poky: subtree update:796be0593a..9294bc4bb4
This includes our temporary libpam revert until OpenBMC can get in
support for the new libraries. See openbmc/openbmc#3750 for more
information.
Abdellatif El Khlifi (4):
kernel-fitimage: adding support for Initramfs bundle and u-boot script
kernel: skip installing fitImage when using Initramfs bundles
oeqa/selftest/imagefeatures: adding fitImage initramfs bundle testcase
ref-manual/ref-classes: update kernel-fitimage with Initramfs bundle and boot script
Adrian Herrera (2):
scripts: oe-run-native, fix *-native directories
common-licenses: add BSD-3-Clause-Clear license
Alan Perry (2):
binutils: add libopcodes package for perf
iproute2: Add subpackage for rdma command
Alejandro Hernandez Samaniego (2):
newlib: Upgrade 3.3.0 -> 4.1.0
newlib: Update licence
Alex Stewart (1):
opkg: upgrade to version 0.4.4
Alexander Kanavin (89):
selftest/reproducible: enable world reproducibility test
selftest/reproducible: add an exclusion list for items that are not yet reproducible
kea: upgrade 1.7.10 -> 1.8.1
valgrind: exclude bar_bad/bar_bad_xml from ptests
bzip2: run ptests without valgrind
lttng-tools: disable more failing ptests
glib-2.0: add a patch to increase a test timeout
acpica: upgrade 20201113 -> 20201217
bind: upgrade 9.16.9 -> 9.16.10
diffoscope: upgrade 161 -> 163
dnf: upgrade 4.4.0 -> 4.5.2
enchant2: upgrade 2.2.13 -> 2.2.14
epiphany: upgrade 3.38.1 -> 3.38.2
ethtool: upgrade 5.9 -> 5.10
gtk+3: upgrade 3.24.23 -> 3.24.24
init-system-helpers: upgrade 1.58 -> 1.60
kbd: upgrade 2.3.0 -> 2.4.0
kea: upgrade 1.8.1 -> 1.8.2
libmodulemd: upgrade 2.9.4 -> 2.11.1
libpcre2: upgrade 10.35 -> 10.36
libtirpc: upgrade 1.2.6 -> 1.3.1
libusb1: upgrade 1.0.23 -> 1.0.24
libva: upgrade 2.9.0 -> 2.10.0
libx11: upgrade 1.6.12 -> 1.7.0
lighttpd: upgrade 1.4.56 -> 1.4.57
ninja: upgrade 1.10.1 -> 1.10.2
puzzles: upgrade to latest revision
python3-hypothesis: upgrade 5.41.5 -> 5.43.3
python3-py: upgrade 1.9.0 -> 1.10.0
python3-setuptools-scm: upgrade 4.1.2 -> 5.0.1
sqlite3: upgrade 3.33.0 -> 3.34.0
stress-ng: upgrade 0.11.24 -> 0.12.00
sudo: upgrade 1.9.3p1 -> 1.9.4p1
sysvinit: upgrade 2.97 -> 2.98
vala: upgrade 0.50.1 -> 0.50.2
vulkan-headers: upgrade 1.2.154.0 -> 1.2.162.0
webkitgtk: upgrade 2.30.2 -> 2.30.4
xprop: upgrade 1.2.4 -> 1.2.5
xserver-xorg: upgrade 1.20.9 -> 1.20.10
glib-2.0: update 2.66.2 -> 2.66.4
rpm: update 4.16.0 -> 4.16.1.2
piglit: update to latest revision
sbc: update 1.4 -> 1.5
libdnf: update 0.55.0 -> 0.55.2
libva-utils: update 2.9.1 -> 2.10.0
python3-importlib-metadata: update 3.1.1 -> 3.3.0
python3: update 3.9.0 -> 3.9.1
vulkan-loader: upgrade 1.2.154.1 -> 1.2.162.0
vulkan-tools: upgrade 1.2.154.0 -> 1.2.162.0
systemd-bootchart: update 233 -> 234
zstd: add recipe from meta-oe
zstd: update 1.4.5 -> 1.4.8
devtool: gitsm:// should be handled same as git:// in upgrades
ovmf: upgrade 202008 -> 202011
libksba: update 1.4.0 -> 1.5.0
libjitterentropy: update 2.2.0 -> 3.0.0
icu: update 68.1 -> 68.2
gnutls: update 3.6.15 -> 3.7.0
gnupg: update 2.2.23 -> 2.2.26
boost: update 1.74.0 -> 1.75.0
kexec-tools: update 2.0.20 -> 2.0.21
vulkan-samples: update to latest revision
libpam: update 1.3.1 -> 1.5.1
strace: update 5.9 -> 5.10
python3-pytest: update 6.1.2 -> 6.2.1
mtools: update 4.0.25 -> 4.0.26
gnu-config: update to latest revision
cmake: update 3.18.4 -> 3.19.2
ccache: upgrade 3.7.11 -> 4.1
ccache.bbclass: use ccache from host distribution
gawk: add missing ptest dependency
util-linux: upgrade 2.36 -> 2.36.1
ell: upgrade 0.33 -> 0.35
net-tools: correct version check
oeqa/ptest: print a warning if ptests failed
bash: update 5.0 -> 5.1
runtime_test.py: correct output check for bash 5.1
distcc: update 3.3.3 -> 3.3.5
gptfdisk: update 1.0.5 -> 1.0.6
python3-setuptools: update 51.0.0 -> 52.0.0
ruby: update 2.7.2 -> 3.0.0
vulkan-samples: update to latest revision
dpkg: update 1.20.5 -> 1.20.7.1
libhandy: upgrade 1.0.2 -> 1.0.3
tar: update 1.32 -> 1.33
at: correct upstream version check
shaderc: correct version check
spirv-tools: correct version check
u-boot: upgrade 2020.10 -> 2021.01
Alistair Francis (1):
opensbi: Bump from 0.8 to 0.9
Anatol Belski (1):
iproute2: Make it easier to manipulate SUBDIRS list from bbappend
Andreas Müller (1):
openssl: re-enable whirlpool
Andrey Mozzhuhin (1):
toolchain-shar-extract.sh: Handle special characters in script path
Anton Kachalov (1):
rootfs: add option to allow delayed postinsts on read-only rootfs
Anuj Mittal (45):
mesa: add more details to elf-tls patch
mesa: remove patch disabling asm
linux-yocto: update genericx86 to v5.4.87
enchant2: upgrade 2.2.14 -> 2.2.15
gstreamer1.0: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-plugins-base: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-plugins-good: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-plugins-bad: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-libav: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-omx: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-rtsp-server: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-python: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-vaapi: upgrade 1.18.2 -> 1.18.3
gst-examples: upgrade 1.18.2 -> 1.18.3
gst-devtools: upgrade 1.18.2 -> 1.18.3
gstreamer1.0-plugins-ugly: upgrade 1.18.2 -> 1.18.3
libepoxy: upgrade 1.5.4 -> 1.5.5
libproxy: upgrade 0.4.15 -> 0.4.17
stress-ng: upgrade 0.12.00 -> 0.12.01
vulkan-tools: upgrade 1.2.162.0 -> 1.2.162.1
harfbuzz: upgrade 2.7.2 -> 2.7.4
mpg123: upgrade 1.26.3 -> 1.26.4
piglit: upgrade to latest revision
vala: upgrade 0.50.2 -> 0.50.3
gcr: upgrade 3.38.0 -> 3.38.1
python3-pygments: upgrade 2.7.3 -> 2.7.4
logrotate: upgrade 3.17.0 -> 3.18.0
lzip: upgrade 1.21 -> 1.22
python3-mako: upgrade 1.1.3 -> 1.1.4
wget: upgrade 1.20.3 -> 1.21.1
lighttpd: upgrade 1.4.57 -> 1.4.58
python3-importlib-metadata: upgrade 3.3.0 -> 3.4.0
python3-git: upgrade 3.1.11 -> 3.1.12
acpica: upgrade 20201217 -> 20210105
diffstat: upgrade 1.63 -> 1.64
python3-dbusmock: upgrade 0.19 -> 0.22.0
python3-hypothesis: upgrade 5.43.3 -> 6.0.2
python3-numpy: upgrade 1.19.4 -> 1.19.5
resolvconf: upgrade 1.83 -> 1.87
sudo: upgrade 1.9.4p1 -> 1.9.5p1
git: upgrade 2.29.2 -> 2.30.0
meson: upgrade 0.56.0 -> 0.56.2
rt-tests/hwlatdetect: upgrade 1.9 -> 1.10
gstreamer1.0: fix failing ptest
python3: fix CVE-2021-3177
Awais Belal (1):
kernel.bbclass: fix deployment for initramfs images
Bruce Ashfield (38):
linux-yocto-rt/5.4: update to -rt44
linux-yocto/5.4: update to v5.4.80
lttng-modules: fix build against v5.10+
kern-tools: non-gcc config support and option re-classification
linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y'
linux-yocto/5.4: update to v5.4.82
linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT
linux-yocto/5.4: update to v5.4.83
linux-yocto/5.8/cfg: fix -tiny warnings
linux-yocto/5.4/cfg: fix -tiny warnings
systemtap: fix on target build for 4.4 and 5.10+
linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings
kernel-devsrc: fix 32bit ARM devsrc builds
linux-yocto/5.4: update to v5.4.85
linux-yocto-dev: bump to v5.11-rc
libc-headers: update to v5.10
machine/qemuarm*: add vmalloc kernel parameter
linux-yocto: introduce v5.10 reference kernel recipes
linux-yocto/5.10: update to v5.10.2
conf/machine: bump qemu preferred versions to 5.10
poky/poky-tiny: set preferred kernel to 5.10
yocto-bsp: explicitly set preferred version for reference boards
poky-alt: don't use conditional assignment for preferred kernel version
linux-yocto/5.10: update to v5.10.4
linux-yocto/5.10: update to v5.10.5
linux-yocto/5.4: update to v5.4.87
linux-yocto/5.10/cfg: x86 and beaglebone config fixes
linux-yocto: remove 5.8 recipes
yocto-bsp: drop 5.8 bbappend
linux-yocto/5.10: update to v5.10.8
linux-yocto/5.4: update to v5.4.90
linux-yocto-rt/5.10: fix 5.10-rt build breakage
linux-yocto-rt/5.4: fix 5.4-stable caused build breakage
linux-yocto/5.10: update to v5.10.10
linux-yocto/5.10: update to v5.10.12
linux-yocto/5.4: update to v5.4.94
linux-yocto/5.10: binutils 2.36 fixes
yocto-bsp: linux-yocto: update to v5.10.12
Changhyeok Bae (1):
python3-importlib-metadata: Add toml dependency
Changqing Li (4):
libexif: fix CVE-2020-0198; CVE-2020-0452
libpam: support usrmerge
libpam: remove unused code
qemu: fix do_compile error
Chee Yang Lee (1):
initrdscripts: init-install-efi.sh install extra files for ESP
Chen Qi (1):
systemd: change /bin/nologin to /sbin/nologin
Chris Laplante (2):
contrib/git-hooks: add a sendemail-validate example hook that adds FROM: lines to outgoing patch emails
systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found
Christophe Priouzeau (1):
bitbake: fetch2/wget: Update user-agent
Christopher Larson (2):
grub-efi-cfg: exclude OVERRIDES from build_efi_cfg vardeps
uboot-extlinux-config: exclude OVERRIDES from do_create_extlinux_config vardeps
Deepak Rawat (1):
openssl: add support for mingw64 as target
Denys Dmytriyenko (2):
maintainers: update own email address
wayland: upgrade 1.18.0 -> 1.19.0
Diego Sueiro (4):
wic: Introduce empty plugin to create unformatted empty partitions
modutils-initscripts: Use depmod -a when modules.dep is empty
staging: Introduce /sysroot-only to SYSROOT_DIRS
dev-manual: Add usage of /sysroot-only in SYSROOT_DIRS
Dmitry Baryshkov (4):
perl: fix installation failure because of shell issue
linux-firmware: upgrade 20201118 -> 20201218
linux-firmware: package firmware for Lontium lt9611uxc bridge
mesa,mesa-gl: upgrade to 20.3.2
Dorinda (8):
sanity: Verify that user isn't building in PSEUDO_IGNORE_PATHS
sanity.bbclass: sanity check for if bitbake is present in PATH
sanity.bbclass: check if PSEUDO_IGNORE_PATHS and ${S} overlap
elfutils: split libdebuginfod into its own package
elfutils: add PACKAGECONFIG for debuginfod
elfutils: add support for ipk
sanity.bbclass: Check if PSEUDO_IGNORE_PATHS and paths under pseudo control overlap
oe-pkgdata-util: Check if environment script is initialized
Easwar Hariharan (1):
classes/kernel-fitimage: make fitimage_emit_section_config more readable
Elvis Stansvik (1):
ref-manual: terms: Fix poky tarball root folder
Hongxu Jia (1):
deb: do not insert feed uris if apt not installed
Jack Mitchell (1):
distutils3: allow setup.py to be run from a different directory to ${S}
Joey Degges (4):
bitbake: tests/fetch: Organize usehead tests by net requirements
bitbake: tests/fetch: Document behavior of test_gitfetch_usehead
bitbake: tests/fetch: Test usehead with a non-default name
bitbake: fetch/git: Fix usehead for non-default names
