diff options
Diffstat (limited to 'meta')
346 files changed, 9395 insertions, 1749 deletions
diff --git a/meta/classes-global/insane.bbclass b/meta/classes-global/insane.bbclass index c32dfffd83..9004a9dce2 100644 --- a/meta/classes-global/insane.bbclass +++ b/meta/classes-global/insane.bbclass | |||
@@ -334,21 +334,16 @@ def package_qa_check_arch(path,name,d, elf, messages): | |||
334 | if not elf: | 334 | if not elf: |
335 | return | 335 | return |
336 | 336 | ||
337 | target_os = d.getVar('HOST_OS') | 337 | host_os = d.getVar('HOST_OS') |
338 | target_arch = d.getVar('HOST_ARCH') | 338 | host_arch = d.getVar('HOST_ARCH') |
339 | provides = d.getVar('PROVIDES') | 339 | provides = d.getVar('PROVIDES') |
340 | bpn = d.getVar('BPN') | 340 | bpn = d.getVar('BPN') |
341 | 341 | ||
342 | if target_arch == "allarch": | 342 | if host_arch == "allarch": |
343 | pn = d.getVar('PN') | 343 | pn = d.getVar('PN') |
344 | oe.qa.add_message(messages, "arch", pn + ": Recipe inherits the allarch class, but has packaged architecture-specific binaries") | 344 | oe.qa.add_message(messages, "arch", pn + ": Recipe inherits the allarch class, but has packaged architecture-specific binaries") |
345 | return | 345 | return |
346 | 346 | ||
347 | # FIXME: Cross package confuse this check, so just skip them | ||
348 | for s in ['cross', 'nativesdk', 'cross-canadian']: | ||
349 | if bb.data.inherits_class(s, d): | ||
350 | return | ||
351 | |||
352 | # avoid following links to /usr/bin (e.g. on udev builds) | 347 | # avoid following links to /usr/bin (e.g. on udev builds) |
353 | # we will check the files pointed to anyway... | 348 | # we will check the files pointed to anyway... |
354 | if os.path.islink(path): | 349 | if os.path.islink(path): |
@@ -356,12 +351,12 @@ def package_qa_check_arch(path,name,d, elf, messages): | |||
356 | 351 | ||
357 | #if this will throw an exception, then fix the dict above | 352 | #if this will throw an exception, then fix the dict above |
358 | (machine, osabi, abiversion, littleendian, bits) \ | 353 | (machine, osabi, abiversion, littleendian, bits) \ |
359 | = oe.elf.machine_dict(d)[target_os][target_arch] | 354 | = oe.elf.machine_dict(d)[host_os][host_arch] |
360 | 355 | ||
361 | # Check the architecture and endiannes of the binary | 356 | # Check the architecture and endiannes of the binary |
362 | is_32 = (("virtual/kernel" in provides) or bb.data.inherits_class("module", d)) and \ | 357 | is_32 = (("virtual/kernel" in provides) or bb.data.inherits_class("module", d)) and \ |
363 | (target_os == "linux-gnux32" or target_os == "linux-muslx32" or \ | 358 | (host_os == "linux-gnux32" or host_os == "linux-muslx32" or \ |
364 | target_os == "linux-gnu_ilp32" or re.match(r'mips64.*32', d.getVar('DEFAULTTUNE'))) | 359 | host_os == "linux-gnu_ilp32" or re.match(r'mips64.*32', d.getVar('DEFAULTTUNE'))) |
365 | is_bpf = (oe.qa.elf_machine_to_string(elf.machine()) == "BPF") | 360 | is_bpf = (oe.qa.elf_machine_to_string(elf.machine()) == "BPF") |
366 | if not ((machine == elf.machine()) or is_32 or is_bpf): | 361 | if not ((machine == elf.machine()) or is_32 or is_bpf): |
367 | oe.qa.add_message(messages, "arch", "Architecture did not match (%s, expected %s) in %s" % \ | 362 | oe.qa.add_message(messages, "arch", "Architecture did not match (%s, expected %s) in %s" % \ |
@@ -840,10 +835,6 @@ def prepopulate_objdump_p(elf, d): | |||
840 | 835 | ||
841 | # Walk over all files in a directory and call func | 836 | # Walk over all files in a directory and call func |
842 | def package_qa_walk(warnfuncs, errorfuncs, package, d): | 837 | def package_qa_walk(warnfuncs, errorfuncs, package, d): |
843 | #if this will throw an exception, then fix the dict above | ||
844 | target_os = d.getVar('HOST_OS') | ||
845 | target_arch = d.getVar('HOST_ARCH') | ||
846 | |||
847 | warnings = {} | 838 | warnings = {} |
848 | errors = {} | 839 | errors = {} |
849 | elves = {} | 840 | elves = {} |
diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass index 180c6b77d8..1d242f0f0a 100644 --- a/meta/classes-global/sanity.bbclass +++ b/meta/classes-global/sanity.bbclass | |||
@@ -495,12 +495,15 @@ def check_gcc_version(sanity_data): | |||
495 | # Tar version 1.24 and onwards handle overwriting symlinks correctly | 495 | # Tar version 1.24 and onwards handle overwriting symlinks correctly |
496 | # but earlier versions do not; this needs to work properly for sstate | 496 | # but earlier versions do not; this needs to work properly for sstate |
497 | # Version 1.28 is needed so opkg-build works correctly when reproducible builds are enabled | 497 | # Version 1.28 is needed so opkg-build works correctly when reproducible builds are enabled |
498 | # Gtar is assumed at to be used as tar in poky | ||
498 | def check_tar_version(sanity_data): | 499 | def check_tar_version(sanity_data): |
499 | import subprocess | 500 | import subprocess |
500 | try: | 501 | try: |
501 | result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8') | 502 | result = subprocess.check_output(["tar", "--version"], stderr=subprocess.STDOUT).decode('utf-8') |
502 | except subprocess.CalledProcessError as e: | 503 | except subprocess.CalledProcessError as e: |
503 | return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output) | 504 | return "Unable to execute tar --version, exit code %d\n%s\n" % (e.returncode, e.output) |
505 | if not "GNU" in result: | ||
506 | return "Your version of tar is not gtar. Please install gtar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" | ||
504 | version = result.split()[3] | 507 | version = result.split()[3] |
505 | if bb.utils.vercmp_string_op(version, "1.28", "<"): | 508 | if bb.utils.vercmp_string_op(version, "1.28", "<"): |
506 | return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" | 509 | return "Your version of tar is older than 1.28 and does not have the support needed to enable reproducible builds. Please install a newer version of tar (you could use the project's buildtools-tarball from our last release or use scripts/install-buildtools).\n" |
diff --git a/meta/classes-global/sstate.bbclass b/meta/classes-global/sstate.bbclass index 76a7b59636..93df5fa9e6 100644 --- a/meta/classes-global/sstate.bbclass +++ b/meta/classes-global/sstate.bbclass | |||
@@ -161,7 +161,10 @@ python () { | |||
161 | d.setVar('SSTATETASKS', " ".join(unique_tasks)) | 161 | d.setVar('SSTATETASKS', " ".join(unique_tasks)) |
162 | for task in unique_tasks: | 162 | for task in unique_tasks: |
163 | d.prependVarFlag(task, 'prefuncs', "sstate_task_prefunc ") | 163 | d.prependVarFlag(task, 'prefuncs', "sstate_task_prefunc ") |
164 | d.appendVarFlag(task, 'postfuncs', " sstate_task_postfunc") | 164 | # Generally sstate should be last, execpt for buildhistory functions |
165 | postfuncs = (d.getVarFlag(task, 'postfuncs') or "").split() | ||
166 | newpostfuncs = [p for p in postfuncs if "buildhistory" not in p] + ["sstate_task_postfunc"] + [p for p in postfuncs if "buildhistory" in p] | ||
167 | d.setVarFlag(task, 'postfuncs', " ".join(newpostfuncs)) | ||
165 | d.setVarFlag(task, 'network', '1') | 168 | d.setVarFlag(task, 'network', '1') |
166 | d.setVarFlag(task + "_setscene", 'network', '1') | 169 | d.setVarFlag(task + "_setscene", 'network', '1') |
167 | } | 170 | } |
diff --git a/meta/classes-recipe/cargo_common.bbclass b/meta/classes-recipe/cargo_common.bbclass index 0fb443edbd..19c497b8d6 100644 --- a/meta/classes-recipe/cargo_common.bbclass +++ b/meta/classes-recipe/cargo_common.bbclass | |||
@@ -41,7 +41,7 @@ CARGO_SRC_DIR ??= "" | |||
41 | CARGO_MANIFEST_PATH ??= "${S}/${CARGO_SRC_DIR}/Cargo.toml" | 41 | CARGO_MANIFEST_PATH ??= "${S}/${CARGO_SRC_DIR}/Cargo.toml" |
42 | 42 | ||
43 | # Path to Cargo.lock | 43 | # Path to Cargo.lock |
44 | CARGO_LOCK_PATH ??= "${@ os.path.join(os.path.dirname(d.getVar('CARGO_MANIFEST_PATH', True)), 'Cargo.lock')}" | 44 | CARGO_LOCK_PATH ??= "${@ os.path.join(os.path.dirname(d.getVar('CARGO_MANIFEST_PATH')), 'Cargo.lock')}" |
45 | 45 | ||
46 | CARGO_RUST_TARGET_CCLD ??= "${RUST_TARGET_CCLD}" | 46 | CARGO_RUST_TARGET_CCLD ??= "${RUST_TARGET_CCLD}" |
47 | cargo_common_do_configure () { | 47 | cargo_common_do_configure () { |
@@ -171,7 +171,7 @@ python cargo_common_do_patch_paths() { | |||
171 | # here is better than letting cargo tell (in case the file is missing) | 171 | # here is better than letting cargo tell (in case the file is missing) |
172 | # "Cargo.lock should be modified but --frozen was given" | 172 | # "Cargo.lock should be modified but --frozen was given" |
173 | 173 | ||
174 | lockfile = d.getVar("CARGO_LOCK_PATH", True) | 174 | lockfile = d.getVar("CARGO_LOCK_PATH") |
175 | if not os.path.exists(lockfile): | 175 | if not os.path.exists(lockfile): |
176 | bb.fatal(f"{lockfile} file doesn't exist") | 176 | bb.fatal(f"{lockfile} file doesn't exist") |
177 | 177 | ||
diff --git a/meta/classes-recipe/cmake-qemu.bbclass b/meta/classes-recipe/cmake-qemu.bbclass index 46a89e2827..383fc74bf2 100644 --- a/meta/classes-recipe/cmake-qemu.bbclass +++ b/meta/classes-recipe/cmake-qemu.bbclass | |||
@@ -19,7 +19,7 @@ inherit qemu cmake | |||
19 | DEPENDS:append:class-target = "${@' qemu-native' if bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) else ''}" | 19 | DEPENDS:append:class-target = "${@' qemu-native' if bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) else ''}" |
20 | 20 | ||
21 | cmake_do_generate_toolchain_file:append:class-target() { | 21 | cmake_do_generate_toolchain_file:append:class-target() { |
22 | if [ "${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d)}" ]; then | 22 | if ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'true', 'false', d)}; then |
23 | # Write out a qemu wrapper that will be used as exe_wrapper so that cmake | 23 | # Write out a qemu wrapper that will be used as exe_wrapper so that cmake |
24 | # can run target helper binaries through that. This also allows to execute ctest. | 24 | # can run target helper binaries through that. This also allows to execute ctest. |
25 | qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_HOST}', ['${STAGING_DIR_HOST}/${libdir}','${STAGING_DIR_HOST}/${base_libdir}'])}" | 25 | qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_HOST}', ['${STAGING_DIR_HOST}/${libdir}','${STAGING_DIR_HOST}/${base_libdir}'])}" |
diff --git a/meta/classes-recipe/image_types.bbclass b/meta/classes-recipe/image_types.bbclass index 2f948ecbf8..28afff4571 100644 --- a/meta/classes-recipe/image_types.bbclass +++ b/meta/classes-recipe/image_types.bbclass | |||
@@ -335,8 +335,8 @@ CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}" | |||
335 | CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz" | 335 | CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.gz" |
336 | CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}" | 336 | CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}" |
337 | CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz" | 337 | CONVERSION_CMD:xz = "xz -f -k -c ${XZ_COMPRESSION_LEVEL} ${XZ_DEFAULTS} --check=${XZ_INTEGRITY_CHECK} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.xz" |
338 | CONVERSION_CMD:lz4 = "lz4 -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" | 338 | CONVERSION_CMD:lz4 = "lz4 -f -9 -z -l ${IMAGE_NAME}.${type} ${IMAGE_NAME}.${type}.lz4" |
339 | CONVERSION_CMD:lzo = "lzop -9 ${IMAGE_NAME}.${type}" | 339 | CONVERSION_CMD:lzo = "lzop -f -9 ${IMAGE_NAME}.${type}" |
340 | CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}" | 340 | CONVERSION_CMD:zip = "zip ${ZIP_COMPRESSION_LEVEL} ${IMAGE_NAME}.${type}.zip ${IMAGE_NAME}.${type}" |
341 | CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}" | 341 | CONVERSION_CMD:7zip = "7za a -mx=${7ZIP_COMPRESSION_LEVEL} -mm=${7ZIP_COMPRESSION_METHOD} ${IMAGE_NAME}.${type}.${7ZIP_EXTENSION} ${IMAGE_NAME}.${type}" |
342 | CONVERSION_CMD:zst = "zstd -f -k -c ${ZSTD_DEFAULTS} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst" | 342 | CONVERSION_CMD:zst = "zstd -f -k -c ${ZSTD_DEFAULTS} ${IMAGE_NAME}.${type} > ${IMAGE_NAME}.${type}.zst" |
diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass index 4b74ddc201..18ab17bd2c 100644 --- a/meta/classes-recipe/kernel-fitimage.bbclass +++ b/meta/classes-recipe/kernel-fitimage.bbclass | |||
@@ -29,27 +29,27 @@ KERNEL_IMAGETYPE_REPLACEMENT ?= "${@get_fit_replacement_type(d)}" | |||
29 | DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" | 29 | DEPENDS:append = " ${@'u-boot-tools-native dtc-native' if 'fitImage' in (d.getVar('KERNEL_IMAGETYPES') or '').split() else ''}" |
30 | 30 | ||
31 | python __anonymous () { | 31 | python __anonymous () { |
32 | # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal | 32 | # Override KERNEL_IMAGETYPE_FOR_MAKE variable, which is internal |
33 | # to kernel.bbclass . We have to override it, since we pack zImage | 33 | # to kernel.bbclass . We have to override it, since we pack zImage |
34 | # (at least for now) into the fitImage . | 34 | # (at least for now) into the fitImage . |
35 | typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" | 35 | typeformake = d.getVar("KERNEL_IMAGETYPE_FOR_MAKE") or "" |
36 | if 'fitImage' in typeformake.split(): | 36 | if 'fitImage' in typeformake.split(): |
37 | d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) | 37 | d.setVar('KERNEL_IMAGETYPE_FOR_MAKE', typeformake.replace('fitImage', d.getVar('KERNEL_IMAGETYPE_REPLACEMENT'))) |
38 | 38 | ||
39 | image = d.getVar('INITRAMFS_IMAGE') | 39 | image = d.getVar('INITRAMFS_IMAGE') |
40 | if image: | 40 | if image: |
41 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') | 41 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' ${INITRAMFS_IMAGE}:do_image_complete') |
42 | 42 | ||
43 | ubootenv = d.getVar('UBOOT_ENV') | 43 | ubootenv = d.getVar('UBOOT_ENV') |
44 | if ubootenv: | 44 | if ubootenv: |
45 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') | 45 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/bootloader:do_populate_sysroot') |
46 | 46 | ||
47 | #check if there are any dtb providers | 47 | #check if there are any dtb providers |
48 | providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") | 48 | providerdtb = d.getVar("PREFERRED_PROVIDER_virtual/dtb") |
49 | if providerdtb: | 49 | if providerdtb: |
50 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') | 50 | d.appendVarFlag('do_assemble_fitimage', 'depends', ' virtual/dtb:do_populate_sysroot') |
51 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') | 51 | d.appendVarFlag('do_assemble_fitimage_initramfs', 'depends', ' virtual/dtb:do_populate_sysroot') |
52 | d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") | 52 | d.setVar('EXTERNAL_KERNEL_DEVICETREE', "${RECIPE_SYSROOT}/boot/devicetree") |
53 | } | 53 | } |
54 | 54 | ||
55 | 55 | ||
@@ -429,7 +429,7 @@ fitimage_emit_section_config() { | |||
429 | fi | 429 | fi |
430 | 430 | ||
431 | dtb_path="${EXTERNAL_KERNEL_DEVICETREE}/${dtb_image_sect}" | 431 | dtb_path="${EXTERNAL_KERNEL_DEVICETREE}/${dtb_image_sect}" |
432 | if [ -e "$dtb_path" ]; then | 432 | if [ -f "$dtb_path" ] || [ -L "$dtb_path" ]; then |
433 | compat=$(fdtget -t s "$dtb_path" / compatible | sed 's/ /", "/g') | 433 | compat=$(fdtget -t s "$dtb_path" / compatible | sed 's/ /", "/g') |
434 | if [ -n "$compat" ]; then | 434 | if [ -n "$compat" ]; then |
435 | compatible_line="compatible = \"$compat\";" | 435 | compatible_line="compatible = \"$compat\";" |
@@ -480,13 +480,13 @@ fitimage_emit_section_config() { | |||
480 | # default node is selected based on dtb ID if it is present, | 480 | # default node is selected based on dtb ID if it is present, |
481 | # otherwise its selected based on kernel ID | 481 | # otherwise its selected based on kernel ID |
482 | if [ -n "$dtb_image" ]; then | 482 | if [ -n "$dtb_image" ]; then |
483 | # Select default node as user specified dtb when | 483 | # Select default node as user specified dtb when |
484 | # multiple dtb exists. | 484 | # multiple dtb exists. |
485 | if [ -n "$default_dtb_image" ]; then | 485 | if [ -n "$default_dtb_image" ]; then |
486 | default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" | 486 | default_line="default = \"${FIT_CONF_PREFIX}$default_dtb_image\";" |
487 | else | 487 | else |
488 | default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" | 488 | default_line="default = \"${FIT_CONF_PREFIX}$dtb_image\";" |
489 | fi | 489 | fi |
490 | else | 490 | else |
491 | default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" | 491 | default_line="default = \"${FIT_CONF_PREFIX}$kernel_id\";" |
492 | fi | 492 | fi |
@@ -605,9 +605,9 @@ fitimage_assemble() { | |||
605 | DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" | 605 | DTB_PATH="${KERNEL_OUTPUT_DIR}/$DTB" |
606 | fi | 606 | fi |
607 | 607 | ||
608 | # Strip off the path component from the filename | 608 | # Strip off the path component from the filename |
609 | if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then | 609 | if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then |
610 | DTB=`basename $DTB` | 610 | DTB=`basename $DTB` |
611 | fi | 611 | fi |
612 | 612 | ||
613 | # Set the default dtb image if it exists in the devicetree. | 613 | # Set the default dtb image if it exists in the devicetree. |
@@ -715,8 +715,8 @@ fitimage_assemble() { | |||
715 | # kernel-fitimage.bbclass currently only supports a single kernel (no less or | 715 | # kernel-fitimage.bbclass currently only supports a single kernel (no less or |
716 | # more) to be added to the FIT image along with 0 or more device trees and | 716 | # more) to be added to the FIT image along with 0 or more device trees and |
717 | # 0 or 1 ramdisk. | 717 | # 0 or 1 ramdisk. |
718 | # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) | 718 | # It is also possible to include an initramfs bundle (kernel and rootfs in one binary) |
719 | # When the initramfs bundle is used ramdisk is disabled. | 719 | # When the initramfs bundle is used ramdisk is disabled. |
720 | # If a device tree is to be part of the FIT image, then select | 720 | # If a device tree is to be part of the FIT image, then select |
721 | # the default configuration to be used is based on the dtbcount. If there is | 721 | # the default configuration to be used is based on the dtbcount. If there is |
722 | # no dtb present than select the default configuation to be based on | 722 | # no dtb present than select the default configuation to be based on |
diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass index c0a2056fec..4c1cb89a46 100644 --- a/meta/classes-recipe/kernel.bbclass +++ b/meta/classes-recipe/kernel.bbclass | |||
@@ -115,7 +115,9 @@ python __anonymous () { | |||
115 | 115 | ||
116 | d.setVar('PKG:%s-image-%s' % (kname,typelower), '%s-image-%s-${KERNEL_VERSION_PKG_NAME}' % (kname, typelower)) | 116 | d.setVar('PKG:%s-image-%s' % (kname,typelower), '%s-image-%s-${KERNEL_VERSION_PKG_NAME}' % (kname, typelower)) |
117 | d.setVar('ALLOW_EMPTY:%s-image-%s' % (kname, typelower), '1') | 117 | d.setVar('ALLOW_EMPTY:%s-image-%s' % (kname, typelower), '1') |
118 | d.prependVar('pkg_postinst:%s-image-%s' % (kname,typelower), """set +e | 118 | |
119 | if d.getVar('KERNEL_IMAGETYPE_SYMLINK') == '1': | ||
120 | d.prependVar('pkg_postinst:%s-image-%s' % (kname,typelower), """set +e | ||
119 | if [ -n "$D" ]; then | 121 | if [ -n "$D" ]; then |
120 | ln -sf %s-${KERNEL_VERSION} $D/${KERNEL_IMAGEDEST}/%s > /dev/null 2>&1 | 122 | ln -sf %s-${KERNEL_VERSION} $D/${KERNEL_IMAGEDEST}/%s > /dev/null 2>&1 |
121 | else | 123 | else |
@@ -127,7 +129,7 @@ else | |||
127 | fi | 129 | fi |
128 | set -e | 130 | set -e |
129 | """ % (type, type, type, type, type, type, type)) | 131 | """ % (type, type, type, type, type, type, type)) |
130 | d.setVar('pkg_postrm:%s-image-%s' % (kname,typelower), """set +e | 132 | d.setVar('pkg_postrm:%s-image-%s' % (kname,typelower), """set +e |
131 | if [ -f "${KERNEL_IMAGEDEST}/%s" -o -L "${KERNEL_IMAGEDEST}/%s" ]; then | 133 | if [ -f "${KERNEL_IMAGEDEST}/%s" -o -L "${KERNEL_IMAGEDEST}/%s" ]; then |
132 | rm -f ${KERNEL_IMAGEDEST}/%s > /dev/null 2>&1 | 134 | rm -f ${KERNEL_IMAGEDEST}/%s > /dev/null 2>&1 |
133 | fi | 135 | fi |
diff --git a/meta/classes-recipe/populate_sdk_base.bbclass b/meta/classes-recipe/populate_sdk_base.bbclass index 81896d808f..a103e7b738 100644 --- a/meta/classes-recipe/populate_sdk_base.bbclass +++ b/meta/classes-recipe/populate_sdk_base.bbclass | |||
@@ -4,8 +4,15 @@ | |||
4 | # SPDX-License-Identifier: MIT | 4 | # SPDX-License-Identifier: MIT |
5 | # | 5 | # |
6 | 6 | ||
7 | SDK_CLASSES += "${@bb.utils.contains("IMAGE_CLASSES", "testimage", "testsdk", "", d)}" | ||
8 | inherit_defer ${SDK_CLASSES} | ||
9 | |||
7 | PACKAGES = "" | 10 | PACKAGES = "" |
8 | 11 | ||
12 | # This exists as an optimization for SPDX processing to only run in image and | ||
13 | # SDK processing context. This class happens to be common to these usages. | ||
14 | SPDX_MULTILIB_SSTATE_ARCHS = "${@all_multilib_tune_values(d, 'SSTATE_ARCHS')}" | ||
15 | |||
9 | inherit image-postinst-intercepts image-artifact-names | 16 | inherit image-postinst-intercepts image-artifact-names |
10 | 17 | ||
11 | # Wildcards specifying complementary packages to install for every package that has been explicitly | 18 | # Wildcards specifying complementary packages to install for every package that has been explicitly |
diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass index f5687e5899..e76ef60720 100644 --- a/meta/classes-recipe/populate_sdk_ext.bbclass +++ b/meta/classes-recipe/populate_sdk_ext.bbclass | |||
@@ -276,6 +276,8 @@ def write_bblayers_conf(d, baseoutpath, sdkbblayers): | |||
276 | def copy_uninative(d, baseoutpath): | 276 | def copy_uninative(d, baseoutpath): |
277 | import shutil | 277 | import shutil |
278 | 278 | ||
279 | uninative_checksum = None | ||
280 | |||
279 | # Copy uninative tarball | 281 | # Copy uninative tarball |
280 | # For now this is where uninative.bbclass expects the tarball | 282 | # For now this is where uninative.bbclass expects the tarball |
281 | if bb.data.inherits_class('uninative', d): | 283 | if bb.data.inherits_class('uninative', d): |
@@ -730,7 +732,7 @@ sdk_ext_postinst() { | |||
730 | echo "# Save and reset OECORE_NATIVE_SYSROOT as buildtools may change it" >> $env_setup_script | 732 | echo "# Save and reset OECORE_NATIVE_SYSROOT as buildtools may change it" >> $env_setup_script |
731 | echo "SAVED=\"\$OECORE_NATIVE_SYSROOT\"" >> $env_setup_script | 733 | echo "SAVED=\"\$OECORE_NATIVE_SYSROOT\"" >> $env_setup_script |
732 | echo ". $target_sdk_dir/buildtools/environment-setup*" >> $env_setup_script | 734 | echo ". $target_sdk_dir/buildtools/environment-setup*" >> $env_setup_script |
733 | echo "OECORE_NATIVE_SYSROOT=\"\$SAVED\"" >> $env_setup_script | 735 | echo "export OECORE_NATIVE_SYSROOT=\"\$SAVED\"" >> $env_setup_script |
734 | fi | 736 | fi |
735 | 737 | ||
736 | # Allow bitbake environment setup to be ran as part of this sdk. | 738 | # Allow bitbake environment setup to be ran as part of this sdk. |
diff --git a/meta/classes-recipe/ptest-cargo.bbclass b/meta/classes-recipe/ptest-cargo.bbclass index c46df362bf..fd1df9d7c9 100644 --- a/meta/classes-recipe/ptest-cargo.bbclass +++ b/meta/classes-recipe/ptest-cargo.bbclass | |||
@@ -12,10 +12,10 @@ python do_compile_ptest_cargo() { | |||
12 | import subprocess | 12 | import subprocess |
13 | import json | 13 | import json |
14 | 14 | ||
15 | cargo = bb.utils.which(d.getVar("PATH"), d.getVar("CARGO", True)) | 15 | cargo = bb.utils.which(d.getVar("PATH"), d.getVar("CARGO")) |
16 | cargo_build_flags = d.getVar("CARGO_BUILD_FLAGS", True) | 16 | cargo_build_flags = d.getVar("CARGO_BUILD_FLAGS") |
17 | rust_flags = d.getVar("RUSTFLAGS", True) | 17 | rust_flags = d.getVar("RUSTFLAGS") |
18 | manifest_path = d.getVar("CARGO_MANIFEST_PATH", True) | 18 | manifest_path = d.getVar("CARGO_MANIFEST_PATH") |
19 | project_manifest_path = os.path.normpath(manifest_path) | 19 | project_manifest_path = os.path.normpath(manifest_path) |
20 | manifest_dir = os.path.dirname(manifest_path) | 20 | manifest_dir = os.path.dirname(manifest_path) |
21 | 21 | ||
@@ -66,7 +66,7 @@ python do_compile_ptest_cargo() { | |||
66 | if not test_bins: | 66 | if not test_bins: |
67 | bb.fatal("Unable to find any test binaries") | 67 | bb.fatal("Unable to find any test binaries") |
68 | 68 | ||
69 | cargo_test_binaries_file = d.getVar('CARGO_TEST_BINARIES_FILES', True) | 69 | cargo_test_binaries_file = d.getVar('CARGO_TEST_BINARIES_FILES') |
70 | bb.note(f"Found {len(test_bins)} tests, write their paths into {cargo_test_binaries_file}") | 70 | bb.note(f"Found {len(test_bins)} tests, write their paths into {cargo_test_binaries_file}") |
71 | with open(cargo_test_binaries_file, "w") as f: | 71 | with open(cargo_test_binaries_file, "w") as f: |
72 | for test_bin in test_bins: | 72 | for test_bin in test_bins: |
@@ -77,10 +77,10 @@ python do_compile_ptest_cargo() { | |||
77 | python do_install_ptest_cargo() { | 77 | python do_install_ptest_cargo() { |
78 | import shutil | 78 | import shutil |
79 | 79 | ||
80 | dest_dir = d.getVar("D", True) | 80 | dest_dir = d.getVar("D") |
81 | pn = d.getVar("PN", True) | 81 | pn = d.getVar("PN") |
82 | ptest_path = d.getVar("PTEST_PATH", True) | 82 | ptest_path = d.getVar("PTEST_PATH") |
83 | cargo_test_binaries_file = d.getVar('CARGO_TEST_BINARIES_FILES', True) | 83 | cargo_test_binaries_file = d.getVar('CARGO_TEST_BINARIES_FILES') |
84 | rust_test_args = d.getVar('RUST_TEST_ARGS') or "" | 84 | rust_test_args = d.getVar('RUST_TEST_ARGS') or "" |
85 | 85 | ||
86 | ptest_dir = os.path.join(dest_dir, ptest_path.lstrip('/')) | 86 | ptest_dir = os.path.join(dest_dir, ptest_path.lstrip('/')) |
diff --git a/meta/classes-recipe/qemuboot.bbclass b/meta/classes-recipe/qemuboot.bbclass index 895fd38d68..0f80c60ab5 100644 --- a/meta/classes-recipe/qemuboot.bbclass +++ b/meta/classes-recipe/qemuboot.bbclass | |||
@@ -129,7 +129,8 @@ addtask do_write_qemuboot_conf after do_rootfs before do_image | |||
129 | 129 | ||
130 | def qemuboot_vars(d): | 130 | def qemuboot_vars(d): |
131 | build_vars = ['MACHINE', 'TUNE_ARCH', 'DEPLOY_DIR_IMAGE', | 131 | build_vars = ['MACHINE', 'TUNE_ARCH', 'DEPLOY_DIR_IMAGE', |
132 | 'KERNEL_IMAGETYPE', 'IMAGE_NAME', 'IMAGE_LINK_NAME', | 132 | 'KERNEL_IMAGETYPE', 'KERNEL_IMAGE_NAME', |
133 | 'KERNEL_IMAGE_BIN_EXT', 'IMAGE_NAME', 'IMAGE_LINK_NAME', | ||
133 | 'STAGING_DIR_NATIVE', 'STAGING_BINDIR_NATIVE', | 134 | 'STAGING_DIR_NATIVE', 'STAGING_BINDIR_NATIVE', |
134 | 'STAGING_DIR_HOST', 'SERIAL_CONSOLES', 'UNINATIVE_LOADER'] | 135 | 'STAGING_DIR_HOST', 'SERIAL_CONSOLES', 'UNINATIVE_LOADER'] |
135 | return build_vars + [k for k in d.keys() if k.startswith('QB_')] | 136 | return build_vars + [k for k in d.keys() if k.startswith('QB_')] |
diff --git a/meta/classes-recipe/systemd.bbclass b/meta/classes-recipe/systemd.bbclass index 48b364c1d4..0f7e3b5a08 100644 --- a/meta/classes-recipe/systemd.bbclass +++ b/meta/classes-recipe/systemd.bbclass | |||
@@ -85,7 +85,7 @@ python systemd_populate_packages() { | |||
85 | def systemd_check_package(pkg_systemd): | 85 | def systemd_check_package(pkg_systemd): |
86 | packages = d.getVar('PACKAGES') | 86 | packages = d.getVar('PACKAGES') |
87 | if not pkg_systemd in packages.split(): | 87 | if not pkg_systemd in packages.split(): |
88 | bb.error('%s does not appear in package list, please add it' % pkg_systemd) | 88 | bb.error('%s is marked for packaging systemd scripts, but it does not appear in package list, please add it to PACKAGES or adjust SYSTEMD_PACKAGES accordingly' % pkg_systemd) |
89 | 89 | ||
90 | 90 | ||
91 | def systemd_generate_package_scripts(pkg): | 91 | def systemd_generate_package_scripts(pkg): |
diff --git a/meta/classes-recipe/testexport.bbclass b/meta/classes-recipe/testexport.bbclass index 572f5d9e76..57f7f15885 100644 --- a/meta/classes-recipe/testexport.bbclass +++ b/meta/classes-recipe/testexport.bbclass | |||
@@ -50,7 +50,7 @@ def testexport_main(d): | |||
50 | from oeqa.runtime.context import OERuntimeTestContextExecutor | 50 | from oeqa.runtime.context import OERuntimeTestContextExecutor |
51 | 51 | ||
52 | image_name = ("%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), | 52 | image_name = ("%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), |
53 | d.getVar('IMAGE_LINK_NAME'))) | 53 | d.getVar('IMAGE_LINK_NAME') or d.getVar('IMAGE_NAME'))) |
54 | 54 | ||
55 | tdname = "%s.testdata.json" % image_name | 55 | tdname = "%s.testdata.json" % image_name |
56 | td = json.load(open(tdname, "r")) | 56 | td = json.load(open(tdname, "r")) |
diff --git a/meta/classes-recipe/testimage.bbclass b/meta/classes-recipe/testimage.bbclass index ed0d87b7a7..954c213912 100644 --- a/meta/classes-recipe/testimage.bbclass +++ b/meta/classes-recipe/testimage.bbclass | |||
@@ -110,7 +110,7 @@ TESTIMAGELOCK:qemuall = "" | |||
110 | 110 | ||
111 | TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" | 111 | TESTIMAGE_DUMP_DIR ?= "${LOG_DIR}/runtime-hostdump/" |
112 | 112 | ||
113 | TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME" | 113 | TESTIMAGE_UPDATE_VARS ?= "DL_DIR WORKDIR DEPLOY_DIR_IMAGE IMAGE_LINK_NAME IMAGE_NAME" |
114 | 114 | ||
115 | testimage_dump_monitor () { | 115 | testimage_dump_monitor () { |
116 | query-status | 116 | query-status |
@@ -208,7 +208,7 @@ def testimage_main(d): | |||
208 | bb.utils.mkdirhier(d.getVar("TEST_LOG_DIR")) | 208 | bb.utils.mkdirhier(d.getVar("TEST_LOG_DIR")) |
209 | 209 | ||
210 | image_name = ("%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), | 210 | image_name = ("%s/%s" % (d.getVar('DEPLOY_DIR_IMAGE'), |
211 | d.getVar('IMAGE_LINK_NAME'))) | 211 | d.getVar('IMAGE_LINK_NAME') or d.getVar('IMAGE_NAME'))) |
212 | 212 | ||
