2022 08:36:55 +0100
+Subject: [PATCH] http: use the IDN decoded name in HSTS checks
+
+Otherwise it stores the info HSTS into the persistent cache for the IDN
+name which will not match when the HSTS status is later checked for
+using the decoded name.
+
+Reported-by: Hiroki Kurosawa
+
+Closes #10111
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/9e71901634e276dd]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index b0ad28e..8b18e8d 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -3654,7 +3654,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
+ else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) &&
+ (conn->handler->flags & PROTOPT_SSL)) {
+ CURLcode check =
+- Curl_hsts_parse(data->hsts, data->state.up.hostname,
++ Curl_hsts_parse(data->hsts, conn->host.name,
+ headp + strlen("Strict-Transport-Security:"));
+ if(check)
+ infof(data, "Illegal STS header skipped");
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch
new file mode 100644
index 0000000..059dad1
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-43552.patch
@@ -0,0 +1,78 @@
+From 6ae56c9c47b02106373c9482f09c510fd5c50a84 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 19 Dec 2022 08:38:37 +0100
+Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
+
+It is managed by the generic layer.
+
+Reported-by: Trail of Bits
+
+Closes #10112
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe1]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/smb.c | 14 ++------------
+ lib/telnet.c | 3 ---
+ 2 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/lib/smb.c b/lib/smb.c
+index 039d680..f682c1f 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -62,8 +62,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
+ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
+ static CURLcode smb_do(struct Curl_easy *data, bool *done);
+ static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+- bool premature);
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+ struct connectdata *conn, bool dead);
+ static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
+@@ -78,7 +76,7 @@ const struct Curl_handler Curl_handler_smb = {
+ "SMB", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ smb_do, /* do_it */
+- smb_done, /* done */
++ ZERO_NULL, /* done */
+ ZERO_NULL, /* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+@@ -105,7 +103,7 @@ const struct Curl_handler Curl_handler_smbs = {
+ "SMBS", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ smb_do, /* do_it */
+- smb_done, /* done */
++ ZERO_NULL, /* done */
+ ZERO_NULL, /* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+@@ -941,14 +939,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+ return CURLE_OK;
+ }
+
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+- bool premature)
+-{
+- (void) premature;
+- Curl_safefree(data->req.p.smb);
+- return status;
+-}
+-
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+ struct connectdata *conn, bool dead)
+ {
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 923c7f8..48cd0d7 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct Curl_easy *data,
+
+ curl_slist_free_all(tn->telnet_vars);
+ tn->telnet_vars = NULL;
+-
+- Curl_safefree(data->req.p.telnet);
+-
+ return CURLE_OK;
+ }
+
diff --git a/poky/meta/recipes-support/curl/curl_7.85.0.bb b/poky/meta/recipes-support/curl/curl_7.85.0.bb
index ad6a517..4e05434 100644
--- a/poky/meta/recipes-support/curl/curl_7.85.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.85.0.bb
@@ -6,13 +6,19 @@
HOMEPAGE = "https://curl.se/"
BUGTRACKER = "https://github.com/curl/curl/issues"
SECTION = "console/network"
-LICENSE = "MIT-open-group"
+LICENSE = "curl"
LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238"
SRC_URI = " \
https://curl.se/download/${BP}.tar.xz \
file://run-ptest \
file://disable-tests \
+ file://CVE-2022-32221.patch \
+ file://CVE-2022-35260.patch \
+ file://CVE-2022-42915.patch \
+ file://CVE-2022-42916.patch \
+ file://CVE-2022-43551.patch \
+ file://CVE-2022-43552.patch \
"
SRC_URI[sha256sum] = "88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6"
@@ -32,14 +38,16 @@
PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
+# Don't use this in production
+PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
-PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
-PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
+PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap"
+PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap"
PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
@@ -68,9 +76,7 @@
--enable-crypto-auth \
--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
--without-libpsl \
- --enable-debug \
--enable-optimize \
- --disable-curldebug \
${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \
"
diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb
similarity index 97%
rename from poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb
rename to poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb
index c7d782e..8f979a5 100644
--- a/poky/meta/recipes-support/gnutls/gnutls_3.7.7.bb
+++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.8.bb
@@ -24,7 +24,7 @@
file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
"
-SRC_URI[sha256sum] = "be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106"
+SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
diff --git a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
similarity index 93%
rename from poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
rename to poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
index be57398..f3ead5e 100644
--- a/poky/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
+++ b/poky/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
@@ -9,7 +9,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985"
+SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a"
# inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
# are inhibited by allarch
diff --git a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
index 3f4c7e5..8bd2050 100644
--- a/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
+++ b/poky/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
@@ -1,4 +1,4 @@
-From 1c234bc39446eb9b23896e85dd67b02976d46c3d Mon Sep 17 00:00:00 2001
+From a3196f3a06e7bbfde30d143c92a4325be323b3d0 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Thu, 14 Oct 2021 15:57:36 +0800
Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl
diff --git a/poky/meta/recipes-support/libcap/libcap_2.65.bb b/poky/meta/recipes-support/libcap/libcap_2.66.bb
similarity index 96%
rename from poky/meta/recipes-support/libcap/libcap_2.65.bb
rename to poky/meta/recipes-support/libcap/libcap_2.66.bb
index 8013d40..c50e9d8 100644
--- a/poky/meta/recipes-support/libcap/libcap_2.65.bb
+++ b/poky/meta/recipes-support/libcap/libcap_2.66.bb
@@ -20,7 +20,7 @@
SRC_URI:append:class-nativesdk = " \
file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
"
-SRC_URI[sha256sum] = "73e350020cc31fe15360879d19384ffa3395a825f065fcf6bda3a5cdf965bebd"
+SRC_URI[sha256sum] = "15c40ededb3003d70a283fe587a36b7d19c8b3b554e33f86129c059a4bb466b2"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
diff --git a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
index 5e529d1..3ffcb3e 100644
--- a/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
+++ b/poky/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
@@ -1,4 +1,4 @@
-From 501a6b55853af549fae72723e74271f2a4ec7cf6 Mon Sep 17 00:00:00 2001
+From 000f1500b693a84880d2da49b77b1113f98dde35 Mon Sep 17 00:00:00 2001
From: Brett Warren <brett.warren@arm.com>
Date: Fri, 27 Nov 2020 15:28:42 +0000
Subject: [PATCH] arm/sysv: reverted clang VFP mitigation
@@ -11,8 +11,9 @@
clang supports the LDC and SDC instructions, this mitigation
has been reverted.
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/libffi/libffi/pull/747]
Signed-off-by: Brett Warren <brett.warren@arm.com>
+
---
src/arm/sysv.S | 33 ---------------------------------
1 file changed, 33 deletions(-)
@@ -99,6 +100,3 @@
b call_epilogue
E(ARM_TYPE_INT64)
ldr r1, [r2, #4]
---
-2.25.1
-
diff --git a/poky/meta/recipes-support/libffi/libffi/not-win32.patch b/poky/meta/recipes-support/libffi/libffi/not-win32.patch
index 62daaf4..38f9b00 100644
--- a/poky/meta/recipes-support/libffi/libffi/not-win32.patch
+++ b/poky/meta/recipes-support/libffi/libffi/not-win32.patch
@@ -1,4 +1,4 @@
-From 306719369a0d3608b4ff2737de74ae284788a14b Mon Sep 17 00:00:00 2001
+From 20bc4e03442e15965ae3907013e9a177878f0323 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Thu, 4 Feb 2016 16:22:50 +0000
Subject: [PATCH] libffi: ensure sysroot paths are not in libffi.pc
@@ -21,11 +21,11 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index b764368..d51ce91 100644
+index 7e8cd98..cf37e88 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -354,7 +354,7 @@ AC_ARG_ENABLE(multi-os-directory,
-
+@@ -405,7 +405,7 @@ AC_ARG_ENABLE(multi-os-directory,
+
# These variables are only ever used when we cross-build to X86_WIN32.
# And we only support this with GCC, so...
-if test "x$GCC" = "xyes"; then
diff --git a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb
similarity index 89%
rename from poky/meta/recipes-support/libffi/libffi_3.4.2.bb
rename to poky/meta/recipes-support/libffi/libffi_3.4.4.bb
index 41c3cad..15d974c 100644
--- a/poky/meta/recipes-support/libffi/libffi_3.4.2.bb
+++ b/poky/meta/recipes-support/libffi/libffi_3.4.4.bb
@@ -8,13 +8,13 @@
A layer must exist above `libffi' that handles type conversions for values passed between the two languages."
