poky: subtree update:1203d1f24d..2dcd1f2a21
Alejandro Enedino Hernandez Samaniego (2):
python3: Improve logging, syntax and update deprecated modules to create_manifest
python3: Upgrade 3.9.2 -> 3.9.4
Alexander Kanavin (22):
scripts/oe-debuginfod: correct several issues
libmicrohttpd: add a recipe from meta-oe
maintainers.inc: add libmicrohttpd entry
xwayland: add a standalone recipe
weston: use standalone xwayland instead of outdated xserver-xorg version
elfutils: correct debuginfod builds on x32
elfutils: adjust ptests for correct debuginfod testing
default-distrovars.inc: add debuginfod to default DISTRO_FEATURES
oeqa: tear down oeqa decorators if one of them raises an exception in setup
meta/lib/oeqa/core/tests/cases/timeout.py: add a testcase for the previous fix
core-image-weston: add sdk/ptest images
oeqa/core/tests/test_data.py: use weston image instead of sato
oeqa/selftest: transition to weston images
core-image-multilib-example: base on weston, and not sato
dev-manual/common-tasks.rst: correct the documentation for debuginfod
diffoscope: add native libraries to LD_LIBRARY_PATH
Revert "oeqa: Set LD_LIBRARY_PATH when executing native commands"
boost: correct upstream version check
vte: use tarballs again
gdk-pixbuf: update 2.40.0 -> 2.42.6
glib-2.0: update 2.68.0 -> 2.68.1
gnu-config: update to latest revision
Anatol Belski (1):
cross-canadian: Whitelist "mingw32" as TARGET_OS
Anders Wallin (3):
lttng-tools: Fix missing legacy test files
lttng-tools: Fix path for test_python_looging
scripts/contrib/image-manifest: add new script
Andreas Müller (1):
xwayland: remove protocol.txt - it clashes with xserver-xorg
Anthony Bagwell (1):
systemd: upgrade 247.4 -> 247.6
Anuj Mittal (2):
Revert "qemu: fix CVE-2021-3392"
qemu: fix CVE-2021-3392
Armin Kuster (6):
binutils: rename BRANCH var
libseccomp: move recipe from meta-security to core
gnutls: Enable seccomp if FEATURE is set
systemd: Enable seccomp if FEATURE is set
qemu: Enable seccomp if FEATURE is set
default-distrovars.inc: Add seccomp to DISTRO_FEATURES_DEFAULT
Bastian Krause (1):
ccache: add packageconfig docs option
Bruce Ashfield (20):
kern-tools: add dropped options to audit output
linux-yocto/5.4: update to v5.4.109
linux-yocto/5.10: update to v5.10.27
linux-yocto/5.10: BSP configuration fixes
linux-yocto/5.10: update to v5.10.29
linux-yocto/5.4: update to v5.4.111
linux-yocto/5.10: update to v5.10.30
linux-yocto-rt/5.10: update to -rt34
linux-yocto/5.4: update to v5.4.112
linux-yocto/5.4: fix arm defconfig warnings
linux-yocto/5.10: fix arm defconfig warnings
linux-yocto/5.10: aufs fixes
linux-yocto/5.10: qemuriscv32.cfg: RV32 only supports 1G physical memory
linux-yocto/5.10: update to v5.10.32
perf: fix python-audit RDEPENDS
linux-yocto/5.4: update to v5.4.114
linux-yocto/5.10: update to v5.10.34
linux-yocto/5.4: update to v5.4.116
linux-yocto/5.10: qemuppc32: reduce serial shutdown issues
yocto-check-layer: Only note a layer without a conf/layer.conf (versus error)
Changqing Li (2):
libpam: make volatile files created successfully
gcr: fix one parallel build failure
Chen Qi (3):
busybox: fix CVE-2021-28831
weston: fix build failure due to race condition
rsync: fix CVE-2020-14387
Christophe Chapuis (1):
rootfs.py: find .ko.gz and .ko.xz kernel modules as well
Daniel Ammann (1):
archiver: Fix typos
Devendra Tewari (2):
bitbake: lib/bb: Add bb.utils.rename() helper function and use for renaming
classes/lib/scripts: Use bb.utils.rename() instead of os.rename()
Diego Sueiro (3):
oeqa/selftest/bblayers: Add test case for bitbake-layers layerindex-show-depends
bitbake: layerindex: Fix bitbake-layers layerindex-show-depends command