Jonathan Richardson (1):
core-image-tiny-initramfs: Add compatiblity for aarch64
Jose Quaresma (22):
gstreamer1.0: upgrade 1.18.1 -> 1.18.2
gstreamer1.0-plugins-bad: v4l2codecs fix typo
gstreamer1.0-plugins-bad: add support for aom plugin
gstreamer1.0-plugins-bad: add support for x265 plugin
gstreamer1.0-plugins-bad: sctp plugin uses the internal usrsctp static lib
gstreamer1.0-plugins-bad: remove unsupported plugins comment
gstreamer1.0-plugins-bad: netsim plugin don't have external deps
gstreamer1.0-plugins-bad: transcode plugin external deps is always present
gstreamer1.0: use the correct meson option for the capabilities
shaderc: upgrade 2020.3 -> 2020.4
spirv-tools: upgrade 2020.5 -> 2020.6
common-licenses: Add GPL-3.0-with-bison-exception
glslang: upgrade 8.13.3743 -> 11.1.0
glslang: enable shared libs
glslang: disable precompiled header
shaderc: avoid reproducible issues
shaderc: fix the build with glslang 11.1.0
spirv-headers: Add receipe
spirv-tools: cleanup
shaderc: add spirv-headers as dependencie
spirv-tools: fix reproducible
selftest/reproducible: remove spirv-tools-dev from exclusion list
Joshua Watt (4):
diffoscope: upgrade 163 -> 164
ref-manual: Clarify recommended operator for PROVIDES
bash: Disable bracketed input by default
bitbake: logging: Make bitbake logger compatible with python logger
Kai Kang (1):
adwaita-icon-theme: add version 3.34.3 back
Kamel Bouhara (2):
npm.bbclass: make shrinkwrap file optional
recipetool: create: only add npmsw url if required
Kevin Hao (2):
Revert "yocto-bsp: explicitly set preferred version for reference boards"
meta-yocto-bsp: Bump the kernel to v5.10
Khairul Rohaizzat Jamaluddin (4):
openssl: Update 1.1.1h -> 1.1.1i
go: Update 1.15.5 -> 1.15.6
curl: Update 7.73.0 -> 7.74.0
ffmpeg: Fix CVE-2020-35964, CVE-2020-35965
Khem Raj (37):
musl: Update to latest master
systemd: Fix reallocarray check
go.bbclass: Use external linker for native packages
qemuriscv: check serial consoles w.r.t. /proc/consoles
busybox-inittab: Implement SYSVINIT_ENABLED_GETTYS and USE_VT
initscripts: use quotes for shell variable comparision
busybox: Install /etc/default/rcS when used as init system
busybox: Run mdev as daemon
rcS: Define identifier for init system used
initscripts: Use initctl on sysvinit only
busybox: Sync rcS.default with sysvinit
ltp: Fix ltp-pan crash on 32bit arches using 64bit time_t
pulseaudio: Fix build with clang for non-x86 target
util-linux: Build fixes for 32bit arches with 64bit time_t
libpam: Drop musl patches
ccache: Build fixes for clang and riscv32
shadow: Remove lastlog pam plugin on musl system
rxvt-unicode: Disable lastlog on musl systems
openssh: Disable lastlog on musl
dropbear: Disable lastlog and wtmp on musl
ccache: Fix build on aarch64/clang
openssl: Enable rc4/rc2/bf/md4 algorithms
openssl: Enable psk for qtbase
libyaml: Enable static lib on native/nativesdk
musl/glibc: Document assembly file directive fix
musl: Update to 1.2.2 release
binutils: Upgrade to 2.36 release
binutils: Package libdep linker plugins
binutils: Disable parallel install for target/nativesdk binutils
musl: Drop adding .file directive in asm files
glibc: Drop adding .file directive in asm files
glibc: Upgrade to 2.33
glibc: Enable cet
glibc: Require full ISA support for x86-64 level marker
security_flags.inc: Use -O with -D_FORTIFY_SOURCE
systemd: Fix build on musl
autoconf: Fix typo for prefuncs
Lee Chee Yang (8):
gdk-pixbuf: fix CVE-2020-29385
wic/direct/kparser: ensure fsuuid for vfat and msdos align with format
p11-kit: upgrade 0.23.21 -> 0.23.22
cve-check: replace Looseversion with custom version class
cve_check: add CVE_VERSION_SUFFIX to indicate suffix in versioning
openssl: set CVE_VERSION_SUFFIX
wic/selftest: test_permissions also test bitbake image
wic: debug mode to keep tmp directory
Leon Anavi (1):
common-tasks.rst: Fix GNU_HASH in hello.bb
Li Wang (2):
qemu: CVE-2020-25723
qemu: CVE-2020-28916
Luca Boccassi (7):
classes/kernel-fitimage: add ability to sign individual images
systemd: update 246 -> 247
systemd: add package config for systemd-oomd
systemd: ship new systemd-dissect in -extra-utils
systemd: set -Dmode=release as recommended by NEWS
systemd: add RRECOMMENDS for weak dependencies, if enabled
systemd: update to v247.3
Mans Rullgard (1):
boost: drop arm-intrinsics.patch
Marek Vasut (2):
meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex
meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script
Mark Jonas (1):
parted: Make readline dependency optional
Martin Jansa (3):
license.bbclass: Add COMMON_LICENSE_DIR and LICENSE_PATH dirs to PSEUDO_IGNORE_PATHS
busybox.inc: install rcS, rcK and rcS.default only with busybox in VIRTUAL-RUNTIME_init_manager
image_types.bbclass: tar: use posix format instead of gnu
Matt Hoosier (1):
bitbake: fetch/git: download LFS content too during do_fetch
Maxime Roussin-Bélanger (1):
meta: add missing descriptions in some support recipes
Michael Halstead (4):
releases: conf: add link to 3.2.1, update to include 3.2.1
releases: conf: add link to 3.1.5, update to include 3.2.1 & 3.1.5
uninative: Upgrade to 2.10
yocto-uninative.inc: version 2.11 updates glibc to 2.33
Michael Ho (2):
rootfs_ipk: allow do_populate_sdk in parallel to do_rootfs
license_image.bbclass: fix missing recipeinfo on self
Mike Looijmans (1):
license_image.bbclass: Don't attempt to symlink to the same file
Mikko Rapeli (1):
zip: whitelist CVE-2018-13410 and CVE-2018-13684
Milan Shah (2):
oe-pkgdata-util: Added a test to verify oe-pkgdata-util without parameters
bitbake: utils: add docstrings to functions
Mingli Yu (4):
kbd: fix transaction conflict
systemd: resolve executable path if it is relative
libpam: add ptest support
qemu: make ptest rework
Nathan Rossi (8):
gcc: Add patch to resolve i*86 tune configuration overrides
qemu.inc: Add seccomp PACKAGECONFIG option
ncurses: Prevent LDFLAGS being emitted in .pc files
which: add nativesdk to BBCLASSEXTEND
sed: add nativesdk to BBCLASSEXTEND
grep: add nativesdk to BBCLASSEXTEND
coreutils: enable xattrs by default for nativesdk
gcc: Backport patch to resolve i*86 tune configuration overrides
Naveen Saini (1):
gstreamer1.0-plugins-bad: fix msdk pkgconfig build failure
Oleksandr Kravchuk (4):
python3-smmap: update to 4.0.0
python3-numpy: update to 0.20.0
inetutils: update to 2.0
ell: update to 0.37
Oleksiy Obitotskyy (2):
flex: Fix --noline option behavior
dtc: improve reproducibility
Oleksiy Obitotskyy yIEf0zt.mo (1):
toolchain-shar-relocate.sh: Fix handling files with colons
Ovidiu Panait (5):
timezone: upgrade to 2020e
timezone: upgrade to 2020f
variables: Add documentation for KERNEL_DTC_FLAGS
kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags
timezone: upgrade to 2021a
Paul Barker (22):
bitbake.conf: Prevent pyc file generation in pseudo context
documentation: Simplify oe_wiki and oe_home links
documentation: Simplify layerindex and layer links
documentation: Simplify remaining yocto_home links
profile-manual: Simplify yocto_bugs link
ref-manual: Simplify oe_lists link
documentation: Use https links where possible
selftest: Add argument to keep build dir
wic: Add workdir argument
wic: Allow exec_native_cmd to run HOSTTOOLS
wic: Ensure internal workdir is not reused
image_types_wic: Move wic working directory
wic: Update pseudo db when excluding content from rootfs
wic: Copy rootfs dir if fstab needs updating
wic: Optimise fstab modification for ext2/3/4 and msdos partitions
bitbake: bitbake-hashclient: Remove obsolete call to client.connect
bitbake: hashserv: client: Fix handling of null responses
bitbake: hashserv: Support read-only server
bitbake: hashserv: Support upstream command line argument
bitbake: hashserv: Add short forms of remaining command line arguments
bitbake: hashserv: server: Support searching upstream for outhash
bitbake: hashserv: Add get-outhash message
Paul Eggleton (11):
classes/kernel-fitimage: add variable for description
classes/kernel-fitimage: allow substituting mkimage command
classes/kernel-fitimage: add ability to add additional signing options
oe-selftest: move FIT image tests to their own module
oe-selftest: fitimage: Test for FIT_DESC
oe-selftest: fitimage: add test for signing FIT images
classes: minor corrections to kernel-fitimage section
variables: clarify KERNEL_ALT_IMAGETYPE reference
variables: explicitly state that UBOOT_MKIMAGE_DTCOPTS is optional
variables: Add documentation for new kernel-fitimage vars
ref-manual: use consistent capitalisation of U-Boot
Paul Gortmaker (1):
systemd: dont spew hidepid mount errors for kernels < v5.8
Peter Bergin (1):
buildhistory.bbclass: avoid exception for empty BUILDHISTORY_FEATURES variable
Peter Kjellerstedt (7):
lib/oe/path: Add canonicalize()
bitbake.conf: Canonicalize paths in PSEUDO_IGNORE_PATHS
wic: Pass canonicalized paths in PSEUDO_IGNORE_PATHS
glibc: Make adjtime() for 32 bit support being called with delta == NULL
bitbake: cache: Make CoreRecipeInfo include rprovides_pkg for skipped recipes
bitbake: cooker: Include all packages a recipe provides in SkippedPackage.rprovides
apr-util: Only specify --with-dbm=gdbm if gdbm support is enabled
Quentin Schulz (1):
docs: fix missing & and ; surrounding references from poky.yaml
Randy Li (2):
meson: Add sysroot property to nativesdk-meson
meson: Don't turn string into a list in nativesdk
Richard Purdie (69):
pseudo: Drop patches merged into upstream branch
bitbake: data_smart: Ensure hash reflects vardepvalue flags correctly
linuxloader: Avoid confusing string concat errors
systemd: Ensure uid/gid ranges are set deterministically
grub: Fix build reproducibility issue
u-boot-tools: Fix reproducibility issue
grub: Add second fix for determinism issue
oeqa/commands: Ensure sync can be found regardless of PATH
cups: Mark CVE-2009-0032 as a non-issue
cups: Mark CVE-2008-1033 as a non-issue
groff: Fix reproducibility issue
man-db: Avoid reproducibility failures after fixing groff-native
meta-selftest/staticids: Add ids for other recipes
selftest/reproducible: Add useradd-staticids to reproducible builds tests
grub: Further reproducibility fix
man-db: Fix reproducibility issue
bitbake.conf: Add mkfifo to HOSTTOOLS
bitbake.conf: Add /run/ to PSEUDO_IGNORE_PATHS
ppp: Update 2.4.8 -> 2.4.9
ppp: Fix reproducibility issue
sanity: Bump min python version to 3.6
pseudo: Add lchmod wrapper
qemu: Upgrade 5.1.0->5.2.0
qemu: Drop vm reservation changes to resolve build issues
qemu: Fix mingw builds
qemu: Add some user space mmap tweaks to address musl 32 bit build issues