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=679b5c9bdc79a2b93ee574e193e7a7bc"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BPN}-${PV}.tar.gz \
file://not-win32.patch \
file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \
"
-SRC_URI[sha256sum] = "540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620"
+SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676"
EXTRA_OECONF += "--disable-builddir --disable-exec-static-tramp"
EXTRA_OECONF:class-native += "--with-gcc-arch=generic"
diff --git a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb
similarity index 72%
rename from poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb
rename to poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb
index ee4d79b..eb7b538 100644
--- a/poky/meta/recipes-support/libgit2/libgit2_1.5.0.bb
+++ b/poky/meta/recipes-support/libgit2/libgit2_1.5.1.bb
@@ -1,12 +1,12 @@
SUMMARY = "the Git linkable library"
HOMEPAGE = "http://libgit2.github.com/"
-LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause"
+LICENSE = "GPL-2.0-with-GCC-exception & MIT & OpenSSL & BSD-3-Clause & Zlib & ISC & LGPL-2.1-or-later & CC0-1.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=112e6bb421dea73cd41de09e777f2d2c"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main;protocol=https"
-SRCREV = "fbea439d4b6fc91c6b619d01b85ab3b7746e4c19"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.5;protocol=https"
+SRCREV = "42e5db98b963ae503229c63e44e06e439df50e56"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-support/libical/libical_3.0.14.bb b/poky/meta/recipes-support/libical/libical_3.0.16.bb
similarity index 96%
rename from poky/meta/recipes-support/libical/libical_3.0.14.bb
rename to poky/meta/recipes-support/libical/libical_3.0.16.bb
index 44030fd..61599b2 100644
--- a/poky/meta/recipes-support/libical/libical_3.0.14.bb
+++ b/poky/meta/recipes-support/libical/libical_3.0.16.bb
@@ -15,7 +15,7 @@
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \
"
-SRC_URI[sha256sum] = "4284b780356f1dc6a01f16083e7b836e63d3815e27ed0eaaad684712357ccc8f"
+SRC_URI[sha256sum] = "b44705dd71ca4538c86fb16248483ab4b48978524fb1da5097bd76aa2e0f0c33"
inherit cmake pkgconfig gobject-introspection vala github-releases
diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
index af96bd5..bdb80ff 100644
--- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
+++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
@@ -1,4 +1,4 @@
-From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001
+From ca8174aa81d7bf364b33f7254a9e887735c4996d Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 3 Dec 2012 18:17:31 +0800
Subject: [PATCH] libksba: add pkgconfig support
@@ -16,7 +16,7 @@
1 file changed, 4 insertions(+), 86 deletions(-)
diff --git a/src/ksba.m4 b/src/ksba.m4
-index 6b55bb8..6e7336f 100644
+index 452c245..aa96255 100644
--- a/src/ksba.m4
+++ b/src/ksba.m4
@@ -23,37 +23,6 @@ dnl with a changed API.