bitbake: layerindex: Add --fetchdir parameter to layerindex-fetch
Douglas Royds (2):
Revert "externalsrc: Detect code changes in submodules"
externalsrc: Detect code changes in submodules
Gavin Li (1):
kmod: do not symlink config.guess/config.sub during autoreconf
Harald Brinkmann (1):
bitbake: fetch/svn: Fix parsing revision of SVN repos with redirects
He Zhe (1):
linux-yocto-dev: add features/scsi/scsi-debug.scc features/gpio/mockup.scc to KERNEL_FEATURES
Henning Schild (3):
bitbake: fetch/git: add support for disabling shared clones on unpack
bitbake: tests/fetch: deduplicate local git testing code
bitbake: tests/fetch: add tests for local and remote "noshared" git fetching
Jon Mason (1):
oeqa/runtime: space needed
Jonas Höppner (1):
ltp: fix empty ltp-dev package
Jose Quaresma (4):
gstreamer1.0: update patch upstream status
ptest-runner: libgcc must be installed for pthread_cancel to work
gstreamer1.0: rename patches
gstreamer1.0: update ptest patch
Joshua Watt (2):
bitbake: knotty: Re-enable command line logging levels
classes/image: Use xargs to set file timestamps
Kai Kang (2):
cmake.bbclass: remove ${B} before cmake_do_configure
kernel-yocto.bbclass: chdir to ${WORKDIR} for do_kernel_checkout
Kevin Hao (3):
modutils-initscripts: Bail out when no module is installed
sysvinit-inittab/start_getty: Check /sys for the tty device existence
Revert "inittab: Add getty launch on hvc0 for qemuppc64"
Khairul Rohaizzat Jamaluddin (1):
qemu: Fix CVE-2020-35517
Khem Raj (54):
gcc: Upgrade to 10.3.0 bug-fix release
glibc: Rename glibc src package
gcc-runtime: Make DEBUG_PREFIX_MAP relative to S
valgrind: Delete trailing whitespaces
valgrind: Add glibc-src to ptest rdeps
valgrind: Add libstdc++ debug symbols for ptest
vte: Upgrade to 0.64.0 release
systemd: Fix build on mips/musl
epiphany: Add missing dependency on gnutls
cups: Turn gnutls into a packageconfig knob
wpa-supplicant: Enable openssl
curl: Use openssl backend
libpsl: Add config knobs for runtime/builtin conversion choices
glib-networking: Prefer openssl backend instead of gnutls
gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends
ca-certificates: Fix openssl runtime cert dependencies
weston: Drop loading xwayland.so module
elfutils: Make 64bit time_t fix generic
binutils: Fix linking failures when using dwarf-5
go: Use dl.google.com for SRC_URI
musl: Update to latest master
llvm: Upgrade to LLVM 12 release
python3-docutils: Upgrade to 0.17.1
python3-markupsafe: Enable ptests
python3-jinja2: Enable ptests
python3-pyyaml: Add recipe
apt: Fix build on musl when seccomp is enabled
default-distrovars.inc: Remove seccomp for riscv32
gcc-target: Create a LTO plugin symlink in bfd-plugins directory
bitbake.conf: Use gcc-nm as default NM
gcc-cross: Install linker LTO plugin for binutils tools
gcc-cross-canadian: Install LTO linker plugin to BFD searchable location
gnutls: Point to staging area for finding seccomp libs and includes
libjpeg-turbo: Use --reproducible option for nasm
libid3tag: Filter -ffile-prefix-map too
openssl: Filter out -ffile-prefix-map as well
ltp: Filter out -ffile-prefix-map
gcc-runtime: Fix __FILE__ related reproducablity issues
reproducible_build.bbclass: Enable -Wdate-time
pkgconfig: Fix nativesdk builds for mingw sdk hosts
m4: Do not use SIGSTKSZ
bluez: Fix shadowing of pause function from libc
valgrind: Disable leak_cpp_interior test
findutils: Do not use SIGSTKSZ
bash: Include files needed for run-heredoc ptest
libpam: Provide needed env for tst-pam_start_confdir ptest
cml1.bbclass: Return sorted list of cfg files
busybox: Enable long options for enabled applets