ppp: Fix patch typo
pseudo: Update for arm host and memleak fixes/cleanup
vulkan-samples: Fix reproducibility issue
vulkan-samples: Disable PCH for reproducibility
lttng-modules: Upgrade 2.12.3->2.12.4
lttng-modules: Drop gcc7 related patch
bash: Set HEREDOC_PIPESIZE deterministically
bash: Add makefile race workaround
build-appliance-image: Update to master head revision
bitbake: fetch2/perforce: Fix localfile to include ud.module
ncurses: Don't put terminfo into the sysroot
python3: Avoid installing test data into recipe-sysroot
staging: Clean up files installed into the sysroot
gobject-introspection: Fix variable override order
nativesdk-buildtools-perl-dummy: Add missing entries for nativesdk-automake
package_rpm: Clean up unset runtime package variable handling
bitbake.conf/python: Drop setting RDEPENDS/RPROVIDES default
native: Stop clearing PACKAGES
meta: Clean up various class-native* RDEPENDS overrides
gtk-doc: Disable dependencies in native case
pseudo: Update to include passwd and file renaming fixes
at: Upgrade 3.1.23 -> 3.2.1
msmtp: Fix to work with autoconf 2.70
ruby: Fix to work with autoconf 2.70
lrzsz: Fix to work with autoconf 2.70
Revert "sanity.bbclass: check if PSEUDO_IGNORE_PATHS and ${S} overlap"
image_types: Ensure tar archives are reproducible
qemu.inc: Should depend on qemu-system-native, not qemu-native
python3-setuptools: Add back accidentally dropped RDEPENDS
opkg: Fix build reproducibility issue
Revert "msmtp: Fix to work with autoconf 2.70"
grub: Backport fix to work with new binutils
package: Ensure do_packagedata is cleaned correctly
openssh: Backport a fix to fix with glibc 2.33 on some platforms
pseudo: Update to work with glibc 2.33
bitbake: bitbake-worker: Try and avoid potential short write events issues
apr: Fix to work with autoconf 2.70
bitbake: cooker: Ensure reparsing is handled correctly
bitbake: bblayers/action: When adding layers, catch BBHandledException
bitbake: bitbake: Bump release to 1.49.1
sanity.conf: Increase minimum bitbake version due to logging function change
Fix up bitbake logging compatibility
opkg: Fix patch glitches
Robert Rosengren (1):
mpg123: Add support for FPU-less targets
Robert Yang (10):
buildtools-tarball.bb: Fix PATH for environment setup script
ncurses: Make ncurses-tools depend on ncurses-terminfo-base
minicom: RDEPENDS on ncurses-terminfo-base
archiver.bbclass: Fix --runall=deploy_archives for images
ccache: Extend to nativesdk
ccache.bbclass: Set CCACHE_TEMPDIR
Revert "ccache.bbclass: use ccache from host distribution"
ccache.bbclass: Use ccache-native and disable ccache for native recipes
apt: Fix do_compile error when enable ccache
oeqa/selftest: binutils-cross-x86_64 -> libgcc-initial
Ross Burton (28):
wic-image-minimal: only depend on syslinux on x86 targets
syslinux: rewrite recipe so only target code is x86-specific
wic-tools: don't build syslinux-native for targets without syslinux
image-uefi.conf: add EFI arch variable
systemd-boot: build the EFI stub
systemd-boot: allow building for Arm targets
wic-tools: add grub-efi and systemd-boot on arm64
lib/oe/qa: handle the 'no specific instruction set' ELF e_machine value
local.conf: add aarch64 to the SDKMACHINE example values
kernel: set COMPATIBLE_HOST to *-linux
bitbake.conf: default SDKMACHINE to the build host architecture
diffstat: point the license checksum at the license
ruby: remove tcl DEPENDS
base: use URI instead of decodeurl when detecting unpack dependencies
lib/oe/package_manager: ensure repodata is wiped
core-image-sato-sdk-ptest: these images need ptest
ovmf-shell-image: image is only buildable on x86-64
bitbake: fetch2: handle empty elements in _param_str_split
bitbake: tests/fetch: add test for empty query parameters
Revert "lrzsz: Fix to work with autoconf 2.70"
unfs3: fix build with new autoconf
gnu-config: update to latest commit
autoconf: merge .bb and .inc files
autotools: don't warn about obsolete usage
autoconf: upgrade to 2.71
autotools: disable gtkdocize for now
autotools: remove intltoolize logic
autotools: no need to depend on gnu-config
Sakib Sajal (2):
buildstats.bbclass: add functionality to collect build system stats
linux-yocto*: add features/gpio/mockup.scc to KERNEL_FEATURES
Scott Branden (1):
kmod: update 27 -> 28
Scott Murray (3):
grub: fix "CVE:" line in one of the patches
patch: fix CVE-2019-20633
glibc: CVE-2019-25013
Shachar Menashe (1):
openssl: drop support for deprecated algorithms
Sinan Kaya (8):
gcsections: add more suppressions for SDK builds
sudo: split sudo binary into its own package
iproute2: split ip to individual package
procps: split ps and sysctl into individual packages
net-tools: split mii-tool into its own package
runqemu: Add support for VHD/VHDX rootfs
meta/classes: Add supprot for WIC<>VHD/VHDX conversion
appliance: Add VHD/VHDX generation
Steve Sakoman (2):
oeqa/selftest/cases/devtool.py: fix typo in ignore_patterns call
glibc: update to latest release/2.32/master branch
Tanu Kaskinen (6):
maintainers.inc: remove myself from maintainers
pulseaudio: Remove OE_LT_RPATH_ALLOW
pulseaudio: disable EsounD support
pulseaudio: disable GConf support
pulseaudio: switch build system from Autotools to Meson
pulseaudio: fix client.conf location
Teoh Jay Shen (4):
oeqa/terminal : improve the test case
oeqa/suspend : add test for suspend state
oeqa/ethernet_ip_connman : add test for network connections
oeqa/usb_hid.py : add test to check the usb/human interface device status after suspend state
Thomas Perrot (1):
go.bbclass: don't stage test data with sources of dependencies
Tim Orling (6):
python3-hypothesis: upgrade 5.41.4 -> 5.41.5
python3-importlib-metadata: upgrade 3.1.0 -> 3.1.1
python3-pygments: upgrade v2.7.2 -> v2.7.3
python3-setuptools: upgrade 50.3.2 -> 51.0.0
python3-setuptools-scm: add python3-toml dep
python3-packaging: upgrade 20.4 -> 20.8
Tomasz Dziendzielski (18):
populate_sdk_base: Fix condition syntax if SDK_RELOCATE_AFTER_INSTALL is disabled
lib/oe/utils: Return empty string in parallel_make
devtool: Fix source extraction for gcc shared source
externalsrc: Fix parsing error with devtool non-git sources
devtool: Fix file:// fetcher symlink directory structure
selftest/devtool: Add modify_localfiles_only test checking symlink path
meta: Fix native inheritance order in recipes
insane: Add test for native/nativesdk inherit order
lib/oe/package_manager: Do not pass stderr to package manager as an argument
externalsrc: Detect code changes in submodules
insane: Add missing INSANE_SKIP mechanism for native-last QA check
insane: native-last: Only print classes inherited after native/nativesdk
lib/oe/patch.py: Don't return command stderr from runcmd function
python3: Use addtask statement instead of task dependencies
lib/oe/patch.py: Ignore scissors line on applying patch
sstatesig: Add descriptive error message to getpwuid/getgrgid "uid/gid not found" KeyError
bitbake: lib/bb: Don't treat mc recipe (Midnight Commander) as a multiconfig target
bitbake: BBHandler: Don't classify shell functions that names start with "python*" as python function
Trevor Woerner (7):
mesa.inc: switch true/enabled false/disabled
mesa: update 20.2.4 -> 20.3.1
insane.bbclass: allow fifos
selftest-chown: add test for fifos
PSPLASH_FIFO_DIR: refactor
psplash: fix working on first boot (sysvinit)
psplash (sysvinit): add textual updates
Vinícius Ossanes Aquino (1):
cmake: Upgrade 3.19.2 -> 3.19.3
Vivien Didelot (4):
README.hardware: prettify headline
README.hardware: fix the dd command
meta-yocto-bsp: use provided variables
meta-yocto-bsp: use mmcblk0 for root partition
Vyacheslav Yurkov (1):
npm.bbclass: use python3 for npm config
Wang Mingyu (33):
libaio: upgrade 0.3.111 -> 0.3.112
readline: upgrade 8.0 -> 8.1
man-pages: upgrade 5.09 ->5.10
mobile-broadband-provider-info: upgrade 20190618 ->20201225
shared-mime-info: upgrade 2.0 -> 2.1
tiff: upgrade 4.1.0 -> 4.2.0
tcl: upgrade 8.6.10 -> 8.6.11
sysstat: upgrade 12.4.1 -> 12.4.2
nettle: upgrade 3.6 ->3.7
binutils: upgrade 2.35 -> 2.35.1
ed: upgrade 1.16 -> 1.17
ell: upgrade 0.35 -> 0.36
findutils: upgrade 4.7.0 -> 4.8.0
iproute2: upgrade 5.9.0 -> 5.10.0
gnupg: upgrade 2.2.26 -> 2.2.27
libpcap: upgrade 1.9.1 -> 1.10.0
libmodulemd: upgrade 2.11.1 -> 2.11.2
pulseaudio: upgrade 14.0 -> 14.2
btrfs-tools: upgrade 5.9 -> 5.10
gpgme: upgrade 1.15.0 -> 1.15.1
iptables: upgrade 1.8.6 -> 1.8.7
socat: upgrade 1.7.3.4 ->1.7.4.1
libcap: upgrade 2.46 -> 2.47
libjitterentropy: upgrade 3.0.0 -> 3.0.1
libsolv: upgrade 0.7.16 -> 0.7.17
ltp: upgrade 20200930 -> 20210121
stress-ng: upgrade 0.12.01 -> 0.12.02
util-macros: upgrade 1.19.2 -> 1.19.3
gtk-doc: upgrade 1.33.1 -> 1.33.2
e2fsprogs: upgrade 1.45.6 -> 1.45.7
bind: upgrade 9.16.10 -> 9.16.11
libdrm: upgrade 2.4.103 -> 2.4.104
parted: upgrade 3.3 -> 3.4
Yann Dirson (1):
libsdl2: upgrade to 2.0.14
Yi Fan Yu (6):
binutils: Fix CVE-2020-35448
oeqa/selftest/cases/tinfoil.py: increase timeout 10->60s test_wait_event
strace: increase ptest timeout duration 120->240s
sudo: upgrade 1.9.5p1 -> 1.9.5p2
glibc: fix CVE-2020-27618
glib-2.0: add workaround to fix codegen.py.test failing
Yi Zhao (7):
dhcpcd: upgrade 9.3.2 -> 9.3.4
dhcpcd: fix SECCOMP for i386
inetutils: add dnsdomainname to ALTERNATIVE
libcap: update 2.45 -> 2.46
libcap-ng: upgrade 0.8.1 -> 0.8.2
dhcpcd: upgrade 9.3.4 -> 9.4.0
rng-tools: upgrade 6.10 -> 6.11
Yoann Congal (2):
documentation: Fix a Concpets -> Concepts typo
documentation: Prevent building documentation with an outdated version of sphinx
Zhixiong Chi (1):
glibc: CVE-2020-29562 and CVE-2020-29573
akuster (4):
openssl: Enable srp algorithm
cve-check.bbclass: add layer to cve log
cve-check: add include/exclude layers
documentation.conf: add both CVE_CHECK_LAYER_*
hongxu (2):
apt: add nativesdk support
dpkg: add nativesdk support
saloni (2):
libgcrypt: Whitelisted CVEs
libcroco: Added CVE
zangrc (3):
bash: Rename patch name
systemtap: upgrade 4.3 -> 4.4
msmtp: upgrade 1.8.13 -> 1.8.14
zhengruoqin (11):
cantarell-fonts: upgrade 0.201 -> 0.301
gdbm: upgrade 1.18.1 -> 1.19
libarchive: upgrade 3.4.3 -> 3.5.1
libevdev: upgrade 1.10.0 -> 1.10.1
libgpg-error: upgrade 1.39 -> 1.41
libmodulemd: upgrade 2.11.2 -> 2.12.0
bison: upgrade 3.7.4 -> 3.7.5
ca-certificates: upgrade 20200601 -> 20210119
mc: upgrade 4.8.25 -> 4.8.26
sqlite3: upgrade 3.34.0 -> 3.34.1
python3-packaging: upgrade 20.8 -> 20.9
Revert "libpam: update 1.3.1 -> 1.5.1"
This reverts commit b0384720a46fb25c4ad180e3f256ffdeb53dc8a6.
OpenBMC is not ready for the removal of pam_cracklib and pam_tally2.