@@ -44,7 +44,7 @@
- fi
-
- use_gpgrt_config=""
-- if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+- if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
- if $GPGRT_CONFIG ksba --exists; then
- KSBA_CONFIG="$GPGRT_CONFIG ksba"
- AC_MSG_NOTICE([Use gpgrt-config as ksba-config])
diff --git a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb
similarity index 93%
rename from poky/meta/recipes-support/libksba/libksba_1.6.0.bb
rename to poky/meta/recipes-support/libksba/libksba_1.6.3.bb
index f9e8368..dc39693 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.6.0.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.6.3.bb
@@ -24,7 +24,7 @@
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
-SRC_URI[sha256sum] = "dad683e6f2d915d880aa4bed5cea9a115690b8935b78a1bbe01669189307a48b"
+SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
do_configure:prepend () {
# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
similarity index 90%
rename from poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
rename to poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
index 043fed3..7bd66f6 100644
--- a/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.75.bb
+++ b/poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_0.9.76.bb
@@ -7,7 +7,7 @@
DEPENDS = "file"
SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "9278907a6f571b391aab9644fd646a5108ed97311ec66f6359cebbedb0a4e3bb"
+SRC_URI[sha256sum] = "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c"
inherit autotools lib_package pkgconfig gettext
diff --git a/poky/meta/recipes-support/libseccomp/files/run-ptest b/poky/meta/recipes-support/libseccomp/files/run-ptest
index 54b4a63..63c79f0 100644
--- a/poky/meta/recipes-support/libseccomp/files/run-ptest
+++ b/poky/meta/recipes-support/libseccomp/files/run-ptest
@@ -1,4 +1,7 @@
#!/bin/sh
cd tests
+sed -i 's/SUCCESS/PASS/g; s/FAILURE/FAIL/g; s/SKIPPED/SKIP/g' regression
+sed -i 's/"Test %s result: %s\\n" "$1" "$2"/"%s: %s\\n" "$2" "$1"/g' regression
+sed -i 's/"Test %s result: %s %s\\n" "$1" "$2" "$3"/"%s: %s %s\\n" "$2" "$1" "$3"/g' regression
./regression -a
diff --git a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb
index e89b8f7..505c219 100644
--- a/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb
+++ b/poky/meta/recipes-support/libseccomp/libseccomp_2.5.4.bb
@@ -1,5 +1,5 @@
SUMMARY = "interface to seccomp filtering mechanism"
-DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
+DESCRIPTION = "The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp."
HOMEPAGE = "https://github.com/seccomp/libseccomp"
SECTION = "security"
LICENSE = "LGPL-2.1-only"
diff --git a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
deleted file mode 100644
index b1204e4..0000000
--- a/poky/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001
-From: Your Name <you@example.com>
-Date: Mon, 28 Dec 2020 02:08:03 +0000
-Subject: [PATCH] Don't let host enviroment to decide if a test is build
-
-test ssh2.sh need sshd, for cross compile, we need it on target, so
-don't use SSHD on host to decide weither to build a test
-
-Upstream-Status: Inappropriate[oe specific]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- tests/Makefile.am | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index dc0922f..6cbc35d 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -1,16 +1,12 @@
- AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/include -I$(top_builddir)/src
- LDADD = ../src/libssh2.la
-
--if SSHD
- noinst_PROGRAMS = ssh2
- ssh2_SOURCES = ssh2.c
--endif
-
- ctests = simple$(EXEEXT)
- TESTS = $(ctests) mansyntax.sh
--if SSHD
- TESTS += ssh2.sh
--endif
- check_PROGRAMS = $(ctests)
-
- TESTS_ENVIRONMENT = SSHD=$(SSHD) EXEEXT=$(EXEEXT)
-@@ -38,4 +34,4 @@ if OPENSSL
- # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_encrypted_ed25519_key.c
- # EXTRA_DIST += test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c
- EXTRA_DIST += test_public_key_auth_succeeds_with_correct_rsa_openssh_key.c
--endif
-\ No newline at end of file
-+endif
diff --git a/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
new file mode 100644
index 0000000..ee916c4
--- /dev/null
+++ b/poky/meta/recipes-support/libssh2/libssh2/fix-ssh2-test.patch
@@ -0,0 +1,23 @@
+In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
+so we need to re-enable them as a workaround for the test
+suite until upstream updates the tests.