213 | tdname = "%s.testdata.json" % image_name | 213 | tdname = "%s.testdata.json" % image_name |
214 | try: | 214 | try: |
@@ -483,5 +483,3 @@ python () { | |||
483 | if oe.types.boolean(d.getVar("TESTIMAGE_AUTO") or "False"): | 483 | if oe.types.boolean(d.getVar("TESTIMAGE_AUTO") or "False"): |
484 | bb.build.addtask("testimage", "do_build", "do_image_complete", d) | 484 | bb.build.addtask("testimage", "do_build", "do_image_complete", d) |
485 | } | 485 | } |
486 | |||
487 | inherit testsdk | ||
diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass index 2d0bbfbd42..9d286224d6 100644 --- a/meta/classes/archiver.bbclass +++ b/meta/classes/archiver.bbclass | |||
@@ -473,7 +473,8 @@ def create_diff_gz(d, src_orig, src, ar_outdir): | |||
473 | 473 | ||
474 | def is_work_shared(d): | 474 | def is_work_shared(d): |
475 | sharedworkdir = os.path.join(d.getVar('TMPDIR'), 'work-shared') | 475 | sharedworkdir = os.path.join(d.getVar('TMPDIR'), 'work-shared') |
476 | return d.getVar('S').startswith(sharedworkdir) | 476 | sourcedir = os.path.realpath(d.getVar('S')) |
477 | return sourcedir.startswith(sharedworkdir) | ||
477 | 478 | ||
478 | # Run do_unpack and do_patch | 479 | # Run do_unpack and do_patch |
479 | python do_unpack_and_patch() { | 480 | python do_unpack_and_patch() { |
diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index fd53e92402..0b1bd518fe 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass | |||
@@ -47,11 +47,18 @@ BUILDHISTORY_PUSH_REPO ?= "" | |||
47 | BUILDHISTORY_TAG ?= "build" | 47 | BUILDHISTORY_TAG ?= "build" |
48 | BUILDHISTORY_PATH_PREFIX_STRIP ?= "" | 48 | BUILDHISTORY_PATH_PREFIX_STRIP ?= "" |
49 | 49 | ||
50 | SSTATEPOSTINSTFUNCS:append = " buildhistory_emit_pkghistory" | 50 | # We want to avoid influencing the signatures of the task so use vardepsexclude |
51 | # We want to avoid influencing the signatures of sstate tasks - first the function itself: | 51 | do_populate_sysroot[postfuncs] += "buildhistory_emit_sysroot" |
52 | sstate_install[vardepsexclude] += "buildhistory_emit_pkghistory" | 52 | do_populate_sysroot_setscene[postfuncs] += "buildhistory_emit_sysroot" |
53 | # then the value added to SSTATEPOSTINSTFUNCS: | 53 | do_populate_sysroot[vardepsexclude] += "buildhistory_emit_sysroot" |
54 | SSTATEPOSTINSTFUNCS[vardepvalueexclude] .= "| buildhistory_emit_pkghistory" | 54 | |
55 | do_package[postfuncs] += "buildhistory_list_pkg_files" | ||
56 | do_package_setscene[postfuncs] += "buildhistory_list_pkg_files" | ||
57 | do_package[vardepsexclude] += "buildhistory_list_pkg_files" | ||
58 | |||
59 | do_packagedata[postfuncs] += "buildhistory_emit_pkghistory" | ||
60 | do_packagedata_setscene[postfuncs] += "buildhistory_emit_pkghistory" | ||
61 | do_packagedata[vardepsexclude] += "buildhistory_emit_pkghistory" | ||
55 | 62 | ||
56 | # Similarly for our function that gets the output signatures | 63 | # Similarly for our function that gets the output signatures |
57 | SSTATEPOSTUNPACKFUNCS:append = " buildhistory_emit_outputsigs" | 64 | SSTATEPOSTUNPACKFUNCS:append = " buildhistory_emit_outputsigs" |
@@ -91,25 +98,14 @@ buildhistory_emit_sysroot() { | |||
91 | # Write out metadata about this package for comparison when writing future packages | 98 | # Write out metadata about this package for comparison when writing future packages |
92 | # | 99 | # |
93 | python buildhistory_emit_pkghistory() { | 100 | python buildhistory_emit_pkghistory() { |
94 | if d.getVar('BB_CURRENTTASK') in ['populate_sysroot', 'populate_sysroot_setscene']: | ||
95 | bb.build.exec_func("buildhistory_emit_sysroot", d) | ||
96 | return 0 | ||
97 | |||
98 | if not "package" in (d.getVar('BUILDHISTORY_FEATURES') or "").split(): | ||
99 | return 0 | ||
100 | |||
101 | if d.getVar('BB_CURRENTTASK') in ['package', 'package_setscene']: | ||
102 | # Create files-in-<package-name>.txt files containing a list of files of each recipe's package | ||
103 | bb.build.exec_func("buildhistory_list_pkg_files", d) | ||
104 | return 0 | ||
105 | |||
106 | if not d.getVar('BB_CURRENTTASK') in ['packagedata', 'packagedata_setscene']: | ||
107 | return 0 | ||
108 | |||
109 | import re | 101 | import re |
110 | import json | 102 | import json |
111 | import shlex | 103 | import shlex |
112 | import errno | 104 | import errno |
105 | import shutil | ||
106 | |||
107 | if not "package" in (d.getVar('BUILDHISTORY_FEATURES') or "").split(): | ||
108 | return 0 | ||
113 | 109 | ||
114 | pkghistdir = d.getVar('BUILDHISTORY_DIR_PACKAGE') | 110 | pkghistdir = d.getVar('BUILDHISTORY_DIR_PACKAGE') |
115 | oldpkghistdir = d.getVar('BUILDHISTORY_OLD_DIR_PACKAGE') | 111 | oldpkghistdir = d.getVar('BUILDHISTORY_OLD_DIR_PACKAGE') |
@@ -223,6 +219,20 @@ python buildhistory_emit_pkghistory() { | |||
223 | items.sort() | 219 | items.sort() |
224 | return ' '.join(items) | 220 | return ' '.join(items) |
225 | 221 | ||
222 | def preservebuildhistoryfiles(pkg, preserve): | ||
223 | if os.path.exists(os.path.join(oldpkghistdir, pkg)): | ||
224 | listofobjs = os.listdir(os.path.join(oldpkghistdir, pkg)) | ||
225 | for obj in listofobjs: | ||
226 | if obj not in preserve: | ||
227 | continue | ||
228 | try: | ||
229 | bb.utils.mkdirhier(os.path.join(pkghistdir, pkg)) | ||
230 | shutil.copyfile(os.path.join(oldpkghistdir, pkg, obj), os.path.join(pkghistdir, pkg, obj)) | ||
231 | except IOError as e: | ||
232 | bb.note("Unable to copy file. %s" % e) | ||
233 | except EnvironmentError as e: | ||
234 | bb.note("Unable to copy file. %s" % e) | ||
235 | |||
226 | pn = d.getVar('PN') | 236 | pn = d.getVar('PN') |
227 | pe = d.getVar('PE') or "0" | 237 | pe = d.getVar('PE') or "0" |
228 | pv = d.getVar('PV') | 238 | pv = d.getVar('PV') |
@@ -250,6 +260,14 @@ python buildhistory_emit_pkghistory() { | |||
250 | if not os.path.exists(pkghistdir): | 260 | if not os.path.exists(pkghistdir): |
251 | bb.utils.mkdirhier(pkghistdir) | 261 | bb.utils.mkdirhier(pkghistdir) |
252 | else: | 262 | else: |
263 | # We need to make sure that all files kept in | ||
264 | # buildhistory/old are restored successfully | ||
265 | # otherwise next block of code wont have files to | ||
266 | # check and purge | ||
267 | if d.getVar("BUILDHISTORY_RESET"): | ||
268 | for pkg in packagelist: | ||
269 | preservebuildhistoryfiles(pkg, preserve) | ||
270 | |||
253 | # Remove files for packages that no longer exist | 271 | # Remove files for packages that no longer exist |
254 | for item in os.listdir(pkghistdir): | 272 | for item in os.listdir(pkghistdir): |
255 | if item not in preserve: | 273 | if item not in preserve: |
@@ -598,16 +616,17 @@ buildhistory_list_files_no_owners() { | |||
598 | } | 616 | } |
599 | 617 | ||
600 | buildhistory_list_pkg_files() { | 618 | buildhistory_list_pkg_files() { |
619 | if [ "${@bb.utils.contains('BUILDHISTORY_FEATURES', 'package', '1', '0', d)}" = "0" ] ; then | ||
620 | return | ||
621 | fi | ||
622 | |||
601 | # Create individual files-in-package for each recipe's package | 623 | # Create individual files-in-package for each recipe's package |
602 | for pkgdir in $(find ${PKGDEST}/* -maxdepth 0 -type d); do | 624 | pkgdirlist=$(find ${PKGDEST}/* -maxdepth 0 -type d) |
625 | for pkgdir in $pkgdirlist; do | ||
603 | pkgname=$(basename $pkgdir) | 626 | pkgname=$(basename $pkgdir) |
604 | outfolder="${BUILDHISTORY_DIR_PACKAGE}/$pkgname" | 627 | outfolder="${BUILDHISTORY_DIR_PACKAGE}/$pkgname" |
605 | outfile="$outfolder/files-in-package.txt" | 628 | outfile="$outfolder/files-in-package.txt" |
606 | # Make sure the output folder exists so we can create the file | 629 | mkdir -p $outfolder |
607 | if [ ! -d $outfolder ] ; then | ||
608 | bbdebug 2 "Folder $outfolder does not exist, file $outfile not created" | ||
609 | continue | ||
610 | fi | ||
611 | buildhistory_list_files $pkgdir $outfile fakeroot | 630 | buildhistory_list_files $pkgdir $outfile fakeroot |
612 | done | 631 | done |
613 | } | 632 | } |
diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass index 486efadba9..ade1a04be3 100644 --- a/meta/classes/create-spdx-2.2.bbclass +++ b/meta/classes/create-spdx-2.2.bbclass | |||
@@ -28,13 +28,15 @@ SPDX_ARCHIVE_SOURCES ??= "0" | |||
28 | SPDX_ARCHIVE_PACKAGED ??= "0" | 28 | SPDX_ARCHIVE_PACKAGED ??= "0" |
29 | 29 | ||
30 | SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" | 30 | SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" |
31 | SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc" | 31 | SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs" |
32 | SPDX_PRETTY ??= "0" | 32 | SPDX_PRETTY ??= "0" |
33 | 33 | ||
34 | SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" | 34 | SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" |
35 | 35 | ||
36 | SPDX_CUSTOM_ANNOTATION_VARS ??= "" | 36 | SPDX_CUSTOM_ANNOTATION_VARS ??= "" |
37 | 37 | ||
38 | SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}" | ||
39 | |||
38 | SPDX_ORG ??= "OpenEmbedded ()" | 40 | SPDX_ORG ??= "OpenEmbedded ()" |
39 | SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}" | 41 | SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}" |
40 | SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \ | 42 | SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \ |
@@ -313,7 +315,8 @@ def add_package_sources_from_debug(d, package_doc, spdx_package, package, packag | |||
313 | debugsrc_path = search / debugsrc.replace('/usr/src/kernel/', '') | 315 | debugsrc_path = search / debugsrc.replace('/usr/src/kernel/', '') |
314 | else: | 316 | else: |
315 | debugsrc_path = search / debugsrc.lstrip("/") | 317 | debugsrc_path = search / debugsrc.lstrip("/") |
316 | if not debugsrc_path.exists(): | 318 | # We can only hash files below, skip directories, links, etc. |
319 | if not os.path.isfile(debugsrc_path): | ||
317 | continue | 320 | continue |
318 | 321 | ||
319 | file_sha256 = bb.utils.sha256_file(debugsrc_path) | 322 | file_sha256 = bb.utils.sha256_file(debugsrc_path) |
@@ -349,7 +352,7 @@ def collect_dep_recipes(d, doc, spdx_recipe): | |||
349 | 352 | ||
350 | deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) | 353 | deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) |
351 | spdx_deps_file = Path(d.getVar("SPDXDEPS")) | 354 | spdx_deps_file = Path(d.getVar("SPDXDEPS")) |
352 | package_archs = d.getVar("SSTATE_ARCHS").split() | 355 | package_archs = d.getVar("SPDX_MULTILIB_SSTATE_ARCHS").split() |
353 | package_archs.reverse() | 356 | package_archs.reverse() |
354 | 357 | ||
355 | dep_recipes = [] | 358 | dep_recipes = [] |
@@ -389,7 +392,7 @@ def collect_dep_recipes(d, doc, spdx_recipe): | |||
389 | 392 | ||
390 | return dep_recipes | 393 | return dep_recipes |
391 | 394 | ||
392 | collect_dep_recipes[vardepsexclude] = "SSTATE_ARCHS" | 395 | collect_dep_recipes[vardepsexclude] = "SPDX_MULTILIB_SSTATE_ARCHS" |
393 | 396 | ||
394 | def collect_dep_sources(d, dep_recipes): | 397 | def collect_dep_sources(d, dep_recipes): |
395 | import oe.sbom | 398 | import oe.sbom |
@@ -763,7 +766,7 @@ python do_create_runtime_spdx() { | |||
763 | 766 | ||
764 | providers = collect_package_providers(d) | 767 | providers = collect_package_providers(d) |
765 | pkg_arch = d.getVar("SSTATE_PKGARCH") | 768 | pkg_arch = d.getVar("SSTATE_PKGARCH") |
766 | package_archs = d.getVar("SSTATE_ARCHS").split() | 769 | package_archs = d.getVar("SPDX_MULTILIB_SSTATE_ARCHS").split() |
767 | package_archs.reverse() | 770 | package_archs.reverse() |
768 | 771 | ||
769 | if not is_native: | 772 | if not is_native: |
@@ -869,7 +872,7 @@ python do_create_runtime_spdx() { | |||
869 | oe.sbom.write_doc(d, runtime_doc, pkg_arch, "runtime", spdx_deploy, indent=get_json_indent(d)) | 872 | oe.sbom.write_doc(d, runtime_doc, pkg_arch, "runtime", spdx_deploy, indent=get_json_indent(d)) |
870 | } | 873 | } |
871 | 874 | ||
872 | do_create_runtime_spdx[vardepsexclude] += "OVERRIDES SSTATE_ARCHS" | 875 | do_create_runtime_spdx[vardepsexclude] += "OVERRIDES SPDX_MULTILIB_SSTATE_ARCHS" |
873 | 876 | ||
874 | addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work | 877 | addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work |
875 | SSTATETASKS += "do_create_runtime_spdx" | 878 | SSTATETASKS += "do_create_runtime_spdx" |
@@ -1004,7 +1007,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx | |||
1004 | import bb.compress.zstd | 1007 | import bb.compress.zstd |
1005 | 1008 | ||
1006 | providers = collect_package_providers(d) | 1009 | providers = collect_package_providers(d) |
1007 | package_archs = d.getVar("SSTATE_ARCHS").split() | 1010 | package_archs = d.getVar("SPDX_MULTILIB_SSTATE_ARCHS").split() |
1008 | package_archs.reverse() | 1011 | package_archs.reverse() |
1009 | 1012 | ||
1010 | creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") | 1013 | creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") |
@@ -1155,4 +1158,4 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx | |||
1155 | 1158 | ||
1156 | tar.addfile(info, fileobj=index_str) | 1159 | tar.addfile(info, fileobj=index_str) |
1157 | 1160 | ||
1158 | combine_spdx[vardepsexclude] += "BB_NUMBER_THREADS SSTATE_ARCHS" | 1161 | combine_spdx[vardepsexclude] += "BB_NUMBER_THREADS SPDX_MULTILIB_SSTATE_ARCHS" |
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 56ba8bceef..93a2a1413d 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass | |||
@@ -49,7 +49,8 @@ CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve" | |||
49 | CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" | 49 | CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}" |
50 | CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" | 50 | CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json" |
51 | CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve" | 51 | CVE_CHECK_MANIFEST ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.cve" |
52 | CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.json" | 52 | CVE_CHECK_MANIFEST_JSON_SUFFIX ?= "json" |
53 | CVE_CHECK_MANIFEST_JSON ?= "${IMGDEPLOYDIR}/${IMAGE_NAME}.${CVE_CHECK_MANIFEST_JSON_SUFFIX}" | ||
53 | CVE_CHECK_COPY_FILES ??= "1" | 54 | CVE_CHECK_COPY_FILES ??= "1" |
54 | CVE_CHECK_CREATE_MANIFEST ??= "1" | 55 | CVE_CHECK_CREATE_MANIFEST ??= "1" |
55 | 56 | ||
@@ -278,7 +279,8 @@ python cve_check_write_rootfs_manifest () { | |||
278 | bb.plain("Image CVE report stored in: %s" % manifest_name) | 279 | bb.plain("Image CVE report stored in: %s" % manifest_name) |
279 | 280 | ||
280 | if enable_json: | 281 | if enable_json: |
281 | link_path = os.path.join(deploy_dir, "%s.json" % link_name) | 282 | manifest_name_suffix = d.getVar("CVE_CHECK_MANIFEST_JSON_SUFFIX") |
283 | link_path = os.path.join(deploy_dir, "%s.%s" % (link_name, manifest_name_suffix)) | ||
282 | manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") | 284 | manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON") |
283 | 285 | ||
284 | with open(manifest_name, "w") as f: | 286 | with open(manifest_name, "w") as f: |
diff --git a/meta/classes/multilib.bbclass b/meta/classes/multilib.bbclass index b6c09969b1..a4151658a6 100644 --- a/meta/classes/multilib.bbclass +++ b/meta/classes/multilib.bbclass | |||
@@ -5,30 +5,30 @@ | |||
5 | # | 5 | # |
6 | 6 | ||
7 | python multilib_virtclass_handler () { | 7 | python multilib_virtclass_handler () { |
8 | cls = e.data.getVar("BBEXTENDCURR") | 8 | cls = d.getVar("BBEXTENDCURR") |
9 | variant = e.data.getVar("BBEXTENDVARIANT") | 9 | variant = d.getVar("BBEXTENDVARIANT") |
10 | if cls != "multilib" or not variant: | 10 | if cls != "multilib" or not variant: |
11 | return | 11 | return |
12 | 12 | ||
13 | localdata = bb.data.createCopy(e.data) | 13 | localdata = bb.data.createCopy(d) |
14 | localdata.delVar('TMPDIR') | 14 | localdata.delVar('TMPDIR') |
15 | e.data.setVar('STAGING_KERNEL_DIR', localdata.getVar('STAGING_KERNEL_DIR')) | 15 | d.setVar('STAGING_KERNEL_DIR', localdata.getVar('STAGING_KERNEL_DIR')) |
16 | 16 | ||
17 | # There should only be one kernel in multilib configs | 17 | # There should only be one kernel in multilib configs |
18 | # We also skip multilib setup for module packages. | 18 | # We also skip multilib setup for module packages. |
19 | provides = (e.data.getVar("PROVIDES") or "").split() | 19 | provides = (d.getVar("PROVIDES") or "").split() |
20 | non_ml_recipes = d.getVar('NON_MULTILIB_RECIPES').split() | 20 | non_ml_recipes = d.getVar('NON_MULTILIB_RECIPES').split() |
21 | bpn = e.data.getVar("BPN") | 21 | bpn = d.getVar("BPN") |
22 | if "virtual/kernel" in provides or \ | 22 | if ("virtual/kernel" in provides |
23 | bb.data.inherits_class('module-base', e.data) or \ | 23 | or bb.data.inherits_class('module-base', d) |
24 | bpn in non_ml_recipes: | 24 | or bpn in non_ml_recipes): |
25 | raise bb.parse.SkipRecipe("We shouldn't have multilib variants for %s" % bpn) | 25 | raise bb.parse.SkipRecipe("We shouldn't have multilib variants for %s" % bpn) |
26 | 26 | ||
27 | save_var_name=e.data.getVar("MULTILIB_SAVE_VARNAME") or "" | 27 | save_var_name = d.getVar("MULTILIB_SAVE_VARNAME") or "" |
28 | for name in save_var_name.split(): | 28 | for name in save_var_name.split(): |
29 | val=e.data.getVar(name) | 29 | val = d.getVar(name) |
30 | if val: | 30 | if val: |
31 | e.data.setVar(name + "_MULTILIB_ORIGINAL", val) | 31 | d.setVar(name + "_MULTILIB_ORIGINAL", val) |
32 | 32 | ||
33 | # We nearly don't need this but dependencies on NON_MULTILIB_RECIPES don't work without it | 33 | # We nearly don't need this but dependencies on NON_MULTILIB_RECIPES don't work without it |
34 | d.setVar("SSTATE_ARCHS_TUNEPKG", "${@all_multilib_tune_values(d, 'TUNE_PKGARCH')}") | 34 | d.setVar("SSTATE_ARCHS_TUNEPKG", "${@all_multilib_tune_values(d, 'TUNE_PKGARCH')}") |
@@ -36,66 +36,67 @@ python multilib_virtclass_handler () { | |||
36 | overrides = e.data.getVar("OVERRIDES", False) | 36 | overrides = e.data.getVar("OVERRIDES", False) |
37 | pn = e.data.getVar("PN", False) | 37 | pn = e.data.getVar("PN", False) |
38 | overrides = overrides.replace("pn-${PN}", "pn-${PN}:pn-" + pn) | 38 | overrides = overrides.replace("pn-${PN}", "pn-${PN}:pn-" + pn) |
39 | e.data.setVar("OVERRIDES", overrides) | 39 | d.setVar("OVERRIDES", overrides) |
40 | 40 | ||
41 | if bb.data.inherits_class('image', e.data): | 41 | if bb.data.inherits_class('image', d): |
42 | e.data.setVar("MLPREFIX", variant + "-") | 42 | d.setVar("MLPREFIX", variant + "-") |
43 | e.data.setVar("PN", variant + "-" + e.data.getVar("PN", False)) | 43 | d.setVar("PN", variant + "-" + d.getVar("PN", False)) |
44 | e.data.setVar('SDKTARGETSYSROOT', e.data.getVar('SDKTARGETSYSROOT')) | 44 | d.setVar('SDKTARGETSYSROOT', d.getVar('SDKTARGETSYSROOT')) |
45 | override = ":virtclass-multilib-" + variant | 45 | override = ":virtclass-multilib-" + variant |
46 | e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override) | 46 | d.setVar("OVERRIDES", d.getVar("OVERRIDES", False) + override) |
47 | target_vendor = e.data.getVar("TARGET_VENDOR:" + "virtclass-multilib-" + variant, False) | 47 | target_vendor = d.getVar("TARGET_VENDOR:" + "virtclass-multilib-" + variant, False) |
48 | if target_vendor: | 48 | if target_vendor: |
49 | e.data.setVar("TARGET_VENDOR", target_vendor) | 49 | d.setVar("TARGET_VENDOR", target_vendor) |
50 | return | 50 | return |
51 | 51 | ||
52 | if bb.data.inherits_class('cross-canadian', e.data): | 52 | if bb.data.inherits_class('cross-canadian', d): |
53 | # Multilib cross-candian should use the same nativesdk sysroot without MLPREFIX | 53 | # Multilib cross-candian should use the same nativesdk sysroot without MLPREFIX |
54 | e.data.setVar("RECIPE_SYSROOT", "${WORKDIR}/recipe-sysroot") | 54 | d.setVar("RECIPE_SYSROOT", "${WORKDIR}/recipe-sysroot") |
55 | e.data.setVar("STAGING_DIR_TARGET", "${WORKDIR}/recipe-sysroot") | 55 | d.setVar("STAGING_DIR_TARGET", "${WORKDIR}/recipe-sysroot") |
56 | e.data.setVar("STAGING_DIR_HOST", "${WORKDIR}/recipe-sysroot") | 56 | d.setVar("STAGING_DIR_HOST", "${WORKDIR}/recipe-sysroot") |
57 | e.data.setVar("RECIPE_SYSROOT_MANIFEST_SUBDIR", "nativesdk-" + variant) | 57 | d.setVar("RECIPE_SYSROOT_MANIFEST_SUBDIR", "nativesdk-" + variant) |
58 | e.data.setVar("MLPREFIX", variant + "-") | 58 | d.setVar("MLPREFIX", variant + "-") |
59 | override = ":virtclass-multilib-" + variant | 59 | override = ":virtclass-multilib-" + variant |
60 | e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override) | 60 | d.setVar("OVERRIDES", d.getVar("OVERRIDES", False) + override) |
61 | return | 61 | return |
62 | 62 | ||
63 | if bb.data.inherits_class('native', e.data): | 63 | if bb.data.inherits_class('native', d): |
64 | raise bb.parse.SkipRecipe("We can't extend native recipes") | 64 | raise bb.parse.SkipRecipe("We can't extend native recipes") |
65 | 65 | ||
66 | if bb.data.inherits_class('nativesdk', e.data) or bb.data.inherits_class('crosssdk', e.data): | 66 | if bb.data.inherits_class('nativesdk', d) or bb.data.inherits_class('crosssdk', d): |
67 | raise bb.parse.SkipRecipe("We can't extend nativesdk recipes") | 67 | raise bb.parse.SkipRecipe("We can't extend nativesdk recipes") |
68 | 68 | ||
69 | if bb.data.inherits_class('allarch', e.data) and not d.getVar('MULTILIB_VARIANTS') \ | 69 | if (bb.data.inherits_class('allarch', d) |
70 | and not bb.data.inherits_class('packagegroup', e.data): | 70 | and not d.getVar('MULTILIB_VARIANTS') |
71 | and not bb.data.inherits_class('packagegroup', d)): | ||
71 | raise bb.parse.SkipRecipe("Don't extend allarch recipes which are not packagegroups") | 72 | raise bb.parse.SkipRecipe("Don't extend allarch recipes which are not packagegroups") |
72 | 73 | ||
73 | # Expand this since this won't work correctly once we set a multilib into place | 74 | # Expand this since this won't work correctly once we set a multilib into place |
74 | e.data.setVar("ALL_MULTILIB_PACKAGE_ARCHS", e.data.getVar("ALL_MULTILIB_PACKAGE_ARCHS")) | 75 | d.setVar("ALL_MULTILIB_PACKAGE_ARCHS", d.getVar("ALL_MULTILIB_PACKAGE_ARCHS")) |
75 | 76 | ||
76 | override = ":virtclass-multilib-" + variant | 77 | override = ":virtclass-multilib-" + variant |
77 | 78 | ||
78 | skip_msg = e.data.getVarFlag('SKIP_RECIPE', e.data.getVar('PN')) | 79 | skip_msg = d.getVarFlag('SKIP_RECIPE', d.getVar('PN')) |
79 | if skip_msg: | 80 | if skip_msg: |
80 | pn_new = variant + "-" + e.data.getVar('PN') | 81 | pn_new = variant + "-" + d.getVar('PN') |
81 | if not e.data.getVarFlag('SKIP_RECIPE', pn_new): | 82 | if not d.getVarFlag('SKIP_RECIPE', pn_new): |
82 | e.data.setVarFlag('SKIP_RECIPE', pn_new, skip_msg) | 83 | d.setVarFlag('SKIP_RECIPE', pn_new, skip_msg) |
83 | 84 | ||
84 | e.data.setVar("MLPREFIX", variant + "-") | 85 | d.setVar("MLPREFIX", variant + "-") |
85 | e.data.setVar("PN", variant + "-" + e.data.getVar("PN", False)) | 86 | d.setVar("PN", variant + "-" + d.getVar("PN", False)) |
86 | e.data.setVar("OVERRIDES", e.data.getVar("OVERRIDES", False) + override) | 87 | d.setVar("OVERRIDES", d.getVar("OVERRIDES", False) + override) |
87 | 88 | ||
88 | # Expand INCOMPATIBLE_LICENSE_EXCEPTIONS with multilib prefix | 89 | # Expand INCOMPATIBLE_LICENSE_EXCEPTIONS with multilib prefix |
89 | pkgs = e.data.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") | 90 | pkgs = d.getVar("INCOMPATIBLE_LICENSE_EXCEPTIONS") |
90 | if pkgs: | 91 | if pkgs: |
91 | for pkg in pkgs.split(): | 92 | for pkg in pkgs.split(): |
92 | pkgs += " " + variant + "-" + pkg | 93 | pkgs += " " + variant + "-" + pkg |
93 | e.data.setVar("INCOMPATIBLE_LICENSE_EXCEPTIONS", pkgs) | 94 | d.setVar("INCOMPATIBLE_LICENSE_EXCEPTIONS", pkgs) |
94 | 95 | ||
95 | # DEFAULTTUNE can change TARGET_ARCH override so expand this now before update_data | 96 | # DEFAULTTUNE can change TARGET_ARCH override so expand this now before update_data |
96 | newtune = e.data.getVar("DEFAULTTUNE:" + "virtclass-multilib-" + variant, False) | 97 | newtune = d.getVar("DEFAULTTUNE:" + "virtclass-multilib-" + variant, False) |
97 | if newtune: | 98 | if newtune: |
98 | e.data.setVar("DEFAULTTUNE", newtune) | 99 | d.setVar("DEFAULTTUNE", newtune) |
99 | } | 100 | } |
100 | 101 | ||
101 | addhandler multilib_virtclass_handler | 102 | addhandler multilib_virtclass_handler |
diff --git a/meta/classes/multilib_global.bbclass b/meta/classes/multilib_global.bbclass index 6095d278dd..973ac9130b 100644 --- a/meta/classes/multilib_global.bbclass +++ b/meta/classes/multilib_global.bbclass | |||
@@ -171,24 +171,23 @@ def preferred_ml_updates(d): | |||
171 | d.appendVar("SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS", " " + " ".join(extras)) | 171 | d.appendVar("SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS", " " + " ".join(extras)) |
172 | 172 | ||
173 | python multilib_virtclass_handler_vendor () { | 173 | python multilib_virtclass_handler_vendor () { |
174 | if isinstance(e, bb.event.ConfigParsed): | 174 | for v in d.getVar("MULTILIB_VARIANTS").split(): |
175 | for v in e.data.getVar("MULTILIB_VARIANTS").split(): | 175 | if d.getVar("TARGET_VENDOR:virtclass-multilib-" + v, False) is None: |
176 | if e.data.getVar("TARGET_VENDOR:virtclass-multilib-" + v, False) is None: | 176 | d.setVar("TARGET_VENDOR:virtclass-multilib-" + v, d.getVar("TARGET_VENDOR", False) + "ml" + v) |
177 | e.data.setVar("TARGET_VENDOR:virtclass-multilib-" + v, e.data.getVar("TARGET_VENDOR", False) + "ml" + v) | 177 | preferred_ml_updates(d) |
178 | preferred_ml_updates(e.data) | ||
179 | } | 178 | } |
180 | addhandler multilib_virtclass_handler_vendor | 179 | addhandler multilib_virtclass_handler_vendor |
181 | multilib_virtclass_handler_vendor[eventmask] = "bb.event.ConfigParsed" | 180 | multilib_virtclass_handler_vendor[eventmask] = "bb.event.ConfigParsed" |
182 | 181 | ||
183 | python multilib_virtclass_handler_global () { | 182 | python multilib_virtclass_handler_global () { |
184 | variant = e.data.getVar("BBEXTENDVARIANT") | 183 | variant = d.getVar("BBEXTENDVARIANT") |
185 | if variant: | 184 | if variant: |
186 | return | 185 | return |
187 | 186 | ||
188 | non_ml_recipes = d.getVar('NON_MULTILIB_RECIPES').split() | 187 | non_ml_recipes = d.getVar('NON_MULTILIB_RECIPES').split() |
189 | 188 | ||
190 | if bb.data.inherits_class('kernel', e.data) or \ | 189 | if bb.data.inherits_class('kernel', d) or \ |
191 | bb.data.inherits_class('module-base', e.data) or \ | 190 | bb.data.inherits_class('module-base', d) or \ |
192 | d.getVar('BPN') in non_ml_recipes: | 191 | d.getVar('BPN') in non_ml_recipes: |
193 | 192 | ||
194 | # We need to avoid expanding KERNEL_VERSION which we can do by deleting it | 193 | # We need to avoid expanding KERNEL_VERSION which we can do by deleting it |
@@ -197,7 +196,7 @@ python multilib_virtclass_handler_global () { | |||
197 | localdata.delVar("KERNEL_VERSION") | 196 | localdata.delVar("KERNEL_VERSION") |
198 | localdata.delVar("KERNEL_VERSION_PKG_NAME") | 197 | localdata.delVar("KERNEL_VERSION_PKG_NAME") |
199 | 198 | ||
200 | variants = (e.data.getVar("MULTILIB_VARIANTS") or "").split() | 199 | variants = (d.getVar("MULTILIB_VARIANTS") or "").split() |
201 | 200 | ||
202 | import oe.classextend | 201 | import oe.classextend |
203 | clsextends = [] | 202 | clsextends = [] |
@@ -208,22 +207,22 @@ python multilib_virtclass_handler_global () { | |||
208 | origprovs = provs = localdata.getVar("PROVIDES") or "" | 207 | origprovs = provs = localdata.getVar("PROVIDES") or "" |
209 | for clsextend in clsextends: | 208 | for clsextend in clsextends: |
210 | provs = provs + " " + clsextend.map_variable("PROVIDES", setvar=False) | 209 | provs = provs + " " + clsextend.map_variable("PROVIDES", setvar=False) |
211 | e.data.setVar("PROVIDES", provs) | 210 | d.setVar("PROVIDES", provs) |
212 | 211 | ||
213 | # Process RPROVIDES | 212 | # Process RPROVIDES |
214 | origrprovs = rprovs = localdata.getVar("RPROVIDES") or "" | 213 | origrprovs = rprovs = localdata.getVar("RPROVIDES") or "" |
215 | for clsextend in clsextends: | 214 | for clsextend in clsextends: |
216 | rprovs = rprovs + " " + clsextend.map_variable("RPROVIDES", setvar=False) | 215 | rprovs = rprovs + " " + clsextend.map_variable("RPROVIDES", setvar=False) |
217 | if rprovs.strip(): | 216 | if rprovs.strip(): |
218 | e.data.setVar("RPROVIDES", rprovs) | 217 | d.setVar("RPROVIDES", rprovs) |
219 | 218 | ||
220 | # Process RPROVIDES:${PN}... | 219 | # Process RPROVIDES:${PN}... |
221 | for pkg in (e.data.getVar("PACKAGES") or "").split(): | 220 | for pkg in (d.getVar("PACKAGES") or "").split(): |
222 | origrprovs = rprovs = localdata.getVar("RPROVIDES:%s" % pkg) or "" | 221 | origrprovs = rprovs = localdata.getVar("RPROVIDES:%s" % pkg) or "" |
223 | for clsextend in clsextends: | 222 | for clsextend in clsextends: |
224 | rprovs = rprovs + " " + clsextend.map_variable("RPROVIDES:%s" % pkg, setvar=False) | 223 | rprovs = rprovs + " " + clsextend.map_variable("RPROVIDES:%s" % pkg, setvar=False) |
225 | rprovs = rprovs + " " + clsextend.extname + "-" + pkg | 224 | rprovs = rprovs + " " + clsextend.extname + "-" + pkg |
226 | e.data.setVar("RPROVIDES:%s" % pkg, rprovs) | 225 | d.setVar("RPROVIDES:%s" % pkg, rprovs) |
227 | } | 226 | } |
228 | 227 | ||
229 | addhandler multilib_virtclass_handler_global | 228 | addhandler multilib_virtclass_handler_global |
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index ba8bd5f975..78f15b76ae 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf | |||
@@ -521,7 +521,7 @@ HOSTTOOLS += " \ | |||
521 | mktemp mv nm objcopy objdump od patch perl pr printf pwd \ | 521 | mktemp mv nm objcopy objdump od patch perl pr printf pwd \ |
522 | python3 pzstd ranlib readelf readlink realpath rm rmdir rpcgen sed seq sh \ | 522 | python3 pzstd ranlib readelf readlink realpath rm rmdir rpcgen sed seq sh \ |
523 | sha1sum sha224sum sha256sum sha384sum sha512sum \ | 523 | sha1sum sha224sum sha256sum sha384sum sha512sum \ |