webkitgtk: Fix reproducibility in minibrowser
webkitgtk: Update patch status
libgcc-initial: Do not build fp128 to decimal ppc functions
gcc: Upgrade to GCC 11
busybox: Fix reproducibility
strace: Upgrade to 5.12
Konrad Weihmann (2):
cpan-base: set default UPSTREAM_CHECK_REGEX
cve-update-db-native: skip on empty cpe23Uri
Marek Vasut (1):
linux-firmware: Package RSI 911x WiFi firmware
Martin Jansa (2):
xwayland: add opengl to REQUIRED_DISTRO_FEATURES
ofono: prevent using bundled ell headers and fix build with ell-0.39
Michael Halstead (1):
releases: update to include 3.3
Michael Opdenacker (7):
dev-manual: fix code insertion
manuals: simplify code insertion
manuals: code insertion simplification over two lines
bitbake: doc: bitbake-user-manual: simplify colon usage
bitbake: doc: bitbake-user-manual: code insertion simplification over two lines
dev-manual: update references to Docker installation instructions
sanity.bbclass: mention CONNECTIVITY_CHECK_URIS in network failure message
Mikko Rapeli (4):
bitbake: bitbake: tests/fetch: fix test execution without .gitconfig
bitbake: bitbake: tests/fetch: remove write protected files too
lz4: use CFLAGS from bitbake
unzip: use optimization from bitbake
Mingli Yu (6):
libxshmfence: Build fixes for riscv32
packagegroup-core-tools-profile: Remove valgrind for riscv32
packagegroup-core-tools-testapps.bb: Remove kexec for riscv32
libtool: make sure autoheader run before automake
groff: not ship /usr/bin/grap2graph
rpm: Upgrade to 4.16.1.3
Minjae Kim (1):
qemu: fix CVE-2021-3392
Nicolas Dechesne (1):
bitbake: doc: bitbake-user-manual: fix typo left over from Sphinx migration
Niels Avonds (1):
bitbake: fetch/gitsm: Fix crash when using git LFS and submodules
Oleksandr Kravchuk (2):
python3-setuptools: update to 56.0.0
autoconf-archive: update to 2021.02.19
Otavio Salvador (2):
gstreamer1.0-plugins-base: Add 'viv-fb' OpenGL Window System option
gstreamer1.0-plugins-base: Use bb.utils.filter to reduce code
Paul Barker (10):
bitbake: hashserv: Use generic ConnectionError
bitbake: asyncrpc: Common implementation of RPC using json & asyncio
bitbake: hashserv: Refactor to use asyncrpc
bitbake: prserv: Drop obsolete python version check
bitbake: prserv: Drop unused dump_db method
bitbake: prserv: Add connect function
prservice: Use new connect API
bitbake: prserv: Use multiprocessing to auto start prserver
bitbake: prserv: Extract daemonization from PRServer class
bitbake: prserv: Handle requests in main thread
Paulo Cesar Zaneti (1):
perl: fix startperl configuration option for perl-native
Peter Budny (1):
lib/oe/terminal: Fix tmux new-session on older tmux versions (<1.9)
Petr Vorel (1):
ltp: Replace musl patches with do_patch[postfuncs]
Przemyslaw Gorszkowski (2):
bitbake: progress: LineFilterProgressHandler - Handle parsing line which ends with CR only
bitbake: fetch/s3: Add progress handler for S3 cp command
Randy MacLeod (2):
sqlite3: upgrade 3.35.0 -> 3.35.3
oe-time-dd-test.sh: increase timeout to 15 sec
Reto Schneider (2):
license_image.bbclass: Detect broken symlinks
license_image.bbclass: Fix symlink to generic license files
Richard Purdie (32):
oeqa/selftest: Hardcode test assumptions about heartbeat event timings
pseudo: Upgrade to add trailing slashes ignore path fix
oeqa/selftest: Ensure packages classes are set correctly for maintainers test
layer.conf: Update to add post 3.3 release honister series
sanity: Add error check for '%' in build path
bitbake: runqueue: Fix deferred task issues
bitbake: tinfoil/data_smart: Allow variable history emit() to function remotely
sanity: Further improve directory sanity tests