+
+See: https://github.com/libssh2/libssh2/issues/630
+
+Upstream-Status: Backport [alternative fixes merged upstream]
+
+Patch taken from https://github.com/mirror-rpm/libssh2/commit/47f7114f7d0780f3075bad51a71881f45cc933c5
+
+--- a/tests/ssh2.sh
++++ b/tests/ssh2.sh
+@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host
+ -o 'Port 4711' \
+ -o 'Protocol 2' \
+ -o "AuthorizedKeysFile $srcdir/etc/user.pub" \
+- -o 'UsePrivilegeSeparation no' \
++ -o 'HostKeyAlgorithms +ssh-rsa' \
++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
+ -o 'StrictModes no' \
+ -D \
+ $libssh2_sshd_params &
+
diff --git a/poky/meta/recipes-support/libssh2/files/run-ptest b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
similarity index 67%
rename from poky/meta/recipes-support/libssh2/files/run-ptest
rename to poky/meta/recipes-support/libssh2/libssh2/run-ptest
index 9e2fce2..5e7426f 100644
--- a/poky/meta/recipes-support/libssh2/files/run-ptest
+++ b/poky/meta/recipes-support/libssh2/libssh2/run-ptest
@@ -2,8 +2,7 @@
ptestdir=$(dirname "$(readlink -f "$0")")
cd tests
-# omit ssh2.sh until https://github.com/libssh2/libssh2/issues/630 is fixed
-for test in simple mansyntax.sh
+for test in simple mansyntax.sh ssh2.sh
do
./../test-driver --test-name $test --log-file ../$test.log --trs-file ../$test.trs --color-tests no --enable-hard-errors yes --expect-failure no -- ./$test
done
diff --git a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
index 072d681..d551337 100644
--- a/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/poky/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -8,11 +8,10 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
+ file://fix-ssh2-test.patch \
file://run-ptest \
"
-SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
-
SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
inherit autotools pkgconfig ptest
diff --git a/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch
new file mode 100644
index 0000000..3c223e0
--- /dev/null
+++ b/poky/meta/recipes-support/libusb/libusb1/0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch
@@ -0,0 +1,46 @@
+From 95e601ce116dd46ea7915c171976b85ea0905d58 Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck <lonnie@abelbeck.com>
+Date: Sun, 8 May 2022 14:05:56 -0500
+Subject: [PATCH] configure.ac: Link with -latomic only if no atomic builtins
+
+Follow-up to 561dbda, a check of GCC atomic builtins needs to be done
+first.
+
+I'm no autoconf guru, but using this:
+https://github.com/mesa3d/mesa/blob/0df485c285b73c34ba9062f0c27e55c3c702930d/configure.ac#L469
+as inspiration, I created a pre-check before calling AC_SEARCH_LIBS(...)
+
+Fixes #1135
+Closes #1139
+Upstream-Status: Backport [https://github.com/kraj/libusb/commit/95e601ce116dd46ea7915c171976b85ea0905d58]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ configure.ac | 16 +++++++++++++++-
+ libusb/version_nano.h | 2 +-
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -153,7 +153,21 @@ if test "x$platform" = xposix; then
+ AC_SEARCH_LIBS([pthread_create], [pthread],
+ [test "x$ac_cv_search_pthread_create" != "xnone required" && AC_SUBST(THREAD_LIBS, [-lpthread])],
+ [], [])
+- AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic])
++ dnl Check for new-style atomic builtins. We first check without linking to -latomic.
++ AC_MSG_CHECKING(whether __atomic_load_n is supported)
++ AC_LINK_IFELSE([AC_LANG_SOURCE([[
++ #include <stdint.h>
++ int main() {
++ struct {
++ uint64_t *v;
++ } x;
++ return (int)__atomic_load_n(x.v, __ATOMIC_ACQUIRE) &
++ (int)__atomic_add_fetch(x.v, (uint64_t)1, __ATOMIC_ACQ_REL);
++ }]])], GCC_ATOMIC_BUILTINS_SUPPORTED=yes, GCC_ATOMIC_BUILTINS_SUPPORTED=no)
++ AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_SUPPORTED)
++ if test "x$GCC_ATOMIC_BUILTINS_SUPPORTED" != xyes; then
++ AC_SEARCH_LIBS([__atomic_fetch_add_4], [atomic])
++ fi
+ elif test "x$platform" = xwindows; then
+ AC_DEFINE([PLATFORM_WINDOWS], [1], [Define to 1 if compiling for a Windows platform.])