524 | sleep sort split stat strings strip tail tar tee test touch tr true uname \ | 524 | sleep sort split stat strings strip tail tar tee test touch tr true truncate uname \ |
525 | uniq unzstd wc wget which xargs zstd \ | 525 | uniq unzstd wc wget which xargs zstd \ |
526 | " | 526 | " |
527 | 527 | ||
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 180dfc1918..baaf971a9a 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc | |||
@@ -31,13 +31,13 @@ RECIPE_MAINTAINER:pn-acl = "Chen Qi <Qi.Chen@windriver.com>" | |||
31 | RECIPE_MAINTAINER:pn-acpica = "Ross Burton <ross.burton@arm.com>" | 31 | RECIPE_MAINTAINER:pn-acpica = "Ross Burton <ross.burton@arm.com>" |
32 | RECIPE_MAINTAINER:pn-acpid = "Ross Burton <ross.burton@arm.com>" | 32 | RECIPE_MAINTAINER:pn-acpid = "Ross Burton <ross.burton@arm.com>" |
33 | RECIPE_MAINTAINER:pn-adwaita-icon-theme = "Ross Burton <ross.burton@arm.com>" | 33 | RECIPE_MAINTAINER:pn-adwaita-icon-theme = "Ross Burton <ross.burton@arm.com>" |
34 | RECIPE_MAINTAINER:pn-alsa-lib = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 34 | RECIPE_MAINTAINER:pn-alsa-lib = "Michael Opdenacker <michael@opdenacker.org>" |
35 | RECIPE_MAINTAINER:pn-alsa-plugins = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 35 | RECIPE_MAINTAINER:pn-alsa-plugins = "Michael Opdenacker <michael@opdenacker.org>" |
36 | RECIPE_MAINTAINER:pn-alsa-state = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 36 | RECIPE_MAINTAINER:pn-alsa-state = "Michael Opdenacker <michael@opdenacker.org>" |
37 | RECIPE_MAINTAINER:pn-alsa-tools = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 37 | RECIPE_MAINTAINER:pn-alsa-tools = "Michael Opdenacker <michael@opdenacker.org>" |
38 | RECIPE_MAINTAINER:pn-alsa-topology-conf = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 38 | RECIPE_MAINTAINER:pn-alsa-topology-conf = "Michael Opdenacker <michael@opdenacker.org>" |
39 | RECIPE_MAINTAINER:pn-alsa-ucm-conf = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 39 | RECIPE_MAINTAINER:pn-alsa-ucm-conf = "Michael Opdenacker <michael@opdenacker.org>" |
40 | RECIPE_MAINTAINER:pn-alsa-utils = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 40 | RECIPE_MAINTAINER:pn-alsa-utils = "Michael Opdenacker <michael@opdenacker.org>" |
41 | RECIPE_MAINTAINER:pn-appstream = "Markus Volk <f_l_k@t-online.de>" | 41 | RECIPE_MAINTAINER:pn-appstream = "Markus Volk <f_l_k@t-online.de>" |
42 | RECIPE_MAINTAINER:pn-apr = "Hongxu Jia <hongxu.jia@windriver.com>" | 42 | RECIPE_MAINTAINER:pn-apr = "Hongxu Jia <hongxu.jia@windriver.com>" |
43 | RECIPE_MAINTAINER:pn-apr-util = "Hongxu Jia <hongxu.jia@windriver.com>" | 43 | RECIPE_MAINTAINER:pn-apr-util = "Hongxu Jia <hongxu.jia@windriver.com>" |
@@ -174,7 +174,7 @@ RECIPE_MAINTAINER:pn-expect = "Alexander Kanavin <alex.kanavin@gmail.com>" | |||
174 | RECIPE_MAINTAINER:pn-ffmpeg = "Alexander Kanavin <alex.kanavin@gmail.com>" | 174 | RECIPE_MAINTAINER:pn-ffmpeg = "Alexander Kanavin <alex.kanavin@gmail.com>" |
175 | RECIPE_MAINTAINER:pn-file = "Yi Zhao <yi.zhao@windriver.com>" | 175 | RECIPE_MAINTAINER:pn-file = "Yi Zhao <yi.zhao@windriver.com>" |
176 | RECIPE_MAINTAINER:pn-findutils = "Chen Qi <Qi.Chen@windriver.com>" | 176 | RECIPE_MAINTAINER:pn-findutils = "Chen Qi <Qi.Chen@windriver.com>" |
177 | RECIPE_MAINTAINER:pn-flac = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 177 | RECIPE_MAINTAINER:pn-flac = "Michael Opdenacker <michael@opdenacker.org>" |
178 | RECIPE_MAINTAINER:pn-flex = "Chen Qi <Qi.Chen@windriver.com>" | 178 | RECIPE_MAINTAINER:pn-flex = "Chen Qi <Qi.Chen@windriver.com>" |
179 | RECIPE_MAINTAINER:pn-font-alias = "Unassigned <unassigned@yoctoproject.org>" | 179 | RECIPE_MAINTAINER:pn-font-alias = "Unassigned <unassigned@yoctoproject.org>" |
180 | RECIPE_MAINTAINER:pn-font-util = "Unassigned <unassigned@yoctoproject.org>" | 180 | RECIPE_MAINTAINER:pn-font-util = "Unassigned <unassigned@yoctoproject.org>" |
@@ -301,7 +301,7 @@ RECIPE_MAINTAINER:pn-keymaps = "Alexander Kanavin <alex.kanavin@gmail.com>" | |||
301 | RECIPE_MAINTAINER:pn-kmod = "Chen Qi <Qi.Chen@windriver.com>" | 301 | RECIPE_MAINTAINER:pn-kmod = "Chen Qi <Qi.Chen@windriver.com>" |
302 | RECIPE_MAINTAINER:pn-kmscube = "Carlos Rafael Giani <crg7475@mailbox.org>" | 302 | RECIPE_MAINTAINER:pn-kmscube = "Carlos Rafael Giani <crg7475@mailbox.org>" |
303 | RECIPE_MAINTAINER:pn-l3afpad = "Anuj Mittal <anuj.mittal@intel.com>" | 303 | RECIPE_MAINTAINER:pn-l3afpad = "Anuj Mittal <anuj.mittal@intel.com>" |
304 | RECIPE_MAINTAINER:pn-lame = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 304 | RECIPE_MAINTAINER:pn-lame = "Michael Opdenacker <michael@opdenacker.org>" |
305 | RECIPE_MAINTAINER:pn-ldconfig-native = "Khem Raj <raj.khem@gmail.com>" | 305 | RECIPE_MAINTAINER:pn-ldconfig-native = "Khem Raj <raj.khem@gmail.com>" |
306 | RECIPE_MAINTAINER:pn-less = "Yi Zhao <yi.zhao@windriver.com>" | 306 | RECIPE_MAINTAINER:pn-less = "Yi Zhao <yi.zhao@windriver.com>" |
307 | RECIPE_MAINTAINER:pn-liba52 = "Unassigned <unassigned@yoctoproject.org>" | 307 | RECIPE_MAINTAINER:pn-liba52 = "Unassigned <unassigned@yoctoproject.org>" |
@@ -697,12 +697,12 @@ RECIPE_MAINTAINER:pn-python3-rpds-py = "Tim Orling <tim.orling@konsulko.com>" | |||
697 | RECIPE_MAINTAINER:pn-python3-ruamel-yaml = "Bruce Ashfield <bruce.ashfield@gmail.com>" | 697 | RECIPE_MAINTAINER:pn-python3-ruamel-yaml = "Bruce Ashfield <bruce.ashfield@gmail.com>" |
698 | RECIPE_MAINTAINER:pn-python3-scons = "Tim Orling <tim.orling@konsulko.com>" | 698 | RECIPE_MAINTAINER:pn-python3-scons = "Tim Orling <tim.orling@konsulko.com>" |
699 | RECIPE_MAINTAINER:pn-python3-semantic-version = "Tim Orling <tim.orling@konsulko.com>" | 699 | RECIPE_MAINTAINER:pn-python3-semantic-version = "Tim Orling <tim.orling@konsulko.com>" |
700 | RECIPE_MAINTAINER:pn-python3-setuptools = "Unassigned <unassigned@yoctoproject.org>" | 700 | RECIPE_MAINTAINER:pn-python3-setuptools = "Trevor Gamblin <tgamblin@baylibre.com>" |
701 | RECIPE_MAINTAINER:pn-python3-setuptools-rust = "Tim Orling <tim.orling@konsulko.com>" | 701 | RECIPE_MAINTAINER:pn-python3-setuptools-rust = "Tim Orling <tim.orling@konsulko.com>" |
702 | RECIPE_MAINTAINER:pn-python3-setuptools-scm = "Tim Orling <tim.orling@konsulko.com>" | 702 | RECIPE_MAINTAINER:pn-python3-setuptools-scm = "Tim Orling <tim.orling@konsulko.com>" |
703 | RECIPE_MAINTAINER:pn-python3-six = "Zang Ruochen <zangruochen@loongson.cn>" | 703 | RECIPE_MAINTAINER:pn-python3-six = "Zang Ruochen <zangruochen@loongson.cn>" |
704 | RECIPE_MAINTAINER:pn-python3-smartypants = "Alexander Kanavin <alex.kanavin@gmail.com>" | 704 | RECIPE_MAINTAINER:pn-python3-smartypants = "Alexander Kanavin <alex.kanavin@gmail.com>" |
705 | RECIPE_MAINTAINER:pn-python3-smmap = "Unassigned <unassigned@yoctoproject.org>" | 705 | RECIPE_MAINTAINER:pn-python3-smmap = "Trevor Gamblin <tgamblin@baylibre.com>" |
706 | RECIPE_MAINTAINER:pn-python3-snowballstemmer = "Tim Orling <tim.orling@konsulko.com>" | 706 | RECIPE_MAINTAINER:pn-python3-snowballstemmer = "Tim Orling <tim.orling@konsulko.com>" |
707 | RECIPE_MAINTAINER:pn-python3-sortedcontainers = "Tim Orling <tim.orling@konsulko.com>" | 707 | RECIPE_MAINTAINER:pn-python3-sortedcontainers = "Tim Orling <tim.orling@konsulko.com>" |
708 | RECIPE_MAINTAINER:pn-python3-spdx-tools = "Marta Rybczynska <mrybczynska@syslinbit.com>" | 708 | RECIPE_MAINTAINER:pn-python3-spdx-tools = "Marta Rybczynska <mrybczynska@syslinbit.com>" |
@@ -715,8 +715,8 @@ RECIPE_MAINTAINER:pn-python3-sphinxcontrib-jquery = "Tim Orling <tim.orling@kons | |||
715 | RECIPE_MAINTAINER:pn-python3-sphinxcontrib-qthelp = "Tim Orling <tim.orling@konsulko.com>" | 715 | RECIPE_MAINTAINER:pn-python3-sphinxcontrib-qthelp = "Tim Orling <tim.orling@konsulko.com>" |
716 | RECIPE_MAINTAINER:pn-python3-sphinxcontrib-serializinghtml = "Tim Orling <tim.orling@konsulko.com>" | 716 | RECIPE_MAINTAINER:pn-python3-sphinxcontrib-serializinghtml = "Tim Orling <tim.orling@konsulko.com>" |
717 | RECIPE_MAINTAINER:pn-python3-sphinx-rtd-theme = "Tim Orling <tim.orling@konsulko.com>" | 717 | RECIPE_MAINTAINER:pn-python3-sphinx-rtd-theme = "Tim Orling <tim.orling@konsulko.com>" |
718 | RECIPE_MAINTAINER:pn-python3-subunit = "Unassigned <unassigned@yoctoproject.org>" | 718 | RECIPE_MAINTAINER:pn-python3-subunit = "Trevor Gamblin <tgamblin@baylibre.com>" |
719 | RECIPE_MAINTAINER:pn-python3-testtools = "Unassigned <unassigned@yoctoproject.org>" | 719 | RECIPE_MAINTAINER:pn-python3-testtools = "Trevor Gamblin <tgamblin@baylibre.com>" |
720 | RECIPE_MAINTAINER:pn-python3-toml = "Tim Orling <tim.orling@konsulko.com>" | 720 | RECIPE_MAINTAINER:pn-python3-toml = "Tim Orling <tim.orling@konsulko.com>" |
721 | RECIPE_MAINTAINER:pn-python3-tomli = "Tim Orling <tim.orling@konsulko.com>" | 721 | RECIPE_MAINTAINER:pn-python3-tomli = "Tim Orling <tim.orling@konsulko.com>" |
722 | RECIPE_MAINTAINER:pn-python3-trove-classifiers = "Trevor Gamblin <tgamblin@baylibre.com>" | 722 | RECIPE_MAINTAINER:pn-python3-trove-classifiers = "Trevor Gamblin <tgamblin@baylibre.com>" |
@@ -776,8 +776,8 @@ RECIPE_MAINTAINER:pn-shutdown-desktop = "Alexander Kanavin <alex.kanavin@gmail.c | |||
776 | RECIPE_MAINTAINER:pn-signing-keys = "Richard Purdie <richard.purdie@linuxfoundation.org>" | 776 | RECIPE_MAINTAINER:pn-signing-keys = "Richard Purdie <richard.purdie@linuxfoundation.org>" |
777 | RECIPE_MAINTAINER:pn-slang = "Yi Zhao <yi.zhao@windriver.com>" | 777 | RECIPE_MAINTAINER:pn-slang = "Yi Zhao <yi.zhao@windriver.com>" |
778 | RECIPE_MAINTAINER:pn-socat = "Hongxu Jia <hongxu.jia@windriver.com>" | 778 | RECIPE_MAINTAINER:pn-socat = "Hongxu Jia <hongxu.jia@windriver.com>" |
779 | RECIPE_MAINTAINER:pn-speex = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 779 | RECIPE_MAINTAINER:pn-speex = "Michael Opdenacker <michael@opdenacker.org>" |
780 | RECIPE_MAINTAINER:pn-speexdsp = "Michael Opdenacker <michael.opdenacker@bootlin.com>" | 780 | RECIPE_MAINTAINER:pn-speexdsp = "Michael Opdenacker <michael@opdenacker.org>" |
781 | RECIPE_MAINTAINER:pn-spirv-headers = "Jose Quaresma <quaresma.jose@gmail.com>" | 781 | RECIPE_MAINTAINER:pn-spirv-headers = "Jose Quaresma <quaresma.jose@gmail.com>" |
782 | RECIPE_MAINTAINER:pn-spirv-tools = "Jose Quaresma <quaresma.jose@gmail.com>" | 782 | RECIPE_MAINTAINER:pn-spirv-tools = "Jose Quaresma <quaresma.jose@gmail.com>" |
783 | RECIPE_MAINTAINER:pn-sqlite3 = "Anuj Mittal <anuj.mittal@intel.com>" | 783 | RECIPE_MAINTAINER:pn-sqlite3 = "Anuj Mittal <anuj.mittal@intel.com>" |
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index 657c1032f9..a6f7107dfe 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc | |||
@@ -6,10 +6,10 @@ | |||
6 | # to the distro running on the build machine. | 6 | # to the distro running on the build machine. |
7 | # | 7 | # |
8 | 8 | ||
9 | UNINATIVE_MAXGLIBCVERSION = "2.39" | 9 | UNINATIVE_MAXGLIBCVERSION = "2.40" |
10 | UNINATIVE_VERSION = "4.5" | 10 | UNINATIVE_VERSION = "4.6" |
11 | 11 | ||
12 | UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" | 12 | UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" |
13 | UNINATIVE_CHECKSUM[aarch64] ?= "df2e29e2e6feb187a3499abf3b1322a3b251da819c77a7b19d4fe952351365ab" | 13 | UNINATIVE_CHECKSUM[aarch64] ?= "c2d36338272eba101580f648dd8dff5352cdb4c1809db7dedf8fc4d7e7df716c" |
14 | UNINATIVE_CHECKSUM[i686] ?= "8ef3eda53428b484c20157f6ec3c130b03080b3d4b3889067e0e184e05102d35" | 14 | UNINATIVE_CHECKSUM[i686] ?= "0041584678109c18deca48fb59eaf14cf725cf024a170ab537b354b63240c504" |
15 | UNINATIVE_CHECKSUM[x86_64] ?= "43ee6a25bcf5fce16ea87076d6a96e79ead6ced90690a058d07432f902773473" | 15 | UNINATIVE_CHECKSUM[x86_64] ?= "6bf00154c5a7bc48adbf63fd17684bb87eb07f4814fbb482a3fbd817c1ccf4c5" |
diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf index efbf2610f9..4d09619a28 100644 --- a/meta/conf/layer.conf +++ b/meta/conf/layer.conf | |||
@@ -45,6 +45,7 @@ SIGGEN_EXCLUDERECIPES_ABISAFE += " \ | |||
45 | ca-certificates \ | 45 | ca-certificates \ |
46 | shared-mime-info \ | 46 | shared-mime-info \ |
47 | desktop-file-utils \ | 47 | desktop-file-utils \ |
48 | os-release \ | ||
48 | " | 49 | " |
49 | 50 | ||
50 | SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ | 51 | SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ |
diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf index ef3605a73d..09546315b8 100644 --- a/meta/conf/multilib.conf +++ b/meta/conf/multilib.conf | |||
@@ -22,15 +22,6 @@ MULTILIB_GLOBAL_VARIANTS ?= "lib32 lib64 libx32" | |||
22 | 22 | ||
23 | OPKG_ARGS:append = " --force-maintainer --force-overwrite" | 23 | OPKG_ARGS:append = " --force-maintainer --force-overwrite" |
24 | 24 | ||
25 | # When multilib is enabled, allarch recipes will be installed into the MACHINE | ||
26 | # sysroot, not MLPREFIXMACHINE. This means that anything using pkg-config to | ||
27 | # find an allarch pkgconfig file will fail as the PKG_CONFIG_PATH only looks | ||
28 | # inside the multilib sysroot. Fix this by explicitly adding the MACHINE's | ||
29 | # architecture-independent pkgconfig location to PKG_CONFIG_PATH. | ||
30 | PKG_CONFIG_PATH .= ":${WORKDIR}/recipe-sysroot/${datadir}/pkgconfig" | ||
31 | PKG_CONFIG_PATH[vardepsexclude] = "datadir WORKDIR" | ||
32 | PKG_CONFIG_PATH[vardepvalueexclude] = ":${WORKDIR}/recipe-sysroot/${datadir}/pkgconfig" | ||
33 | |||
34 | # These recipes don't need multilib variants, the ${BPN} PROVDES/RPROVDES | 25 | # These recipes don't need multilib variants, the ${BPN} PROVDES/RPROVDES |
35 | # ${MLPREFIX}${BPN} | 26 | # ${MLPREFIX}${BPN} |
36 | NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot" | 27 | NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot" |
diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh index 4386b985bb..89d30005fd 100644 --- a/meta/files/toolchain-shar-extract.sh +++ b/meta/files/toolchain-shar-extract.sh | |||
@@ -164,7 +164,9 @@ else | |||
164 | fi | 164 | fi |
165 | 165 | ||
166 | # limit the length for target_sdk_dir, ensure the relocation behaviour in relocate_sdk.py has right result. | 166 | # limit the length for target_sdk_dir, ensure the relocation behaviour in relocate_sdk.py has right result. |
167 | if [ ${#target_sdk_dir} -gt 2048 ]; then | 167 | # This is due to ELF interpreter being set to 'a'*1024 in |
168 | # meta/recipes-core/meta/uninative-tarball.bb | ||
169 | if [ ${#target_sdk_dir} -gt 1024 ]; then | ||
168 | echo "Error: The target directory path is too long!!!" | 170 | echo "Error: The target directory path is too long!!!" |
169 | exit 1 | 171 | exit 1 |
170 | fi | 172 | fi |
diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py index 1511ba47c4..af0923a63f 100644 --- a/meta/lib/oe/package.py +++ b/meta/lib/oe/package.py | |||
@@ -14,6 +14,7 @@ import glob | |||
14 | import stat | 14 | import stat |
15 | import mmap | 15 | import mmap |
16 | import subprocess | 16 | import subprocess |
17 | import shutil | ||
17 | 18 | ||
18 | import oe.cachedpath | 19 | import oe.cachedpath |
19 | 20 | ||
@@ -1064,6 +1065,7 @@ def process_split_and_strip_files(d): | |||
1064 | d.getVar('INHIBIT_PACKAGE_DEBUG_SPLIT') != '1'): | 1065 | d.getVar('INHIBIT_PACKAGE_DEBUG_SPLIT') != '1'): |
1065 | checkelf = {} | 1066 | checkelf = {} |
1066 | checkelflinks = {} | 1067 | checkelflinks = {} |
1068 | checkstatic = {} | ||
1067 | for root, dirs, files in cpath.walk(dvar): | 1069 | for root, dirs, files in cpath.walk(dvar): |
1068 | for f in files: | 1070 | for f in files: |
1069 | file = os.path.join(root, f) | 1071 | file = os.path.join(root, f) |
@@ -1077,10 +1079,6 @@ def process_split_and_strip_files(d): | |||
1077 | if file in skipfiles: | 1079 | if file in skipfiles: |
1078 | continue | 1080 | continue |
1079 | 1081 | ||
1080 | if oe.package.is_static_lib(file): | ||
1081 | staticlibs.append(file) | ||
1082 | continue | ||
1083 | |||
1084 | try: | 1082 | try: |
1085 | ltarget = cpath.realpath(file, dvar, False) | 1083 | ltarget = cpath.realpath(file, dvar, False) |
1086 | s = cpath.lstat(ltarget) | 1084 | s = cpath.lstat(ltarget) |
@@ -1092,6 +1090,13 @@ def process_split_and_strip_files(d): | |||
1092 | continue | 1090 | continue |
1093 | if not s: | 1091 | if not s: |
1094 | continue | 1092 | continue |
1093 | |||
1094 | if oe.package.is_static_lib(file): | ||
1095 | # Use a reference of device ID and inode number to identify files | ||
1096 | file_reference = "%d_%d" % (s.st_dev, s.st_ino) | ||
1097 | checkstatic[file] = (file, file_reference) | ||
1098 | continue | ||
1099 | |||
1095 | # Check its an executable | 1100 | # Check its an executable |
1096 | if (s[stat.ST_MODE] & stat.S_IXUSR) or (s[stat.ST_MODE] & stat.S_IXGRP) \ | 1101 | if (s[stat.ST_MODE] & stat.S_IXUSR) or (s[stat.ST_MODE] & stat.S_IXGRP) \ |
1097 | or (s[stat.ST_MODE] & stat.S_IXOTH) \ | 1102 | or (s[stat.ST_MODE] & stat.S_IXOTH) \ |
@@ -1156,6 +1161,27 @@ def process_split_and_strip_files(d): | |||
1156 | # Modified the file so clear the cache | 1161 | # Modified the file so clear the cache |
1157 | cpath.updatecache(file) | 1162 | cpath.updatecache(file) |
1158 | 1163 | ||
1164 | # Do the same hardlink processing as above, but for static libraries | ||
1165 | results = list(checkstatic.keys()) | ||
1166 | |||
1167 | # As above, sort the results. | ||
1168 | results.sort(key=lambda x: x[0]) | ||
1169 | |||
1170 | for file in results: | ||
1171 | # Use a reference of device ID and inode number to identify files | ||
1172 | file_reference = checkstatic[file][1] | ||
1173 | if file_reference in inodes: | ||
1174 | os.unlink(file) | ||
1175 | os.link(inodes[file_reference][0], file) | ||
1176 | inodes[file_reference].append(file) | ||
1177 | else: | ||
1178 | inodes[file_reference] = [file] | ||
1179 | # break hardlink | ||
1180 | bb.utils.break_hardlinks(file) | ||
1181 | staticlibs.append(file) | ||
1182 | # Modified the file so clear the cache | ||
1183 | cpath.updatecache(file) | ||
1184 | |||
1159 | def strip_pkgd_prefix(f): | 1185 | def strip_pkgd_prefix(f): |
1160 | nonlocal dvar | 1186 | nonlocal dvar |
1161 | 1187 | ||
@@ -1194,11 +1220,24 @@ def process_split_and_strip_files(d): | |||
1194 | dest = dv["libdir"] + os.path.dirname(src) + dv["dir"] + "/" + os.path.basename(target) + dv["append"] | 1220 | dest = dv["libdir"] + os.path.dirname(src) + dv["dir"] + "/" + os.path.basename(target) + dv["append"] |
1195 | fpath = dvar + dest | 1221 | fpath = dvar + dest |
1196 | ftarget = dvar + dv["libdir"] + os.path.dirname(target) + dv["dir"] + "/" + os.path.basename(target) + dv["append"] | 1222 | ftarget = dvar + dv["libdir"] + os.path.dirname(target) + dv["dir"] + "/" + os.path.basename(target) + dv["append"] |
1197 | bb.utils.mkdirhier(os.path.dirname(fpath)) | 1223 | if os.access(ftarget, os.R_OK): |
1198 | # Only one hardlink of separated debug info file in each directory | 1224 | bb.utils.mkdirhier(os.path.dirname(fpath)) |
1199 | if not os.access(fpath, os.R_OK): | 1225 | # Only one hardlink of separated debug info file in each directory |
1200 | #bb.note("Link %s -> %s" % (fpath, ftarget)) | 1226 | if not os.access(fpath, os.R_OK): |
1201 | os.link(ftarget, fpath) | 1227 | #bb.note("Link %s -> %s" % (fpath, ftarget)) |
1228 | os.link(ftarget, fpath) | ||
1229 | elif (d.getVar('PACKAGE_DEBUG_STATIC_SPLIT') == '1'): | ||
1230 | deststatic = dv["staticlibdir"] + os.path.dirname(src) + dv["staticdir"] + "/" + os.path.basename(file) + dv["staticappend"] | ||
1231 | fpath = dvar + deststatic | ||
1232 | ftarget = dvar + dv["staticlibdir"] + os.path.dirname(target) + dv["staticdir"] + "/" + os.path.basename(target) + dv["staticappend"] | ||
1233 | if os.access(ftarget, os.R_OK): | ||
1234 | bb.utils.mkdirhier(os.path.dirname(fpath)) | ||
1235 | # Only one hardlink of separated debug info file in each directory | ||
1236 | if not os.access(fpath, os.R_OK): | ||
1237 | #bb.note("Link %s -> %s" % (fpath, ftarget)) | ||
1238 | os.link(ftarget, fpath) | ||
1239 | else: | ||
1240 | bb.note("Unable to find inode link target %s" % (target)) | ||
1202 | 1241 | ||
1203 | # Create symlinks for all cases we were able to split symbols | 1242 | # Create symlinks for all cases we were able to split symbols |
1204 | for file in symlinks: | 1243 | for file in symlinks: |
diff --git a/meta/lib/oeqa/runtime/cases/scp.py b/meta/lib/oeqa/runtime/cases/scp.py index ee97b8ef66..364264369a 100644 --- a/meta/lib/oeqa/runtime/cases/scp.py +++ b/meta/lib/oeqa/runtime/cases/scp.py | |||
@@ -25,7 +25,7 @@ class ScpTest(OERuntimeTestCase): | |||
25 | os.remove(cls.tmp_path) | 25 | os.remove(cls.tmp_path) |
26 | 26 | ||
27 | @OETestDepends(['ssh.SSHTest.test_ssh']) | 27 | @OETestDepends(['ssh.SSHTest.test_ssh']) |
28 | @OEHasPackage(['openssh-scp']) | 28 | @OEHasPackage({'openssh-scp', 'openssh-sftp-server'}) |
29 | def test_scp_file(self): | 29 | def test_scp_file(self): |
30 | dst = '/tmp/test_scp_file' | 30 | dst = '/tmp/test_scp_file' |
31 | 31 | ||
diff --git a/meta/lib/oeqa/runtime/cases/ssh.py b/meta/lib/oeqa/runtime/cases/ssh.py index cdbef59500..b86428002f 100644 --- a/meta/lib/oeqa/runtime/cases/ssh.py +++ b/meta/lib/oeqa/runtime/cases/ssh.py | |||
@@ -4,6 +4,9 @@ | |||
4 | # SPDX-License-Identifier: MIT | 4 | # SPDX-License-Identifier: MIT |
5 | # | 5 | # |
6 | 6 | ||
7 | import time | ||
8 | import signal | ||
9 | |||
7 | from oeqa.runtime.case import OERuntimeTestCase | 10 | from oeqa.runtime.case import OERuntimeTestCase |
8 | from oeqa.core.decorator.depends import OETestDepends | 11 | from oeqa.core.decorator.depends import OETestDepends |
9 | from oeqa.runtime.decorator.package import OEHasPackage | 12 | from oeqa.runtime.decorator.package import OEHasPackage |
@@ -13,12 +16,22 @@ class SSHTest(OERuntimeTestCase): | |||
13 | @OETestDepends(['ping.PingTest.test_ping']) | 16 | @OETestDepends(['ping.PingTest.test_ping']) |
14 | @OEHasPackage(['dropbear', 'openssh-sshd']) | 17 | @OEHasPackage(['dropbear', 'openssh-sshd']) |
15 | def test_ssh(self): | 18 | def test_ssh(self): |
16 | (status, output) = self.target.run('sleep 20', timeout=2) | 19 | for i in range(20): |
17 | msg='run() timed out but return code was zero.' | 20 | status, output = self.target.run("uname -a", timeout=5) |
18 | self.assertNotEqual(status, 0, msg=msg) | 21 | if status == 0: |
19 | (status, output) = self.target.run('uname -a') | 22 | break |
20 | self.assertEqual(status, 0, msg='SSH Test failed: %s' % output) | 23 | elif status == 255 or status == -signal.SIGTERM: |
21 | (status, output) = self.target.run('cat /etc/controllerimage') | 24 | # ssh returns 255 only if a ssh error occurs. This could |
22 | msg = "This isn't the right image - /etc/controllerimage " \ | 25 | # be an issue with "Connection refused" because the port |
23 | "shouldn't be here %s" % output | 26 | # isn't open yet, and this could check explicitly for that |
24 | self.assertEqual(status, 1, msg=msg) | 27 | # here. However, let's keep it simple and just retry for |
28 | # all errors a limited amount of times with a sleep to | ||
29 | # give it time for the port to open. | ||
30 | # We sometimes see -15 (SIGTERM) on slow emulation machines too, likely | ||
31 | # from boot/init not being 100% complete, retry for these too. | ||
32 | time.sleep(5) | ||
33 | continue | ||
34 | else: | ||
35 | self.fail("uname failed with \"%s\" (exit code %s)" % (output, status)) | ||
36 | if status != 0: | ||
37 | self.fail("ssh failed with \"%s\" (exit code %s)" % (output, status)) | ||
diff --git a/meta/lib/oeqa/runtime/cases/systemd.py b/meta/lib/oeqa/runtime/cases/systemd.py index 5481e1d840..640f28abe9 100644 --- a/meta/lib/oeqa/runtime/cases/systemd.py +++ b/meta/lib/oeqa/runtime/cases/systemd.py | |||
@@ -145,18 +145,29 @@ class SystemdServiceTests(SystemdTest): | |||
145 | Verify that call-stacks generated by systemd-coredump contain symbolicated call-stacks, | 145 | Verify that call-stacks generated by systemd-coredump contain symbolicated call-stacks, |
146 | extracted from the minidebuginfo metadata (.gnu_debugdata elf section). | 146 | extracted from the minidebuginfo metadata (.gnu_debugdata elf section). |
147 | """ | 147 | """ |
148 | t_thread = threading.Thread(target=self.target.run, args=("ulimit -c unlimited && sleep 1000",)) | 148 | # use "env sleep" instead of "sleep" to avoid calling the shell builtin function |
149 | t_thread = threading.Thread(target=self.target.run, args=("ulimit -c unlimited && env sleep 1000",)) | ||
149 | t_thread.start() | 150 | t_thread.start() |
150 | time.sleep(1) | 151 | time.sleep(1) |
151 | 152 | ||
152 | status, output = self.target.run('pidof sleep') | 153 | status, sleep_pid = self.target.run('pidof sleep') |
153 | # cause segfault on purpose | 154 | # cause segfault on purpose |
154 | self.target.run('kill -SEGV %s' % output) | 155 | self.target.run('kill -SEGV %s' % sleep_pid) |
155 | self.assertEqual(status, 0, msg = 'Not able to find process that runs sleep, output : %s' % output) | 156 | self.assertEqual(status, 0, msg = 'Not able to find process that runs sleep, output : %s' % sleep_pid) |
156 | 157 | ||
157 | (status, output) = self.target.run('coredumpctl info') | 158 | # Give some time to systemd-coredump@.service to process the coredump |
159 | for x in range(20): | ||
160 | status, output = self.target.run('coredumpctl list %s' % sleep_pid) | ||
161 | if status == 0: | ||
162 | break | ||
163 | time.sleep(1) | ||
164 | else: | ||
165 | self.fail("Timed out waiting for coredump creation") | ||
166 | |||
167 | (status, output) = self.target.run('coredumpctl info %s' % sleep_pid) | ||
158 | self.assertEqual(status, 0, msg='MiniDebugInfo Test failed: %s' % output) | 168 | self.assertEqual(status, 0, msg='MiniDebugInfo Test failed: %s' % output) |
159 | self.assertEqual('sleep_for_duration (busybox.nosuid' in output, True, msg='Call stack is missing minidebuginfo symbols (functions shown as "n/a"): %s' % output) | 169 | self.assertEqual('sleep_for_duration (busybox.nosuid' in output or 'xnanosleep (sleep.coreutils' in output, |
170 | True, msg='Call stack is missing minidebuginfo symbols (functions shown as "n/a"): %s' % output) | ||
160 | 171 | ||
161 | class SystemdJournalTests(SystemdTest): | 172 | class SystemdJournalTests(SystemdTest): |
162 | 173 | ||
diff --git a/meta/lib/oeqa/sdk/case.py b/meta/lib/oeqa/sdk/case.py index c45882689c..46a3789f57 100644 --- a/meta/lib/oeqa/sdk/case.py +++ b/meta/lib/oeqa/sdk/case.py | |||
@@ -6,6 +6,7 @@ | |||
6 | 6 | ||
7 | import os | 7 | import os |
8 | import subprocess | 8 | import subprocess |
9 | import shutil | ||
9 | 10 | ||
10 | from oeqa.core.case import OETestCase | 11 | from oeqa.core.case import OETestCase |
11 | 12 | ||
@@ -21,12 +22,14 @@ class OESDKTestCase(OETestCase): | |||
21 | archive = os.path.basename(urlparse(url).path) | 22 | archive = os.path.basename(urlparse(url).path) |
22 | 23 | ||
23 | if dl_dir: | 24 | if dl_dir: |
24 | tarball = os.path.join(dl_dir, archive) | 25 | archive_tarball = os.path.join(dl_dir, archive) |
25 | if os.path.exists(tarball): | 26 | if os.path.exists(archive_tarball): |
26 | return tarball | 27 | return archive_tarball |
27 | 28 | ||
28 | tarball = os.path.join(workdir, archive) | 29 | tarball = os.path.join(workdir, archive) |
29 | subprocess.check_output(["wget", "-O", tarball, url], stderr=subprocess.STDOUT) | 30 | subprocess.check_output(["wget", "-O", tarball, url], stderr=subprocess.STDOUT) |
31 | if dl_dir and not os.path.exists(archive_tarball): | ||
32 | shutil.copyfile(tarball, archive_tarball) | ||
30 | return tarball | 33 | return tarball |
31 | 34 | ||
32 | def check_elf(self, path, target_os=None, target_arch=None): | 35 | def check_elf(self, path, target_os=None, target_arch=None): |
diff --git a/meta/lib/oeqa/sdk/cases/assimp.py b/meta/lib/oeqa/sdk/cases/assimp.py index d990b1e97d..4cc30f2672 100644 --- a/meta/lib/oeqa/sdk/cases/assimp.py +++ b/meta/lib/oeqa/sdk/cases/assimp.py | |||
@@ -19,6 +19,10 @@ class BuildAssimp(OESDKTestCase): | |||
19 | """ | 19 | """ |
20 | 20 | ||
21 | def setUp(self): | 21 | def setUp(self): |
22 | libc = self.td.get("TCLIBC") | ||
23 | if libc in [ 'newlib' ]: | ||
24 | raise unittest.SkipTest("CMakeTest class: SDK doesn't contain a supported C library") | ||
25 | |||
22 | if not (self.tc.hasHostPackage("nativesdk-cmake") or | 26 | if not (self.tc.hasHostPackage("nativesdk-cmake") or |
23 | self.tc.hasHostPackage("cmake-native")): | 27 | self.tc.hasHostPackage("cmake-native")): |
24 | raise unittest.SkipTest("Needs cmake") | 28 | raise unittest.SkipTest("Needs cmake") |
diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py index 51003b19cd..ab8fc41876 100644 --- a/meta/lib/oeqa/sdk/cases/buildcpio.py +++ b/meta/lib/oeqa/sdk/cases/buildcpio.py | |||
@@ -17,6 +17,11 @@ class BuildCpioTest(OESDKTestCase): | |||
17 | """ | 17 | """ |
18 | Check that autotools will cross-compile correctly. | 18 | Check that autotools will cross-compile correctly. |
19 | """ | 19 | """ |
20 | def setUp(self): | ||
21 | libc = self.td.get("TCLIBC") | ||
22 | if libc in [ 'newlib' ]: | ||
23 | raise unittest.SkipTest("AutotoolsTest class: SDK doesn't contain a supported C library") | ||
24 | |||
20 | def test_cpio(self): | 25 | def test_cpio(self): |
21 | with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir: | 26 | with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir: |
22 | tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz") | 27 | tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz") |
diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py index 147ee3e0ee..5b9c36fcec 100644 --- a/meta/lib/oeqa/sdk/cases/buildepoxy.py +++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py | |||
@@ -18,6 +18,10 @@ class EpoxyTest(OESDKTestCase): | |||
18 | Test that Meson builds correctly. | 18 | Test that Meson builds correctly. |
19 | """ | 19 | """ |