Until code is ready to move to new libs in libpam_1.5, carry a revert
in OpenBMC to stay at libpam_1.3.
openbmc/openbmc#3750 tracks this work
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I69357e370d7cf5c5d6dfedde11b88a4f797f7e95
diff --git a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
index 0dd8f02..f7d827a 100644
--- a/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/poky/meta/recipes-support/apr/apr-util_1.6.1.bb
@@ -19,10 +19,9 @@
SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
-EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
+EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
--without-odbc \
--without-pgsql \
- --with-dbm=gdbm \
--without-sqlite2 \
--with-expat=${STAGING_DIR_HOST}${prefix}"
@@ -69,7 +68,7 @@
PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl"
PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3"
-PACKAGECONFIG[gdbm] = "--with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
+PACKAGECONFIG[gdbm] = "--with-dbm=gdbm --with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
#files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN}
FILES_${PN} += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}"
diff --git a/poky/meta/recipes-support/apr/apr/autoconf270.patch b/poky/meta/recipes-support/apr/apr/autoconf270.patch
new file mode 100644
index 0000000..9f7b5c6
--- /dev/null
+++ b/poky/meta/recipes-support/apr/apr/autoconf270.patch
@@ -0,0 +1,22 @@
+With autoconf 2.70 confdefs.h is already included. Including it twice generates
+compiler warnings and since this macros is to error on warnings, it breaks.
+
+Fix by not including the file.
+
+Upstream-Status: Pending
+RP - 2021/1/28
+
+Index: apr-1.7.0/build/apr_common.m4
+===================================================================
+--- apr-1.7.0.orig/build/apr_common.m4
++++ apr-1.7.0/build/apr_common.m4
+@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
+ fi
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE(
+- [#include "confdefs.h"
+- ]
++ []
+ [[$1]]
+ [int main(int argc, const char *const *argv) {]
+ [[$2]]
diff --git a/poky/meta/recipes-support/apr/apr_1.7.0.bb b/poky/meta/recipes-support/apr/apr_1.7.0.bb
index 7073af8..f879e28 100644
--- a/poky/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/poky/meta/recipes-support/apr/apr_1.7.0.bb
@@ -1,4 +1,8 @@
SUMMARY = "Apache Portable Runtime (APR) library"
+DESCRIPTION = "The Apache Portable Runtime (APR) is a supporting library for the \
+Apache web server. It provides a set of APIs that map to the underlying \
+operating system (OS). Where the OS does not support a particular function, \
+APR will provide an emulation."
HOMEPAGE = "http://apr.apache.org/"
SECTION = "libs"
DEPENDS = "util-linux"
@@ -19,6 +23,7 @@
file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
+ file://autoconf270.patch \
"
SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
diff --git a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
index 6299878..f1d931b 100644
--- a/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
+++ b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
@@ -1,4 +1,8 @@
SUMMARY = "GNU Aspell spell-checker"
+DESCRIPTION = "GNU Aspell is a spell-checker which can be used either as a \
+standalone application or embedded in other programs. Its main feature is that \
+it does a much better job of suggesting possible spellings than just about any \
+other spell-checker available for the English language"
SECTION = "console/utils"
LICENSE = "LGPLv2 | LGPLv2.1"
diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
index 88add83..a065795 100644
--- a/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
+++ b/poky/meta/recipes-support/atk/at-spi2-core_2.38.0.bb
@@ -1,4 +1,6 @@
SUMMARY = "Assistive Technology Service Provider Interface (dbus core)"
+DESCRIPTION = "At-Spi2 is a protocol over DBus, toolkit widgets use it to \
+provide their content to screen readers such as Orca."
HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus"
LICENSE = "LGPL-2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
diff --git a/poky/meta/recipes-support/attr/acl_2.2.53.bb b/poky/meta/recipes-support/attr/acl_2.2.53.bb
index 5bb50f7..b120c1f 100644
--- a/poky/meta/recipes-support/attr/acl_2.2.53.bb
+++ b/poky/meta/recipes-support/attr/acl_2.2.53.bb
@@ -1,5 +1,7 @@
SUMMARY = "Utilities for managing POSIX Access Control Lists"
HOMEPAGE = "http://savannah.nongnu.org/projects/acl/"
+DESCRIPTION = "ACL allows you to provide different levels of access to files \
+and folders for different users."
SECTION = "libs"
LICENSE = "LGPLv2.1+ & GPLv2+"
diff --git a/poky/meta/recipes-support/attr/attr.inc b/poky/meta/recipes-support/attr/attr.inc
index 0c3330a..97bca46 100644
--- a/poky/meta/recipes-support/attr/attr.inc
+++ b/poky/meta/recipes-support/attr/attr.inc
@@ -1,4 +1,8 @@
SUMMARY = "Utilities for manipulating filesystem extended attributes"
+DESCRIPTION = "A set of tools for manipulating extended attributes on filesystem \
+objects, in particular getfattr(1) and setfattr(1). An attr(1) command \
+is also provided which is largely compatible with the SGI IRIX tool of \
+the same name."
HOMEPAGE = "http://savannah.nongnu.org/projects/attr/"
SECTION = "libs"
diff --git a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
index bab8a01..f00e0fc 100644
--- a/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
+++ b/poky/meta/recipes-support/bash-completion/bash-completion_2.11.bb
@@ -1,4 +1,6 @@
SUMMARY = "Programmable Completion for Bash 4"
+DESCRIPTION = "bash completion extends bash's standard completion behavior to \
+achieve complex command lines with just a few keystrokes."
HOMEPAGE = "https://github.com/scop/bash-completion"
BUGTRACKER = "https://github.com/scop/bash-completion/issues"
diff --git a/poky/meta/recipes-support/boost/boost-1.74.0.inc b/poky/meta/recipes-support/boost/boost-1.75.0.inc
similarity index 90%
rename from poky/meta/recipes-support/boost/boost-1.74.0.inc
rename to poky/meta/recipes-support/boost/boost-1.75.0.inc
index b47fdaf..e5a8488 100644
--- a/poky/meta/recipes-support/boost/boost-1.74.0.inc
+++ b/poky/meta/recipes-support/boost/boost-1.75.0.inc
@@ -12,7 +12,7 @@
BOOST_P = "boost_${BOOST_VER}"
SRC_URI = "https://dl.bintray.com/boostorg/release/${PV}/source/${BOOST_P}.tar.bz2"
-SRC_URI[sha256sum] = "83bfc1507731a0906e387fc28b7ef5417d591429e51e788417fe9ff025e116b1"
+SRC_URI[sha256sum] = "953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb"
UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
UPSTREAM_CHECK_REGEX = "boostorg/release/(?P<pver>.*)/source/"
diff --git a/poky/meta/recipes-support/boost/boost.inc b/poky/meta/recipes-support/boost/boost.inc
index cbf9cad..c9bb178 100644
--- a/poky/meta/recipes-support/boost/boost.inc
+++ b/poky/meta/recipes-support/boost/boost.inc
@@ -59,10 +59,13 @@
python __anonymous () {
packages = []
extras = []
+ pn = d.getVar("PN")
mlprefix = d.getVar("MLPREFIX")
for lib in d.getVar('BOOST_LIBS').split():
extras.append("--with-%s" % lib)
pkg = "boost-%s" % (lib.replace("_", "-"))
+ if "-native" in pn:
+ pkg = pkg + "-native"
packages.append(mlprefix + pkg)
if not d.getVar("FILES_%s" % pkg):
d.setVar("FILES_%s%s" % (mlprefix, pkg), "${libdir}/libboost_%s*.so.*" % lib)
diff --git a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch b/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch
deleted file mode 100644
index 1699063..0000000
--- a/poky/meta/recipes-support/boost/boost/0001-Apply-boost-1.62.0-no-forced-flags.patch.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 8845a786598f1d9e83aa1b7d2966b0d1eb765ba0 Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Tue, 13 Dec 2016 10:14:31 -0700
-Subject: [PATCH 1/3] Apply boost-1.62.0-no-forced-flags.patch
-
-Upstream-Status: Inappropriate
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
----
- libs/log/build/Jamfile.v2 | 4 ++--
- libs/log/config/x86-ext/Jamfile.jam | 16 ++++++++--------
- libs/log/src/dump_avx2.cpp | 4 ++++
- libs/log/src/dump_ssse3.cpp | 4 ++++
- 4 files changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libs/log/build/Jamfile.v2 b/libs/log/build/Jamfile.v2
-index 4abbdbc..b3016fc 100644
---- a/libs/log/build/Jamfile.v2
-+++ b/libs/log/build/Jamfile.v2
-@@ -373,7 +373,7 @@ rule avx2-targets-cond ( properties * )
- }
- else if <toolset>clang in $(properties)
- {
-- result = <cxxflags>"-mavx -mavx2" ;
-+ result = <cxxflags> ;
- }
- else if <toolset>intel in $(properties)
- {
-@@ -383,7 +383,7 @@ rule avx2-targets-cond ( properties * )
- }
- else
- {
-- result = <cxxflags>"-xCORE-AVX2 -fabi-version=0" ;
-+ result = <cxxflags>"-fabi-version=0" ;
- }
- }
- else if <toolset>msvc in $(properties)
-diff --git a/libs/log/config/x86-ext/Jamfile.jam b/libs/log/config/x86-ext/Jamfile.jam
-index 0e9695a..dcc394d 100644
---- a/libs/log/config/x86-ext/Jamfile.jam
-+++ b/libs/log/config/x86-ext/Jamfile.jam
-@@ -15,19 +15,19 @@ project /boost/log/x86-extensions
-
- obj ssse3 : ssse3.cpp
- :
-- <toolset>gcc:<cxxflags>"-msse -msse2 -msse3 -mssse3"
-- <toolset>clang:<cxxflags>"-msse -msse2 -msse3 -mssse3"
-- <toolset>intel-linux:<cxxflags>"-xSSSE3"
-- <toolset>intel-darwin:<cxxflags>"-xSSSE3"
-+ <toolset>gcc:<cxxflags>
-+ <toolset>clang:<cxxflags>
-+ <toolset>intel-linux:<cxxflags>
-+ <toolset>intel-darwin:<cxxflags>
- <toolset>intel-win:<cxxflags>"/QxSSSE3"
- ;
-
- obj avx2 : avx2.cpp
- :
-- <toolset>gcc:<cxxflags>"-mavx -mavx2 -fabi-version=0"
-- <toolset>clang:<cxxflags>"-mavx -mavx2"
-- <toolset>intel-linux:<cxxflags>"-xCORE-AVX2 -fabi-version=0"
-- <toolset>intel-darwin:<cxxflags>"-xCORE-AVX2 -fabi-version=0"
-+ <toolset>gcc:<cxxflags>"-fabi-version=0"
-+ <toolset>clang:<cxxflags>
-+ <toolset>intel-linux:<cxxflags>"-fabi-version=0"
-+ <toolset>intel-darwin:<cxxflags>"-fabi-version=0"
- <toolset>intel-win:<cxxflags>"/arch:CORE-AVX2"
- <toolset>msvc:<cxxflags>"/arch:AVX"
- ;
-diff --git a/libs/log/src/dump_avx2.cpp b/libs/log/src/dump_avx2.cpp
-index 4ab1250..610fc6d 100644
---- a/libs/log/src/dump_avx2.cpp
-+++ b/libs/log/src/dump_avx2.cpp
-@@ -22,6 +22,10 @@
- #include <boost/cstdint.hpp>
- #include <boost/log/detail/header.hpp>
-
-+#if !defined(__AVX2__)
-+#error "AVX2 Unsupported!"
-+#endif
-+
- #if defined(__x86_64) || defined(__x86_64__) || \
- defined(__amd64__) || defined(__amd64) || \
- defined(_M_X64)
-diff --git a/libs/log/src/dump_ssse3.cpp b/libs/log/src/dump_ssse3.cpp
-index 1325b49..60d4112 100644
---- a/libs/log/src/dump_ssse3.cpp
-+++ b/libs/log/src/dump_ssse3.cpp
-@@ -22,6 +22,10 @@
- #include <boost/cstdint.hpp>
- #include <boost/log/detail/header.hpp>
-
-+#if !defined(__SSSE3__)
-+#error "SSSE3 Unsupported!"