+ else
diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb
index 7371faf..122c3d4 100644
--- a/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb
+++ b/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb
@@ -11,6 +11,7 @@
BBCLASSEXTEND = "native nativesdk"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \
+ file://0001-configure.ac-Link-with-latomic-only-if-no-atomic-bui.patch \
file://run-ptest \
"
@@ -34,12 +35,12 @@
fi
}
-do_compile_ptest() {
- oe_runmake -C tests stress
-}
-
-do_install_ptest() {
- install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH}
+do_compile_ptest() {
+ oe_runmake -C tests stress
+}
+
+do_install_ptest() {
+ install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH}
}
FILES:${PN} += "${base_libdir}/*.so.*"
diff --git a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb
similarity index 91%
rename from poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb
rename to poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb
index 2121dad..f531a88 100644
--- a/poky/meta/recipes-support/mpfr/mpfr_4.1.0.bb
+++ b/poky/meta/recipes-support/mpfr/mpfr_4.1.1.bb
@@ -12,7 +12,7 @@
DEPENDS = "gmp autoconf-archive"
SRC_URI = "https://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz"
-SRC_URI[sha256sum] = "0c98a3f1732ff6ca4ea690552079da9c597872d30e96ec28414ee23c95558a7f"
+SRC_URI[sha256sum] = "ffd195bd567dbaffc3b98b23fd00aad0537680c9896171e44fe3ff79e28ac33d"
UPSTREAM_CHECK_URI = "http://www.mpfr.org/mpfr-current/"
diff --git a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch
index 9812ecc..a7bc8d3 100644
--- a/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch
+++ b/poky/meta/recipes-support/numactl/numactl/Fix-the-test-output-format.patch
@@ -7,6 +7,7 @@
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
test/regress | 6 +++---
test/regress2 | 11 +++++------
@@ -20,7 +21,7 @@
if [ $numnodes -lt 2 ] ; then
echo "need at least two nodes with at least $NEEDPAGES each of"
echo "free memory for mempolicy regression tests"
-+ echo "FAIL: numa regress"
++ echo "SKIP: numa regress"
exit 77 # Skip test
fi
}
diff --git a/poky/meta/recipes-support/numactl/numactl/run-ptest b/poky/meta/recipes-support/numactl/numactl/run-ptest
index bf269da..e019b0d 100755
--- a/poky/meta/recipes-support/numactl/numactl/run-ptest
+++ b/poky/meta/recipes-support/numactl/numactl/run-ptest
@@ -8,7 +8,11 @@
if numademo -t -e 10M; then
echo "PASS: numademo"
else
- echo "FAIL: numademo"
+ if [ "$?" = 77 ] ; then
+ echo "SKIP: numademo"
+ else
+ echo "FAIL: numademo"
+ fi
fi
else
echo "SKIP: ./../test/bind_range"
diff --git a/poky/meta/recipes-support/numactl/numactl_git.bb b/poky/meta/recipes-support/numactl/numactl_git.bb
index 712cf02..23be0a3 100644
--- a/poky/meta/recipes-support/numactl/numactl_git.bb
+++ b/poky/meta/recipes-support/numactl/numactl_git.bb
@@ -10,8 +10,8 @@
LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=9f34c3af4ed6f3f5df0da5f3c0835a43"
-SRCREV = "01a39cb4edc0dd0f4151b7ad11e0c56d2e612a02"
-PV = "2.0.15"
+SRCREV = "10285f1a1bad49306839b2c463936460b604e3ea"
+PV = "2.0.16"
SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \
file://Fix-the-test-output-format.patch \
diff --git a/poky/meta/recipes-support/vim/vim.inc b/poky/meta/recipes-support/vim/vim.inc
index cbc3701..1e27415 100644
--- a/poky/meta/recipes-support/vim/vim.inc
+++ b/poky/meta/recipes-support/vim/vim.inc
@@ -10,8 +10,7 @@
RSUGGESTS:${PN} = "diffutils"
LICENSE = "Vim"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \
- file://runtime/doc/uganda.txt;md5=001ef779f422a0e9106d428c84495b4d"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99"
SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://disable_acl_header_check.patch \
@@ -20,8 +19,8 @@
file://no-path-adjust.patch \
"
-PV .= ".0598"
-SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
+PV .= ".1429"
+SRCREV = "1a08a3e2a584889f19b84a27672134649b73da58"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
@@ -33,7 +32,7 @@
VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}"
-inherit autotools-brokensep update-alternatives mime-xdg
+inherit autotools-brokensep update-alternatives mime-xdg pkgconfig
CLEANBROKEN = "1"
@@ -82,6 +81,7 @@
--disable-netbeans \
--disable-desktop-database-update \
--with-tlib=ncurses \
+ --with-modified-by='${MAINTAINER}' \
ac_cv_small_wchar_t=no \
ac_cv_path_GLIB_COMPILE_RESOURCES=no \
vim_cv_getcwd_broken=no \