20 | def setUp(self): | 20 | def setUp(self): |
21 | libc = self.td.get("TCLIBC") | ||
22 | if libc in [ 'newlib' ]: | ||
23 | raise unittest.SkipTest("MesonTest class: SDK doesn't contain a supported C library") | ||
24 | |||
21 | if not (self.tc.hasHostPackage("nativesdk-meson") or | 25 | if not (self.tc.hasHostPackage("nativesdk-meson") or |
22 | self.tc.hasHostPackage("meson-native")): | 26 | self.tc.hasHostPackage("meson-native")): |
23 | raise unittest.SkipTest("EpoxyTest class: SDK doesn't contain Meson") | 27 | raise unittest.SkipTest("EpoxyTest class: SDK doesn't contain Meson") |
diff --git a/meta/lib/oeqa/sdk/cases/buildgalculator.py b/meta/lib/oeqa/sdk/cases/buildgalculator.py index 178f07472d..28187434a1 100644 --- a/meta/lib/oeqa/sdk/cases/buildgalculator.py +++ b/meta/lib/oeqa/sdk/cases/buildgalculator.py | |||
@@ -18,6 +18,10 @@ class GalculatorTest(OESDKTestCase): | |||
18 | Test that autotools and GTK+ 3 compiles correctly. | 18 | Test that autotools and GTK+ 3 compiles correctly. |
19 | """ | 19 | """ |
20 | def setUp(self): | 20 | def setUp(self): |
21 | libc = self.td.get("TCLIBC") | ||
22 | if libc in [ 'newlib' ]: | ||
23 | raise unittest.SkipTest("GTK3Test class: SDK doesn't contain a supported C library") | ||
24 | |||
21 | if not (self.tc.hasTargetPackage("gtk+3", multilib=True) or \ | 25 | if not (self.tc.hasTargetPackage("gtk+3", multilib=True) or \ |
22 | self.tc.hasTargetPackage("libgtk-3.0", multilib=True)): | 26 | self.tc.hasTargetPackage("libgtk-3.0", multilib=True)): |
23 | raise unittest.SkipTest("GalculatorTest class: SDK don't support gtk+3") | 27 | raise unittest.SkipTest("GalculatorTest class: SDK don't support gtk+3") |
diff --git a/meta/lib/oeqa/sdk/cases/buildlzip.py b/meta/lib/oeqa/sdk/cases/buildlzip.py index b4b7d85b88..afedc25178 100644 --- a/meta/lib/oeqa/sdk/cases/buildlzip.py +++ b/meta/lib/oeqa/sdk/cases/buildlzip.py | |||
@@ -13,6 +13,11 @@ class BuildLzipTest(OESDKTestCase): | |||
13 | """ | 13 | """ |
14 | Test that "plain" compilation works, using just $CC $CFLAGS etc. | 14 | Test that "plain" compilation works, using just $CC $CFLAGS etc. |
15 | """ | 15 | """ |
16 | def setUp(self): | ||
17 | libc = self.td.get("TCLIBC") | ||
18 | if libc in [ 'newlib' ]: | ||
19 | raise unittest.SkipTest("MakefileTest class: SDK doesn't contain a supported C library") | ||
20 | |||
16 | def test_lzip(self): | 21 | def test_lzip(self): |
17 | with tempfile.TemporaryDirectory(prefix="lzip", dir=self.tc.sdk_dir) as testdir: | 22 | with tempfile.TemporaryDirectory(prefix="lzip", dir=self.tc.sdk_dir) as testdir: |
18 | tarball = self.fetch(testdir, self.td["DL_DIR"], "http://downloads.yoctoproject.org/mirror/sources/lzip-1.19.tar.gz") | 23 | tarball = self.fetch(testdir, self.td["DL_DIR"], "http://downloads.yoctoproject.org/mirror/sources/lzip-1.19.tar.gz") |
diff --git a/meta/lib/oeqa/sdk/cases/gcc.py b/meta/lib/oeqa/sdk/cases/gcc.py index fc28b9c3d4..e810d2c42b 100644 --- a/meta/lib/oeqa/sdk/cases/gcc.py +++ b/meta/lib/oeqa/sdk/cases/gcc.py | |||
@@ -26,6 +26,10 @@ class GccCompileTest(OESDKTestCase): | |||
26 | os.path.join(self.tc.sdk_dir, f)) | 26 | os.path.join(self.tc.sdk_dir, f)) |
27 | 27 | ||
28 | def setUp(self): | 28 | def setUp(self): |
29 | libc = self.td.get("TCLIBC") | ||
30 | if libc in [ 'newlib' ]: | ||
31 | raise unittest.SkipTest("GccCompileTest class: SDK doesn't contain a supported C library") | ||
32 | |||
29 | machine = self.td.get("MACHINE") | 33 | machine = self.td.get("MACHINE") |
30 | if not (self.tc.hasHostPackage("packagegroup-cross-canadian-%s" % machine) or | 34 | if not (self.tc.hasHostPackage("packagegroup-cross-canadian-%s" % machine) or |
31 | self.tc.hasHostPackage("^gcc-", regex=True)): | 35 | self.tc.hasHostPackage("^gcc-", regex=True)): |
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py index 44a2a50f2e..fc08906117 100644 --- a/meta/lib/oeqa/selftest/cases/devtool.py +++ b/meta/lib/oeqa/selftest/cases/devtool.py | |||
@@ -1792,6 +1792,8 @@ class DevtoolExtractTests(DevtoolBase): | |||
1792 | # Definitions | 1792 | # Definitions |
1793 | testrecipe = 'mdadm' | 1793 | testrecipe = 'mdadm' |
1794 | testfile = '/sbin/mdadm' | 1794 | testfile = '/sbin/mdadm' |
1795 | if "usrmerge" in get_bb_var('DISTRO_FEATURES'): | ||
1796 | testfile = '/usr/sbin/mdadm' | ||
1795 | testimage = 'oe-selftest-image' | 1797 | testimage = 'oe-selftest-image' |
1796 | testcommand = '/sbin/mdadm --help' | 1798 | testcommand = '/sbin/mdadm --help' |
1797 | # Build an image to run | 1799 | # Build an image to run |
diff --git a/meta/lib/oeqa/selftest/cases/package.py b/meta/lib/oeqa/selftest/cases/package.py index 1aa6c03f8a..38ed7173fe 100644 --- a/meta/lib/oeqa/selftest/cases/package.py +++ b/meta/lib/oeqa/selftest/cases/package.py | |||
@@ -103,11 +103,37 @@ class PackageTests(OESelftestTestCase): | |||
103 | 103 | ||
104 | dest = get_bb_var('PKGDEST', 'selftest-hardlink') | 104 | dest = get_bb_var('PKGDEST', 'selftest-hardlink') |
105 | bindir = get_bb_var('bindir', 'selftest-hardlink') | 105 | bindir = get_bb_var('bindir', 'selftest-hardlink') |
106 | libdir = get_bb_var('libdir', 'selftest-hardlink') | ||
107 | libexecdir = get_bb_var('libexecdir', 'selftest-hardlink') | ||
106 | 108 | ||
107 | def checkfiles(): | 109 | def checkfiles(): |
108 | # Recipe creates 4 hardlinked files, there is a copy in package/ and a copy in packages-split/ | 110 | # Recipe creates 4 hardlinked files, there is a copy in package/ and a copy in packages-split/ |
109 | # so expect 8 in total. | 111 | # so expect 8 in total. |
110 | self.assertEqual(os.stat(dest + "/selftest-hardlink" + bindir + "/hello1").st_nlink, 8) | 112 | self.assertEqual(os.stat(dest + "/selftest-hardlink" + bindir + "/hello1").st_nlink, 8) |
113 | self.assertEqual(os.stat(dest + "/selftest-hardlink" + libexecdir + "/hello3").st_nlink, 8) | ||
114 | |||
115 | # Check dbg version | ||
116 | # 2 items, a copy in both package/packages-split so 4 | ||
117 | self.assertEqual(os.stat(dest + "/selftest-hardlink-dbg" + bindir + "/.debug/hello1").st_nlink, 4) | ||
118 | self.assertEqual(os.stat(dest + "/selftest-hardlink-dbg" + libexecdir + "/.debug/hello1").st_nlink, 4) | ||
119 | |||
120 | # Even though the libexecdir name is 'hello3' or 'hello4', that isn't the debug target name | ||
121 | self.assertEqual(os.path.exists(dest + "/selftest-hardlink-dbg" + libexecdir + "/.debug/hello3"), False) | ||
122 | self.assertEqual(os.path.exists(dest + "/selftest-hardlink-dbg" + libexecdir + "/.debug/hello4"), False) | ||
123 | |||
124 | # Check the staticdev libraries | ||
125 | # 101 items, a copy in both package/packages-split so 202 | ||
126 | self.assertEqual(os.stat(dest + "/selftest-hardlink-staticdev" + libdir + "/libhello.a").st_nlink, 202) | ||
127 | self.assertEqual(os.stat(dest + "/selftest-hardlink-staticdev" + libdir + "/libhello-25.a").st_nlink, 202) | ||
128 | self.assertEqual(os.stat(dest + "/selftest-hardlink-staticdev" + libdir + "/libhello-50.a").st_nlink, 202) | ||
129 | self.assertEqual(os.stat(dest + "/selftest-hardlink-staticdev" + libdir + "/libhello-75.a").st_nlink, 202) | ||
130 | |||
131 | # Check static dbg | ||
132 | # 101 items, a copy in both package/packages-split so 202 | ||
133 | self.assertEqual(os.stat(dest + "/selftest-hardlink-dbg" + libdir + "/.debug-static/libhello.a").st_nlink, 202) | ||
134 | self.assertEqual(os.stat(dest + "/selftest-hardlink-dbg" + libdir + "/.debug-static/libhello-25.a").st_nlink, 202) | ||
135 | self.assertEqual(os.stat(dest + "/selftest-hardlink-dbg" + libdir + "/.debug-static/libhello-50.a").st_nlink, 202) | ||
136 | self.assertEqual(os.stat(dest + "/selftest-hardlink-dbg" + libdir + "/.debug-static/libhello-75.a").st_nlink, 202) | ||
111 | 137 | ||
112 | # Test a sparse file remains sparse | 138 | # Test a sparse file remains sparse |
113 | sparsestat = os.stat(dest + "/selftest-hardlink" + bindir + "/sparsetest") | 139 | sparsestat = os.stat(dest + "/selftest-hardlink" + bindir + "/sparsetest") |
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py b/meta/lib/oeqa/selftest/cases/recipetool.py index aebea42502..126906df50 100644 --- a/meta/lib/oeqa/selftest/cases/recipetool.py +++ b/meta/lib/oeqa/selftest/cases/recipetool.py | |||
@@ -120,9 +120,15 @@ class RecipetoolAppendTests(RecipetoolBase): | |||
120 | self._try_recipetool_appendfile_fail('/dev/console', self.testfile, ['ERROR: /dev/console cannot be handled by this tool']) | 120 | self._try_recipetool_appendfile_fail('/dev/console', self.testfile, ['ERROR: /dev/console cannot be handled by this tool']) |
121 | 121 | ||
122 | def test_recipetool_appendfile_alternatives(self): | 122 | def test_recipetool_appendfile_alternatives(self): |
123 | lspath = '/bin/ls' | ||
124 | dirname = "base_bindir" | ||
125 | if "usrmerge" in get_bb_var('DISTRO_FEATURES'): | ||
126 | lspath = '/usr/bin/ls' | ||
127 | dirname = "bindir" | ||
128 | |||
123 | # Now try with a file we know should be an alternative | 129 | # Now try with a file we know should be an alternative |
124 | # (this is very much a fake example, but one we know is reliably an alternative) | 130 | # (this is very much a fake example, but one we know is reliably an alternative) |
125 | self._try_recipetool_appendfile_fail('/bin/ls', self.testfile, ['ERROR: File /bin/ls is an alternative possibly provided by the following recipes:', 'coreutils', 'busybox']) | 131 | self._try_recipetool_appendfile_fail(lspath, self.testfile, ['ERROR: File %s is an alternative possibly provided by the following recipes:' % lspath, 'coreutils', 'busybox']) |
126 | # Need a test file - should be executable | 132 | # Need a test file - should be executable |
127 | testfile2 = os.path.join(self.corebase, 'oe-init-build-env') | 133 | testfile2 = os.path.join(self.corebase, 'oe-init-build-env') |
128 | testfile2name = os.path.basename(testfile2) | 134 | testfile2name = os.path.basename(testfile2) |
@@ -131,12 +137,12 @@ class RecipetoolAppendTests(RecipetoolBase): | |||
131 | 'SRC_URI += "file://%s"\n' % testfile2name, | 137 | 'SRC_URI += "file://%s"\n' % testfile2name, |
132 | '\n', | 138 | '\n', |
133 | 'do_install:append() {\n', | 139 | 'do_install:append() {\n', |
134 | ' install -d ${D}${base_bindir}\n', | 140 | ' install -d ${D}${%s}\n' % dirname, |
135 | ' install -m 0755 ${WORKDIR}/%s ${D}${base_bindir}/ls\n' % testfile2name, | 141 | ' install -m 0755 ${WORKDIR}/%s ${D}${%s}/ls\n' % (testfile2name, dirname), |
136 | '}\n'] | 142 | '}\n'] |
137 | self._try_recipetool_appendfile('coreutils', '/bin/ls', testfile2, '-r coreutils', expectedlines, [testfile2name]) | 143 | self._try_recipetool_appendfile('coreutils', lspath, testfile2, '-r coreutils', expectedlines, [testfile2name]) |
138 | # Now try bbappending the same file again, contents should not change | 144 | # Now try bbappending the same file again, contents should not change |
139 | bbappendfile, _ = self._try_recipetool_appendfile('coreutils', '/bin/ls', self.testfile, '-r coreutils', expectedlines, [testfile2name]) | 145 | bbappendfile, _ = self._try_recipetool_appendfile('coreutils', lspath, self.testfile, '-r coreutils', expectedlines, [testfile2name]) |
140 | # But file should have | 146 | # But file should have |
141 | copiedfile = os.path.join(os.path.dirname(bbappendfile), 'coreutils', testfile2name) | 147 | copiedfile = os.path.join(os.path.dirname(bbappendfile), 'coreutils', testfile2name) |
142 | result = runCmd('diff -q %s %s' % (testfile2, copiedfile), ignore_status=True) | 148 | result = runCmd('diff -q %s %s' % (testfile2, copiedfile), ignore_status=True) |
diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py index 80e830136f..021e894012 100644 --- a/meta/lib/oeqa/selftest/cases/reproducible.py +++ b/meta/lib/oeqa/selftest/cases/reproducible.py | |||
@@ -133,7 +133,8 @@ class ReproducibleTests(OESelftestTestCase): | |||
133 | max_report_size = 250 * 1024 * 1024 | 133 | max_report_size = 250 * 1024 * 1024 |
134 | 134 | ||
135 | # targets are the things we want to test the reproducibility of | 135 | # targets are the things we want to test the reproducibility of |
136 | targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world'] | 136 | # Have to add the virtual targets manually for now as builds may or may not include them as they're exclude from world |
137 | targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world', 'virtual/librpc', 'virtual/libsdl2', 'virtual/crypt'] | ||
137 | 138 | ||
138 | # sstate targets are things to pull from sstate to potentially cut build/debugging time | 139 | # sstate targets are things to pull from sstate to potentially cut build/debugging time |
139 | sstate_targets = [] | 140 | sstate_targets = [] |
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index 12000aac16..13aa5f16c9 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py | |||
@@ -273,7 +273,7 @@ TEST_RUNQEMUPARAMS += " slirp" | |||
273 | import subprocess, os | 273 | import subprocess, os |
274 | 274 | ||
275 | distro = oe.lsb.distro_identifier() | 275 | distro = oe.lsb.distro_identifier() |
276 | if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'ubuntu-16.04', 'ubuntu-18.04'] or | 276 | if distro and (distro in ['debian-9', 'debian-10', 'centos-7', 'centos-8', 'centos-9', 'ubuntu-16.04', 'ubuntu-18.04'] or |
277 | distro.startswith('almalinux') or distro.startswith('rocky')): | 277 | distro.startswith('almalinux') or distro.startswith('rocky')): |
278 | self.skipTest('virgl headless cannot be tested with %s' %(distro)) | 278 | self.skipTest('virgl headless cannot be tested with %s' %(distro)) |
279 | 279 | ||
diff --git a/meta/lib/oeqa/utils/postactions.py b/meta/lib/oeqa/utils/postactions.py index ecdddd2d40..a0e3b70892 100644 --- a/meta/lib/oeqa/utils/postactions.py +++ b/meta/lib/oeqa/utils/postactions.py | |||
@@ -62,17 +62,16 @@ def get_artifacts_list(target, raw_list): | |||
62 | return result | 62 | return result |
63 | 63 | ||
64 | def retrieve_test_artifacts(target, artifacts_list, target_dir): | 64 | def retrieve_test_artifacts(target, artifacts_list, target_dir): |
65 | import io, subprocess | ||
65 | local_artifacts_dir = os.path.join(target_dir, "artifacts") | 66 | local_artifacts_dir = os.path.join(target_dir, "artifacts") |
66 | for artifact_path in artifacts_list: | 67 | try: |
67 | if not os.path.isabs(artifact_path): | 68 | cmd = "tar zcf - " + " ".join(artifacts_list) |
68 | bb.warn(f"{artifact_path} is not an absolute path") | 69 | (status, output) = target.run(cmd, raw = True) |
69 | continue | 70 | if status != 0 or not output: |
70 | try: | 71 | raise Exception("Error while fetching compressed artifacts") |
71 | dest_dir = os.path.join(local_artifacts_dir, os.path.dirname(artifact_path[1:])) | 72 | p = subprocess.run(["tar", "zxf", "-", "-C", local_artifacts_dir], input=output) |
72 | os.makedirs(dest_dir, exist_ok=True) | 73 | except Exception as e: |
73 | target.copyFrom(artifact_path, dest_dir) | 74 | bb.warn(f"Can not retrieve artifacts from test target: {e}") |
74 | except Exception as e: | ||
75 | bb.warn(f"Can not retrieve {artifact_path} from test target: {e}") | ||
76 | 75 | ||
77 | def list_and_fetch_failed_tests_artifacts(d, tc): | 76 | def list_and_fetch_failed_tests_artifacts(d, tc): |
78 | artifacts_list = get_artifacts_list(tc.target, d.getVar("TESTIMAGE_FAILED_QA_ARTIFACTS")) | 77 | artifacts_list = get_artifacts_list(tc.target, d.getVar("TESTIMAGE_FAILED_QA_ARTIFACTS")) |
diff --git a/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch b/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch index d9012d1dd6..7c8770ce8b 100644 --- a/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch +++ b/meta/recipes-bsp/grub/files/grub-module-explicitly-keeps-symbole-.module_license.patch | |||
@@ -37,7 +37,7 @@ SYMBOL TABLE: | |||
37 | 0000000000000000 l d .modname 0000000000000000 .modname | 37 | 0000000000000000 l d .modname 0000000000000000 .modname |
38 | -------------- | 38 | -------------- |
39 | 39 | ||
40 | Upstream-Status: Pending | 40 | Upstream-Status: Inappropriate [workaround that needs investigation into @TARGET_STRIP@ behaviour in oe-core vs toolchain used by upstream] |
41 | 41 | ||
42 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | 42 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> |
43 | 43 | ||
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index bb9aacb478..54c0e9bdd5 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -52,6 +52,10 @@ GRUBPLATFORM ??= "pc" | |||
52 | inherit autotools gettext texinfo pkgconfig | 52 | inherit autotools gettext texinfo pkgconfig |
53 | 53 | ||
54 | CFLAGS:remove = "-O2" | 54 | CFLAGS:remove = "-O2" |
55 | # It doesn't support sse, its make.defaults sets: | ||
56 | # CFLAGS += -mno-mmx -mno-sse | ||
57 | # So also remove -mfpmath=sse from TUNE_CCARGS | ||
58 | TUNE_CCARGS:remove = "-mfpmath=sse" | ||
55 | 59 | ||
56 | EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \ | 60 | EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \ |
57 | --disable-grub-mkfont \ | 61 | --disable-grub-mkfont \ |
diff --git a/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch b/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch index 32808fb92a..e8ff78082c 100644 --- a/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch +++ b/meta/recipes-bsp/libacpi/files/0001-libacpi-Fix-build-witth-fno-commom.patch | |||
@@ -3,7 +3,7 @@ From: Khem Raj <raj.khem@gmail.com> | |||
3 | Date: Wed, 5 Aug 2020 12:06:01 -0700 | 3 | Date: Wed, 5 Aug 2020 12:06:01 -0700 |
4 | Subject: [PATCH] libacpi: Fix build witth -fno-commom | 4 | Subject: [PATCH] libacpi: Fix build witth -fno-commom |
5 | 5 | ||
6 | Upstream-Status: Pending | 6 | Upstream-Status: Inactive-Upstream [last release before 2008, no vcs] |
7 | 7 | ||
8 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 8 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
9 | --- | 9 | --- |
diff --git a/meta/recipes-bsp/libacpi/files/ldflags.patch b/meta/recipes-bsp/libacpi/files/ldflags.patch index a7424c39da..db0974104b 100644 --- a/meta/recipes-bsp/libacpi/files/ldflags.patch +++ b/meta/recipes-bsp/libacpi/files/ldflags.patch | |||
@@ -1,7 +1,6 @@ | |||
1 | libacpi: Remove QA warning: No GNU_HASH in the elf binary | 1 | libacpi: Remove QA warning: No GNU_HASH in the elf binary |
2 | 2 | ||
3 | Upstream-Status: Inappropriate [other] | 3 | Upstream-Status: Inactive-Upstream [last release before 2008, no vcs] |
4 | Useful within bitbake environment only. | ||
5 | 4 | ||
6 | Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> | 5 | Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> |
7 | 6 | ||
diff --git a/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch b/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch index 06f20e5a78..955a175c96 100644 --- a/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch +++ b/meta/recipes-bsp/libacpi/files/libacpi_fix_for_x32.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Pending | 1 | Upstream-Status: Inactive-Upstream [last release before 2008, no vcs] |
2 | 2 | ||
3 | Fix libacpi for x32 | 3 | Fix libacpi for x32 |
4 | 4 | ||
diff --git a/meta/recipes-bsp/libacpi/files/makefile-fix.patch b/meta/recipes-bsp/libacpi/files/makefile-fix.patch index c34ef34e09..3b91bfaee1 100644 --- a/meta/recipes-bsp/libacpi/files/makefile-fix.patch +++ b/meta/recipes-bsp/libacpi/files/makefile-fix.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Pending | 1 | Upstream-Status: Inactive-Upstream [last release before 2008, no vcs] |
2 | 2 | ||
3 | --- | 3 | --- |
4 | Makefile | 6 +++--- | 4 | Makefile | 6 +++--- |
diff --git a/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch b/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch index ef376aa316..901e5fa3b4 100644 --- a/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch +++ b/meta/recipes-bsp/libacpi/files/use_correct_strip_in_cross_environment.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Pending | 1 | Upstream-Status: Inactive-Upstream [last release before 2008, no vcs] |
2 | 2 | ||
3 | Used the cross strip instead of host strip to avoid this build error: | 3 | Used the cross strip instead of host strip to avoid this build error: |
4 | 4 | ||
diff --git a/meta/recipes-bsp/u-boot/u-boot-configure.inc b/meta/recipes-bsp/u-boot/u-boot-configure.inc index 378d675364..a15511f8b2 100644 --- a/meta/recipes-bsp/u-boot/u-boot-configure.inc +++ b/meta/recipes-bsp/u-boot/u-boot-configure.inc | |||
@@ -18,23 +18,35 @@ do_configure () { | |||
18 | for type in ${UBOOT_CONFIG}; do | 18 | for type in ${UBOOT_CONFIG}; do |
19 | j=$(expr $j + 1); | 19 | j=$(expr $j + 1); |
20 | if [ $j -eq $i ]; then | 20 | if [ $j -eq $i ]; then |
21 | oe_runmake -C ${S} O=${B}/${config} ${config} | 21 | uboot_configure_config $config $type |
22 | if [ -n "${@' '.join(find_cfgs(d))}" ]; then | ||
23 | merge_config.sh -m -O ${B}/${config} ${B}/${config}/.config ${@" ".join(find_cfgs(d))} | ||
24 | oe_runmake -C ${S} O=${B}/${config} oldconfig | ||
25 | fi | ||
26 | fi | 22 | fi |
27 | done | 23 | done |
28 | unset j | 24 | unset j |
29 | done | 25 | done |
30 | unset i | 26 | unset i |
31 | else | 27 | else |
32 | if [ -n "${UBOOT_MACHINE}" ]; then | 28 | uboot_configure |
33 | oe_runmake -C ${S} O=${B} ${UBOOT_MACHINE} | ||
34 | else | ||
35 | oe_runmake -C ${S} O=${B} oldconfig | ||
36 | fi | ||
37 | merge_config.sh -m .config ${@" ".join(find_cfgs(d))} | ||
38 | cml1_do_configure | ||
39 | fi | 29 | fi |
40 | } | 30 | } |
31 | |||
32 | uboot_configure_config () { | ||
33 | config=$1 | ||
34 | type=$2 | ||
35 | |||
36 | oe_runmake -C ${S} O=${B}/${config} ${config} | ||
37 | if [ -n "${@' '.join(find_cfgs(d))}" ]; then | ||
38 | merge_config.sh -m -O ${B}/${config} ${B}/${config}/.config ${@" ".join(find_cfgs(d))} | ||
39 | oe_runmake -C ${S} O=${B}/${config} oldconfig | ||
40 | fi | ||
41 | } | ||
42 | |||
43 | uboot_configure () { | ||
44 | if [ -n "${UBOOT_MACHINE}" ]; then | ||
45 | oe_runmake -C ${S} O=${B} ${UBOOT_MACHINE} | ||
46 | else | ||
47 | oe_runmake -C ${S} O=${B} oldconfig | ||
48 | fi | ||
49 | merge_config.sh -m .config ${@" ".join(find_cfgs(d))} | ||
50 | cml1_do_configure | ||
51 | } | ||
52 | |||
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc index f5b43f6e36..3c01720192 100644 --- a/meta/recipes-bsp/u-boot/u-boot.inc +++ b/meta/recipes-bsp/u-boot/u-boot.inc | |||
@@ -54,40 +54,21 @@ do_compile () { | |||
54 | 54 | ||
55 | if [ -n "${UBOOT_CONFIG}" -o -n "${UBOOT_DELTA_CONFIG}" ] | 55 | if [ -n "${UBOOT_CONFIG}" -o -n "${UBOOT_DELTA_CONFIG}" ] |
56 | then | 56 | then |
57 | unset i j k | 57 | unset i j |
58 | for config in ${UBOOT_MACHINE}; do | 58 | for config in ${UBOOT_MACHINE}; do |
59 | i=$(expr $i + 1); | 59 | i=$(expr $i + 1); |
60 | for type in ${UBOOT_CONFIG}; do | 60 | for type in ${UBOOT_CONFIG}; do |
61 | j=$(expr $j + 1); | 61 | j=$(expr $j + 1); |
62 | if [ $j -eq $i ] | 62 | if [ $j -eq $i ] |
63 | then | 63 | then |
64 | oe_runmake -C ${S} O=${B}/${config} ${UBOOT_MAKE_TARGET} | 64 | uboot_compile_config $i $config $type |
65 | for binary in ${UBOOT_BINARIES}; do | ||
66 | k=$(expr $k + 1); | ||
67 | if [ $k -eq $i ]; then | ||
68 | cp ${B}/${config}/${binary} ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} | ||
69 | fi | ||
70 | done | ||
71 | |||
72 | # Generate the uboot-initial-env | ||
73 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
74 | oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env | ||
75 | cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type} | ||
76 | fi | ||
77 | |||
78 | unset k | ||
79 | fi | 65 | fi |
80 | done | 66 | done |
81 | unset j | 67 | unset j |
82 | done | 68 | done |
83 | unset i | 69 | unset i |
84 | else | 70 | else |
85 | oe_runmake -C ${S} O=${B} ${UBOOT_MAKE_TARGET} | 71 | uboot_compile |
86 | |||
87 | # Generate the uboot-initial-env | ||
88 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
89 | oe_runmake -C ${S} O=${B} u-boot-initial-env | ||
90 | fi | ||
91 | fi | 72 | fi |
92 | 73 | ||
93 | if [ -n "${UBOOT_ENV}" ] && [ "${UBOOT_ENV_SUFFIX}" = "scr" ] | 74 | if [ -n "${UBOOT_ENV}" ] && [ "${UBOOT_ENV_SUFFIX}" = "scr" ] |
@@ -96,6 +77,46 @@ do_compile () { | |||
96 | fi | 77 | fi |
97 | } | 78 | } |
98 | 79 | ||
80 | uboot_compile_config () { | ||
81 | i=$1 | ||
82 | config=$2 | ||
83 | type=$3 | ||
84 | |||
85 | oe_runmake -C ${S} O=${B}/${config} ${UBOOT_MAKE_TARGET} | ||
86 | |||
87 | unset k | ||
88 | for binary in ${UBOOT_BINARIES}; do | ||
89 | k=$(expr $k + 1); | ||
90 | if [ $k -eq $i ]; then | ||
91 | uboot_compile_config_copy_binary $config $type $binary | ||
92 | fi | ||
93 | done | ||
94 | unset k | ||
95 | |||
96 | # Generate the uboot-initial-env | ||
97 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
98 | oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env | ||
99 | cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type} | ||
100 | fi | ||
101 | } | ||
102 | |||
103 | uboot_compile_config_copy_binary () { | ||
104 | config=$1 | ||
105 | type=$2 | ||
106 | binary=$3 | ||
107 | |||
108 | cp ${B}/${config}/${binary} ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} | ||
109 | } | ||
110 | |||
111 | uboot_compile () { | ||
112 | oe_runmake -C ${S} O=${B} ${UBOOT_MAKE_TARGET} | ||
113 | |||
114 | # Generate the uboot-initial-env | ||
115 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
116 | oe_runmake -C ${S} O=${B} u-boot-initial-env | ||
117 | fi | ||
118 | } | ||
119 | |||
99 | do_install () { | 120 | do_install () { |
100 | if [ -n "${UBOOT_CONFIG}" ] | 121 | if [ -n "${UBOOT_CONFIG}" ] |
101 | then | 122 | then |
@@ -105,32 +126,14 @@ do_install () { | |||
105 | j=$(expr $j + 1); | 126 | j=$(expr $j + 1); |
106 | if [ $j -eq $i ] | 127 | if [ $j -eq $i ] |
107 | then | 128 | then |
108 | install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} | 129 | uboot_install_config $config $type |
109 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type} | ||
110 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY} | ||
111 | |||
112 | # Install the uboot-initial-env | ||
113 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
114 | install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} | ||
115 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type} | ||
116 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${type} | ||
117 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV} | ||
118 | fi | ||
119 | fi | 130 | fi |
120 | done | 131 | done |
121 | unset j | 132 | unset j |
122 | done | 133 | done |
123 | unset i | 134 | unset i |
124 | else | 135 | else |
125 | install -D -m 644 ${B}/${UBOOT_BINARY} ${D}/boot/${UBOOT_IMAGE} | 136 | uboot_install |
126 | ln -sf ${UBOOT_IMAGE} ${D}/boot/${UBOOT_BINARY} | ||
127 | |||
128 | # Install the uboot-initial-env | ||
129 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
130 | install -D -m 644 ${B}/u-boot-initial-env ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} | ||
131 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE} | ||
132 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV} | ||
133 | fi | ||
134 | fi | 137 | fi |
135 | 138 | ||
136 | if [ -n "${UBOOT_ELF}" ] | 139 | if [ -n "${UBOOT_ELF}" ] |
@@ -143,17 +146,14 @@ do_install () { | |||
143 | j=$(expr $j + 1); | 146 | j=$(expr $j + 1); |
144 | if [ $j -eq $i ] | 147 | if [ $j -eq $i ] |
145 | then | 148 | then |
146 | install -m 644 ${B}/${config}/${UBOOT_ELF} ${D}/boot/u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} | 149 | uboot_install_elf_config $config $type |
147 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type} | ||
148 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY} | ||
149 | fi | 150 | fi |
150 | done | 151 | done |
151 | unset j | 152 | unset j |
152 | done | 153 | done |
153 | unset i | 154 | unset i |
154 | else | 155 | else |
155 | install -m 644 ${B}/${UBOOT_ELF} ${D}/boot/${UBOOT_ELF_IMAGE} | 156 | uboot_install_elf |
156 | ln -sf ${UBOOT_ELF_IMAGE} ${D}/boot/${UBOOT_ELF_BINARY} | ||
157 | fi | 157 | fi |
158 | fi | 158 | fi |
159 | 159 | ||
@@ -172,17 +172,14 @@ do_install () { | |||
172 | j=$(expr $j + 1); | 172 | j=$(expr $j + 1); |
173 | if [ $j -eq $i ] | 173 | if [ $j -eq $i ] |
174 | then | 174 | then |
175 | install -m 644 ${B}/${config}/${SPL_BINARY} ${D}/boot/${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} | 175 | uboot_install_spl_config $config $type |
176 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE}-${type} | ||
177 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE} | ||
178 | fi | 176 | fi |
179 | done | 177 | done |
180 | unset j | 178 | unset j |
181 | done | 179 | done |
182 | unset i | 180 | unset i |
183 | else | 181 | else |
184 | install -m 644 ${B}/${SPL_BINARY} ${D}/boot/${SPL_IMAGE} | 182 | uboot_install_spl |
185 | ln -sf ${SPL_IMAGE} ${D}/boot/${SPL_BINARYFILE} | ||
186 | fi | 183 | fi |
187 | fi | 184 | fi |
188 | 185 | ||
@@ -198,6 +195,63 @@ do_install () { | |||
198 | fi | 195 | fi |
199 | } | 196 | } |
200 | 197 | ||
198 | uboot_install_config () { | ||
199 | config=$1 | ||
200 | type=$2 | ||
201 | |||
202 | install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} | ||
203 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type} | ||
204 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY} | ||
205 | |||
206 | # Install the uboot-initial-env | ||
207 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
208 | install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} | ||
209 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type} | ||
210 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${type} | ||
211 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV} | ||
212 | fi | ||
213 | } | ||
214 | |||
215 | uboot_install () { | ||