-+#endif
-+
- #if defined(__x86_64) || defined(__x86_64__) || \
- defined(__amd64__) || defined(__amd64) || \
- defined(_M_X64)
---
-2.8.0
diff --git a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch b/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch
deleted file mode 100644
index fe85c69..0000000
--- a/poky/meta/recipes-support/boost/boost/arm-intrinsics.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Upstream-Status: Backport
-
-8/17/2010 - rebased to 1.44 by Qing He <qing.he@intel.com>
-
-diff --git a/boost/smart_ptr/detail/atomic_count_sync.hpp b/boost/smart_ptr/detail/atomic_count_sync.hpp
-index b6359b5..78b1cc2 100644
---- a/boost/smart_ptr/detail/atomic_count_sync.hpp
-+++ b/boost/smart_ptr/detail/atomic_count_sync.hpp
-@@ -33,17 +33,46 @@ public:
-
- long operator++()
- {
-+#ifdef __ARM_ARCH_7A__
-+ int v1, tmp;
-+ asm volatile ("1: \n\t"
-+ "ldrex %0, %1 \n\t"
-+ "add %0 ,%0, #1 \n\t"
-+ "strex %2, %0, %1 \n\t"
-+ "cmp %2, #0 \n\t"
-+ "bne 1b \n\t"
-+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+ );
-+#else
- return __sync_add_and_fetch( &value_, 1 );
-+#endif
- }
-
- long operator--()
- {
-+#ifdef __ARM_ARCH_7A__
-+ int v1, tmp;
-+ asm volatile ("1: \n\t"
-+ "ldrex %0, %1 \n\t"
-+ "sub %0 ,%0, #1 \n\t"
-+ "strex %2, %0, %1 \n\t"
-+ "cmp %2, #0 \n\t"
-+ "bne 1b \n\t"
-+ : "=&r" (v1), "+Q"(value_), "=&r"(tmp)
-+ );
-+ return value_;
-+#else
- return __sync_add_and_fetch( &value_, -1 );
-+#endif
- }
-
- operator long() const
- {
-+#if __ARM_ARCH_7A__
-+ return value_;
-+#else
- return __sync_fetch_and_add( &value_, 0 );
-+#endif
- }
-
- private:
diff --git a/poky/meta/recipes-support/boost/boost_1.74.0.bb b/poky/meta/recipes-support/boost/boost_1.75.0.bb
similarity index 77%
rename from poky/meta/recipes-support/boost/boost_1.74.0.bb
rename to poky/meta/recipes-support/boost/boost_1.75.0.bb
index b01b390..23b0ffc 100644
--- a/poky/meta/recipes-support/boost/boost_1.74.0.bb
+++ b/poky/meta/recipes-support/boost/boost_1.75.0.bb
@@ -1,10 +1,9 @@
require boost-${PV}.inc
require boost.inc
-SRC_URI += "file://arm-intrinsics.patch \
+SRC_URI += " \
file://boost-CVE-2012-2677.patch \
file://boost-math-disable-pch-for-gcc.patch \
- file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \
file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
file://0001-dont-setup-compiler-flags-m32-m64.patch \
file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
deleted file mode 100644
index aa2c85f..0000000
--- a/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 28 Aug 2019 19:18:14 +0200
-Subject: [PATCH] certdata2pem.py: use python3
-
-Comments in that file imply it is already py3 compatible.
-
-Upstream-Status: Pending
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- mozilla/Makefile | 2 +-
- mozilla/certdata2pem.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mozilla/Makefile b/mozilla/Makefile
-index 6f46118..f98877c 100644
---- a/mozilla/Makefile
-+++ b/mozilla/Makefile
-@@ -3,7 +3,7 @@
- #
-
- all:
-- python certdata2pem.py
-+ python3 certdata2pem.py
-
- clean:
- -rm -f *.crt
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index 0b02b2a..7d796f1 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
- # vim:set et sw=4:
- #
- # certdata2pem.py - splits certdata.txt into multiple files
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
similarity index 96%
rename from poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
rename to poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
index 6f39df7..888a235 100644
--- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb
+++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
@@ -14,7 +14,7 @@
# Need rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
-SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b"
+SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
file://0002-update-ca-certificates-use-SYSROOT.patch \
@@ -23,7 +23,6 @@
file://default-sysroot.patch \
file://sbindir.patch \
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
- file://0001-certdata2pem.py-use-python3.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
diff --git a/poky/meta/recipes-support/curl/curl_7.73.0.bb b/poky/meta/recipes-support/curl/curl_7.74.0.bb
similarity index 97%
rename from poky/meta/recipes-support/curl/curl_7.73.0.bb
rename to poky/meta/recipes-support/curl/curl_7.74.0.bb
index 0f26b0f..873bbe8 100644
--- a/poky/meta/recipes-support/curl/curl_7.73.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.74.0.bb
@@ -9,7 +9,7 @@
file://0001-replace-krb5-config-with-pkg-config.patch \
"
-SRC_URI[sha256sum] = "cf34fe0b07b800f1c01a499a6e8b2af548f6d0e044dca4a29d88a4bee146d131"
+SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb
similarity index 82%
rename from poky/meta/recipes-support/diffoscope/diffoscope_161.bb
rename to poky/meta/recipes-support/diffoscope/diffoscope_164.bb
index 0f566a3..7707c44 100644
--- a/poky/meta/recipes-support/diffoscope/diffoscope_161.bb
+++ b/poky/meta/recipes-support/diffoscope/diffoscope_164.bb
@@ -7,7 +7,7 @@
inherit pypi setuptools3
-SRC_URI[sha256sum] = "9c27d60a7bf3984b53c8af3fee86eb3d3e2292c4ddb9449c38b6cba068b8e22c"
+SRC_URI[sha256sum] = "bc269a39ec72261d9fead55bd951f6cbbe3d2ccce1481f974665999a5b141fff"
RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic"
diff --git a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
similarity index 89%
rename from poky/meta/recipes-support/enchant/enchant2_2.2.13.bb
rename to poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
index 3b890e7..05e84fc 100644
--- a/poky/meta/recipes-support/enchant/enchant2_2.2.13.bb
+++ b/poky/meta/recipes-support/enchant/enchant2_2.2.15.bb
@@ -9,7 +9,7 @@
inherit autotools pkgconfig
SRC_URI = "https://github.com/AbiWord/enchant/releases/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = "eab9f90d79039133660029616e2a684644bd524be5dc43340d4cfc3fb3c68a20"
+SRC_URI[sha256sum] = "3b0f2215578115f28e2a6aa549b35128600394304bd79d6f28b0d3b3d6f46c03"
UPSTREAM_CHECK_URI = "https://github.com/AbiWord/enchant/releases"
diff --git a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch b/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch
deleted file mode 100644
index c158041..0000000
--- a/poky/meta/recipes-support/gdbm/files/gdbm-fix-link-failure-against-gcc-10.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From f993697af81c37df9c55e0ebedeb1b8b880506ae Mon Sep 17 00:00:00 2001
-From: Richard Leitner <richard.leitner@skidata.com>
-Date: Tue, 5 May 2020 11:59:42 +0200
-Subject: [PATCH] gdbm: fix link failure against gcc-10
-
-Copied from gentoo's solution at https://bugs.gentoo.org/show_bug.cgi?id=705898
-Original patch by Sergei Trofimovich <slyfox@gentoo.org>
-
-Original description:
-
-Before the change on gcc-10 link failed as:
-```
- CCLD gdbmtool
-ld: ./libgdbmapp.a(parseopt.o):(.bss+0x8): multiple definition of `parseopt_program_args';
- gdbmtool.o:(.data.rel.local+0x260): first defined here
-ld: ./libgdbmapp.a(parseopt.o):(.bss+0x10): multiple definition of `parseopt_program_doc';
- gdbmtool.o:(.data.rel.local+0x268): first defined here
-```
-
-gcc-10 will change the default from -fcommon to fno-common:
- https://gcc.gnu.org/PR85678.
-
-The fix is to avoid multiple definition and rely on
-declarations only.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
----
- src/parseopt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/src/parseopt.c b/src/parseopt.c
-index 268e080..a4c8576 100644
---- a/src/parseopt.c
-+++ b/src/parseopt.c
-@@ -255,8 +255,6 @@ print_option_descr (const char *descr, size_t lmargin, size_t rmargin)
- }
-
- char *parseopt_program_name;
--char *parseopt_program_doc;
--char *parseopt_program_args;
- const char *program_bug_address = "<" PACKAGE_BUGREPORT ">";
- void (*parseopt_help_hook) (FILE *stream);
-
---
-2.26.2
-
diff --git a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb
similarity index 84%
rename from poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb
rename to poky/meta/recipes-support/gdbm/gdbm_1.19.bb
index fbb1fe7..1f390a4 100644
--- a/poky/meta/recipes-support/gdbm/gdbm_1.18.1.bb
+++ b/poky/meta/recipes-support/gdbm/gdbm_1.19.bb
@@ -8,11 +8,10 @@
SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \
file://run-ptest \
file://ptest.patch \
- file://gdbm-fix-link-failure-against-gcc-10.patch \
"
-SRC_URI[md5sum] = "988dc82182121c7570e0cb8b4fcd5415"
-SRC_URI[sha256sum] = "86e613527e5dba544e73208f42b78b7c022d4fa5a6d5498bf18c8d6f745b91dc"
+SRC_URI[md5sum] = "aeb29c6a90350a4c959cd1df38cd0a7e"
+SRC_URI[sha256sum] = "37ed12214122b972e18a0d94995039e57748191939ef74115b1d41d8811364bc"
inherit autotools gettext texinfo lib_package ptest
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index c641a19..a0af2d4 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 56343af532389c31eab32c096c9a989c53c78ce0 Mon Sep 17 00:00:00 2001
+From abc5c396aaddaef2e6811362e3e0cc0da28c2b34 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 1d05d39..eaaf33c 100644
+index 64cb8c6..3fe9027 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1858,7 +1858,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1824,7 +1824,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
index 607a09f..a13b4d5 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
@@ -1,4 +1,4 @@
-From 9a901dbb1c48685f2db6d7b55916c9484e871f16 Mon Sep 17 00:00:00 2001
+From 6c75656b68cb6e38b039ae532bd39437cd6daec5 Mon Sep 17 00:00:00 2001
From: Saul Wold <sgw@linux.intel.com>
Date: Wed, 16 Aug 2017 11:18:01 +0800
Subject: [PATCH] dirmngr uses libgpg error
@@ -11,20 +11,18 @@
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- dirmngr/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ dirmngr/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 208a813..292c036 100644
+index 00d3c42..450d873 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
-@@ -90,7 +90,8 @@ endif
- dirmngr_LDADD = $(libcommonpth) \
+@@ -101,6 +101,7 @@ dirmngr_LDADD = $(libcommonpth) \
$(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
-- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
-+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
-+ $(GPG_ERROR_LIBS)
+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
++ $(GPG_ERROR_LIBS) \
+ $(dirmngr_robj)
if USE_LDAP
dirmngr_LDADD += $(ldaplibs)
- endif
diff --git a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
index aa8d1e3..7f7812c 100644
--- a/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/poky/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 4005b3342db06749453835720b5a5c2392a90810 Mon Sep 17 00:00:00 2001
+From bd66af2ac7bb6d9294ac8055a55462ba7c4f9c9b Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
similarity index 96%
rename from poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb
rename to poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
index c624b67..8b5fc99 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.23.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.27.bb
@@ -20,7 +20,7 @@
file://relocate.patch"
SRC_URI_append_class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c"
+SRC_URI[sha256sum] = "34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
diff --git a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
index 34c8985..6eb1edb 100644
--- a/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
+++ b/poky/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -1,3 +1,8 @@
+From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001
+From: Joe Slater <jslater@windriver.com>
+Date: Wed, 25 Jan 2017 13:52:59 -0800
+Subject: [PATCH] gnutls: account for ARM_EABI
+
Certain syscall's are not availabe for arm-eabi, so we eliminate
reference to them.