bitbake: bitbake-server: Remove now unneeded code
bitbake: doc/user-manual-fetching: Remove basepath unpack parameter docs
poky.conf: Post release version bump
runqemu: Ensure we cleanup snapshot files after image run
patchelf: Backport fix from upstream for note section overlap error
pyyaml: Add missing HOMEPAGE
yocto-check-layer: Avoid bug when iterating and autoadding dependencies
libseccomp: Add MAINTAINERS entry and HOMEPAGE
libseccomp: Fix reproducibility issue
apt: Disable libseccomp
libxcrypt: Update to 4.4.19 release and fix symbol version issues
patchelf: Fix note section alignment issues
bitbake: runqueue: Fix multiconfig deferred task sstate validity caching issue
bitbake: runqueue: Handle deferred task rehashing in multiconfig builds
patchelf: Fix alignment patch
pybootchart/draw: Avoid divide by zero error
yocto-uninative: Update to 3.1 which includes a patchelf fix
Revert "perl: fix startperl configuration option for perl-native"
bitbake: bin/bitbake-getvar: Add a new command to query a variable value (with history)
bitbake: bitbake: Switch to post release version number 1.51.0
sanity.conf: Require bitbake 1.51.0
oeqa/qemurunner: Improve logging thread exit handling for qemu shutdown test
oeqa/qemurunner: Handle path length issues for qmp socket
lib/package_manager: Use shutil.copy instead of bb.utils.copyfile for intercepts
Robert Joslyn (3):
btrfs-tools: Update to 5.11.1
btrfs-tools: Add PACKAGECONFIG options
btrfs-tools: Try to follow style guide
Robert P. J. Day (3):
sdk-manual: "beablebone" -> "beaglebone"
sdk-manual: fix broken formatting of sample command
bitbake.conf: sort MIRROR list, add missing SAMBA_MIRROR
Ross Burton (4):
glslang: strip whitespace in pkgconfig file
insane: clean up some more warning messages
bitbake: bitbake-server: ensure server timeout is a float
oe-buildenv-internal: add BitBake's library to PYTHONPATH
Sakib Sajal (12):
oe-time-dd-test.sh: make executable
oe-time-dd-test.sh: provide more information from "top"
qemu: fix CVE-2021-20181
qemu: fix CVE-2020-29443
qemu: fix CVE-2021-20221
qemu: fix CVE-2021-3409
qemu: fix CVE-2021-3416
qemu: fix CVE-2021-20257
oe-time-dd-test.sh: collect cooker log when timeout is exceeded
buildstats.bbclass: collect data in the same file.
qemu: fix CVE-2020-27821
qemu: fix CVE-2021-20263
Samuli Piippo (1):
assimp: BBCLASSEXTEND to native and nativesdk
Saul Wold (4):
pango: re-enable ptest
qemu-system-native: install qmp python module
qemurunner: Add support for qmp commands
qemurunner: change warning to info
Stefan Ghinea (3):
wpa-supplicant: fix CVE-2021-30004
libssh2: fix build failure with option no-ecdsa
xserver-xorg: fix CVE-2021-3472
Stefano Babic (1):
libubootenv: upgrade 0.3.1 -> 0.3.2
Teoh Jay Shen (6):
oeqa/manual/bsp-hw.json : remove boot_from_runlevel_3 and boot_from_runlevel_5 manual test
oeqa/manual/bsp-hw.json : remove ethernet_static_ip_set_in_connman and ethernet_get_IP_in_connman_via_DHCP manual test
oeqa/manual/bsp-hw.json : remove standby and Test_if_LAN_device_works_well_after_resume_from_suspend_state manual test
oeqa/manual/bsp-hw.json : remove click_terminal_icon_on_X_desktop manual test
oeqa/manual/bsp-hw.json :remove Check_if_RTC_(Real_Time_Clock)_can_work_correctly manual test
oeqa/manual/bsp-hw.json : remove Test_if_usb_hid_device_works_well_after_resume_from_suspend_state manual test
Trevor Gamblin (2):
nettle: upgrade 3.7.1 -> 3.7.2
ref-manual/variables.rst: Add incompatibility warning for SERIAL_CONSOLES_CHECK
Ulrich Ölmann (1):
arch-armv6m.inc: fix access rights
Vinay Kumar (1):
binutils: Fix CVE-2021-20197
Vineela Tummalapalli (1):
Adding dunfell 3.1.7 to the switcher and release list.