216 | install -D -m 644 ${B}/${UBOOT_BINARY} ${D}/boot/${UBOOT_IMAGE} | ||
217 | ln -sf ${UBOOT_IMAGE} ${D}/boot/${UBOOT_BINARY} | ||
218 | |||
219 | # Install the uboot-initial-env | ||
220 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
221 | install -D -m 644 ${B}/u-boot-initial-env ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} | ||
222 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE} | ||
223 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV} | ||
224 | fi | ||
225 | } | ||
226 | |||
227 | uboot_install_elf_config () { | ||
228 | config=$1 | ||
229 | type=$2 | ||
230 | |||
231 | install -m 644 ${B}/${config}/${UBOOT_ELF} ${D}/boot/u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} | ||
232 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY}-${type} | ||
233 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${D}/boot/${UBOOT_BINARY} | ||
234 | } | ||
235 | |||
236 | uboot_install_elf () { | ||
237 | install -m 644 ${B}/${UBOOT_ELF} ${D}/boot/${UBOOT_ELF_IMAGE} | ||
238 | ln -sf ${UBOOT_ELF_IMAGE} ${D}/boot/${UBOOT_ELF_BINARY} | ||
239 | } | ||
240 | |||
241 | uboot_install_spl_config () { | ||
242 | config=$1 | ||
243 | type=$2 | ||
244 | |||
245 | install -m 644 ${B}/${config}/${SPL_BINARY} ${D}/boot/${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} | ||
246 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE}-${type} | ||
247 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${D}/boot/${SPL_BINARYFILE} | ||
248 | } | ||
249 | |||
250 | uboot_install_spl () { | ||
251 | install -m 644 ${B}/${SPL_BINARY} ${D}/boot/${SPL_IMAGE} | ||
252 | ln -sf ${SPL_IMAGE} ${D}/boot/${SPL_BINARYFILE} | ||
253 | } | ||
254 | |||
201 | PACKAGE_BEFORE_PN += "${PN}-env ${PN}-extlinux" | 255 | PACKAGE_BEFORE_PN += "${PN}-env ${PN}-extlinux" |
202 | 256 | ||
203 | RPROVIDES:${PN}-env += "u-boot-default-env" | 257 | RPROVIDES:${PN}-env += "u-boot-default-env" |
@@ -223,40 +277,14 @@ do_deploy () { | |||
223 | j=$(expr $j + 1); | 277 | j=$(expr $j + 1); |
224 | if [ $j -eq $i ] | 278 | if [ $j -eq $i ] |
225 | then | 279 | then |
226 | install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${DEPLOYDIR}/${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} | 280 | uboot_deploy_config $config $type |
227 | cd ${DEPLOYDIR} | ||
228 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK}-${type} | ||
229 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK} | ||
230 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY}-${type} | ||
231 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY} | ||
232 | |||
233 | # Deploy the uboot-initial-env | ||
234 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
235 | install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} | ||
236 | cd ${DEPLOYDIR} | ||
237 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE}-${type} | ||
238 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${type} | ||
239 | fi | ||
240 | fi | 281 | fi |
241 | done | 282 | done |
242 | unset j | 283 | unset j |
243 | done | 284 | done |
244 | unset i | 285 | unset i |
245 | else | 286 | else |
246 | install -D -m 644 ${B}/${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE} | 287 | uboot_deploy |
247 | |||
248 | cd ${DEPLOYDIR} | ||
249 | rm -f ${UBOOT_BINARY} ${UBOOT_SYMLINK} | ||
250 | ln -sf ${UBOOT_IMAGE} ${UBOOT_SYMLINK} | ||
251 | ln -sf ${UBOOT_IMAGE} ${UBOOT_BINARY} | ||
252 | |||
253 | # Deploy the uboot-initial-env | ||
254 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
255 | install -D -m 644 ${B}/u-boot-initial-env ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} | ||
256 | cd ${DEPLOYDIR} | ||
257 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE} | ||
258 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV} | ||
259 | fi | ||
260 | fi | 288 | fi |
261 | 289 | ||
262 | if [ -e ${WORKDIR}/fw_env.config ] ; then | 290 | if [ -e ${WORKDIR}/fw_env.config ] ; then |
@@ -276,20 +304,14 @@ do_deploy () { | |||
276 | j=$(expr $j + 1); | 304 | j=$(expr $j + 1); |
277 | if [ $j -eq $i ] | 305 | if [ $j -eq $i ] |
278 | then | 306 | then |
279 | install -m 644 ${B}/${config}/${UBOOT_ELF} ${DEPLOYDIR}/u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} | 307 | uboot_deploy_elf_config $config $type |
280 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}-${type} | ||
281 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY} | ||
282 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}-${type} | ||
283 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK} | ||
284 | fi | 308 | fi |
285 | done | 309 | done |
286 | unset j | 310 | unset j |
287 | done | 311 | done |
288 | unset i | 312 | unset i |
289 | else | 313 | else |
290 | install -m 644 ${B}/${UBOOT_ELF} ${DEPLOYDIR}/${UBOOT_ELF_IMAGE} | 314 | uboot_deploy_elf |
291 | ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_BINARY} | ||
292 | ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK} | ||
293 | fi | 315 | fi |
294 | fi | 316 | fi |
295 | 317 | ||
@@ -304,21 +326,14 @@ do_deploy () { | |||
304 | j=$(expr $j + 1); | 326 | j=$(expr $j + 1); |
305 | if [ $j -eq $i ] | 327 | if [ $j -eq $i ] |
306 | then | 328 | then |
307 | install -m 644 ${B}/${config}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} | 329 | uboot_deploy_spl_config $config $type |
308 | rm -f ${DEPLOYDIR}/${SPL_BINARYFILE} ${DEPLOYDIR}/${SPL_SYMLINK} | ||
309 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE}-${type} | ||
310 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE} | ||
311 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK}-${type} | ||
312 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK} | ||
313 | fi | 330 | fi |
314 | done | 331 | done |
315 | unset j | 332 | unset j |
316 | done | 333 | done |
317 | unset i | 334 | unset i |
318 | else | 335 | else |
319 | install -m 644 ${B}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE} | 336 | uboot_deploy_spl |
320 | ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_BINARYNAME} | ||
321 | ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_SYMLINK} | ||
322 | fi | 337 | fi |
323 | fi | 338 | fi |
324 | 339 | ||
@@ -342,4 +357,76 @@ do_deploy () { | |||
342 | fi | 357 | fi |
343 | } | 358 | } |
344 | 359 | ||
360 | uboot_deploy_config () { | ||
361 | config=$1 | ||
362 | type=$2 | ||
363 | |||
364 | install -D -m 644 ${B}/${config}/${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} ${DEPLOYDIR}/${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} | ||
365 | cd ${DEPLOYDIR} | ||
366 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK}-${type} | ||
367 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_SYMLINK} | ||
368 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY}-${type} | ||
369 | ln -sf ${UBOOT_BINARYNAME}-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY} | ||
370 | |||
371 | # Deploy the uboot-initial-env | ||
372 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
373 | install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} | ||
374 | cd ${DEPLOYDIR} | ||
375 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE}-${type} | ||
376 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${type} | ||
377 | fi | ||
378 | } | ||
379 | |||
380 | uboot_deploy () { | ||
381 | install -D -m 644 ${B}/${UBOOT_BINARY} ${DEPLOYDIR}/${UBOOT_IMAGE} | ||
382 | |||
383 | cd ${DEPLOYDIR} | ||
384 | rm -f ${UBOOT_BINARY} ${UBOOT_SYMLINK} | ||
385 | ln -sf ${UBOOT_IMAGE} ${UBOOT_SYMLINK} | ||
386 | ln -sf ${UBOOT_IMAGE} ${UBOOT_BINARY} | ||
387 | |||
388 | # Deploy the uboot-initial-env | ||
389 | if [ -n "${UBOOT_INITIAL_ENV}" ]; then | ||
390 | install -D -m 644 ${B}/u-boot-initial-env ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} | ||
391 | cd ${DEPLOYDIR} | ||
392 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE} | ||
393 | ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV} | ||
394 | fi | ||
395 | } | ||
396 | |||
397 | uboot_deploy_elf_config () { | ||
398 | config=$1 | ||
399 | type=$2 | ||
400 | |||
401 | install -m 644 ${B}/${config}/${UBOOT_ELF} ${DEPLOYDIR}/u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} | ||
402 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY}-${type} | ||
403 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_BINARY} | ||
404 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK}-${type} | ||
405 | ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_ELF_SUFFIX} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK} | ||
406 | } | ||
407 | |||
408 | uboot_deploy_elf () { | ||
409 | install -m 644 ${B}/${UBOOT_ELF} ${DEPLOYDIR}/${UBOOT_ELF_IMAGE} | ||
410 | ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_BINARY} | ||
411 | ln -sf ${UBOOT_ELF_IMAGE} ${DEPLOYDIR}/${UBOOT_ELF_SYMLINK} | ||
412 | } | ||
413 | |||
414 | uboot_deploy_spl_config () { | ||
415 | config=$1 | ||
416 | type=$2 | ||
417 | |||
418 | install -m 644 ${B}/${config}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} | ||
419 | rm -f ${DEPLOYDIR}/${SPL_BINARYFILE} ${DEPLOYDIR}/${SPL_SYMLINK} | ||
420 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE}-${type} | ||
421 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_BINARYFILE} | ||
422 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK}-${type} | ||
423 | ln -sf ${SPL_BINARYNAME}-${type}-${PV}-${PR}${SPL_DELIMITER}${SPL_SUFFIX} ${DEPLOYDIR}/${SPL_SYMLINK} | ||
424 | } | ||
425 | |||
426 | uboot_deploy_spl () { | ||
427 | install -m 644 ${B}/${SPL_BINARY} ${DEPLOYDIR}/${SPL_IMAGE} | ||
428 | ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_BINARYNAME} | ||
429 | ln -sf ${SPL_IMAGE} ${DEPLOYDIR}/${SPL_SYMLINK} | ||
430 | } | ||
431 | |||
345 | addtask deploy before do_build after do_compile | 432 | addtask deploy before do_build after do_compile |
diff --git a/meta/recipes-connectivity/bind/bind_9.18.25.bb b/meta/recipes-connectivity/bind/bind_9.18.28.bb index cc35604aba..4b0948298e 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.25.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.28.bb | |||
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | |||
20 | file://0001-avoid-start-failure-with-bind-user.patch \ | 20 | file://0001-avoid-start-failure-with-bind-user.patch \ |
21 | " | 21 | " |
22 | 22 | ||
23 | SRC_URI[sha256sum] = "5a4a70432a33d009f0e6e9dbb328aae7a5e27507e98e28bf3c0c6b250ccb2ab3" | 23 | SRC_URI[sha256sum] = "e7cce9a165f7b619eefc4832f0a8dc16b005d29e3890aed6008c506ea286a5e7" |
24 | 24 | ||
25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" |
26 | # follow the ESV versions divisible by 2 | 26 | # follow the ESV versions divisible by 2 |
@@ -34,7 +34,7 @@ inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-a | |||
34 | 34 | ||
35 | # PACKAGECONFIGs readline and libedit should NOT be set at same time | 35 | # PACKAGECONFIGs readline and libedit should NOT be set at same time |
36 | PACKAGECONFIG ?= "readline" | 36 | PACKAGECONFIG ?= "readline" |
37 | PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" | 37 | PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" |
38 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline" | 38 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline" |
39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" | 39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" |
40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" | 40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" |
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index a31d7076ba..3f2f096aac 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc | |||
@@ -54,7 +54,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ | |||
54 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ | 54 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ |
55 | file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ | 55 | file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ |
56 | file://0001-test-gatt-Fix-hung-issue.patch \ | 56 | file://0001-test-gatt-Fix-hung-issue.patch \ |
57 | file://0004-src-shared-util.c-include-linux-limits.h.patch \ | ||
58 | " | 57 | " |
59 | S = "${WORKDIR}/bluez-${PV}" | 58 | S = "${WORKDIR}/bluez-${PV}" |
60 | 59 | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch deleted file mode 100644 index 516d859069..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Kanavin <alex@linutronix.de> | ||
3 | Date: Mon, 12 Dec 2022 13:10:19 +0100 | ||
4 | Subject: [PATCH] src/shared/util.c: include linux/limits.h | ||
5 | |||
6 | MAX_INPUT is defined in that file. This matters on non-glibc | ||
7 | systems such as those using musl. | ||
8 | |||
9 | Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com] | ||
10 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
11 | |||
12 | --- | ||
13 | src/shared/util.c | 1 + | ||
14 | 1 file changed, 1 insertion(+) | ||
15 | |||
16 | diff --git a/src/shared/util.c b/src/shared/util.c | ||
17 | index c0c2c4a..036dc0d 100644 | ||
18 | --- a/src/shared/util.c | ||
19 | +++ b/src/shared/util.c | ||
20 | @@ -23,6 +23,7 @@ | ||
21 | #include <unistd.h> | ||
22 | #include <dirent.h> | ||
23 | #include <limits.h> | ||
24 | +#include <linux/limits.h> | ||
25 | #include <string.h> | ||
26 | |||
27 | #ifdef HAVE_SYS_RANDOM_H | ||
diff --git a/meta/recipes-connectivity/iw/iw_6.7.bb b/meta/recipes-connectivity/iw/iw_6.7.bb index b46b54bc93..162b4e922b 100644 --- a/meta/recipes-connectivity/iw/iw_6.7.bb +++ b/meta/recipes-connectivity/iw/iw_6.7.bb | |||
@@ -4,7 +4,7 @@ wireless devices. It supports almost all new drivers that have been added \ | |||
4 | to the kernel recently. " | 4 | to the kernel recently. " |
5 | HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" | 5 | HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" |
6 | SECTION = "base" | 6 | SECTION = "base" |
7 | LICENSE = "BSD-2-Clause" | 7 | LICENSE = "ISC" |
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" | 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" |
9 | 9 | ||
10 | DEPENDS = "libnl" | 10 | DEPENDS = "libnl" |
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch new file mode 100644 index 0000000000..64abfb85cd --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f Mon Sep 17 00:00:00 2001 | ||
2 | From: Rose <83477269+AtariDreams@users.noreply.github.com> | ||
3 | Date: Tue, 16 May 2023 12:37:11 -0400 | ||
4 | Subject: [PATCH] Remove unused variable retval in sock_present2network | ||
5 | |||
6 | This quiets the compiler since it is not even returned anyway, and is a misleading variable name. | ||
7 | |||
8 | (cherry picked from commit c7b90298984c46d820d3cee79a96d24870b5f200) | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f] | ||
11 | CVE: CVE-2023-7256 #Dependency Patch | ||
12 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
13 | --- | ||
14 | sockutils.c | 3 +-- | ||
15 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/sockutils.c b/sockutils.c | ||
18 | index 1c07f76fd1..6752f296af 100644 | ||
19 | --- a/sockutils.c | ||
20 | +++ b/sockutils.c | ||
21 | @@ -2082,7 +2082,6 @@ int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *addres | ||
22 | */ | ||
23 | int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen) | ||
24 | { | ||
25 | - int retval; | ||
26 | struct addrinfo *addrinfo; | ||
27 | struct addrinfo hints; | ||
28 | |||
29 | @@ -2090,7 +2089,7 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, | ||
30 | |||
31 | hints.ai_family = addr_family; | ||
32 | |||
33 | - if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1) | ||
34 | + if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1) | ||
35 | return 0; | ||
36 | |||
37 | if (addrinfo->ai_family == PF_INET) | ||
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch new file mode 100644 index 0000000000..fffcb2704a --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch | |||
@@ -0,0 +1,365 @@ | |||
1 | From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001 | ||
2 | From: Guy Harris <gharris@sonic.net> | ||
3 | Date: Thu, 28 Sep 2023 00:37:57 -0700 | ||
4 | Subject: [PATCH] Have sock_initaddress() return the list of addrinfo | ||
5 | structures or NULL. | ||
6 | |||
7 | Its return address is currently 0 for success and -1 for failure, with a | ||
8 | pointer to the first element of the list of struct addrinfos returned | ||
9 | through a pointer on success; change it to return that pointer on | ||
10 | success and NULL on failure. | ||
11 | |||
12 | That way, we don't have to worry about what happens to the pointer | ||
13 | pointeed to by the argument in question on failure; we know that we got | ||
14 | NULL back if no struct addrinfos were found because getaddrinfo() | ||
15 | failed. Thus, we know that we have something to free iff | ||
16 | sock_initaddress() returned a pointer to that something rather than | ||
17 | returning NULL. | ||
18 | |||
19 | This avoids a double-free in some cases. | ||
20 | |||
21 | This is apparently CVE-2023-40400. | ||
22 | |||
23 | (backported from commit 262e4f34979872d822ccedf9f318ed89c4d31c03) | ||
24 | |||
25 | Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d] | ||
26 | CVE: CVE-2023-7256 | ||
27 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
28 | --- | ||
29 | pcap-rpcap.c | 48 ++++++++++++++++++++-------------------- | ||
30 | rpcapd/daemon.c | 8 +++++-- | ||
31 | rpcapd/rpcapd.c | 8 +++++-- | ||
32 | sockutils.c | 58 ++++++++++++++++++++++++++++--------------------- | ||
33 | sockutils.h | 5 ++--- | ||
34 | 5 files changed, 72 insertions(+), 55 deletions(-) | ||
35 | |||
36 | diff --git a/pcap-rpcap.c b/pcap-rpcap.c | ||
37 | index ef0cd6e49c..f1992e4aea 100644 | ||
38 | --- a/pcap-rpcap.c | ||
39 | +++ b/pcap-rpcap.c | ||
40 | @@ -1024,7 +1024,6 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf) | ||
41 | { | ||
42 | struct activehosts *temp; /* temp var needed to scan the host list chain */ | ||
43 | struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ | ||
44 | - int retval; | ||
45 | |||
46 | /* retrieve the network address corresponding to 'host' */ | ||
47 | addrinfo = NULL; | ||
48 | @@ -1032,9 +1031,9 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf) | ||
49 | hints.ai_family = PF_UNSPEC; | ||
50 | hints.ai_socktype = SOCK_STREAM; | ||
51 | |||
52 | - retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, | ||
53 | + addrinfo = sock_initaddress(host, NULL, &hints, errbuf, | ||
54 | PCAP_ERRBUF_SIZE); | ||
55 | - if (retval != 0) | ||
56 | + if (addrinfo == NULL) | ||
57 | { | ||
58 | *error = 1; | ||
59 | return NULL; | ||
60 | @@ -1186,7 +1185,9 @@ static int pcap_startcapture_remote(pcap_t *fp) | ||
61 | hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */ | ||
62 | |||
63 | /* Let's the server pick up a free network port for us */ | ||
64 | - if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
65 | + addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf, | ||
66 | + PCAP_ERRBUF_SIZE); | ||
67 | + if (addrinfo == NULL) | ||
68 | goto error_nodiscard; | ||
69 | |||
70 | if ((sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, | ||
71 | @@ -1311,7 +1312,9 @@ static int pcap_startcapture_remote(pcap_t *fp) | ||
72 | snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata)); | ||
73 | |||
74 | /* Let's the server pick up a free network port for us */ | ||
75 | - if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
76 | + addrinfo = sock_initaddress(host, portstring, &hints, | ||
77 | + fp->errbuf, PCAP_ERRBUF_SIZE); | ||
78 | + if (addrinfo == NULL) | ||
79 | goto error; | ||
80 | |||
81 | if ((sockdata = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) | ||
82 | @@ -2340,16 +2343,16 @@ rpcap_setup_session(const char *source, struct pcap_rmtauth *auth, | ||
83 | if (port[0] == 0) | ||
84 | { | ||
85 | /* the user chose not to specify the port */ | ||
86 | - if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, | ||
87 | - &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
88 | - return -1; | ||
89 | + addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT, | ||
90 | + &hints, errbuf, PCAP_ERRBUF_SIZE); | ||
91 | } | ||
92 | else | ||
93 | { | ||
94 | - if (sock_initaddress(host, port, &hints, &addrinfo, | ||
95 | - errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
96 | - return -1; | ||
97 | + addrinfo = sock_initaddress(host, port, &hints, | ||
98 | + errbuf, PCAP_ERRBUF_SIZE); | ||
99 | } | ||
100 | + if (addrinfo == NULL) | ||
101 | + return -1; | ||
102 | |||
103 | if ((*sockctrlp = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, | ||
104 | errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) | ||
105 | @@ -2950,19 +2953,19 @@ SOCKET pcap_remoteact_accept_ex(const char *address, const char *port, const cha | ||
106 | /* Do the work */ | ||
107 | if ((port == NULL) || (port[0] == 0)) | ||
108 | { | ||
109 | - if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
110 | - { | ||
111 | - return (SOCKET)-2; | ||
112 | - } | ||
113 | + addrinfo = sock_initaddress(address, | ||
114 | + RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf, | ||
115 | + PCAP_ERRBUF_SIZE); | ||
116 | } | ||
117 | else | ||
118 | { | ||
119 | - if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
120 | - { | ||
121 | - return (SOCKET)-2; | ||
122 | - } | ||
123 | + addrinfo = sock_initaddress(address, port, &hints, errbuf, | ||
124 | + PCAP_ERRBUF_SIZE); | ||
125 | + } | ||
126 | + if (addrinfo == NULL) | ||
127 | + { | ||
128 | + return (SOCKET)-2; | ||
129 | } | ||
130 | - | ||
131 | |||
132 | if ((sockmain = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) | ||
133 | { | ||
134 | @@ -3122,7 +3125,6 @@ int pcap_remoteact_close(const char *host, char *errbuf) | ||
135 | { | ||
136 | struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */ | ||
137 | struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ | ||
138 | - int retval; | ||
139 | |||
140 | temp = activeHosts; | ||
141 | prev = NULL; | ||
142 | @@ -3133,9 +3135,9 @@ int pcap_remoteact_close(const char *host, char *errbuf) | ||
143 | hints.ai_family = PF_UNSPEC; | ||
144 | hints.ai_socktype = SOCK_STREAM; | ||
145 | |||
146 | - retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, | ||
147 | + addrinfo = sock_initaddress(host, NULL, &hints, errbuf, | ||
148 | PCAP_ERRBUF_SIZE); | ||
149 | - if (retval != 0) | ||
150 | + if (addrinfo == NULL) | ||
151 | { | ||
152 | return -1; | ||
153 | } | ||
154 | diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c | ||
155 | index 8d620dd604..b04b29f107 100644 | ||
156 | --- a/rpcapd/daemon.c | ||
157 | +++ b/rpcapd/daemon.c | ||
158 | @@ -2085,7 +2085,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, | ||
159 | goto error; | ||
160 | } | ||
161 | |||
162 | - if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) | ||
163 | + addrinfo = sock_initaddress(peerhost, portdata, &hints, | ||
164 | + errmsgbuf, PCAP_ERRBUF_SIZE); | ||
165 | + if (addrinfo == NULL) | ||
166 | goto error; | ||
167 | |||
168 | if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) | ||
169 | @@ -2096,7 +2098,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, | ||
170 | hints.ai_flags = AI_PASSIVE; | ||
171 | |||
172 | // Make the server socket pick up a free network port for us | ||
173 | - if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) | ||
174 | + addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf, | ||
175 | + PCAP_ERRBUF_SIZE); | ||
176 | + if (addrinfo == NULL) | ||
177 | goto error; | ||
178 | |||
179 | if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) | ||
180 | diff --git a/rpcapd/rpcapd.c b/rpcapd/rpcapd.c | ||
181 | index e1f3f05299..d166522c9f 100644 | ||
182 | --- a/rpcapd/rpcapd.c | ||
183 | +++ b/rpcapd/rpcapd.c | ||
184 | @@ -611,7 +611,9 @@ void main_startup(void) | ||
185 | // | ||
186 | // Get a list of sockets on which to listen. | ||
187 | // | ||
188 | - if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
189 | + addrinfo = sock_initaddress((address[0]) ? address : NULL, | ||
190 | + port, &mainhints, errbuf, PCAP_ERRBUF_SIZE); | ||
191 | + if (addrinfo == NULL) | ||
192 | { | ||
193 | rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); | ||
194 | return; | ||
195 | @@ -1350,7 +1352,9 @@ main_active(void *ptr) | ||
196 | memset(errbuf, 0, sizeof(errbuf)); | ||
197 | |||
198 | // Do the work | ||
199 | - if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) | ||
200 | + addrinfo = sock_initaddress(activepars->address, activepars->port, | ||
201 | + &hints, errbuf, PCAP_ERRBUF_SIZE); | ||
202 | + if (addrinfo == NULL) | ||
203 | { | ||
204 | rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); | ||
205 | return 0; | ||
206 | diff --git a/sockutils.c b/sockutils.c | ||
207 | index a1bfa1b5e2..823c2363e0 100644 | ||
208 | --- a/sockutils.c | ||
209 | +++ b/sockutils.c | ||
210 | @@ -1069,20 +1069,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err, | ||
211 | * \param errbuflen: length of the buffer that will contains the error. The error message cannot be | ||
212 | * larger than 'errbuflen - 1' because the last char is reserved for the string terminator. | ||
213 | * | ||
214 | - * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned | ||
215 | - * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is | ||
216 | - * returned into the addrinfo parameter. | ||
217 | + * \return a pointer to the first element in a list of addrinfo structures | ||
218 | + * if everything is fine, NULL if some errors occurred. The error message | ||
219 | + * is returned in the 'errbuf' variable. | ||
220 | * | ||
221 | - * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when | ||
222 | - * it is no longer needed. | ||
223 | + * \warning The list of addrinfo structures returned has to be deleted by | ||
224 | + * the programmer by calling freeaddrinfo() when it is no longer needed. | ||
225 | * | ||
226 | * \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same | ||
227 | * of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest | ||
228 | * the programmer to look at that function in order to set the 'hints' variable appropriately. | ||
229 | */ | ||
230 | -int sock_initaddress(const char *host, const char *port, | ||
231 | - struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen) | ||
232 | +struct addrinfo *sock_initaddress(const char *host, const char *port, | ||
233 | + struct addrinfo *hints, char *errbuf, int errbuflen) | ||
234 | { | ||
235 | + struct addrinfo *addrinfo; | ||
236 | int retval; | ||
237 | |||
238 | /* | ||
239 | @@ -1094,9 +1095,13 @@ int sock_initaddress(const char *host, const char *port, | ||
240 | * as those messages won't talk about a problem with the port if | ||
241 | * no port was specified. | ||
242 | */ | ||
243 | - retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo); | ||
244 | + retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo); | ||
245 | if (retval != 0) | ||
246 | { | ||
247 | + /* | ||
248 | + * That call failed. | ||
249 | + * Determine whether the problem is that the host is bad. | ||
250 | + */ | ||
251 | if (errbuf) | ||
252 | { | ||
253 | if (host != NULL && port != NULL) { | ||
254 | @@ -1108,7 +1113,7 @@ int sock_initaddress(const char *host, const char *port, | ||
255 | int try_retval; | ||
256 | |||
257 | try_retval = getaddrinfo(host, NULL, hints, | ||
258 | - addrinfo); | ||
259 | + &addrinfo); | ||
260 | if (try_retval == 0) { | ||
261 | /* | ||
262 | * Worked with just the host, | ||
263 | @@ -1117,14 +1122,16 @@ int sock_initaddress(const char *host, const char *port, | ||
264 | * | ||
265 | * Free up the address info first. | ||
266 | */ | ||
267 | - freeaddrinfo(*addrinfo); | ||
268 | + freeaddrinfo(addrinfo); | ||
269 | get_gai_errstring(errbuf, errbuflen, | ||
270 | "", retval, NULL, port); | ||
271 | } else { | ||
272 | /* | ||
273 | * Didn't work with just the host, | ||
274 | * so assume the problem is | ||
275 | - * with the host. | ||
276 | + * with the host; we assume | ||
277 | + * the original error indicates | ||
278 | + * the underlying problem. | ||
279 | */ | ||
280 | get_gai_errstring(errbuf, errbuflen, | ||
281 | "", retval, host, NULL); | ||
282 | @@ -1132,13 +1139,14 @@ int sock_initaddress(const char *host, const char *port, | ||
283 | } else { | ||
284 | /* | ||
285 | * Either the host or port was null, so | ||
286 | - * there's nothing to determine. | ||
287 | + * there's nothing to determine; report | ||
288 | + * the error from the original call. | ||
289 | */ | ||
290 | get_gai_errstring(errbuf, errbuflen, "", | ||
291 | retval, host, port); | ||
292 | } | ||
293 | } | ||
294 | - return -1; | ||
295 | + return NULL; | ||
296 | } | ||
297 | /* | ||
298 | * \warning SOCKET: I should check all the accept() in order to bind to all addresses in case | ||
299 | @@ -1153,30 +1161,28 @@ int sock_initaddress(const char *host, const char *port, | ||
300 | * ignore all addresses that are neither? (What, no IPX | ||
301 | * support? :-)) | ||
302 | */ | ||
303 | - if (((*addrinfo)->ai_family != PF_INET) && | ||
304 | - ((*addrinfo)->ai_family != PF_INET6)) | ||
305 | + if ((addrinfo->ai_family != PF_INET) && | ||
306 | + (addrinfo->ai_family != PF_INET6)) | ||
307 | { | ||
308 | if (errbuf) | ||
309 | snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported"); | ||
310 | - freeaddrinfo(*addrinfo); | ||
311 | - *addrinfo = NULL; | ||
312 | - return -1; | ||
313 | + freeaddrinfo(addrinfo); | ||
314 | + return NULL; | ||
315 | } | ||
316 | |||
317 | /* | ||
318 | * You can't do multicast (or broadcast) TCP. | ||
319 | */ | ||
320 | - if (((*addrinfo)->ai_socktype == SOCK_STREAM) && | ||
321 | - (sock_ismcastaddr((*addrinfo)->ai_addr) == 0)) | ||
322 | + if ((addrinfo->ai_socktype == SOCK_STREAM) && | ||
323 | + (sock_ismcastaddr(addrinfo->ai_addr) == 0)) | ||
324 | { | ||
325 | if (errbuf) | ||