@@ -5,12 +10,18 @@
Signed-off-by: Joe Slater <jslater@windriver.com>
+---
+ tests/seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/seccomp.c b/tests/seccomp.c
+index ed14d00..3c5b726 100644
--- a/tests/seccomp.c
+++ b/tests/seccomp.c
-@@ -49,7 +49,9 @@ int disable_system_calls(void)
- }
+@@ -53,7 +53,9 @@ int disable_system_calls(void)
ADD_SYSCALL(nanosleep, 0);
+ ADD_SYSCALL(clock_nanosleep, 0);
+#if ! defined(__ARM_EABI__)
ADD_SYSCALL(time, 0);
+#endif
diff --git a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
similarity index 95%
rename from poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb
rename to poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
index b936db5..e3ca86b 100644
--- a/poky/meta/recipes-support/gnutls/gnutls_3.6.15.bb
+++ b/poky/meta/recipes-support/gnutls/gnutls_3.7.0.bb
@@ -21,7 +21,7 @@
file://arm_eabi.patch \
"
-SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558"
+SRC_URI[sha256sum] = "49e2a22691d252c9f24a9829b293a8f359095bc5a818351f05f1c0a5188a1df8"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
diff --git a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
index 0ed4eb6..0c15cc7 100644
--- a/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
+++ b/poky/meta/recipes-support/gpgme/gpgme/0001-Revert-build-Make-gpgme.m4-use-gpgrt-config-with-.pc.patch
@@ -11,11 +11,11 @@
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- src/gpgme.m4 | 58 ++++++++++------------------------------------------------
+ src/gpgme.m4 | 58 +++++++++-------------------------------------------
1 file changed, 10 insertions(+), 48 deletions(-)
diff --git a/src/gpgme.m4 b/src/gpgme.m4
-index 2a72f18..6c2be44 100644
+index c749a5d..8579146 100644
--- a/src/gpgme.m4
+++ b/src/gpgme.m4
@@ -1,5 +1,5 @@
@@ -29,7 +29,7 @@
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
--# Last-changed: 2018-11-12
+-# Last-changed: 2020-11-20
+# Last-changed: 2014-10-02
@@ -130,5 +130,5 @@
ifelse([$2], , :, [$2])
_AM_PATH_GPGME_CONFIG_HOST_CHECK
--
-2.7.4
+2.25.1
diff --git a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
similarity index 97%
rename from poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb
rename to poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
index 9264af8..dc38aa8 100644
--- a/poky/meta/recipes-support/gpgme/gpgme_1.15.0.bb
+++ b/poky/meta/recipes-support/gpgme/gpgme_1.15.1.bb
@@ -22,7 +22,7 @@
file://0008-do-not-auto-check-var-PYTHON.patch \
"
-SRC_URI[sha256sum] = "0b472bc12c7d455906c8a539ec56da0a6480ef1c3a87aa5b74d7125df68d0e5b"
+SRC_URI[sha256sum] = "eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad"
DEPENDS = "libgpg-error libassuan"
RDEPENDS_${PN}-cpp += "libstdc++"
diff --git a/poky/meta/recipes-support/icu/icu_68.1.bb b/poky/meta/recipes-support/icu/icu_68.2.bb
similarity index 96%
rename from poky/meta/recipes-support/icu/icu_68.1.bb
rename to poky/meta/recipes-support/icu/icu_68.2.bb
index 98aa6b7..1ca87fe 100644
--- a/poky/meta/recipes-support/icu/icu_68.1.bb
+++ b/poky/meta/recipes-support/icu/icu_68.2.bb
@@ -112,8 +112,8 @@
SRC_URI_append_class-target = "\
file://0001-Disable-LDFLAGSICUDT-for-Linux.patch \
"
-SRC_URI[code.sha256sum] = "a9f2e3d8b4434b8e53878b4308bd1e6ee51c9c7042e2b1a376abefb6fbb29f2d"
-SRC_URI[data.sha256sum] = "03ea8b4694155620548c8c0ba20444f1e7db246cc79e3b9c4fc7a960b160d510"
+SRC_URI[code.sha256sum] = "c79193dee3907a2199b8296a93b52c5cb74332c26f3d167269487680d479d625"
+SRC_URI[data.sha256sum] = "2989b466fa010edc41297e12fdd5ae47c2610ad68b63af1a0bd2a1acfaf497f3"
UPSTREAM_CHECK_REGEX = "icu4c-(?P<pver>\d+(_\d+)+)-src"
UPSTREAM_CHECK_URI = "https://github.com/unicode-org/icu/releases"
diff --git a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
index 5f358f4..c52aa79 100644
--- a/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
+++ b/poky/meta/recipes-support/itstool/itstool_2.0.6.bb
@@ -18,4 +18,3 @@
BBCLASSEXTEND = "native nativesdk"
RDEPENDS_${PN} += "libxml2-python"
-RDEPENDS_${PN}_class-native = ""
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb
similarity index 100%
rename from poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.1.bb
rename to poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.2.bb
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
index a312b60..8c52b5d 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
@@ -7,10 +7,10 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
-SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
+SRC_URI = "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
file://python.patch \
"
-SRC_URI[sha256sum] = "f06b17aaca029e245c9a26c698c6cc8a1cf42b58483d93e94ee02b478bdc1055"
+SRC_URI[sha256sum] = "52c083b77c2b0d8449dee141f9c3eba76e6d4c5ad44ef05df25891126cb85ae9"
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb
similarity index 100%
rename from poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.1.bb
rename to poky/meta/recipes-support/libcap-ng/libcap-ng_0.8.2.bb
diff --git a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
index 3c737b8..d2653af 100644
--- a/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
+++ b/poky/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
@@ -1,4 +1,4 @@
-From c22c6c16362c7dbc8d6faea06edee5e07759c5fa Mon Sep 17 00:00:00 2001
+From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 15 Jan 2020 17:16:28 +0100
Subject: [PATCH] tests: do not statically link a test
@@ -7,7 +7,6 @@
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
---
progs/Makefile | 2 +-
tests/Makefile | 4 ++--
@@ -27,7 +26,7 @@
sudotest: test tcapsh-static
sudo $(LDPATH) ./quicktest.sh
diff --git a/tests/Makefile b/tests/Makefile
-index 3431df9..727fb86 100644
+index 01f7589..094ec57 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes)
@@ -36,7 +35,7 @@
else
-LDFLAGS += --static
+LDFLAGS +=
- DEPS=../libcap/libcap.a ../progs/tcapsh-static
+ DEPS=../libcap/libcap.a
ifeq ($(PTHREADS),yes)
DEPS += ../libcap/libpsx.a
@@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS)
@@ -48,3 +47,6 @@
clean:
rm -f psx_test libcap_psx_test libcap_launch_test *~
+--
+2.17.1
+
diff --git a/poky/meta/recipes-support/libcap/libcap_2.45.bb b/poky/meta/recipes-support/libcap/libcap_2.47.bb
similarity index 95%
rename from poky/meta/recipes-support/libcap/libcap_2.45.bb
rename to poky/meta/recipes-support/libcap/libcap_2.47.bb
index 067ba32..bc4754e 100644
--- a/poky/meta/recipes-support/libcap/libcap_2.45.bb
+++ b/poky/meta/recipes-support/libcap/libcap_2.47.bb
@@ -12,7 +12,7 @@
file://0002-tests-do-not-run-target-executables.patch \
file://0001-tests-do-not-statically-link-a-test.patch \
"
-SRC_URI[sha256sum] = "d66639f765c0e10557666b00f519caf0bd07a95f867dddaee131cd284fac3286"
+SRC_URI[sha256sum] = "af165df45f9fe8b315164ec7143740947489f36ccbe6999b6cdf86e7a8dca04b"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
diff --git a/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 0000000..42f92e3
--- /dev/null
+++ b/poky/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,192 @@
+From fdf78a4877afa987ba646a8779b513f258e6d04c Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Fri, 31 Jul 2020 15:21:53 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+Fixes #8
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+
+CVE: CVE-2020-12825
+Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
+Comment: No refreshing changes done.
+Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
+
+---
+ src/cr-parser.c | 44 +++++++++++++++++++++++++++++---------------
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..f4a62e3 100644
+--- a/src/cr-parser.c
++++ b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+ * IS_NUM:
+ *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+ FALSE);
+ goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+ *in chapter 4.1 of the css2 spec.
+ *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+ *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+ *FIXME: code this function.
+ */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++ return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
+@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ } else {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ }
+@@ -1109,7 +1118,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+ ref++;
+ goto continue_parsing;
+@@ -1123,7 +1132,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ if (status == CR_OK) {
+ ref++;
+ goto continue_parsing;
+@@ -1162,10 +1171,12 @@ cr_parser_parse_value_core (CRParser * a_this)
+ * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
+ *
+ *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+ *@return CR_OK upon successfull completion, an error code otherwise.
+ */
+ static enum CRStatus
+-cr_parser_parse_any_core (CRParser * a_this)
++cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls)
+ {
+ CRToken *token1 = NULL,
+ *token2 = NULL;
+@@ -1174,6 +1185,9 @@ cr_parser_parse_any_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++ return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
+@@ -1212,7 +1226,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ *We consider parameter as being an "any*" production.
+ */
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1237,7 +1251,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ }
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1265,7 +1279,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ }
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
diff --git a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
index 9171a9d..a443ff2 100644
--- a/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
+++ b/poky/meta/recipes-support/libcroco/libcroco_0.6.13.bb
@@ -18,3 +18,6 @@
SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce"
SRC_URI[archive.sha256sum] = "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4"
+
+SRC_URI +="file://CVE-2020-12825.patch \
+"
diff --git a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
similarity index 85%
rename from poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb
rename to poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
index 2620cbe..353ded6 100644
--- a/poky/meta/recipes-support/libevdev/libevdev_1.10.0.bb
+++ b/poky/meta/recipes-support/libevdev/libevdev_1.10.1.bb
@@ -8,7 +8,7 @@
SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \
file://determinism.patch"
-SRC_URI[sha256sum] = "3522c26e2c148be0ad68ce26fbced408a4185dea90bfe8079dc82b8ace962d4a"
+SRC_URI[sha256sum] = "0330fe8357ece915db9366c1b9a6648941aea6f724b73ad6e71401127aa08932"
inherit autotools pkgconfig
diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch
new file mode 100644
index 0000000..2a48844
--- /dev/null
+++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0198.patch
@@ -0,0 +1,66 @@
+From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 30 Dec 2020 10:22:47 +0800
+Subject: [PATCH] fixed another unsigned integer overflow
+
+first fixed by google in android fork,
+https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
+
+(use a more generic overflow check method, also check second overflow instance.)
+
+https://security-tracker.debian.org/tracker/CVE-2020-0198
+
+Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c]
+CVE: CVE-2020-0198
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libexif/exif-data.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 8b280d3..34d58fc 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -47,6 +47,8 @@
+ #undef JPEG_MARKER_APP1
+ #define JPEG_MARKER_APP1 0xe1
+
++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
++
+ static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
+
+ struct _ExifDataPrivate
+@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
+ return;
+ }
+- if (s > ds - o) {
++ if (CHECKOVERFLOW(o,ds,s)) {
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
+ return;
+ }
+@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ }
+
+ /* Read the number of entries */
+- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
++ if (CHECKOVERFLOW(offset, ds, 2)) {
+ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+- "Tag data past end of buffer (%u > %u)", offset+2, ds);
++ "Tag data past end of buffer (%u+2 > %u)", offset, ds);
+ return;
+ }
+ n = exif_get_short (d + offset, data->priv->order);
+@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ offset += 2;
+
+ /* Check if we have enough data. */
+- if (offset + 12 * n > ds) {
++ if (CHECKOVERFLOW(offset, ds, 12*n)) {
+ n = (ds - offset) / 12;
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ "Short data; only loading %hu entries...", n);
+--
+2.17.1
+
diff --git a/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch
new file mode 100644
index 0000000..a117b8b
--- /dev/null
+++ b/poky/meta/recipes-support/libexif/files/CVE-2020-0452.patch
@@ -0,0 +1,39 @@
+From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 30 Dec 2020 10:18:51 +0800
+Subject: [PATCH] fixed a incorrect overflow check that could be optimized
+ away.
+
+inspired by:
+https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b
+
+https://source.android.com/security/bulletin/2020-11-01
+
+CVE-2020-0452
+
+Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06]
+CVE: CVE-2020-0452
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libexif/exif-entry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
+index 5de215f..3a6ce84 100644
+--- a/libexif/exif-entry.c
++++ b/libexif/exif-entry.c
+@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
+ {
+ unsigned char *utf16;
+
+- /* Sanity check the size to prevent overflow */
+- if (e->size+sizeof(uint16_t)+1 < e->size) break;
++ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
++ if (e->size >= 65536 - sizeof(uint16_t)*2) break;
+
+ /* The tag may not be U+0000-terminated , so make a local
+ U+0000-terminated copy before converting it */
+--
+2.17.1
+
diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
index 2478ba0..dc30926 100644
--- a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
+++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb
@@ -8,6 +8,8 @@
return "_".join(v.split("."))
SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \
+ file://CVE-2020-0198.patch \
+ file://CVE-2020-0452.patch \
"
SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56"
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
index 0cad41d..7db624a 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
@@ -28,6 +28,9 @@
"
SRC_URI[sha256sum] = "03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748"
+# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
BINCONFIG = "${bindir}/libgcrypt-config"
inherit autotools texinfo binconfig-disabled pkgconfig
diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
index ca5f6b5..83054a9 100644
--- a/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
+++ b/poky/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
@@ -11,18 +11,16 @@
Refactored for 1.33
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
+Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
---
- configure.ac | 1 +
- src/gpg-error.m4 | 71 +++--------------------------------------------------
- 4 files changed, 18 insertions(+), 69 deletions(-)
- create mode 100644 src/gpg-error.pc.in
+ src/gpg-error.m4 | 142 +----------------------------------------------
+ 1 file changed, 3 insertions(+), 139 deletions(-)
-Index: libgpg-error-1.33/src/gpg-error.m4
-===================================================================
---- libgpg-error-1.33.orig/src/gpg-error.m4
-+++ libgpg-error-1.33/src/gpg-error.m4
-@@ -26,139 +26,13 @@ dnl is added to the gpg_config_script_wa
+diff --git a/src/gpg-error.m4 b/src/gpg-error.m4
+index c9b235f..176bd6a 100644
+--- a/src/gpg-error.m4
++++ b/src/gpg-error.m4
+@@ -26,139 +26,12 @@ dnl is added to the gpg_config_script_warn variable.
dnl
AC_DEFUN([AM_PATH_GPG_ERROR],
[ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -31,12 +29,10 @@
- dnl since that is consistent with how our three siblings use the directory/
- dnl package name in --with-$dir_name-prefix=PFX.