Wang Mingyu (6):
at-spi2-core: upgrade 2.38.0 -> 2.40.0
babeltrace2: upgrade 2.0.3 -> 2.0.4
boost-build-native: upgrade 4.3.0 -> 4.4.1
libassuan: upgrade 2.5.4 -> 2.5.5
webkitgtk: upgrade 2.30.5 -> 2.30.6
vte: upgrade 0.62.2 -> 0.62.3
Wes Lindauer (1):
oeqa/runtime/cases: Only disable/enable for current boot
Yanfei Xu (1):
parselogs: ignore floppy error on qemu-system-x86 at boot stage
Yi Fan Yu (7):
valgrind: update 3.16.1 -> 3.17.0
valgrind: Disable ptest swapcontext.vgtest
valgrind: Fix ptest swapcontext.vgtest
Revert "glib-2.0: add workaround to fix codegen.py.test failing"
re2c: Upgrade 2.0.3 -> 2.1.1
valgrind: Enable drd/tests/bar_bad* ptest
libevent: Increase ptest timing tolerance 50 ms -> 100 ms
Zqiang (1):
rt-tests: Update rt-tests
hongxu (1):
deb: apply postinstall on sdk
wangmy (34):
ell: upgrade 0.38 -> 0.39
dbus-glib: upgrade 0.110 -> 0.112
ccache: upgrade 4.2 -> 4.2.1
gcr: upgrade 3.38.1 -> 3.40.0
ghostscript: upgrade 9.53.3 -> 9.54.0
libsolv: upgrade 0.7.17 -> 0.7.18
glib-2.0: upgrade 2.66.7 -> 2.68.0
file: upgrade 5.39 -> 5.40
curl: upgrade 7.75.0 -> 7.76.0
acpica: upgrade 20210105 -> 20210331
help2man: upgrade 1.48.2 -> 1.48.3
libportal: upgrade 0.3 -> 0.4
libksba: upgrade 1.5.0 -> 1.5.1
go: upgrade 1.16.2 -> 1.16.3
libcap: upgrade 2.48 -> 2.49
libcomps: upgrade 0.1.15 -> 0.1.16
icu: upgrade 68.2 -> 69.1
mpg123: upgrade 1.26.4 -> 1.26.5
man-pages: upgrade 5.10 -> 5.11
go: update SRC_URI to use https protocol
mesa: upgrade 21.0.1 -> 21.0.2
openssh: upgrade 8.5p1 -> 8.6p1
mtools: upgrade 4.0.26 -> 4.0.27
python3-cython: upgrade 0.29.22 -> 0.29.23
tiff: upgrade 4.2.0 -> 4.3.0
boost: upgrade 1.75.0 -> 1.76.0
wpebackend-fdo: upgrade 1.8.2 -> 1.8.3
mesa: upgrade 21.0.2 -> 21.0.3
gdb: upgrade 10.1 -> 10.2
glib-networking: upgrade 2.66.0 -> 2.68.1
glslang: upgrade 11.2.0 -> 11.4.0
hdparm: upgrade 9.60 -> 9.61
libhandy: upgrade 1.2.1 -> 1.2.2
libjitterentropy: upgrade 3.0.1 -> 3.0.2
zangrc (1):
maintainers.inc: Modify email address
zhengruoqin (19):
epiphany: upgrade 3.38.2 -> 3.38.3
wpebackend-fdo: upgrade 1.8.0 -> 1.8.2
netbase: upgrade 6.2 -> 6.3
python3-dbusmock: upgrade 0.22.0 -> 0.23.0
python3-gitdb: upgrade 4.0.5 -> 4.0.7
libva: upgrade 2.10.0 -> 2.11.0
ruby: upgrade 3.0.0 -> 3.0.1
libva-utils: upgrade 2.10.0 -> 2.11.1
libdazzle: upgrade 3.38.0 -> 3.40.0
librepo: upgrade 1.13.0 -> 1.14.0
libdrm: upgrade 2.4.104 -> 2.4.105
python3-pygobject: upgrade 3.38.0 -> 3.40.1
libedit: upgrade 20210216-3.1 -> 20210419-3.1
libhandy: upgrade 1.2.0 -> 1.2.1
libical: upgrade 3.0.9 -> 3.0.10
libsolv: upgrade 0.7.18 -> 0.7.19
libmicrohttpd: upgrade 0.9.72 -> 0.9.73
python3-numpy: upgrade 1.20.1 -> 1.20.2
wireless-regdb: upgrade 2020.11.20 -> 2021.04.21
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ibdaea694cae40b0749d472bf08b53002a45b31d7
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index a7b628c..74b59e4 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -52,6 +52,7 @@
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
+ file://0001-audio-Rename-pause-funciton-to-avoid-shadowing-glibc.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-audio-Rename-pause-funciton-to-avoid-shadowing-glibc.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-audio-Rename-pause-funciton-to-avoid-shadowing-glibc.patch
new file mode 100644
index 0000000..d9067df
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-audio-Rename-pause-funciton-to-avoid-shadowing-glibc.patch
@@ -0,0 +1,48 @@
+From 8adab7f1e04948e78854953f9373cac741445a0f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 30 Apr 2021 21:09:33 -0700
+Subject: [PATCH] audio: Rename pause funciton to avoid shadowing glibc
+ defintions
+
+Fixes
+profiles/audio/media.c:1284:13: error: static declaration of 'pause' follows non-static declaration
+static bool pause(void *user_data)
+ ^
+/mnt/b/yoe/master/build/tmp/work/core2-64-yoe-linux/bluez5/5.56-r0/recipe-sysroot/usr/include/unistd.h:478:12: note: previous declaration is here
+extern int pause (void);
+ ^
+../bluez-5.56/profiles/audio/media.c:1334:11: warning: incompatible function pointer types initializing 'bool (*)(void *)' with an expression of type 'int (void)' [-Wincompatible-function-pointer-types]
+ .pause = pause,
+ ^~~~~
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ profiles/audio/media.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/audio/media.c b/profiles/audio/media.c
+index c84bbe2..7110089 100644
+--- a/profiles/audio/media.c
++++ b/profiles/audio/media.c
+@@ -1281,7 +1281,7 @@ static bool stop(void *user_data)
+ return media_player_send(mp, "Stop");