326 | snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams"); | ||
327 | - freeaddrinfo(*addrinfo); | ||
328 | - *addrinfo = NULL; | ||
329 | - return -1; | ||
330 | + freeaddrinfo(addrinfo); | ||
331 | + return NULL; | ||
332 | } | ||
333 | |||
334 | - return 0; | ||
335 | + return addrinfo; | ||
336 | } | ||
337 | |||
338 | /* | ||
339 | @@ -2089,7 +2095,9 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, | ||
340 | |||
341 | hints.ai_family = addr_family; | ||
342 | |||
343 | - if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1) | ||
344 | + addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints, | ||
345 | + errbuf, errbuflen); | ||
346 | + if (addrinfo == NULL) | ||
347 | return 0; | ||
348 | |||
349 | if (addrinfo->ai_family == PF_INET) | ||
350 | diff --git a/sockutils.h b/sockutils.h | ||
351 | index a488d8fcb4..30b8cfe0b7 100644 | ||
352 | --- a/sockutils.h | ||
353 | +++ b/sockutils.h | ||
354 | @@ -138,9 +138,8 @@ void sock_fmterrmsg(char *errbuf, size_t errbuflen, int errcode, | ||
355 | PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(4, 5); | ||
356 | void sock_geterrmsg(char *errbuf, size_t errbuflen, | ||
357 | PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(3, 4); | ||
358 | -int sock_initaddress(const char *address, const char *port, | ||
359 | - struct addrinfo *hints, struct addrinfo **addrinfo, | ||
360 | - char *errbuf, int errbuflen); | ||
361 | +struct addrinfo *sock_initaddress(const char *address, const char *port, | ||
362 | + struct addrinfo *hints, char *errbuf, int errbuflen); | ||
363 | int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall, | ||
364 | char *errbuf, int errbuflen); | ||
365 | int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size, | ||
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch new file mode 100644 index 0000000000..6819aedd20 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch | |||
@@ -0,0 +1,42 @@ | |||
1 | From 8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nicolas Badoux <n.badoux@hotmail.com> | ||
3 | Date: Mon, 19 Aug 2024 12:31:53 +0200 | ||
4 | Subject: [PATCH] makes pcap_findalldevs_ex errors out if the directory does | ||
5 | not exist | ||
6 | |||
7 | (backported from commit 0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29) | ||
8 | |||
9 | Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6] | ||
10 | CVE: CVE-2024-8006 | ||
11 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
12 | --- | ||
13 | pcap-new.c | 9 ++++++++- | ||
14 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/pcap-new.c b/pcap-new.c | ||
17 | index be91b3f8db..d449ee623c 100644 | ||
18 | --- a/pcap-new.c | ||
19 | +++ b/pcap-new.c | ||
20 | @@ -230,6 +230,13 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t | ||
21 | #else | ||
22 | /* opening the folder */ | ||
23 | unixdir= opendir(path); | ||
24 | + if (unixdir == NULL) { | ||
25 | + DIAG_OFF_FORMAT_TRUNCATION | ||
26 | + snprintf(errbuf, PCAP_ERRBUF_SIZE, | ||
27 | + "Error when listing files: does folder '%s' exist?", path); | ||
28 | + DIAG_ON_FORMAT_TRUNCATION | ||
29 | + return -1; | ||
30 | + } | ||
31 | |||
32 | /* get the first file into it */ | ||
33 | filedata= readdir(unixdir); | ||
34 | @@ -237,7 +244,7 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t | ||
35 | if (filedata == NULL) | ||
36 | { | ||
37 | DIAG_OFF_FORMAT_TRUNCATION | ||
38 | - snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path); | ||
39 | + snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path); | ||
40 | DIAG_ON_FORMAT_TRUNCATION | ||
41 | closedir(unixdir); | ||
42 | return -1; | ||
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb index 166654e280..36eb4bca75 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb | |||
@@ -10,7 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ | |||
10 | file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" | 10 | file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" |
11 | DEPENDS = "flex-native bison-native" | 11 | DEPENDS = "flex-native bison-native" |
12 | 12 | ||
13 | SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" | 13 | SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ |
14 | file://CVE-2023-7256-pre1.patch \ | ||
15 | file://CVE-2023-7256.patch \ | ||
16 | file://CVE-2024-8006.patch \ | ||
17 | " | ||
18 | |||
14 | SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f" | 19 | SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f" |
15 | 20 | ||
16 | inherit autotools binconfig-disabled pkgconfig | 21 | inherit autotools binconfig-disabled pkgconfig |
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index a4030b7b32..06ded45934 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb | |||
@@ -5,13 +5,13 @@ SECTION = "network" | |||
5 | LICENSE = "PD" | 5 | LICENSE = "PD" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" |
7 | 7 | ||
8 | SRCREV = "aae7c68671d225e6d35224613d5b98192b9b2ffe" | 8 | SRCREV = "55ba955d53305df96123534488fd160ea882b4dd" |
9 | PV = "20230416" | 9 | PV = "20240407" |
10 | PE = "1" | 10 | PE = "1" |
11 | 11 | ||
12 | SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" | 12 | SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" |
13 | S = "${WORKDIR}/git" | 13 | S = "${WORKDIR}/git" |
14 | 14 | ||
15 | inherit autotools | 15 | inherit meson |
16 | 16 | ||
17 | DEPENDS += "libxslt-native" | 17 | DEPENDS += "libxslt-native" |
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch new file mode 100644 index 0000000000..5fd495d233 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0001.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From 9c7a7fe29605d3d8bb5c0cfcee21a8f01ab9f4aa Mon Sep 17 00:00:00 2001 | ||
2 | From: Denis Kenzior <denkenz@gmail.com> | ||
3 | Date: Thu, 29 Feb 2024 11:18:25 -0600 | ||
4 | Subject: [PATCH 1/4] smsutil: ensure the address length in bytes <= 10 | ||
5 | |||
6 | If a specially formatted SMS is received, it is conceivable that the | ||
7 | address length might overflow the structure it is being parsed into. | ||
8 | Ensure that the length in bytes of the address never exceeds 10. | ||
9 | |||
10 | CVE: CVE-2023-2794 | ||
11 | |||
12 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682] | ||
13 | |||
14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
15 | --- | ||
16 | src/smsutil.c | 7 ++++++- | ||
17 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/src/smsutil.c b/src/smsutil.c | ||
20 | index f46507f..d3844f3 100644 | ||
21 | --- a/src/smsutil.c | ||
22 | +++ b/src/smsutil.c | ||
23 | @@ -643,7 +643,12 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len, | ||
24 | else | ||
25 | byte_len = (addr_len + 1) / 2; | ||
26 | |||
27 | - if ((len - *offset) < byte_len) | ||
28 | + /* | ||
29 | + * 23.040: | ||
30 | + * The maximum length of the full address field | ||
31 | + * (AddressLength, TypeofAddress and AddressValue) is 12 octets. | ||
32 | + */ | ||
33 | + if ((len - *offset) < byte_len || byte_len > 10) | ||
34 | return FALSE; | ||
35 | |||
36 | out->number_type = bit_field(addr_type, 4, 3); | ||
37 | -- | ||
38 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch new file mode 100644 index 0000000000..c93cb20c7d --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0002.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 3f58f4f5260be9e9e46bc50382768563a5ce2bcd Mon Sep 17 00:00:00 2001 | ||
2 | From: Denis Kenzior <denkenz@gmail.com> | ||
3 | Date: Thu, 29 Feb 2024 11:42:28 -0600 | ||
4 | Subject: [PATCH 2/4] smsutil: Check cbs_dcs_decode return value | ||
5 | |||
6 | It is better to explicitly check the return value of cbs_dcs_decode | ||
7 | instead of relying on udhi not being changed due to side-effects. | ||
8 | |||
9 | CVE: CVE-2023-2794 | ||
10 | |||
11 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400] | ||
12 | |||
13 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
14 | --- | ||
15 | src/smsutil.c | 3 ++- | ||
16 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/src/smsutil.c b/src/smsutil.c | ||
19 | index d3844f3..cfa157a 100644 | ||
20 | --- a/src/smsutil.c | ||
21 | +++ b/src/smsutil.c | ||
22 | @@ -1765,7 +1765,8 @@ gboolean sms_udh_iter_init_from_cbs(const struct cbs *cbs, | ||
23 | const guint8 *hdr; | ||
24 | guint8 max_ud_len; | ||
25 | |||
26 | - cbs_dcs_decode(cbs->dcs, &udhi, NULL, NULL, NULL, NULL, NULL); | ||
27 | + if (!cbs_dcs_decode(cbs->dcs, &udhi, NULL, NULL, NULL, NULL, NULL)) | ||
28 | + return FALSE; | ||
29 | |||
30 | if (!udhi) | ||
31 | return FALSE; | ||
32 | -- | ||
33 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch new file mode 100644 index 0000000000..d4d31206dc --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0003.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From be0df9a74cecdf16c26f86bf88b29d823aa2a369 Mon Sep 17 00:00:00 2001 | ||
2 | From: Denis Kenzior <denkenz@gmail.com> | ||
3 | Date: Thu, 29 Feb 2024 12:06:54 -0600 | ||
4 | Subject: [PATCH 3/4] simutil: Make sure set_length on the parent succeeds | ||
5 | |||
6 | CVE: CVE-2023-2794 | ||
7 | |||
8 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e] | ||
9 | |||
10 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
11 | --- | ||
12 | src/simutil.c | 11 ++++++----- | ||
13 | 1 file changed, 6 insertions(+), 5 deletions(-) | ||
14 | |||
15 | diff --git a/src/simutil.c b/src/simutil.c | ||
16 | index 0354caf..218612b 100644 | ||
17 | --- a/src/simutil.c | ||
18 | +++ b/src/simutil.c | ||
19 | @@ -588,8 +588,9 @@ gboolean ber_tlv_builder_set_length(struct ber_tlv_builder *builder, | ||
20 | if (new_pos > builder->max) | ||
21 | return FALSE; | ||
22 | |||
23 | - if (builder->parent) | ||
24 | - ber_tlv_builder_set_length(builder->parent, new_pos); | ||
25 | + if (builder->parent && | ||
26 | + !ber_tlv_builder_set_length(builder->parent, new_pos)) | ||
27 | + return FALSE; | ||
28 | |||
29 | builder->len = new_len; | ||
30 | |||
31 | @@ -730,9 +731,9 @@ gboolean comprehension_tlv_builder_set_length( | ||
32 | if (builder->pos + new_ctlv_len > builder->max) | ||
33 | return FALSE; | ||
34 | |||
35 | - if (builder->parent) | ||
36 | - ber_tlv_builder_set_length(builder->parent, | ||
37 | - builder->pos + new_ctlv_len); | ||
38 | + if (builder->parent && !ber_tlv_builder_set_length(builder->parent, | ||
39 | + builder->pos + new_ctlv_len)) | ||
40 | + return FALSE; | ||
41 | |||
42 | len = MIN(builder->len, new_len); | ||
43 | if (len > 0 && new_len_size != len_size) | ||
44 | -- | ||
45 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch new file mode 100644 index 0000000000..c1cf2df71a --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-2794-0004.patch | |||
@@ -0,0 +1,128 @@ | |||
1 | From 44648c764268b6e9e4f1c4aec44782b494385fca Mon Sep 17 00:00:00 2001 | ||
2 | From: Denis Kenzior <denkenz@gmail.com> | ||
3 | Date: Thu, 29 Feb 2024 17:16:00 -0600 | ||
4 | Subject: [PATCH 4/4] smsutil: Use a safer strlcpy | ||
5 | |||
6 | sms_address_from_string is meant as private API, to be used with string | ||
7 | form addresses that have already been sanitized. However, to be safe, | ||
8 | use a safe version of strcpy to avoid overflowing the buffer in case the | ||
9 | input was not sanitized properly. While here, add a '__' prefix to the | ||
10 | function name to help make it clearer that this API is private and | ||
11 | should be used with more care. | ||
12 | |||
13 | CVE: CVE-2023-2794 | ||
14 | |||
15 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9] | ||
16 | |||
17 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
18 | --- | ||
19 | src/smsutil.c | 14 +++++++------- | ||
20 | src/smsutil.h | 2 +- | ||
21 | unit/test-sms.c | 6 +++--- | ||
22 | 3 files changed, 11 insertions(+), 11 deletions(-) | ||
23 | |||
24 | diff --git a/src/smsutil.c b/src/smsutil.c | ||
25 | index cfa157a..def47e8 100644 | ||
26 | --- a/src/smsutil.c | ||
27 | +++ b/src/smsutil.c | ||
28 | @@ -1887,15 +1887,15 @@ time_t sms_scts_to_time(const struct sms_scts *scts, struct tm *remote) | ||
29 | return ret; | ||
30 | } | ||
31 | |||
32 | -void sms_address_from_string(struct sms_address *addr, const char *str) | ||
33 | +void __sms_address_from_string(struct sms_address *addr, const char *str) | ||
34 | { | ||
35 | addr->numbering_plan = SMS_NUMBERING_PLAN_ISDN; | ||
36 | if (str[0] == '+') { | ||
37 | addr->number_type = SMS_NUMBER_TYPE_INTERNATIONAL; | ||
38 | - strcpy(addr->address, str + 1); | ||
39 | + l_strlcpy(addr->address, str + 1, sizeof(addr->address)); | ||
40 | } else { | ||
41 | addr->number_type = SMS_NUMBER_TYPE_UNKNOWN; | ||
42 | - strcpy(addr->address, str); | ||
43 | + l_strlcpy(addr->address, str, sizeof(addr->address)); | ||
44 | } | ||
45 | } | ||
46 | |||
47 | @@ -3086,7 +3086,7 @@ gboolean status_report_assembly_report(struct status_report_assembly *assembly, | ||
48 | } | ||
49 | } | ||
50 | |||
51 | - sms_address_from_string(&addr, straddr); | ||
52 | + __sms_address_from_string(&addr, straddr); | ||
53 | |||
54 | if (pending == TRUE && node->deliverable == TRUE) { | ||
55 | /* | ||
56 | @@ -3179,7 +3179,7 @@ void status_report_assembly_expire(struct status_report_assembly *assembly, | ||
57 | while (g_hash_table_iter_next(&iter_addr, (gpointer) &straddr, | ||
58 | (gpointer) &id_table)) { | ||
59 | |||
60 | - sms_address_from_string(&addr, straddr); | ||
61 | + __sms_address_from_string(&addr, straddr); | ||
62 | g_hash_table_iter_init(&iter_node, id_table); | ||
63 | |||
64 | /* Go through different messages. */ | ||
65 | @@ -3473,7 +3473,7 @@ GSList *sms_datagram_prepare(const char *to, | ||
66 | template.submit.vp.relative = 0xA7; /* 24 Hours */ | ||
67 | template.submit.dcs = 0x04; /* Class Unspecified, 8 Bit */ | ||
68 | template.submit.udhi = TRUE; | ||
69 | - sms_address_from_string(&template.submit.daddr, to); | ||
70 | + __sms_address_from_string(&template.submit.daddr, to); | ||
71 | |||
72 | offset = 1; | ||
73 | |||
74 | @@ -3600,7 +3600,7 @@ GSList *sms_text_prepare_with_alphabet(const char *to, const char *utf8, | ||
75 | template.submit.srr = use_delivery_reports; | ||
76 | template.submit.mr = 0; | ||
77 | template.submit.vp.relative = 0xA7; /* 24 Hours */ | ||
78 | - sms_address_from_string(&template.submit.daddr, to); | ||
79 | + __sms_address_from_string(&template.submit.daddr, to); | ||
80 | |||
81 | /* There are two enums for the same thing */ | ||
82 | dialect = (enum gsm_dialect)alphabet; | ||
83 | diff --git a/src/smsutil.h b/src/smsutil.h | ||
84 | index 01487de..bc21504 100644 | ||
85 | --- a/src/smsutil.h | ||
86 | +++ b/src/smsutil.h | ||
87 | @@ -487,7 +487,7 @@ int sms_udl_in_bytes(guint8 ud_len, guint8 dcs); | ||
88 | time_t sms_scts_to_time(const struct sms_scts *scts, struct tm *remote); | ||
89 | |||
90 | const char *sms_address_to_string(const struct sms_address *addr); | ||
91 | -void sms_address_from_string(struct sms_address *addr, const char *str); | ||
92 | +void __sms_address_from_string(struct sms_address *addr, const char *str); | ||
93 | |||
94 | const guint8 *sms_extract_common(const struct sms *sms, gboolean *out_udhi, | ||
95 | guint8 *out_dcs, guint8 *out_udl, | ||
96 | diff --git a/unit/test-sms.c b/unit/test-sms.c | ||
97 | index 154bb33..66755f3 100644 | ||
98 | --- a/unit/test-sms.c | ||
99 | +++ b/unit/test-sms.c | ||
100 | @@ -1603,7 +1603,7 @@ static void test_sr_assembly(void) | ||
101 | sr3.status_report.mr); | ||
102 | } | ||
103 | |||
104 | - sms_address_from_string(&addr, "+4915259911630"); | ||
105 | + __sms_address_from_string(&addr, "+4915259911630"); | ||
106 | |||
107 | sra = status_report_assembly_new(NULL); | ||
108 | |||
109 | @@ -1626,7 +1626,7 @@ static void test_sr_assembly(void) | ||
110 | * Send sms-message in the national address-format, | ||
111 | * but receive in the international address-format. | ||
112 | */ | ||
113 | - sms_address_from_string(&addr, "9911630"); | ||
114 | + __sms_address_from_string(&addr, "9911630"); | ||
115 | status_report_assembly_add_fragment(sra, sha1, &addr, 4, time(NULL), 2); | ||
116 | status_report_assembly_add_fragment(sra, sha1, &addr, 5, time(NULL), 2); | ||
117 | |||
118 | @@ -1641,7 +1641,7 @@ static void test_sr_assembly(void) | ||
119 | * Send sms-message in the international address-format, | ||
120 | * but receive in the national address-format. | ||
121 | */ | ||
122 | - sms_address_from_string(&addr, "+358123456789"); | ||
123 | + __sms_address_from_string(&addr, "+358123456789"); | ||
124 | status_report_assembly_add_fragment(sra, sha1, &addr, 6, time(NULL), 1); | ||
125 | |||
126 | g_assert(status_report_assembly_report(sra, &sr3, id, &delivered)); | ||
127 | -- | ||
128 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb index dae5cc3c25..f8ade2b2f8 100644 --- a/meta/recipes-connectivity/ofono/ofono_2.4.bb +++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb | |||
@@ -12,6 +12,10 @@ SRC_URI = "\ | |||
12 | file://ofono \ | 12 | file://ofono \ |
13 | file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ | 13 | file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ |
14 | file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ | 14 | file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ |
15 | file://CVE-2023-2794-0001.patch \ | ||
16 | file://CVE-2023-2794-0002.patch \ | ||
17 | file://CVE-2023-2794-0003.patch \ | ||
18 | file://CVE-2023-2794-0004.patch \ | ||
15 | " | 19 | " |
16 | SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d" | 20 | SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d" |
17 | 21 | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-Fix-missing-header-for-systemd-notification.patch b/meta/recipes-connectivity/openssh/openssh/0001-Fix-missing-header-for-systemd-notification.patch new file mode 100644 index 0000000000..2baa4a6fe5 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-Fix-missing-header-for-systemd-notification.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | From 88351eca17dcc55189991ba60e50819b6d4193c1 Mon Sep 17 00:00:00 2001 | ||
2 | From: 90 <hi@90.gripe> | ||
3 | Date: Fri, 5 Apr 2024 19:36:06 +0100 | ||
4 | Subject: [PATCH] Fix missing header for systemd notification | ||
5 | |||
6 | Upstream-Status: Backport [88351eca17dcc55189991ba60e50819b6d4193c1] | ||
7 | Signed-off-by: Jon Mason <jdmason@kudzu.us> | ||
8 | |||
9 | --- | ||
10 | openbsd-compat/port-linux.c | 1 + | ||
11 | 1 file changed, 1 insertion(+) | ||
12 | |||
13 | diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c | ||
14 | index df7290246df6..4c024c6d2d61 100644 | ||
15 | --- a/openbsd-compat/port-linux.c | ||
16 | +++ b/openbsd-compat/port-linux.c | ||
17 | @@ -33,6 +33,7 @@ | ||
18 | #include <stdio.h> | ||
19 | #include <stdlib.h> | ||
20 | #include <time.h> | ||
21 | +#include <unistd.h> | ||
22 | |||
23 | #include "log.h" | ||
24 | #include "xmalloc.h" | ||
25 | -- | ||
26 | 2.39.2 | ||
27 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch b/meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch new file mode 100644 index 0000000000..4925c969fe --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch | |||
@@ -0,0 +1,225 @@ | |||
1 | From fc73e2405a8ca928465580b74a4d76112919367b Mon Sep 17 00:00:00 2001 | ||
2 | From: Damien Miller <djm@mindrot.org> | ||
3 | Date: Wed, 3 Apr 2024 14:40:32 +1100 | ||
4 | Subject: [PATCH] notify systemd on listen and reload | ||
5 | |||
6 | Standalone implementation that does not depend on libsystemd. | ||
7 | With assistance from Luca Boccassi, and feedback/testing from Colin | ||
8 | Watson. bz2641 | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c] | ||
11 | |||
12 | Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | ||
13 | --- | ||
14 | configure.ac | 1 + | ||
15 | openbsd-compat/port-linux.c | 97 ++++++++++++++++++++++++++++++++++++- | ||
16 | openbsd-compat/port-linux.h | 5 ++ | ||
17 | platform.c | 11 +++++ | ||
18 | platform.h | 1 + | ||
19 | sshd.c | 2 + | ||
20 | 6 files changed, 115 insertions(+), 2 deletions(-) | ||
21 | |||
22 | diff --git a/configure.ac b/configure.ac | ||
23 | index 82e8bb7c1..854f92b5b 100644 | ||
24 | --- a/configure.ac | ||
25 | +++ b/configure.ac | ||
26 | @@ -915,6 +915,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
27 | AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) | ||
28 | AC_DEFINE([USE_BTMP]) | ||
29 | AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) | ||
30 | + AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) | ||
31 | inet6_default_4in6=yes | ||
32 | case `uname -r` in | ||
33 | 1.*|2.0.*) | ||
34 | diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c | ||
35 | index 0457e28d0..df7290246 100644 | ||
36 | --- a/openbsd-compat/port-linux.c | ||
37 | +++ b/openbsd-compat/port-linux.c | ||
38 | @@ -21,16 +21,23 @@ | ||
39 | |||
40 | #include "includes.h" | ||
41 | |||
42 | -#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) | ||
43 | +#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) || \ | ||
44 | + defined(SYSTEMD_NOTIFY) | ||
45 | +#include <sys/socket.h> | ||
46 | +#include <sys/un.h> | ||
47 | + | ||
48 | #include <errno.h> | ||
49 | +#include <inttypes.h> | ||
50 | #include <stdarg.h> | ||
51 | #include <string.h> | ||
52 | #include <stdio.h> | ||
53 | #include <stdlib.h> | ||
54 | +#include <time.h> | ||
55 | |||
56 | #include "log.h" | ||
57 | #include "xmalloc.h" | ||
58 | #include "port-linux.h" | ||
59 | +#include "misc.h" | ||
60 | |||
61 | #ifdef WITH_SELINUX | ||
62 | #include <selinux/selinux.h> | ||
63 | @@ -310,4 +317,90 @@ oom_adjust_restore(void) | ||
64 | return; | ||
65 | } | ||
66 | #endif /* LINUX_OOM_ADJUST */ | ||
67 | -#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ | ||
68 | + | ||
69 | +#ifdef SYSTEMD_NOTIFY | ||
70 | + | ||
71 | +static void ssh_systemd_notify(const char *, ...) | ||
72 | + __attribute__((__format__ (printf, 1, 2))) __attribute__((__nonnull__ (1))); | ||
73 | + | ||
74 | +static void | ||
75 | +ssh_systemd_notify(const char *fmt, ...) | ||
76 | +{ | ||
77 | + char *s = NULL; | ||
78 | + const char *path; | ||
79 | + struct stat sb; | ||
80 | + struct sockaddr_un addr; | ||
81 | + int fd = -1; | ||
82 | + va_list ap; | ||
83 | + | ||
84 | + if ((path = getenv("NOTIFY_SOCKET")) == NULL || strlen(path) == 0) | ||
85 | + return; | ||
86 | + | ||
87 | + va_start(ap, fmt); | ||
88 | + xvasprintf(&s, fmt, ap); | ||
89 | + va_end(ap); | ||
90 | + | ||
91 | + /* Only AF_UNIX is supported, with path or abstract sockets */ | ||
92 | + if (path[0] != '/' && path[0] != '@') { | ||
93 | + error_f("socket \"%s\" is not compatible with AF_UNIX", path); | ||
94 | + goto out; | ||
95 | + } | ||
96 | + | ||
97 | + if (path[0] == '/' && stat(path, &sb) != 0) { | ||
98 | + error_f("socket \"%s\" stat: %s", path, strerror(errno)); | ||
99 | + goto out; | ||
100 | + } | ||
101 | + | ||
102 | + memset(&addr, 0, sizeof(addr)); | ||
103 | + addr.sun_family = AF_UNIX; | ||
104 | + if (strlcpy(addr.sun_path, path, | ||
105 | + sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) { | ||
106 | + error_f("socket path \"%s\" too long", path); | ||
107 | + goto out; | ||
108 | + } | ||
109 | + /* Support for abstract socket */ | ||
110 | + if (addr.sun_path[0] == '@') | ||
111 | + addr.sun_path[0] = 0; | ||
112 | + if ((fd = socket(PF_UNIX, SOCK_DGRAM, 0)) == -1) { | ||
113 | + error_f("socket \"%s\": %s", path, strerror(errno)); | ||
114 | + goto out; | ||
115 | + } | ||
116 | + if (connect(fd, &addr, sizeof(addr)) != 0) { | ||
117 | + error_f("socket \"%s\" connect: %s", path, strerror(errno)); | ||
118 | + goto out; | ||
119 | + } | ||
120 | + if (write(fd, s, strlen(s)) != (ssize_t)strlen(s)) { | ||
121 | + error_f("socket \"%s\" write: %s", path, strerror(errno)); | ||
122 | + goto out; | ||
123 | + } | ||
124 | + debug_f("socket \"%s\" notified %s", path, s); | ||
125 | + out: | ||
126 | + if (fd != -1) | ||
127 | + close(fd); | ||
128 | + free(s); | ||
129 | +} | ||
130 | + | ||
131 | +void | ||
132 | +ssh_systemd_notify_ready(void) | ||
133 | +{ | ||
134 | + ssh_systemd_notify("READY=1"); | ||
135 | +} | ||
136 | + | ||
137 | +void | ||
138 | +ssh_systemd_notify_reload(void) | ||
139 | +{ | ||
140 | + struct timespec now; | ||
141 | + | ||
142 | + monotime_ts(&now); | ||
143 | + if (now.tv_sec < 0 || now.tv_nsec < 0) { | ||
144 | + error_f("monotime returned negative value"); | ||
145 | + ssh_systemd_notify("RELOADING=1"); | ||
146 | + } else { | ||
147 | + ssh_systemd_notify("RELOADING=1\nMONOTONIC_USEC=%llu", | ||
148 | + ((uint64_t)now.tv_sec * 1000000ULL) + | ||
149 | + ((uint64_t)now.tv_nsec / 1000ULL)); | ||
150 | + } | ||
151 | +} | ||
152 | +#endif /* SYSTEMD_NOTIFY */ | ||
153 | + | ||
154 | +#endif /* WITH_SELINUX || LINUX_OOM_ADJUST || SYSTEMD_NOTIFY */ | ||
155 | diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h | ||
156 | index 3c22a854d..14064f87d 100644 | ||
157 | --- a/openbsd-compat/port-linux.h | ||
158 | +++ b/openbsd-compat/port-linux.h | ||
159 | @@ -30,4 +30,9 @@ void oom_adjust_restore(void); | ||
160 | void oom_adjust_setup(void); | ||
161 | #endif | ||
162 | |||
163 | +#ifdef SYSTEMD_NOTIFY | ||
164 | +void ssh_systemd_notify_ready(void); | ||
165 | +void ssh_systemd_notify_reload(void); | ||
166 | +#endif | ||
167 | + | ||
168 | #endif /* ! _PORT_LINUX_H */ | ||
169 | diff --git a/platform.c b/platform.c | ||
170 | index 4fe8744ee..9cf818153 100644 | ||
171 | --- a/platform.c | ||
172 | +++ b/platform.c | ||
173 | @@ -44,6 +44,14 @@ platform_pre_listen(void) | ||
174 | #endif | ||
175 | } | ||
176 | |||
177 | +void | ||
178 | +platform_post_listen(void) | ||
179 | +{ | ||
180 | +#ifdef SYSTEMD_NOTIFY | ||
181 | + ssh_systemd_notify_ready(); | ||
182 | +#endif | ||
183 | +} | ||
184 | + | ||
185 | void | ||
186 | platform_pre_fork(void) | ||
187 | { | ||
188 | @@ -55,6 +63,9 @@ platform_pre_fork(void) | ||
189 | void | ||
190 | platform_pre_restart(void) | ||
191 | { | ||
192 | +#ifdef SYSTEMD_NOTIFY | ||
193 | + ssh_systemd_notify_reload(); | ||
194 | +#endif | ||
195 | #ifdef LINUX_OOM_ADJUST | ||
196 | oom_adjust_restore(); | ||
197 | #endif | ||
198 | diff --git a/platform.h b/platform.h | ||
199 | index 7fef8c983..5dec23276 100644 | ||
200 | --- a/platform.h | ||
201 | +++ b/platform.h | ||
202 | @@ -21,6 +21,7 @@ | ||
203 | void platform_pre_listen(void); | ||
204 | void platform_pre_fork(void); | ||
205 | void platform_pre_restart(void); | ||
206 | +void platform_post_listen(void); | ||
207 | void platform_post_fork_parent(pid_t child_pid); | ||
208 | void platform_post_fork_child(void); | ||
209 | int platform_privileged_uidswap(void); | ||
210 | diff --git a/sshd.c b/sshd.c | ||
211 | index b4f2b9742..865331b46 100644 | ||
212 | --- a/sshd.c | ||
213 | +++ b/sshd.c | ||
214 | @@ -2077,6 +2077,8 @@ main(int ac, char **av) | ||
215 | ssh_signal(SIGTERM, sigterm_handler); | ||
216 | ssh_signal(SIGQUIT, sigterm_handler); | ||
217 | |||
218 | + platform_post_listen(); | ||
219 | + | ||
220 | /* | ||
221 | * Write out the pid file after the sigterm handler | ||
222 | * is setup and the listen sockets are bound | ||
223 | -- | ||
224 | 2.45.2 | ||
225 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch deleted file mode 100644 index acda8f1ce9..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch +++ /dev/null | |||
@@ -1,99 +0,0 @@ | |||
1 | From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001 | ||
2 | From: Matt Jolly <Matt.Jolly@footclan.ninja> | ||
3 | Date: Thu, 2 Feb 2023 21:05:40 +1100 | ||
4 | Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` | ||
5 | |||
6 | This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org> | ||
7 | patch based on Jakub Jelen's <jjelen@redhat.com> original patch | ||
8 | |||
9 | Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] | ||
10 | |||
11 | Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> | ||
12 | --- | ||
13 | configure.ac | 24 ++++++++++++++++++++++++ | ||
14 | sshd.c | 13 +++++++++++++ | ||
15 | 2 files changed, 37 insertions(+) | ||
16 | |||
17 | diff --git a/configure.ac b/configure.ac | ||
18 | index 22fee70f..486c189f 100644 | ||
19 | --- a/configure.ac | ||
20 | +++ b/configure.ac | ||
21 | @@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS]) | ||
22 | AC_SUBST([K5LIBS]) | ||
23 | AC_SUBST([CHANNELLIBS]) | ||
24 | |||
25 | +# Check whether user wants systemd support | ||
26 | +SYSTEMD_MSG="no" | ||
27 | +AC_ARG_WITH(systemd, | ||
28 | + [ --with-systemd Enable systemd support], | ||
29 | + [ if test "x$withval" != "xno" ; then | ||
30 | + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
31 | + if test "$PKGCONFIG" != "no"; then | ||
32 | + AC_MSG_CHECKING([for libsystemd]) | ||
33 | + if $PKGCONFIG --exists libsystemd; then | ||
34 | + SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` | ||
35 | + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` | ||
36 | + CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" | ||
37 | + SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" | ||
38 | + AC_MSG_RESULT([yes]) | ||
39 | + AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) | ||
40 | + SYSTEMD_MSG="yes" | ||
41 | + else | ||
42 | + AC_MSG_RESULT([no]) | ||
43 | + fi | ||
44 | + fi | ||
45 | + fi ] | ||
46 | +) | ||
47 | + | ||
48 | # Looking for programs, paths and files | ||
49 | |||
50 | PRIVSEP_PATH=/var/empty | ||
51 | @@ -5634,6 +5657,7 @@ echo " libldns support: $LDNS_MSG" | ||
52 | echo " Solaris process contract support: $SPC_MSG" | ||
53 | echo " Solaris project support: $SP_MSG" | ||
54 | echo " Solaris privilege support: $SPP_MSG" | ||
55 | +echo " systemd support: $SYSTEMD_MSG" | ||
56 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
57 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
58 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
59 | diff --git a/sshd.c b/sshd.c | ||
60 | index 6321936c..859d6a0b 100644 | ||