- AC_ARG_WITH(libgpg-error-prefix,
-- AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
+- AS_HELP_STRING([--with-libgpg-error-prefix=PFX],
- [prefix where GPG Error is installed (optional)]),
- [gpg_error_config_prefix="$withval"])
-+ min_gpg_error_version=ifelse([$1], ,0.0,$1)
-+ PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no])
-
+-
- dnl Accept --with-gpg-error-prefix and make it work the same as
- dnl --with-libgpg-error-prefix above, for backwards compatibility,
- dnl but do not document this old, inconsistently-named option.
@@ -143,6 +139,8 @@
- fi
- fi
- AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
++ min_gpg_error_version=ifelse([$1], ,0.0,$1)
++ PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version], [ok=yes], [ok=no])
if test $ok = yes; then
- GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG --cflags`
- GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG --libs`
@@ -165,7 +163,7 @@
fi
if test x"$gpg_error_config_host" != xnone ; then
if test x"$gpg_error_config_host" != x"$host" ; then
-@@ -174,15 +48,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
+@@ -174,15 +47,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
fi
fi
else
@@ -181,3 +179,6 @@
- AC_SUBST(GPG_ERROR_MT_CFLAGS)
- AC_SUBST(GPG_ERROR_MT_LIBS)
])
+--
+2.25.1
+
diff --git a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
similarity index 93%
rename from poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb
rename to poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
index f53056f..8205cb4 100644
--- a/poky/meta/recipes-support/libgpg-error/libgpg-error_1.39.bb
+++ b/poky/meta/recipes-support/libgpg-error/libgpg-error_1.41.bb
@@ -18,7 +18,7 @@
file://0001-Do-not-fail-when-testing-config-scripts.patch \
"
-SRC_URI[sha256sum] = "4a836edcae592094ef1c5a4834908f44986ab2b82e0824a0344b49df8cdb298f"
+SRC_URI[sha256sum] = "64b078b45ac3c3003d7e352a5e05318880a5778c42331ce1ef33d1a0d9922742"
BINCONFIG = "${bindir}/gpg-error-config"
diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch
deleted file mode 100644
index 57b336c..0000000
--- a/poky/meta/recipes-support/libjitterentropy/files/0001-Make-man-pages-reproducible.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From ce091718716400119d6be6bd637c0e3f4f6ca315 Mon Sep 17 00:00:00 2001
-From: Joshua Watt <JPEWhacker@gmail.com>
-Date: Thu, 21 Nov 2019 08:07:41 -0600
-Subject: [PATCH] Make man pages reproducible
-
-Instructs the man page to be gzip'ed without the file name or timestamp
-so that it builds reproducibly.
-
-Upstream-Status: Backport [https://github.com/smuellerDD/jitterentropy-library/pull/14]
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 2e78607..860b720 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,7 +60,7 @@ cppcheck:
- install:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
-- gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+ gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
---
-2.23.0
-
diff --git a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch b/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch
deleted file mode 100644
index 9af334c..0000000
--- a/poky/meta/recipes-support/libjitterentropy/files/0001-Makefile-cleanup-install-for-rebuilds.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 060b9b4147f6e5ff386a8b017796118d783e59fa Mon Sep 17 00:00:00 2001
-From: Matt Weber <matthew.weber@rockwellcollins.com>
-Date: Tue, 22 Oct 2019 12:44:30 -0500
-Subject: [PATCH] Makefile: cleanup install for rebuilds
-
-Support the ability to rebuild and redeploy without a clean. This
-required some force linking and man archive creation.
-
-Provide the ability to override the stripping of the shared lib for
-cases where a embedded target build may want to control stripping
-or provide cross arch tools.
-
-Upstream-Status: Backport [060b9b4147f6e5ff386a8b017796118d783e59fa]
-Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
-Signed-off-by: Stephan Mueller <smueller@chronox.de>
-Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
----
- Makefile | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 4ff069b..2e78607 100644
---- a/Makefile
-+++ b/Makefile
-@@ -14,6 +14,8 @@ LIBDIR := lib
- # include target directory
- INCDIR := include
-
-+INSTALL_STRIP ?= install -s
-+
- NAME := jitterentropy
- LIBMAJOR=$(shell cat jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}')
- LIBMINOR=$(shell cat jitterentropy-base.c | grep define | grep MINVERSION | awk '{print $$3}')
-@@ -58,15 +60,15 @@ cppcheck:
- install:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
-- gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+ gzip -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
-- install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
-+ $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
-- ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
-- ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-+ ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
-+ ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-
- clean:
- @- $(RM) $(NAME)
---
-2.23.0
-
diff --git a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
similarity index 79%
rename from poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb
rename to poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
index 710ef01..197bb78 100644
--- a/poky/meta/recipes-support/libjitterentropy/libjitterentropy_2.2.0.bb
+++ b/poky/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
@@ -5,14 +5,12 @@
all environments and on a lot of CPU architectures."
HOMEPAGE = "http://www.chronox.de/jent.html"
LICENSE = "GPLv2+ | BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a95aadbdfae7ed812bb2b7b86eb5981c \
+LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \
file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \
file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
"
-SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \
- file://0001-Makefile-cleanup-install-for-rebuilds.patch \
- file://0001-Make-man-pages-reproducible.patch"
-SRCREV = "933a44f33ed3d6612f7cfaa7ad1207c8da4886ba"
+SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git"
+SRCREV = "747bf030b0ea9c44548b4e29bcfab7ae416675fc"
S = "${WORKDIR}/git"
do_configure[noexec] = "1"
diff --git a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
index ebb7fa5..af96bd5 100644
--- a/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
+++ b/poky/meta/recipes-support/libksba/libksba/ksba-add-pkgconfig-support.patch
@@ -1,4 +1,4 @@
-From 7bd2b060e9ea3e2ff11e67d1e98ab882819b28b7 Mon Sep 17 00:00:00 2001
+From 6081640895b6d566fa21123e2de7d111eeab5c4c Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 3 Dec 2012 18:17:31 +0800
Subject: [PATCH] libksba: add pkgconfig support
@@ -11,11 +11,15 @@
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/ksba.m4 | 90 +++--------------------------------------------------
+ 1 file changed, 4 insertions(+), 86 deletions(-)
+
diff --git a/src/ksba.m4 b/src/ksba.m4
-index ad8de4f..af903ad 100644
+index 6b55bb8..6e7336f 100644
--- a/src/ksba.m4
+++ b/src/ksba.m4
-@@ -22,37 +22,6 @@ dnl with a changed API.
+@@ -23,37 +23,6 @@ dnl with a changed API.
dnl
AC_DEFUN([AM_PATH_KSBA],
[ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -23,7 +27,7 @@
- dnl since that is consistent with how our three siblings use the directory/
- dnl package name in --with-$dir_name-prefix=PFX.
- AC_ARG_WITH(libksba-prefix,
-- AC_HELP_STRING([--with-libksba-prefix=PFX],
+- AS_HELP_STRING([--with-libksba-prefix=PFX],
- [prefix where KSBA is installed (optional)]),
- ksba_config_prefix="$withval", ksba_config_prefix="")
-
@@ -53,7 +57,7 @@
tmp=ifelse([$1], ,1:1.0.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-@@ -63,56 +32,13 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -64,56 +33,13 @@ AC_DEFUN([AM_PATH_KSBA],
min_ksba_version="$tmp"
fi
@@ -113,7 +117,7 @@
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([KSBA API version])
if test "$req_ksba_api" -eq "$tmp" ; then
-@@ -125,14 +51,8 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -126,14 +52,8 @@ AC_DEFUN([AM_PATH_KSBA],
fi
fi
if test $ok = yes; then
@@ -129,7 +133,7 @@
if test x"$libksba_config_host" != xnone ; then
if test x"$libksba_config_host" != x"$host" ; then
AC_MSG_WARN([[
-@@ -146,8 +66,6 @@ AC_DEFUN([AM_PATH_KSBA],
+@@ -147,8 +67,6 @@ AC_DEFUN([AM_PATH_KSBA],
fi
fi
else
diff --git a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb
similarity index 91%
rename from poky/meta/recipes-support/libksba/libksba_1.4.0.bb
rename to poky/meta/recipes-support/libksba/libksba_1.5.0.bb
index a9daf22..005389e 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.4.0.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.5.0.bb
@@ -19,7 +19,7 @@
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
-SRC_URI[sha256sum] = "bfe6a8e91ff0f54d8a329514db406667000cb207238eded49b599761bfca41b6"
+SRC_URI[sha256sum] = "ae4af129216b2d7fdea0b5bf2a788cd458a79c983bb09a43f4d525cc87aba0ba"
do_configure_prepend () {
# Else these could be used in preference to those in aclocal-copy
diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
similarity index 91%
rename from poky/meta/recipes-support/libpcre/libpcre2_10.35.bb
rename to poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
index 35c019c..d8077a1 100644
--- a/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb
+++ b/poky/meta/recipes-support/libpcre/libpcre2_10.36.bb
@@ -8,11 +8,11 @@
HOMEPAGE = "http://www.pcre.org"
SECTION = "devel"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=a06590e9bd4c229532364727aaeaf084"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=60c08fab1357bfe9084b333bc33362d6"
SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2"
-SRC_URI[sha256sum] = "9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613"
+SRC_URI[sha256sum] = "a9ef39278113542968c7c73a31cfcb81aca1faa64690f400b907e8ab6b4a665c"
CVE_PRODUCT = "pcre2"
diff --git a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch b/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
deleted file mode 100644
index fedda9d..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2d73469c7a17ebfe4330ac6643b0c8abdc125d05 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 30 Jan 2019 09:29:44 -0800
-Subject: [PATCH] get-pac-test: Fix build with clang/libc++
-
-get-pac-test.cpp:55:10: error: assigning to 'int' from incompatible type '__bind<int &, sockaddr *, unsigned int>'
- ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Upstream-Status: Submitted [https://github.com/libproxy/libproxy/pull/97]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libproxy/test/get-pac-test.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libproxy/test/get-pac-test.cpp b/libproxy/test/get-pac-test.cpp
-index 0059dfb..911f296 100644
---- a/libproxy/test/get-pac-test.cpp
-+++ b/libproxy/test/get-pac-test.cpp
-@@ -52,7 +52,7 @@ class TestServer {
-
- setsockopt(m_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
-
-- ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
-+ ret = ::bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
- assert(!ret);
-
- ret = listen(m_sock, 1);
---
-2.20.1
-
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 3ef7f85..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-
-Fixes #134
-
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
-CVE: CVE-2020-25219
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
- return m_orig;
- }
-
--static inline string recvline(int fd) {
-- // Read a character.
-- // If we don't get a character, return empty string.
-- // If we are at the end of the line, return empty string.
-- char c = '\0';
--
-- if (recv(fd, &c, 1, 0) != 1 || c == '\n')
-- return "";
--
-- return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+ string line;
-+ int ret;
-+
-+ // Reserve arbitrary amount of space to avoid small memory reallocations.
-+ line.reserve(128);
-+
-+ do {
-+ char c;
-+ ret = recv(fd, &c, 1, 0);
-+ if (ret == 1) {
-+ if (c == '\n')
-+ return line;
-+ line += c;
-+ }
-+ } while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+ return line;
- }
-
- char* url::get_pac() {
diff --git a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch b/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
deleted file mode 100644
index 0ccb99d..0000000
--- a/poky/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
-From: Fei Li <lifeibiren@gmail.com>
-Date: Fri, 17 Jul 2020 02:18:37 +0800
-Subject: [PATCH] Fix buffer overflow when PAC is enabled
-
-The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
-out to be the large PAC file (more than 102400 bytes) returned by a
-local proxy program with no content-length present.