+ }
+
+-static bool pause(void *user_data)
++static bool apause(void *user_data)
+ {
+ struct media_player *mp = user_data;
+
+@@ -1331,7 +1331,7 @@ static struct avrcp_player_cb player_cb = {
+ .set_volume = set_volume,
+ .play = play,
+ .stop = stop,
+- .pause = pause,
++ .pause = apause,
+ .next = next,
+ .previous = previous,
+ };
+--
+2.31.1
+
diff --git a/poky/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/poky/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
new file mode 100644
index 0000000..3655b3f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
@@ -0,0 +1,28 @@
+From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Wed, 21 Apr 2021 11:01:34 +0000
+Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro
+ from ell/util.h
+
+Upstream-Status: Pending
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ drivers/mbimmodem/mbim-private.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
+index 51693eae..d917312c 100644
+--- a/drivers/mbimmodem/mbim-private.h
++++ b/drivers/mbimmodem/mbim-private.h
+@@ -30,6 +30,10 @@
+ __result; })
+ #endif
+
++/* used to be part of ell/util.h before 0.39:
++ https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */
++#define unlikely(x) __builtin_expect(!!(x), 0)
++
+ enum mbim_control_message {
+ MBIM_OPEN_MSG = 0x1,
+ MBIM_CLOSE_MSG = 0x2,
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
index 7d0976a..2425ef7 100644
--- a/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
+++ b/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
@@ -11,6 +11,7 @@
${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://ofono \
file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
+ file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
"
SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc"
SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
@@ -30,9 +31,14 @@
EXTRA_OECONF += "--enable-test --enable-external-ell"
+do_configure_prepend() {
+ bbnote "Removing bundled ell from ${S}/ell to prevent including it"
+ rm -rf ${S}/ell
+}
+
do_install_append() {
- install -d ${D}${sysconfdir}/init.d/
- install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
+ install -d ${D}${sysconfdir}/init.d/
+ install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
}
PACKAGES =+ "${PN}-tests"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.5p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
similarity index 98%
rename from poky/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
rename to poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
index 6a49cf7..be56fe4 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_8.6p1.bb
@@ -25,7 +25,7 @@
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
"
-SRC_URI[sha256sum] = "f52f3f41d429aa9918e38cf200af225ccdd8e66f052da572870c89737646ec25"
+SRC_URI[sha256sum] = "c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae"
# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 949c788..003cfbc 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -25,16 +25,19 @@
Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Update to fix buildpaths qa issue for '-ffile-prefix-map'.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
---
Configurations/unix-Makefile.tmpl | 10 +++++++++-
crypto/build.info | 2 +-
2 files changed, 10 insertions(+), 2 deletions(-)
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 16af4d2087..54c162784c 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+@@ -420,13 +420,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
@@ -49,6 +52,7 @@
+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
+ }
+ join(' ', @{$config{CFLAGS}}) -}
+
@@ -58,11 +62,9 @@
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
# For x86 assembler: Set PROCESSOR to 386 if you want to support
-diff --git a/crypto/build.info b/crypto/build.info
-index b515b7318e..8c9cee2a09 100644
--- a/crypto/build.info
+++ b/crypto/build.info
-@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink
ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
DEPEND[cversion.o]=buildinf.h
@@ -71,6 +73,3 @@
DEPEND[buildinf.h]=../configdata.pm
GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
---
-2.19.1
-
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch
new file mode 100644
index 0000000..e2540fc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch
@@ -0,0 +1,123 @@
+From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 13 Mar 2021 18:19:31 +0200
+Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters
+
+The supported hash algorithms do not use AlgorithmIdentifier parameters.