61 | --- a/sshd.c | ||
62 | +++ b/sshd.c | ||
63 | @@ -88,6 +88,10 @@ | ||
64 | #include <prot.h> | ||
65 | #endif | ||
66 | |||
67 | +#ifdef HAVE_SYSTEMD | ||
68 | +#include <systemd/sd-daemon.h> | ||
69 | +#endif | ||
70 | + | ||
71 | #include "xmalloc.h" | ||
72 | #include "ssh.h" | ||
73 | #include "ssh2.h" | ||
74 | @@ -310,6 +314,10 @@ static void | ||
75 | sighup_restart(void) | ||
76 | { | ||
77 | logit("Received SIGHUP; restarting."); | ||
78 | +#ifdef HAVE_SYSTEMD | ||
79 | + /* Signal systemd that we are reloading */ | ||
80 | + sd_notify(0, "RELOADING=1"); | ||
81 | +#endif | ||
82 | if (options.pid_file != NULL) | ||
83 | unlink(options.pid_file); | ||
84 | platform_pre_restart(); | ||
85 | @@ -2086,6 +2094,11 @@ main(int ac, char **av) | ||
86 | } | ||
87 | } | ||
88 | |||
89 | +#ifdef HAVE_SYSTEMD | ||
90 | + /* Signal systemd that we are ready to accept connections */ | ||
91 | + sd_notify(0, "READY=1"); | ||
92 | +#endif | ||
93 | + | ||
94 | /* Accept a connection and return in a forked child */ | ||
95 | server_accept_loop(&sock_in, &sock_out, | ||
96 | &newsock, config_s); | ||
97 | -- | ||
98 | 2.25.1 | ||
99 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch new file mode 100644 index 0000000000..898295340d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 146c420d29d055cc75c8606327a1cf8439fe3a08 Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Mon, 1 Jul 2024 04:31:17 +0000 | ||
4 | Subject: [PATCH] upstream: when sending ObscureKeystrokeTiming chaff packets, | ||
5 | we | ||
6 | |||
7 | can't rely on channel_did_enqueue to tell that there is data to send. This | ||
8 | flag indicates that the channels code enqueued a packet on _this_ ppoll() | ||
9 | iteration, not that data was enqueued in _any_ ppoll() iteration in the | ||
10 | timeslice. ok markus@ | ||
11 | |||
12 | OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 | ||
13 | |||
14 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2024-39894.patch?h=ubuntu/noble-security | ||
15 | Upstream commit https://github.com/openssh/openssh-portable/commit/146c420d29d055cc75c8606327a1cf8439fe3a08] | ||
16 | CVE: CVE-2024-39894 | ||
17 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
18 | --- | ||
19 | clientloop.c | 7 ++++--- | ||
20 | 1 file changed, 4 insertions(+), 3 deletions(-) | ||
21 | |||
22 | --- a/clientloop.c | ||
23 | +++ b/clientloop.c | ||
24 | @@ -612,8 +612,9 @@ obfuscate_keystroke_timing(struct ssh *s | ||
25 | if (timespeccmp(&now, &chaff_until, >=)) { | ||
26 | /* Stop if there have been no keystrokes for a while */ | ||
27 | stop_reason = "chaff time expired"; | ||
28 | - } else if (timespeccmp(&now, &next_interval, >=)) { | ||
29 | - /* Otherwise if we were due to send, then send chaff */ | ||
30 | + } else if (timespeccmp(&now, &next_interval, >=) && | ||
31 | + !ssh_packet_have_data_to_write(ssh)) { | ||
32 | + /* If due to send but have no data, then send chaff */ | ||
33 | if (send_chaff(ssh)) | ||
34 | nchaff++; | ||
35 | } | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch new file mode 100644 index 0000000000..3e7c707100 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | Description: fix signal handler race condition | ||
2 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497 | ||
3 | |||
4 | CVE: CVE-2024-6387 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | https://git.launchpad.net/ubuntu/+source/openssh/commit/?h=applied/ubuntu/jammy-devel&id=b059bcfa928df4ff2d103ae2e8f4e3136ee03efc | ||
8 | |||
9 | Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | ||
10 | |||
11 | --- a/log.c | ||
12 | +++ b/log.c | ||
13 | @@ -452,12 +452,14 @@ void | ||
14 | sshsigdie(const char *file, const char *func, int line, int showfunc, | ||
15 | LogLevel level, const char *suffix, const char *fmt, ...) | ||
16 | { | ||
17 | +#if 0 | ||
18 | va_list args; | ||
19 | |||
20 | va_start(args, fmt); | ||
21 | sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, | ||
22 | suffix, fmt, args); | ||
23 | va_end(args); | ||
24 | +#endif | ||
25 | _exit(1); | ||
26 | } | ||
27 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch deleted file mode 100644 index 20036da931..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch +++ /dev/null | |||
@@ -1,111 +0,0 @@ | |||
1 | From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001 | ||
2 | From: Yuanjie Huang <yuanjie.huang@windriver.com> | ||
3 | Date: Wed, 24 Aug 2016 03:15:43 +0000 | ||
4 | Subject: [PATCH] Fix potential signed overflow in pointer arithmatic | ||
5 | |||
6 | Pointer arithmatic results in implementation defined signed integer | ||
7 | type, so that 's - src' in strlcpy and others may trigger signed overflow. | ||
8 | In case of compilation by gcc or clang with -ftrapv option, the overflow | ||
9 | would lead to program abort. | ||
10 | |||
11 | Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] | ||
12 | |||
13 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> | ||
14 | |||
15 | Complete the fix | ||
16 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
17 | --- | ||
18 | openbsd-compat/strlcat.c | 10 +++++++--- | ||
19 | openbsd-compat/strlcpy.c | 8 ++++++-- | ||
20 | openbsd-compat/strnlen.c | 8 ++++++-- | ||
21 | 3 files changed, 19 insertions(+), 7 deletions(-) | ||
22 | |||
23 | diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c | ||
24 | index bcc1b61..124e1e3 100644 | ||
25 | --- a/openbsd-compat/strlcat.c | ||
26 | +++ b/openbsd-compat/strlcat.c | ||
27 | @@ -23,6 +23,7 @@ | ||
28 | |||
29 | #include <sys/types.h> | ||
30 | #include <string.h> | ||
31 | +#include <stdint.h> | ||
32 | |||
33 | /* | ||
34 | * Appends src to string dst of size siz (unlike strncat, siz is the | ||
35 | @@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz) | ||
36 | /* Find the end of dst and adjust bytes left but don't go past end */ | ||
37 | while (n-- != 0 && *d != '\0') | ||
38 | d++; | ||
39 | - dlen = d - dst; | ||
40 | + dlen = (uintptr_t)d - (uintptr_t)dst; | ||
41 | n = siz - dlen; | ||
42 | |||
43 | if (n == 0) | ||
44 | @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz) | ||
45 | s++; | ||
46 | } | ||
47 | *d = '\0'; | ||
48 | - | ||
49 | - return(dlen + (s - src)); /* count does not include NUL */ | ||
50 | + /* | ||
51 | + * Cast pointers to unsigned type before calculation, to avoid signed | ||
52 | + * overflow when the string ends where the MSB has changed. | ||
53 | + */ | ||
54 | + return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */ | ||
55 | } | ||
56 | |||
57 | #endif /* !HAVE_STRLCAT */ | ||
58 | diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c | ||
59 | index b4b1b60..b06f374 100644 | ||
60 | --- a/openbsd-compat/strlcpy.c | ||
61 | +++ b/openbsd-compat/strlcpy.c | ||
62 | @@ -23,6 +23,7 @@ | ||
63 | |||
64 | #include <sys/types.h> | ||
65 | #include <string.h> | ||
66 | +#include <stdint.h> | ||
67 | |||
68 | /* | ||
69 | * Copy src to string dst of size siz. At most siz-1 characters | ||
70 | @@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz) | ||
71 | while (*s++) | ||
72 | ; | ||
73 | } | ||
74 | - | ||
75 | - return(s - src - 1); /* count does not include NUL */ | ||
76 | + /* | ||
77 | + * Cast pointers to unsigned type before calculation, to avoid signed | ||
78 | + * overflow when the string ends where the MSB has changed. | ||
79 | + */ | ||
80 | + return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */ | ||
81 | } | ||
82 | |||
83 | #endif /* !HAVE_STRLCPY */ | ||
84 | diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c | ||
85 | index 7ad3573..7040f1f 100644 | ||
86 | --- a/openbsd-compat/strnlen.c | ||
87 | +++ b/openbsd-compat/strnlen.c | ||
88 | @@ -23,6 +23,7 @@ | ||
89 | #include <sys/types.h> | ||
90 | |||
91 | #include <string.h> | ||
92 | +#include <stdint.h> | ||
93 | |||
94 | size_t | ||
95 | strnlen(const char *str, size_t maxlen) | ||
96 | @@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen) | ||
97 | |||
98 | for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) | ||
99 | ; | ||
100 | - | ||
101 | - return (size_t)(cp - str); | ||
102 | + /* | ||
103 | + * Cast pointers to unsigned type before calculation, to avoid signed | ||
104 | + * overflow when the string ends where the MSB has changed. | ||
105 | + */ | ||
106 | + return (size_t)((uintptr_t)cp - (uintptr_t)str); | ||
107 | } | ||
108 | #endif | ||
109 | -- | ||
110 | 2.17.1 | ||
111 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service index 2a997b656a..24062a6817 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.service +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service | |||
@@ -4,11 +4,11 @@ Wants=sshdgenkeys.service | |||
4 | After=sshdgenkeys.service | 4 | After=sshdgenkeys.service |
5 | 5 | ||
6 | [Service] | 6 | [Service] |
7 | Type=notify-reload | ||
7 | Environment="SSHD_OPTS=" | 8 | Environment="SSHD_OPTS=" |
8 | EnvironmentFile=-/etc/default/ssh | 9 | EnvironmentFile=-/etc/default/ssh |
9 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd | 10 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd |
10 | ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS | 11 | ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS |
11 | ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID | ||
12 | KillMode=process | 12 | KillMode=process |
13 | Restart=on-failure | 13 | Restart=on-failure |
14 | RestartSec=42s | 14 | RestartSec=42s |
diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index d941664b41..3c507cf911 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb | |||
@@ -22,11 +22,13 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
22 | file://sshdgenkeys.service \ | 22 | file://sshdgenkeys.service \ |
23 | file://volatiles.99_sshd \ | 23 | file://volatiles.99_sshd \ |
24 | file://run-ptest \ | 24 | file://run-ptest \ |
25 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | ||
26 | file://sshd_check_keys \ | 25 | file://sshd_check_keys \ |
27 | file://add-test-support-for-busybox.patch \ | 26 | file://add-test-support-for-busybox.patch \ |
28 | file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ | 27 | file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ |
29 | file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ | 28 | file://0001-notify-systemd-on-listen-and-reload.patch \ |
29 | file://CVE-2024-6387.patch \ | ||
30 | file://CVE-2024-39894.patch \ | ||
31 | file://0001-Fix-missing-header-for-systemd-notification.patch \ | ||
30 | " | 32 | " |
31 | SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" | 33 | SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" |
32 | 34 | ||
@@ -53,7 +55,6 @@ SYSTEMD_PACKAGES = "${PN}-sshd" | |||
53 | SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" | 55 | SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" |
54 | 56 | ||
55 | inherit autotools-brokensep ptest pkgconfig | 57 | inherit autotools-brokensep ptest pkgconfig |
56 | DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" | ||
57 | 58 | ||
58 | # systemd-sshd-socket-mode means installing sshd.socket | 59 | # systemd-sshd-socket-mode means installing sshd.socket |
59 | # and systemd-sshd-service-mode corresponding to sshd.service | 60 | # and systemd-sshd-service-mode corresponding to sshd.service |
@@ -76,7 +77,6 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ | |||
76 | --sysconfdir=${sysconfdir}/ssh \ | 77 | --sysconfdir=${sysconfdir}/ssh \ |
77 | --with-xauth=${bindir}/xauth \ | 78 | --with-xauth=${bindir}/xauth \ |
78 | --disable-strip \ | 79 | --disable-strip \ |
79 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \ | ||
80 | " | 80 | " |
81 | 81 | ||
82 | # musl doesn't implement wtmp/utmp and logwtmp | 82 | # musl doesn't implement wtmp/utmp and logwtmp |
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch index aa2e5bb800..9baa0c2d75 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch | |||
@@ -6,6 +6,7 @@ Subject: [PATCH] Added handshake history reporting when test fails | |||
6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] | 6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] |
7 | 7 | ||
8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> | 8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> |
9 | Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> | ||
9 | --- | 10 | --- |
10 | test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- | 11 | test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- |
11 | test/helpers/handshake.h | 70 +++++++++++++++++++- | 12 | test/helpers/handshake.h | 70 +++++++++++++++++++- |
@@ -16,13 +17,6 @@ diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c | |||
16 | index e0422469e4..ae2ad59dd4 100644 | 17 | index e0422469e4..ae2ad59dd4 100644 |
17 | --- a/test/helpers/handshake.c | 18 | --- a/test/helpers/handshake.c |
18 | +++ b/test/helpers/handshake.c | 19 | +++ b/test/helpers/handshake.c |
19 | @@ -1,5 +1,5 @@ | ||
20 | /* | ||
21 | - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | ||
22 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
23 | * | ||
24 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
25 | * this file except in compliance with the License. You can obtain a copy | ||
26 | @@ -24,6 +24,102 @@ | 20 | @@ -24,6 +24,102 @@ |
27 | #include <netinet/sctp.h> | 21 | #include <netinet/sctp.h> |
28 | #endif | 22 | #endif |
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.2.bb b/meta/recipes-connectivity/openssl/openssl_3.2.3.bb index 1c92707144..53139df40c 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.2.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.3.bb | |||
@@ -7,7 +7,7 @@ SECTION = "libs/network" | |||
7 | LICENSE = "Apache-2.0" | 7 | LICENSE = "Apache-2.0" |
8 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" | 8 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" |
9 | 9 | ||
10 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | 10 | SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/openssl-${PV}.tar.gz \ |
11 | file://run-ptest \ | 11 | file://run-ptest \ |
12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | 12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ |
13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ | 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ |
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ | |||
18 | file://environment.d-openssl.sh \ | 18 | file://environment.d-openssl.sh \ |
19 | " | 19 | " |
20 | 20 | ||
21 | SRC_URI[sha256sum] = "197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7" | 21 | SRC_URI[sha256sum] = "52b5f1c6b8022bc5868c308c54fb77705e702d6c6f4594f99a0df216acf46239" |
22 | 22 | ||
23 | inherit lib_package multilib_header multilib_script ptest perlnative manpages | 23 | inherit lib_package multilib_header multilib_script ptest perlnative manpages |
24 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | 24 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" |
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch new file mode 100644 index 0000000000..5836cf8a00 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch | |||
@@ -0,0 +1,197 @@ | |||
1 | From dedc9380c76834ba64c8b526aef6f461ea4e7f2e Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Tue, 30 May 2023 16:42:18 +0200 | ||
4 | Subject: [PATCH 1/2] awk: fix precedence of = relative to == | ||
5 | |||
6 | Discovered while adding code to disallow assignments to non-lvalues | ||
7 | |||
8 | function old new delta | ||
9 | parse_expr 936 991 +55 | ||
10 | .rodata 105243 105247 +4 | ||
11 | ------------------------------------------------------------------------------ | ||
12 | (add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0) Total: 59 bytes | ||
13 | |||
14 | CVE: CVE-2023-42364 CVE-2023-42365 | ||
15 | |||
16 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4] | ||
17 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
18 | (cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4) | ||
19 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
20 | --- | ||
21 | editors/awk.c | 66 ++++++++++++++++++++++++++++++--------------- | ||
22 | testsuite/awk.tests | 5 ++++ | ||
23 | 2 files changed, 50 insertions(+), 21 deletions(-) | ||
24 | |||
25 | diff --git a/editors/awk.c b/editors/awk.c | ||
26 | index ec9301e..aff86fe 100644 | ||
27 | --- a/editors/awk.c | ||
28 | +++ b/editors/awk.c | ||
29 | @@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n) | ||
30 | #undef P | ||
31 | #undef PRIMASK | ||
32 | #undef PRIMASK2 | ||
33 | -#define P(x) (x << 24) | ||
34 | +/* Smaller 'x' means _higher_ operator precedence */ | ||
35 | +#define PRECEDENCE(x) (x << 24) | ||
36 | +#define P(x) PRECEDENCE(x) | ||
37 | #define PRIMASK 0x7F000000 | ||
38 | #define PRIMASK2 0x7E000000 | ||
39 | |||
40 | @@ -360,7 +362,7 @@ enum { | ||
41 | OC_MOVE = 0x1f00, OC_PGETLINE = 0x2000, OC_REGEXP = 0x2100, | ||
42 | OC_REPLACE = 0x2200, OC_RETURN = 0x2300, OC_SPRINTF = 0x2400, | ||
43 | OC_TERNARY = 0x2500, OC_UNARY = 0x2600, OC_VAR = 0x2700, | ||
44 | - OC_DONE = 0x2800, | ||
45 | + OC_CONST = 0x2800, OC_DONE = 0x2900, | ||
46 | |||
47 | ST_IF = 0x3000, ST_DO = 0x3100, ST_FOR = 0x3200, | ||
48 | ST_WHILE = 0x3300 | ||
49 | @@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = { | ||
50 | #define TI_PREINC (OC_UNARY|xV|P(9)|'P') | ||
51 | #define TI_PREDEC (OC_UNARY|xV|P(9)|'M') | ||
52 | TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5), | ||
53 | - OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(74), OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-', | ||
54 | - OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&', | ||
55 | - OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&', | ||
56 | + OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-', | ||
57 | + OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&', | ||
58 | + OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&', | ||
59 | OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*', | ||
60 | OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1, | ||
61 | #define TI_LESS (OC_COMPARE|VV|P(39)|2) | ||
62 | @@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected) | ||
63 | save_tclass = tc; | ||
64 | save_info = t_info; | ||
65 | tc = TC_BINOPX; | ||
66 | - t_info = OC_CONCAT | SS | P(35); | ||
67 | + t_info = OC_CONCAT | SS | PRECEDENCE(35); | ||
68 | } | ||
69 | |||
70 | t_tclass = tc; | ||
71 | @@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc) | ||
72 | { | ||
73 | node sn; | ||
74 | node *cn = &sn; | ||
75 | - node *vn, *glptr; | ||
76 | + node *glptr; | ||
77 | uint32_t tc, expected_tc; | ||
78 | - var *v; | ||
79 | |||
80 | debug_printf_parse("%s() term_tc(%x):", __func__, term_tc); | ||
81 | debug_parse_print_tc(term_tc); | ||
82 | @@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc) | ||
83 | expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc; | ||
84 | |||
85 | while (!((tc = next_token(expected_tc)) & term_tc)) { | ||
86 | + node *vn; | ||
87 | |||
88 | if (glptr && (t_info == TI_LESS)) { | ||
89 | /* input redirection (<) attached to glptr node */ | ||
90 | debug_printf_parse("%s: input redir\n", __func__); | ||
91 | - cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37)); | ||
92 | + cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37)); | ||
93 | cn->a.n = glptr; | ||
94 | expected_tc = TS_OPERAND | TS_UOPPRE; | ||
95 | glptr = NULL; | ||
96 | @@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc) | ||
97 | * previous operators with higher priority */ | ||
98 | vn = cn; | ||
99 | while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2)) | ||
100 | - || ((t_info == vn->info) && t_info == TI_COLON) | ||
101 | + || (t_info == vn->info && t_info == TI_COLON) | ||
102 | ) { | ||
103 | vn = vn->a.n; | ||
104 | if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN); | ||
105 | } | ||
106 | if (t_info == TI_TERNARY) | ||
107 | //TODO: why? | ||
108 | - t_info += P(6); | ||
109 | + t_info += PRECEDENCE(6); | ||
110 | cn = vn->a.n->r.n = new_node(t_info); | ||
111 | cn->a.n = vn->a.n; | ||
112 | if (tc & TS_BINOP) { | ||
113 | cn->l.n = vn; | ||
114 | -//FIXME: this is the place to detect and reject assignments to non-lvalues. | ||
115 | -//Currently we allow "assignments" to consts and temporaries, nonsense like this: | ||
116 | -// awk 'BEGIN { "qwe" = 1 }' | ||
117 | -// awk 'BEGIN { 7 *= 7 }' | ||
118 | -// awk 'BEGIN { length("qwe") = 1 }' | ||
119 | -// awk 'BEGIN { (1+1) += 3 }' | ||
120 | + | ||
121 | + /* Prevent: | ||
122 | + * awk 'BEGIN { "qwe" = 1 }' | ||
123 | + * awk 'BEGIN { 7 *= 7 }' | ||
124 | + * awk 'BEGIN { length("qwe") = 1 }' | ||
125 | + * awk 'BEGIN { (1+1) += 3 }' | ||
126 | + */ | ||
127 | + /* Assignment? (including *= and friends) */ | ||
128 | + if (((t_info & OPCLSMASK) == OC_MOVE) | ||
129 | + || ((t_info & OPCLSMASK) == OC_REPLACE) | ||
130 | + ) { | ||
131 | + debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info); | ||
132 | + /* Left side is a (variable or array element) | ||
133 | + * or function argument | ||
134 | + * or $FIELD ? | ||
135 | + */ | ||
136 | + if ((vn->info & OPCLSMASK) != OC_VAR | ||
137 | + && (vn->info & OPCLSMASK) != OC_FNARG | ||
138 | + && (vn->info & OPCLSMASK) != OC_FIELD | ||
139 | + ) { | ||
140 | + syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */ | ||
141 | + } | ||
142 | + } | ||
143 | + | ||
144 | expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP; | ||
145 | if (t_info == TI_PGETLINE) { | ||
146 | /* it's a pipe */ | ||
147 | @@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc) | ||
148 | /* one should be very careful with switch on tclass - | ||
149 | * only simple tclasses should be used (TC_xyz, not TS_xyz) */ | ||
150 | switch (tc) { | ||
151 | + var *v; | ||
152 | + | ||
153 | case TC_VARIABLE: | ||
154 | case TC_ARRAY: | ||
155 | debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__); | ||
156 | @@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc) | ||
157 | case TC_NUMBER: | ||
158 | case TC_STRING: | ||
159 | debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__); | ||
160 | - cn->info = OC_VAR; | ||
161 | + cn->info = OC_CONST; | ||
162 | v = cn->l.v = xzalloc(sizeof(var)); | ||
163 | - if (tc & TC_NUMBER) | ||
164 | + if (tc & TC_NUMBER) { | ||
165 | setvar_i(v, t_double); | ||
166 | - else { | ||
167 | + } else { | ||
168 | setvar_s(v, t_string); | ||
169 | - expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */ | ||
170 | } | ||
171 | + expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */ | ||
172 | break; | ||
173 | |||
174 | case TC_REGEXP: | ||
175 | @@ -3107,6 +3129,8 @@ static var *evaluate(node *op, var *res) | ||
176 | |||
177 | /* -- recursive node type -- */ | ||
178 | |||
179 | + case XC( OC_CONST ): | ||
180 | + debug_printf_eval("CONST "); | ||
181 | case XC( OC_VAR ): | ||
182 | debug_printf_eval("VAR\n"); | ||
183 | L.v = op->l.v; | ||
184 | diff --git a/testsuite/awk.tests b/testsuite/awk.tests | ||
185 | index ddc5104..a78fdcd 100755 | ||
186 | --- a/testsuite/awk.tests | ||
187 | +++ b/testsuite/awk.tests | ||
188 | @@ -540,4 +540,9 @@ testing 'awk assign while assign' \ | ||
189 | │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] | ||
190 | └────────────────────────────────────────────────────┘^C" | ||
191 | |||
192 | +testing "awk = has higher precedence than == (despite what gawk manpage claims)" \ | ||
193 | + "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \ | ||
194 | + '0\n1\n2\n1\n3\n' \ | ||
195 | + '' '' | ||
196 | + | ||
197 | exit $FAILCOUNT | ||
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch new file mode 100644 index 0000000000..3f6145b250 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From e1a68741067167dc4837e0a26d3d5c318a631fc7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ron Yorston <rmy@pobox.com> | ||
3 | Date: Fri, 19 Jan 2024 15:41:17 +0000 | ||
4 | Subject: [PATCH] awk: fix segfault when compiled by clang | ||
5 | |||
6 | A 32-bit build of BusyBox using clang segfaulted in the test | ||
7 | "awk assign while assign". Specifically, on line 7 of the test | ||
8 | input where the adjustment of the L.v pointer when the Fields | ||
9 | array was reallocated | ||
10 | |||
11 | L.v += Fields - old_Fields_ptr; | ||
12 | |||
13 | was out by 4 bytes. | ||
14 | |||
15 | Rearrange to code so both gcc and clang generate code that works. | ||
16 | |||
17 | Signed-off-by: Ron Yorston <rmy@pobox.com> | ||
18 | Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | ||
19 | |||
20 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae] | ||
21 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
22 | --- | ||
23 | editors/awk.c | 2 +- | ||
24 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
25 | |||
26 | diff --git a/editors/awk.c b/editors/awk.c | ||
27 | index aa485c782..0981c6735 100644 | ||
28 | --- a/editors/awk.c | ||
29 | +++ b/editors/awk.c | ||
30 | @@ -2935,7 +2935,7 @@ static var *evaluate(node *op, var *res) | ||
31 | if (old_Fields_ptr) { | ||
32 | //if (old_Fields_ptr != Fields) | ||
33 | // debug_printf_eval("L.v moved\n"); | ||
34 | - L.v += Fields - old_Fields_ptr; | ||
35 | + L.v = Fields + (L.v - old_Fields_ptr); | ||
36 | } | ||
37 | if (opinfo & OF_STR2) { | ||
38 | R.s = getvar_s(R.v); | ||
39 | -- | ||
40 | 2.30.2 | ||
41 | |||
diff --git a/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch new file mode 100644 index 0000000000..282c2fde5a --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 8542236894a8d5f7393327117bc7f64787444efc Mon Sep 17 00:00:00 2001 | ||
2 | From: Valery Ushakov <uwe@stderr.spb.ru> | ||
3 | Date: Wed, 24 Jan 2024 22:24:41 +0300 | ||
4 | Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874) | ||
5 | |||
6 | Make sure we don't read past the end of the string in next_token() | ||
7 | when backslash is the last character in an (invalid) regexp. | ||
8 | a fix and issue reported in bugzilla | ||
9 | |||
10 | https://bugs.busybox.net/show_bug.cgi?id=15874 | ||
11 | |||
12 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html] | ||
13 | |||
14 | CVE: CVE-2023-42366 | ||
15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
16 | --- | ||
17 | editors/awk.c | 6 ++++-- | ||
18 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/editors/awk.c b/editors/awk.c | ||
21 | index f320d8c..a53b193 100644 | ||
22 | --- a/editors/awk.c | ||
23 | +++ b/editors/awk.c | ||
24 | @@ -1168,9 +1168,11 @@ static uint32_t next_token(uint32_t expected) | ||
25 | s[-1] = bb_process_escape_sequence((const char **)&pp); | ||
26 | if (*p == '\\') | ||
27 | *s++ = '\\'; | ||
28 | - if (pp == p) | ||
29 | + if (pp == p) { | ||
30 | + if (*p == '\0') | ||
31 | + syntax_error(EMSG_UNEXP_EOS); | ||
32 | *s++ = *p++; | ||
33 | - else | ||
34 | + } else | ||
35 | p = pp; | ||
36 | } | ||
37 | } | ||
diff --git a/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch new file mode 100644 index 0000000000..a0a8607b23 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 199606e960942c29fd8085be812edd3d3697825c Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin McAllister <colinmca242@gmail.com> | ||
3 | Date: Wed, 17 Jul 2024 07:58:52 -0500 | ||
4 | Subject: [PATCH 1/1] cut: Fix "-s" flag to omit blank lines | ||
5 | |||
6 | Using cut with the delimiter flag ("-d") with the "-s" flag to only | ||
7 | output lines containing the delimiter will print blank lines. This is | ||
8 | deviant behavior from cut provided by GNU Coreutils. Blank lines should | ||
9 | be omitted if "-s" is used with "-d". | ||
10 | |||
11 | This change introduces a somewhat naiive, yet efficient solution, where | ||
12 | line length is checked before looping though bytes. If line length is | ||
13 | zero and the "-s" flag is used, the code will jump to parsing the next | ||
14 | line to avoid printing a newline character. | ||
15 | |||
16 | In addition, a test to cut.tests has been added to ensure that this | ||
17 | regression is fixed and will not happen again in the future. | ||
18 | |||
19 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-July/090834.html] | ||
20 | |||
21 | Signed-off-by: Colin McAllister <colinmca242@gmail.com> | ||
22 | --- | ||
23 | coreutils/cut.c | 6 ++++++ | ||
24 | testsuite/cut.tests | 9 +++++++++ | ||
25 | 2 files changed, 15 insertions(+) | ||
26 | |||
27 | diff --git a/coreutils/cut.c b/coreutils/cut.c | ||
28 | index 55bdd9386..b7f986f26 100644 | ||
29 | --- a/coreutils/cut.c | ||
30 | +++ b/coreutils/cut.c | ||
31 | @@ -152,6 +152,12 @@ static void cut_file(FILE *file, const char *delim, const char *odelim, | ||
32 | unsigned uu = 0, start = 0, end = 0, out = 0; | ||
33 | int dcount = 0; | ||
34 | |||
35 | + /* Blank line? */ | ||
36 | + if (!linelen) { | ||
37 | + if (option_mask32 & CUT_OPT_SUPPRESS_FLGS) | ||
38 | + goto next_line; | ||
39 | + } | ||
40 | + | ||
41 | /* Loop through bytes, finding next delimiter */ | ||
42 | for (;;) { | ||
43 | /* End of current range? */ | ||
44 | diff --git a/testsuite/cut.tests b/testsuite/cut.tests | ||
45 | index 2458c019c..0b401bc00 100755 | ||
46 | --- a/testsuite/cut.tests | ||
47 | +++ b/testsuite/cut.tests | ||
48 | @@ -65,6 +65,15 @@ testing "cut with -d -f( ) -s" "cut -d' ' -f3 -s input && echo yes" "yes\n" "$in | ||
49 | testing "cut with -d -f(a) -s" "cut -da -f3 -s input" "n\nsium:Jim\n\ncion:Ed\n" "$input" "" | ||
50 | testing "cut with -d -f(a) -s -n" "cut -da -f3 -s -n input" "n\nsium:Jim\n\ncion:Ed\n" "$input" "" | ||
51 | |||
52 | +input="\ | ||
53 | + | ||
54 | +foo bar baz | ||
55 | + | ||
56 | +bing bong boop | ||
57 | + | ||
58 | +" | ||
59 | +testing "cut with -d -s omits blank lines" "cut -d' ' -f2 -s input" "bar\nbong\n" "$input" "" | ||
60 | + | ||
61 | # substitute for awk | ||
62 | optional FEATURE_CUT_REGEX | ||
63 | testing "cut -DF" "cut -DF 2,7,5" \ | ||