-
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8]
-CVE: CVE-2020-26154
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
-
----
- libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..8684086 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -54,7 +54,7 @@ using namespace std;
- #define PAC_MIME_TYPE_FB "text/plain"
-
- // This is the maximum pac size (to avoid memory attacks)
--#define PAC_MAX_SIZE 102400
-+#define PAC_MAX_SIZE 0x800000
- // This is the default block size to use when receiving via HTTP
- #define PAC_HTTP_BLOCK_SIZE 512
-
-@@ -478,15 +478,13 @@ char* url::get_pac() {
- }
-
- // Get content
-- unsigned int recvd = 0;
-- buffer = new char[PAC_MAX_SIZE];
-- memset(buffer, 0, PAC_MAX_SIZE);
-+ std::vector<char> dynamic_buffer;
- do {
- unsigned int chunk_length;
-
- if (chunked) {
- // Discard the empty line if we received a previous chunk
-- if (recvd > 0) recvline(sock);
-+ if (!dynamic_buffer.empty()) recvline(sock);
-
- // Get the chunk-length line as an integer
- if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
-@@ -498,21 +496,41 @@ char* url::get_pac() {
-
- if (content_length >= PAC_MAX_SIZE) break;
-
-- while (content_length == 0 || recvd != content_length) {
-- int r = recv(sock, buffer + recvd,
-- content_length == 0 ? PAC_HTTP_BLOCK_SIZE
-- : content_length - recvd, 0);
-+ while (content_length == 0 || dynamic_buffer.size() != content_length) {
-+ // Calculate length to recv
-+ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
-+ if (content_length > 0)
-+ length_to_read = content_length - dynamic_buffer.size();
-+
-+ // Prepare buffer
-+ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
-+
-+ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
-+
-+ // Shrink buffer to fit
-+ if (r >= 0)
-+ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
-+
-+ // PAC size too large, discard
-+ if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
-+ chunked = false;
-+ dynamic_buffer.clear();
-+ break;
-+ }
-+
- if (r <= 0) {
- chunked = false;
- break;
- }
-- recvd += r;
- }
- } while (chunked);
-
-- if (content_length != 0 && string(buffer).size() != content_length) {
-- delete[] buffer;
-- buffer = NULL;
-+ if (content_length == 0 || content_length == dynamic_buffer.size()) {
-+ buffer = new char[dynamic_buffer.size() + 1];
-+ if (!dynamic_buffer.empty()) {
-+ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
-+ }
-+ buffer[dynamic_buffer.size()] = '\0';
- }
- }
-
diff --git a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
similarity index 78%
rename from poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
rename to poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
index 6f704d7..ad81ccc 100644
--- a/poky/meta/recipes-support/libproxy/libproxy_0.4.15.bb
+++ b/poky/meta/recipes-support/libproxy/libproxy_0.4.17.bb
@@ -8,13 +8,8 @@
DEPENDS = "glib-2.0"
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
- file://0001-get-pac-test-Fix-build-with-clang-libc.patch \
- file://CVE-2020-25219.patch \
- file://CVE-2020-26154.patch \
- "
-SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
-SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"
+SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
+SRC_URI[sha256sum] = "bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05"
UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"
UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"
diff --git a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
similarity index 90%
rename from poky/meta/recipes-support/libusb/libusb1_1.0.23.bb
rename to poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
index 2fd658b..4c552ae 100644
--- a/poky/meta/recipes-support/libusb/libusb1_1.0.23.bb
+++ b/poky/meta/recipes-support/libusb/libusb1_1.0.24.bb
@@ -12,8 +12,7 @@
file://run-ptest \
"
-SRC_URI[md5sum] = "be79ed4a4a440169deec8beaac6aae33"
-SRC_URI[sha256sum] = "4fc17b2ef3502757641bf8fe2c14ad86ec86302a2b785abcb0806fd03aa1201f"
+SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a"
S = "${WORKDIR}/libusb-${PV}"
diff --git a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
index e39a7b9..778e091 100644
--- a/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
+++ b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb
@@ -15,4 +15,7 @@
inherit autotools
+DISABLE_STATIC_class-nativesdk = ""
+DISABLE_STATIC_class-native = ""
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch b/poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/Add-target-to-only-build-tests-not-run-them.patch
rename to poky/meta/recipes-support/nettle/nettle-3.7/Add-target-to-only-build-tests-not-run-them.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch b/poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/check-header-files-of-openssl-only-if-enable_.patch
rename to poky/meta/recipes-support/nettle/nettle-3.7/check-header-files-of-openssl-only-if-enable_.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch b/poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/dlopen-test.patch
rename to poky/meta/recipes-support/nettle/nettle-3.7/dlopen-test.patch
diff --git a/poky/meta/recipes-support/nettle/nettle-3.6/run-ptest b/poky/meta/recipes-support/nettle/nettle-3.7/run-ptest
similarity index 100%
rename from poky/meta/recipes-support/nettle/nettle-3.6/run-ptest
rename to poky/meta/recipes-support/nettle/nettle-3.7/run-ptest
diff --git a/poky/meta/recipes-support/nettle/nettle_3.6.bb b/poky/meta/recipes-support/nettle/nettle_3.7.bb
similarity index 84%
rename from poky/meta/recipes-support/nettle/nettle_3.6.bb
rename to poky/meta/recipes-support/nettle/nettle_3.7.bb
index 90f8625..2c219c2 100644
--- a/poky/meta/recipes-support/nettle/nettle_3.6.bb
+++ b/poky/meta/recipes-support/nettle/nettle_3.7.bb
@@ -1,5 +1,8 @@
SUMMARY = "A low level cryptographic library"
HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
+DESCRIPTION = "It tries to solve a problem of providing a common set of \
+cryptographic algorithms for higher-level applications by implementing a \
+context-independent set of cryptographic algorithms"
SECTION = "libs"
LICENSE = "LGPLv3+ | GPLv2+"
@@ -20,8 +23,7 @@
file://dlopen-test.patch \
"
-SRC_URI[md5sum] = "c45ee24ed7361dcda152a035d396fe8a"
-SRC_URI[sha256sum] = "d24c0d0f2abffbc8f4f34dcf114b0f131ec3774895f3555922fe2f40f3d5e3f1"
+SRC_URI[sha256sum] = "f001f64eb444bf13dd91bceccbc20acbc60c4311d6e2b20878452eb9a9cec75a"
UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
similarity index 75%
rename from poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
rename to poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
index b1fd233..c539ecd 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
@@ -2,17 +2,18 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50"
-inherit meson gettext pkgconfig gtk-doc bash-completion
+inherit meson gettext pkgconfig gtk-doc bash-completion manpages
DEPENDS = "libtasn1 libtasn1-native libffi"
DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
-SRC_URI = "git://github.com/p11-glue/p11-kit"
-SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab"
+SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23"
+SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee"
S = "${WORKDIR}/git"
PACKAGECONFIG ??= ""
+PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native"
PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates"
GTKDOC_MESON_OPTION = 'gtk_doc'
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch b/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch
deleted file mode 100644
index 0733378..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/0001-rngd-fix-debug-to-also-filter-syslog-calls.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 213a869e8315ead2c739acfcbde712358a842dee Mon Sep 17 00:00:00 2001
-From: Yann Dirson <yann@blade-group.com>
-Date: Fri, 9 Oct 2020 15:12:26 +0200
-Subject: [PATCH] rngd: fix --debug to also filter syslog() calls
-
-Debug logs were only controlled by --debug flag while in --foreground
-mode. In --daemon mode /var/log/message got stuffed with details of
-entropy pool refilling, which is useless in production, and hamful
-when log rotation then gets rid of the more useful logs. This is
-especially true for embedded systems.
-
-This change makes the two modes consistently only produce debug logs when
---debug is specified.
-
-Upstream-Status: Backport [213a869e8315ead2c739acfcbde712358a842dee]
-
-Signed-off-by: Yann Dirson <yann@blade-group.com>
----
- rngd.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/rngd.h b/rngd.h
-index 901b6f1..a79ea0f 100644
---- a/rngd.h
-+++ b/rngd.h
-@@ -166,13 +166,13 @@ extern bool quiet;
- #define message(priority,fmt,args...) do { \
- if (quiet) \
- break;\
-+ if (arguments->debug == false && LOG_PRI(priority) == LOG_DEBUG) \
-+ break;\
- if (am_daemon) { \
- syslog((priority), fmt, ##args); \
- } else if (!msg_squash) { \
-- if ((LOG_PRI(priority) != LOG_DEBUG) || (arguments->debug == true)) {\
-- fprintf(stderr, fmt, ##args); \
-- fflush(stderr); \
-- } \
-+ fprintf(stderr, fmt, ##args); \
-+ fflush(stderr); \
- } \
- } while (0)
-
---
-2.28.0
-
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch
deleted file mode 100644
index 9630161..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a4b6d9ce64f132e463b9091d0536913ddaf11516 Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@tuxdriver.com>
-Date: Thu, 30 Apr 2020 16:57:35 -0400
-Subject: [PATCH] Remove name conflict with libc encrypt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Forgot to fixup the funciton name conflict with libcs encrypt() function
-on power systems
-
-Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/a4b6d9ce64f132e463b9091d0536913ddaf11516]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
-Reported-by: Natanael Copa <ncopa@alpinelinux.org>
-Reported-by: "Milan P. Stanić" <mps@arvanta.net>
----
- rngd_darn.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_darn.c b/rngd_darn.c
-index 35df7a1..9345895 100644
---- a/rngd_darn.c
-+++ b/rngd_darn.c
-@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src)
- return 0;
- }
-
--int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
- unsigned char *iv, unsigned char *ciphertext)
- {
- int len;
-@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
- unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
-
- /* Encrypt the plaintext */
-- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
- ciphertext);
- printf("Calling mangle with len %d\n", ciphertext_len);
- if (!ciphertext_len)
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch
deleted file mode 100644
index 93103ef..0000000
--- a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From dab16a5fd4efde8ef569b358e19b1fcbc7d0d938 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Mon, 30 Mar 2020 00:10:46 +0200
-Subject: [PATCH] rngd_jitter: disambiguate call to encrypt
-
-Commit 0f184ea7e792427fb20afe81d471b565aee96f0b disambiguate the call to
-encrypt in rngd_rdrand.c but did not update rngd_jitter.c.
-
-This raise the following build failure:
-
-rngd_jitter.c:75:12: error: conflicting types for 'encrypt'
- static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
- ^~~~~~~
-In file included from rngd_jitter.c:27:
-/home/dawncrow/buildroot-test/scripts/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/unistd.h:1132:13: note: previous declaration of 'encrypt' was here
- extern void encrypt (char *__block, int __edflag) __THROW __nonnull ((1));
- ^~~~~~~
-Makefile:770: recipe for target 'rngd-rngd_jitter.o' failed
-
-Fixes:
- - http://autobuild.buildroot.org/results/0ca6bf16e3acbc94065b88c4442d6595424b77cb
-
-Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- rngd_jitter.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_jitter.c b/rngd_jitter.c
-index c1b1aca..49a3825 100644
---- a/rngd_jitter.c
-+++ b/rngd_jitter.c
-@@ -72,7 +72,7 @@ unsigned char *aes_buf;
- char key[AES_BLOCK];
- static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
-
--static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
- unsigned char *iv, unsigned char *ciphertext)
- {
- EVP_CIPHER_CTX *ctx;
-@@ -122,7 +122,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
- unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
-
- /* Encrypt the plaintext */
-- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
- ciphertext);
- if (!ciphertext_len)
- return -1;
diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
similarity index 89%
rename from poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb
rename to poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
index 40ec5ad..61a0cef 100644
--- a/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb
+++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.11.bb
@@ -10,14 +10,11 @@
SRC_URI = "\
git://github.com/nhorman/rng-tools.git \
- file://a4b6d9ce64f132e463b9091d0536913ddaf11516.patch \
- file://dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch \
- file://0001-rngd-fix-debug-to-also-filter-syslog-calls.patch \
file://init \
file://default \
file://rngd.service \
"
-SRCREV = "0be82200a66d9321451e0a0785bfae350b9cffdc"
+SRCREV = "2ea13473fd5bfea3c861dc0e23bd65e2afe8007b"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index e82c818..5509c99 100644
--- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -8,8 +8,8 @@
DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native"
SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https"
-SRCREV = "ef58b2b2f7ad4070171c6e45e3b3764daa3ff2c1"
-PV = "2.0"
+SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70"
+PV = "2.1"
S = "${WORKDIR}/git"
inherit meson pkgconfig gettext python3native mime
diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
similarity index 70%
rename from poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
rename to poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
index 33f041a..fe5adb2 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3_3.33.0.bb
+++ b/poky/meta/recipes-support/sqlite/sqlite3_3.34.1.bb
@@ -3,8 +3,8 @@
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
-SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "106a2c48c7f75a298a7557bcc0d5f4f454e5b43811cc738b7ca294d6956bbb15"
+SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI[sha256sum] = "2a3bca581117b3b88e5361d0ef3803ba6d8da604b1c1a47d902ef785c1b53e89"
# -19242 is only an issue in specific development branch commits
CVE_CHECK_WHITELIST += "CVE-2019-19242"