+However, there are implementations that include NULL parameters in
+addition to ones that omit the parameters. Previous implementation did
+not check the parameters value at all which supported both these cases,
+but did not reject any other unexpected information.
+
+Use strict validation of digest algorithm parameters and reject any
+unexpected value when validating a signature. This is needed to prevent
+potential forging attacks.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport
+CVE: CVE-2021-30004
+
+Reference to upstream patch:
+[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15]
+
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+---
+ src/tls/pkcs1.c | 21 +++++++++++++++++++++
+ src/tls/x509v3.c | 20 ++++++++++++++++++++
+ 2 files changed, 41 insertions(+)
+
+diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
+index 141ac50..e09db07 100644
+--- a/src/tls/pkcs1.c
++++ b/src/tls/pkcs1.c
+@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
+ os_free(decrypted);
+ return -1;
+ }
++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
++ hdr.payload, hdr.length);
+
+ pos = hdr.payload;
+ end = pos + hdr.length;
+@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
+ os_free(decrypted);
+ return -1;
+ }
++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
++ hdr.payload, hdr.length);
+ da_end = hdr.payload + hdr.length;
+
+ if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
+@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
+ os_free(decrypted);
+ return -1;
+ }
++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
++ next, da_end - next);
++
++ /*
++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
++ * omit the parameters, but there are implementation that encode these
++ * as a NULL element. Allow these two cases and reject anything else.
++ */
++ if (da_end > next &&
++ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
++ !asn1_is_null(&hdr) ||
++ hdr.payload + hdr.length != da_end)) {
++ wpa_printf(MSG_DEBUG,
++ "PKCS #1: Unexpected digest algorithm parameters");
++ os_free(decrypted);
++ return -1;
++ }
+
+ if (!asn1_oid_equal(&oid, hash_alg)) {
+ char txt[100], txt2[100];
+diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
+index 1bd5aa0..bf2289f 100644
+--- a/src/tls/x509v3.c
++++ b/src/tls/x509v3.c
+@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer,
+ os_free(data);
+ return -1;
+ }
++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
+
+ pos = hdr.payload;
+ end = pos + hdr.length;
+@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer,
+ os_free(data);
+ return -1;
+ }
++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
++ hdr.payload, hdr.length);
+ da_end = hdr.payload + hdr.length;
+
+ if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
+@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer,
+ os_free(data);
+ return -1;
+ }
++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
++ next, da_end - next);
++
++ /*
++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
++ * omit the parameters, but there are implementation that encode these
++ * as a NULL element. Allow these two cases and reject anything else.
++ */
++ if (da_end > next &&
++ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
++ !asn1_is_null(&hdr) ||
++ hdr.payload + hdr.length != da_end)) {
++ wpa_printf(MSG_DEBUG,
++ "X509: Unexpected digest algorithm parameters");
++ os_free(data);
++ return -1;
++ }
+
+ if (x509_sha1_oid(&oid)) {
+ if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index 357c286..16c5918 100644
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -10,7 +10,7 @@
DEPENDS = "dbus libnl"
RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
-PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG ??= "openssl"
PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
PACKAGECONFIG[openssl] = ",,openssl"
@@ -32,6 +32,7 @@
file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
file://CVE-2021-0326.patch \
file://CVE-2021-27803.patch \
+ file://CVE-2021-30004.patch \
"
SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"