64 | -- | ||
65 | 2.43.0 | ||
66 | |||
diff --git a/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch new file mode 100644 index 0000000000..ea3c84897b --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch | |||
@@ -0,0 +1,96 @@ | |||
1 | From c3bfdac8e0e9a21d524ad72036953f68d2193e52 Mon Sep 17 00:00:00 2001 | ||
2 | From: Natanael Copa <ncopa@alpinelinux.org> | ||
3 | Date: Tue, 21 May 2024 14:46:08 +0200 | ||
4 | Subject: [PATCH 2/2] awk: fix ternary operator and precedence of = | ||
5 | |||
6 | Adjust the = precedence test to match behavior of gawk, mawk and | ||
7 | FreeBSD. awk 'BEGIN {print v=3==3; print v}' should print two '1'. | ||
8 | |||
9 | To fix this, and to unbreak the ternary conditional operator, we restore | ||
10 | the precedence of = in the token list, but override this with a lower | ||
11 | priority when the assignment is on the right side of a compare. | ||
12 | |||
13 | This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1] | ||
14 | |||
15 | CVE: CVE-2023-42364 CVE-2023-42365 | ||
16 | |||
17 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html] | ||
18 | |||
19 | [1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6 | ||
20 | |||
21 | Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> | ||
22 | (cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95) | ||
23 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
24 | --- | ||
25 | editors/awk.c | 18 ++++++++++++++---- | ||
26 | testsuite/awk.tests | 9 +++++++-- | ||
27 | 2 files changed, 21 insertions(+), 6 deletions(-) | ||
28 | |||
29 | diff --git a/editors/awk.c b/editors/awk.c | ||
30 | index aff86fe..f320d8c 100644 | ||
31 | --- a/editors/awk.c | ||
32 | +++ b/editors/awk.c | ||
33 | @@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = { | ||
34 | #define TI_PREINC (OC_UNARY|xV|P(9)|'P') | ||
35 | #define TI_PREDEC (OC_UNARY|xV|P(9)|'M') | ||
36 | TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5), | ||
37 | - OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-', | ||
38 | - OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&', | ||
39 | - OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&', | ||
40 | +#define TI_ASSIGN (OC_MOVE|VV|P(74)) | ||
41 | + OC_COMPARE|VV|P(39)|5, TI_ASSIGN, OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-', | ||
42 | + OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&', | ||
43 | + OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&', | ||
44 | OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*', | ||
45 | OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1, | ||
46 | #define TI_LESS (OC_COMPARE|VV|P(39)|2) | ||
47 | @@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc) | ||
48 | continue; | ||
49 | } | ||
50 | if (tc & (TS_BINOP | TC_UOPPOST)) { | ||
51 | + int prio; | ||
52 | debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc); | ||
53 | /* for binary and postfix-unary operators, jump back over | ||
54 | * previous operators with higher priority */ | ||
55 | vn = cn; | ||
56 | - while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2)) | ||
57 | + /* Let assignment get higher priority when used on right | ||
58 | + * side in compare. i.e: 2==v=3 */ | ||
59 | + if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) { | ||
60 | + prio = PRECEDENCE(38); | ||
61 | + } else { | ||
62 | + prio = (t_info & PRIMASK); | ||
63 | + } | ||
64 | + while ((prio > (vn->a.n->info & PRIMASK2)) | ||
65 | || (t_info == vn->info && t_info == TI_COLON) | ||
66 | ) { | ||
67 | vn = vn->a.n; | ||
68 | @@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc) | ||
69 | if ((vn->info & OPCLSMASK) != OC_VAR | ||
70 | && (vn->info & OPCLSMASK) != OC_FNARG | ||
71 | && (vn->info & OPCLSMASK) != OC_FIELD | ||
72 | + && (vn->info & OPCLSMASK) != OC_COMPARE | ||
73 | ) { | ||
74 | syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */ | ||
75 | } | ||
76 | diff --git a/testsuite/awk.tests b/testsuite/awk.tests | ||
77 | index a78fdcd..d2706de 100755 | ||
78 | --- a/testsuite/awk.tests | ||
79 | +++ b/testsuite/awk.tests | ||
80 | @@ -540,9 +540,14 @@ testing 'awk assign while assign' \ | ||
81 | │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] | ||
82 | └────────────────────────────────────────────────────┘^C" | ||
83 | |||
84 | -testing "awk = has higher precedence than == (despite what gawk manpage claims)" \ | ||
85 | +testing "awk = has higher precedence than == on right side" \ | ||
86 | "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \ | ||
87 | - '0\n1\n2\n1\n3\n' \ | ||
88 | + '0\n1\n2\n1\n1\n' \ | ||
89 | + '' '' | ||
90 | + | ||
91 | +testing 'awk ternary precedence' \ | ||
92 | + "awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \ | ||
93 | + 'no\n' \ | ||
94 | '' '' | ||
95 | |||
96 | exit $FAILCOUNT | ||
diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch new file mode 100644 index 0000000000..3baef86415 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch | |||
@@ -0,0 +1,151 @@ | |||
1 | From 5dcc443dba039b305a510c01883e9f34e42656ae Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Fri, 26 May 2023 19:36:58 +0200 | ||
4 | Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601 | ||
5 | |||
6 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
7 | |||
8 | CVE: CVE-2021-42380 | ||
9 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae] | ||
10 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
11 | --- | ||
12 | editors/awk.c | 26 ++++++++++++++++----- | ||
13 | testsuite/awk.tests | 55 +++++++++++++++++++++++++++++++++++++++++++++ | ||
14 | 2 files changed, 75 insertions(+), 6 deletions(-) | ||
15 | |||
16 | diff --git a/editors/awk.c b/editors/awk.c | ||
17 | index 728ee8685..2af823808 100644 | ||
18 | --- a/editors/awk.c | ||
19 | +++ b/editors/awk.c | ||
20 | @@ -555,7 +555,7 @@ struct globals { | ||
21 | const char *g_progname; | ||
22 | int g_lineno; | ||
23 | int nfields; | ||
24 | - int maxfields; /* used in fsrealloc() only */ | ||
25 | + unsigned maxfields; | ||
26 | var *Fields; | ||
27 | char *g_pos; | ||
28 | char g_saved_ch; | ||
29 | @@ -1931,9 +1931,9 @@ static void fsrealloc(int size) | ||
30 | { | ||
31 | int i, newsize; | ||
32 | |||
33 | - if (size >= maxfields) { | ||
34 | - /* Sanity cap, easier than catering for overflows */ | ||
35 | - if (size > 0xffffff) | ||
36 | + if ((unsigned)size >= maxfields) { | ||
37 | + /* Sanity cap, easier than catering for over/underflows */ | ||
38 | + if ((unsigned)size > 0xffffff) | ||
39 | bb_die_memory_exhausted(); | ||
40 | |||
41 | i = maxfields; | ||
42 | @@ -2891,6 +2891,7 @@ static var *evaluate(node *op, var *res) | ||
43 | uint32_t opinfo; | ||
44 | int opn; | ||
45 | node *op1; | ||
46 | + var *old_Fields_ptr; | ||
47 | |||
48 | opinfo = op->info; | ||
49 | opn = (opinfo & OPNMASK); | ||
50 | @@ -2899,10 +2900,16 @@ static var *evaluate(node *op, var *res) | ||
51 | debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn); | ||
52 | |||
53 | /* execute inevitable things */ | ||
54 | + old_Fields_ptr = NULL; | ||
55 | if (opinfo & OF_RES1) { | ||
56 | if ((opinfo & OF_REQUIRED) && !op1) | ||
57 | syntax_error(EMSG_TOO_FEW_ARGS); | ||
58 | L.v = evaluate(op1, TMPVAR0); | ||
59 | + /* Does L.v point to $n variable? */ | ||
60 | + if ((size_t)(L.v - Fields) < maxfields) { | ||
61 | + /* yes, remember where Fields[] is */ | ||
62 | + old_Fields_ptr = Fields; | ||
63 | + } | ||
64 | if (opinfo & OF_STR1) { | ||
65 | L.s = getvar_s(L.v); | ||
66 | debug_printf_eval("L.s:'%s'\n", L.s); | ||
67 | @@ -2921,8 +2928,15 @@ static var *evaluate(node *op, var *res) | ||
68 | */ | ||
69 | if (opinfo & OF_RES2) { | ||
70 | R.v = evaluate(op->r.n, TMPVAR1); | ||
71 | - //TODO: L.v may be invalid now, set L.v to NULL to catch bugs? | ||
72 | - //L.v = NULL; | ||
73 | + /* Seen in $5=$$5=$0: | ||
74 | + * Evaluation of R.v ($$5=$0 expression) | ||
75 | + * made L.v ($5) invalid. It's detected here. | ||
76 | + */ | ||
77 | + if (old_Fields_ptr) { | ||
78 | + //if (old_Fields_ptr != Fields) | ||
79 | + // debug_printf_eval("L.v moved\n"); | ||
80 | + L.v += Fields - old_Fields_ptr; | ||
81 | + } | ||
82 | if (opinfo & OF_STR2) { | ||
83 | R.s = getvar_s(R.v); | ||
84 | debug_printf_eval("R.s:'%s'\n", R.s); | ||
85 | diff --git a/testsuite/awk.tests b/testsuite/awk.tests | ||
86 | index bbf0fbff1..ddc51047b 100755 | ||
87 | --- a/testsuite/awk.tests | ||
88 | +++ b/testsuite/awk.tests | ||
89 | @@ -485,4 +485,59 @@ testing 'awk assign while test' \ | ||
90 | "" \ | ||
91 | "foo" | ||
92 | |||
93 | +# User-supplied bug (SEGV) example, was causing use-after-realloc | ||
94 | +testing 'awk assign while assign' \ | ||
95 | + "awk '\$5=\$\$5=\$0'; echo \$?" \ | ||
96 | + "\ | ||
97 | +─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐ | ||
98 | +│ run time : │ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ | ||
99 | +│ last new find │ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ | ||
100 | +│last saved crash : │last saved crash : none seen yet │saved crashes : 0 │ seen yet │saved crashes : 0 │ | ||
101 | +│ last saved hang │ last saved hang : none seen yet │ saved hangs : 0 │ none seen yet │ saved hangs : 0 │ | ||
102 | +├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤ | ||
103 | +│ now processing : │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ (88.5%) │ map density : 0.30% / 0.52% │ │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ | ||
104 | +│ runs timed out │ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │ | ||
105 | +├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤ | ||
106 | +│ now trying : │ now trying : havoc │ favored items : 43 (20.67%) │ │ favored items : 43 (20.67%) │ | ||
107 | +│ stage execs : │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ 52 (25.00%) │ | ||
108 | +│ total execs : │ total execs : 179k │ total crashes : 0 (0 saved) │ │ total crashes : 0 (0 saved) │ │ total execs : 179k │ total crashes : 0 (0 saved) │ | ||
109 | +│ exec speed : │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ │ total tmouts : 0 (0 saved) │ │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ | ||
110 | +├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤ | ||
111 | +│ bit flips : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ 4/638, 5/618 │ levels : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ │ | ||
112 | +│ byte flips : │ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ 0/71, 0/52 │ pending : 199 │ | ||
113 | +│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ 0/0 │ pend fav : 35 │ | ||
114 | +│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ known ints : │ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ 0/1986, 0/2288 │ own finds : 207 │ | ||
115 | +│ dictionary : 0/0, │ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ 0/0, 0/0 │ imported : 0 │ | ||
116 | +│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ stability : 100.00% │ | ||
117 | +│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ unused ├───────────────────────┘ | ||
118 | +│ trim/eff : 57.02%/26, │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] │ [cpu000:100%] | ||
119 | +└────────────────────────────────────────────────────┘^C └────────────────────────────────────────────────────┘^C | ||
120 | +0 | ||
121 | +" \ | ||
122 | + "" \ | ||
123 | + "\ | ||
124 | +─ process timing ────────────────────────────────────┬─ overall results ────┐ | ||
125 | +│ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ | ||
126 | +│ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ | ||
127 | +│last saved crash : none seen yet │saved crashes : 0 │ | ||
128 | +│ last saved hang : none seen yet │ saved hangs : 0 │ | ||
129 | +├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ | ||
130 | +│ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ | ||
131 | +│ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ | ||
132 | +├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ | ||
133 | +│ now trying : havoc │ favored items : 43 (20.67%) │ | ||
134 | +│ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ | ||
135 | +│ total execs : 179k │ total crashes : 0 (0 saved) │ | ||
136 | +│ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ | ||
137 | +├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ | ||
138 | +│ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ | ||
139 | +│ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ | ||
140 | +│ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ | ||
141 | +│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ | ||
142 | +│ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ | ||
143 | +│havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ | ||
144 | +│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ | ||
145 | +│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] | ||
146 | +└────────────────────────────────────────────────────┘^C" | ||
147 | + | ||
148 | exit $FAILCOUNT | ||
149 | -- | ||
150 | 2.30.2 | ||
151 | |||
diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch new file mode 100644 index 0000000000..379f6f83b1 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa Mon Sep 17 00:00:00 2001 | ||
2 | From: Natanael Copa <ncopa@alpinelinux.org> | ||
3 | Date: Mon, 20 May 2024 17:55:28 +0200 | ||
4 | Subject: [PATCH] awk: fix use after free (CVE-2023-42363) | ||
5 | |||
6 | function old new delta | ||
7 | evaluate 3377 3385 +8 | ||
8 | |||
9 | Fixes https://bugs.busybox.net/show_bug.cgi?id=15865 | ||
10 | |||
11 | Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> | ||
12 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
13 | |||
14 | CVE: CVE-2023-42363 | ||
15 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa] | ||
16 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
17 | --- | ||
18 | editors/awk.c | 21 +++++++++++++-------- | ||
19 | 1 file changed, 13 insertions(+), 8 deletions(-) | ||
20 | |||
21 | diff --git a/editors/awk.c b/editors/awk.c | ||
22 | index 0981c6735..ff6d6350b 100644 | ||
23 | --- a/editors/awk.c | ||
24 | +++ b/editors/awk.c | ||
25 | @@ -2910,19 +2910,14 @@ static var *evaluate(node *op, var *res) | ||
26 | /* yes, remember where Fields[] is */ | ||
27 | old_Fields_ptr = Fields; | ||
28 | } | ||
29 | - if (opinfo & OF_STR1) { | ||
30 | - L.s = getvar_s(L.v); | ||
31 | - debug_printf_eval("L.s:'%s'\n", L.s); | ||
32 | - } | ||
33 | if (opinfo & OF_NUM1) { | ||
34 | L_d = getvar_i(L.v); | ||
35 | debug_printf_eval("L_d:%f\n", L_d); | ||
36 | } | ||
37 | } | ||
38 | - /* NB: Must get string/numeric values of L (done above) | ||
39 | - * _before_ evaluate()'ing R.v: if both L and R are $NNNs, | ||
40 | - * and right one is large, then L.v points to Fields[NNN1], | ||
41 | - * second evaluate() reallocates and moves (!) Fields[], | ||
42 | + /* NB: if both L and R are $NNNs, and right one is large, | ||
43 | + * then at this pint L.v points to Fields[NNN1], second | ||
44 | + * evaluate() below reallocates and moves (!) Fields[], | ||
45 | * R.v points to Fields[NNN2] but L.v now points to freed mem! | ||
46 | * (Seen trying to evaluate "$444 $44444") | ||
47 | */ | ||
48 | @@ -2942,6 +2937,16 @@ static var *evaluate(node *op, var *res) | ||
49 | debug_printf_eval("R.s:'%s'\n", R.s); | ||
50 | } | ||
51 | } | ||
52 | + /* Get L.s _after_ R.v is evaluated: it may have realloc'd L.v | ||
53 | + * so we must get the string after "old_Fields_ptr" correction | ||
54 | + * above. Testcase: x = (v = "abc", gsub("b", "X", v)); | ||
55 | + */ | ||
56 | + if (opinfo & OF_RES1) { | ||
57 | + if (opinfo & OF_STR1) { | ||
58 | + L.s = getvar_s(L.v); | ||
59 | + debug_printf_eval("L.s:'%s'\n", L.s); | ||
60 | + } | ||
61 | + } | ||
62 | |||
63 | debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK)); | ||
64 | switch (XC(opinfo & OPCLSMASK)) { | ||
65 | -- | ||
66 | 2.30.2 | ||
67 | |||
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb index 06eb9eb999..42dd5f71eb 100644 --- a/meta/recipes-core/busybox/busybox_1.36.1.bb +++ b/meta/recipes-core/busybox/busybox_1.36.1.bb | |||
@@ -50,6 +50,13 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
50 | file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ | 50 | file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ |
51 | file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ | 51 | file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ |
52 | file://start-stop-false.patch \ | 52 | file://start-stop-false.patch \ |
53 | file://CVE-2021-42380.patch \ | ||
54 | file://0001-awk-fix-segfault-when-compiled-by-clang.patch \ | ||
55 | file://CVE-2023-42363.patch \ | ||
56 | file://0001-awk-fix-precedence-of-relative-to.patch \ | ||
57 | file://0002-awk-fix-ternary-operator-and-precedence-of.patch \ | ||
58 | file://0001-awk.c-fix-CVE-2023-42366-bug-15874.patch \ | ||
59 | file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \ | ||
53 | " | 60 | " |
54 | SRC_URI:append:libc-musl = " file://musl.cfg " | 61 | SRC_URI:append:libc-musl = " file://musl.cfg " |
55 | # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html | 62 | # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html |
diff --git a/meta/recipes-core/expat/expat_2.6.2.bb b/meta/recipes-core/expat/expat_2.6.3.bb index 6c9db91bef..5ae694a004 100644 --- a/meta/recipes-core/expat/expat_2.6.2.bb +++ b/meta/recipes-core/expat/expat_2.6.3.bb | |||
@@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ | |||
15 | GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" | 15 | GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" |
16 | UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)" | 16 | UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)" |
17 | 17 | ||
18 | SRC_URI[sha256sum] = "9c7c1b5dcbc3c237c500a8fb1493e14d9582146dd9b42aa8d3ffb856a3b927e0" | 18 | SRC_URI[sha256sum] = "b8baef92f328eebcf731f4d18103951c61fa8c8ec21d5ff4202fb6f2198aeb2d" |
19 | 19 | ||
20 | EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" | 20 | EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" |
21 | 21 | ||
diff --git a/meta/recipes-core/gettext/gettext/0001-intl-Fix-build-failure-with-make-j.patch b/meta/recipes-core/gettext/gettext/0001-intl-Fix-build-failure-with-make-j.patch new file mode 100644 index 0000000000..144259dd3f --- /dev/null +++ b/meta/recipes-core/gettext/gettext/0001-intl-Fix-build-failure-with-make-j.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 97a6a63ad61949663283f5fad68c9d5fb9be1f15 Mon Sep 17 00:00:00 2001 | ||
2 | From: Bruno Haible <bruno@clisp.org> | ||
3 | Date: Tue, 12 Sep 2023 11:33:41 +0200 | ||
4 | Subject: [PATCH] intl: Fix build failure with "make -j". | ||
5 | |||
6 | Reported by Christian Weisgerber <naddy@mips.inka.de> at | ||
7 | <https://lists.gnu.org/archive/html/bug-gettext/2023-09/msg00005.html>. | ||
8 | |||
9 | * gettext-runtime/intl/Makefile.am (langprefs.lo, log.lo): Depend on gettextP.h | ||
10 | and its subordinate includes. | ||
11 | |||
12 | Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commit;h=97a6a63ad61949663283f5fad68c9d5fb9be1f15] | ||
13 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
14 | --- | ||
15 | gettext-runtime/intl/Makefile.am | 4 ++-- | ||
16 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
17 | |||
18 | diff --git a/gettext-runtime/intl/Makefile.am b/gettext-runtime/intl/Makefile.am | ||
19 | index da7abb758..9e56978bc 100644 | ||
20 | --- a/gettext-runtime/intl/Makefile.am | ||
21 | +++ b/gettext-runtime/intl/Makefile.am | ||
22 | @@ -387,8 +387,8 @@ dngettext.lo: ../config.h $(srcdir)/gettextP.h libgnuintl.h $(srcdir)/gmo | ||
23 | ngettext.lo: ../config.h $(srcdir)/gettextP.h libgnuintl.h $(srcdir)/gmo.h $(srcdir)/loadinfo.h | ||
24 | plural.lo: ../config.h $(srcdir)/plural-exp.h $(PLURAL_DEPS) | ||
25 | plural-exp.lo: ../config.h $(srcdir)/plural-exp.h | ||
26 | -langprefs.lo: ../config.h | ||
27 | -log.lo: ../config.h | ||
28 | +langprefs.lo: ../config.h $(srcdir)/gettextP.h libgnuintl.h $(srcdir)/gmo.h $(srcdir)/loadinfo.h | ||
29 | +log.lo: ../config.h $(srcdir)/gettextP.h libgnuintl.h $(srcdir)/gmo.h $(srcdir)/loadinfo.h | ||
30 | printf.lo: ../config.h | ||
31 | setlocale.lo: ../config.h $(srcdir)/gettextP.h libgnuintl.h $(srcdir)/gmo.h $(srcdir)/loadinfo.h | ||
32 | version.lo: ../config.h libgnuintl.h | ||
33 | -- | ||
34 | 2.25.1 | ||
35 | |||
diff --git a/meta/recipes-core/gettext/gettext_0.22.5.bb b/meta/recipes-core/gettext/gettext_0.22.5.bb index 1a66d37916..7eeb1a86fd 100644 --- a/meta/recipes-core/gettext/gettext_0.22.5.bb +++ b/meta/recipes-core/gettext/gettext_0.22.5.bb | |||
@@ -28,6 +28,7 @@ SRC_URI += " \ | |||
28 | file://serial-tests-config.patch \ | 28 | file://serial-tests-config.patch \ |
29 | file://0001-tests-autopoint-3-unset-MAKEFLAGS.patch \ | 29 | file://0001-tests-autopoint-3-unset-MAKEFLAGS.patch \ |
30 | file://0001-init-env.in-do-not-add-C-CXX-parameters.patch \ | 30 | file://0001-init-env.in-do-not-add-C-CXX-parameters.patch \ |
31 | file://0001-intl-Fix-build-failure-with-make-j.patch \ | ||
31 | " | 32 | " |
32 | 33 | ||
33 | inherit autotools texinfo pkgconfig ptest | 34 | inherit autotools texinfo pkgconfig ptest |
diff --git a/meta/recipes-core/glib-networking/glib-networking/eagain.patch b/meta/recipes-core/glib-networking/glib-networking/eagain.patch index 6c2e3c634b..98ff476071 100644 --- a/meta/recipes-core/glib-networking/glib-networking/eagain.patch +++ b/meta/recipes-core/glib-networking/glib-networking/eagain.patch | |||
@@ -12,7 +12,7 @@ FAIL: glib-networking/connection-openssl.test (Child process killed by signal 6) | |||
12 | 12 | ||
13 | The test should probably retry in this situation so test a patch which does this. | 13 | The test should probably retry in this situation so test a patch which does this. |
14 | 14 | ||
15 | Upstream-Status: Pending [testing to see if patch resolves the issue] | 15 | Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/253] |
16 | 16 | ||
17 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | 17 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
18 | --- | 18 | --- |
diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc index 1ef987be0a..b90ff66612 100644 --- a/meta/recipes-core/glibc/glibc-package.inc +++ b/meta/recipes-core/glibc/glibc-package.inc | |||
@@ -39,7 +39,7 @@ FILES:sln = "${base_sbindir}/sln" | |||
39 | FILES:${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o" | 39 | FILES:${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o" |
40 | FILES:libsotruss = "${libdir}/audit/sotruss-lib.so" | 40 | FILES:libsotruss = "${libdir}/audit/sotruss-lib.so" |
41 | FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}" | 41 | FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}" |
42 | FILES:${PN}-dev += "${libdir}/libpthread.a ${libdir}/libdl.a ${libdir}/libutil.a ${libdir}/libanl.a ${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal" | 42 | FILES:${PN}-dev += "${libdir}/libpthread.a ${libdir}/libdl.a ${libdir}/libutil.a ${libdir}/libanl.a ${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal ${libdir}/gcc/${TARGET_SYS}/*/finclude" |
43 | RDEPENDS:${PN}-dev = "linux-libc-headers-dev" | 43 | RDEPENDS:${PN}-dev = "linux-libc-headers-dev" |
44 | FILES:${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a" | 44 | FILES:${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a" |
45 | FILES:nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd ${systemd_system_unitdir}/nscd* ${nonarch_libdir}/tmpfiles.d/nscd.conf \ | 45 | FILES:nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd ${systemd_system_unitdir}/nscd* ${nonarch_libdir}/tmpfiles.d/nscd.conf \ |
@@ -169,6 +169,12 @@ do_install_armmultilib () { | |||
169 | oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h sys/user.h | 169 | oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h sys/user.h |
170 | } | 170 | } |
171 | 171 | ||
172 | do_install_armmultilib:append:class-target() { | ||
173 | gcc_version=$($CC -dumpversion) | ||
174 | mkdir -p ${D}${libdir}/gcc/${TARGET_SYS}/${gcc_version}/finclude | ||
175 | mv ${D}${includedir}/finclude/math-vector-fortran.h ${D}${libdir}/gcc/${TARGET_SYS}/${gcc_version}/finclude/ | ||
176 | rmdir --ignore-fail-on-non-empty ${D}${includedir}/finclude | ||
177 | } | ||
172 | 178 | ||
173 | LOCALESTASH = "${WORKDIR}/stashed-locale" | 179 | LOCALESTASH = "${WORKDIR}/stashed-locale" |
174 | bashscripts = "mtrace sotruss xtrace" | 180 | bashscripts = "mtrace sotruss xtrace" |
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 1e4a323d64..955b22bc38 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc | |||
@@ -1,10 +1,8 @@ | |||
1 | SRCBRANCH ?= "release/2.39/master" | 1 | SRCBRANCH ?= "release/2.39/master" |
2 | PV = "2.39+git" | 2 | PV = "2.39+git" |
3 | SRCREV_glibc ?= "273a835fe7c685cc54266bb8b502787bad5e9bae" | 3 | SRCREV_glibc ?= "e8f521709731ce3ae8d6f1eca30135d5c0606f02" |
4 | SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" | 4 | SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" |
5 | 5 | ||
6 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" | 6 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" |
7 | 7 | ||
8 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)" | 8 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)" |
9 | |||
10 | CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" | ||
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index bceeb4866f..9c29cf600d 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb | |||
@@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check | |||
26 | 26 | ||
27 | REQUIRED_DISTRO_FEATURES += "xattr" | 27 | REQUIRED_DISTRO_FEATURES += "xattr" |
28 | 28 | ||
29 | SRCREV ?= "5d657e0f472ce481ab62bc9ebf3d2b81c04cf3f3" | 29 | SRCREV ?= "bf88a67b45235236d6655dce604e632eb94a813c" |
30 | SRC_URI = "git://git.yoctoproject.org/poky;branch=scarthgap \ | 30 | SRC_URI = "git://git.yoctoproject.org/poky;branch=scarthgap \ |
31 | file://Yocto_Build_Appliance.vmx \ | 31 | file://Yocto_Build_Appliance.vmx \ |
32 | file://Yocto_Build_Appliance.vmxf \ | 32 | file://Yocto_Build_Appliance.vmxf \ |
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/init b/meta/recipes-core/initrdscripts/initramfs-framework/init index 567694aff7..20c0455ec8 100755 --- a/meta/recipes-core/initrdscripts/initramfs-framework/init +++ b/meta/recipes-core/initrdscripts/initramfs-framework/init | |||
@@ -117,7 +117,7 @@ if grep -q devtmpfs /proc/filesystems; then | |||
117 | mount -t devtmpfs devtmpfs /dev | 117 | mount -t devtmpfs devtmpfs /dev |
118 | else | 118 | else |
119 | if [ ! -d /dev ]; then | 119 | if [ ! -d /dev ]; then |
120 | fatal "ERROR: /dev doesn't exist and kernel doesn't has devtmpfs enabled." | 120 | fatal "ERROR: /dev doesn't exist and kernel doesn't have devtmpfs enabled." |
121 | fi | 121 | fi |
122 | fi | 122 | fi |
123 | 123 | ||
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/rootfs b/meta/recipes-core/initrdscripts/initramfs-framework/rootfs index e0efbe6ebe..38e138f618 100644 --- a/meta/recipes-core/initrdscripts/initramfs-framework/rootfs +++ b/meta/recipes-core/initrdscripts/initramfs-framework/rootfs | |||
@@ -59,7 +59,7 @@ rootfs_run() { | |||
59 | fi | 59 | fi |
60 | fi | 60 | fi |
61 | fi | 61 | fi |
62 | debug "Sleeping for $delay second(s) to wait root to settle..." | 62 | debug "Sleeping for $delay second(s) to wait for root to settle..." |
63 | sleep $delay | 63 | sleep $delay |
64 | C=$(( $C + 1 )) | 64 | C=$(( $C + 1 )) |
65 | done | 65 | done |
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 92fbda335d..e2ce5b3ecf 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb | |||
@@ -112,6 +112,9 @@ INHIBIT_DEFAULT_DEPS = "1" | |||
112 | # Directory in testsdk that contains testcases | 112 | # Directory in testsdk that contains testcases |
113 | TESTSDK_CASES = "buildtools-cases" | 113 | TESTSDK_CASES = "buildtools-cases" |
114 | 114 | ||
115 | # We have our own code, avoid deferred inherit | ||
116 | SDK_CLASSES:remove = "testsdk" | ||
117 | |||
115 | python do_testsdk() { | 118 | python do_testsdk() { |
116 | import oeqa.sdk.testsdk | 119 | import oeqa.sdk.testsdk |
117 | testsdk = oeqa.sdk.testsdk.TestSDK() | 120 | testsdk = oeqa.sdk.testsdk.TestSDK() |
diff --git a/meta/recipes-core/meta/uninative-tarball.bb b/meta/recipes-core/meta/uninative-tarball.bb index 7eebcaf11a..0fd01fdb64 100644 --- a/meta/recipes-core/meta/uninative-tarball.bb +++ b/meta/recipes-core/meta/uninative-tarball.bb | |||
@@ -58,6 +58,8 @@ fakeroot archive_sdk() { | |||
58 | DEST="./${SDK_ARCH}-${SDK_OS}" | 58 | DEST="./${SDK_ARCH}-${SDK_OS}" |
59 | mv sysroots/${SDK_SYS} $DEST | 59 | mv sysroots/${SDK_SYS} $DEST |
60 | rm sysroots -rf | 60 | rm sysroots -rf |
61 | # There is a check in meta/files/toolchain-shar-extract.sh -- make sure to | ||
62 | # keep that check up to date if changing the `1024` | ||
61 | patchelf --set-interpreter ${@''.join('a' for n in range(1024))} $DEST/usr/bin/patchelf | 63 | patchelf --set-interpreter ${@''.join('a' for n in range(1024))} $DEST/usr/bin/patchelf |
62 | mv $DEST/usr/bin/patchelf $DEST/usr/bin/patchelf-uninative | 64 | mv $DEST/usr/bin/patchelf $DEST/usr/bin/patchelf-uninative |
63 | ${SDK_ARCHIVE_CMD} | 65 | ${SDK_ARCHIVE_CMD} |
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc index 761b6a3d31..3b72f3efdd 100644 --- a/meta/recipes-core/ncurses/ncurses.inc +++ b/meta/recipes-core/ncurses/ncurses.inc | |||
@@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \ | |||
13 | inherit autotools binconfig-disabled multilib_header pkgconfig | 13 | inherit autotools binconfig-disabled multilib_header pkgconfig |
14 | 14 | ||
15 | # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/ | 15 | # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/ |
16 | SRC_URI = "git://github.com/mirror/ncurses.git;protocol=https;branch=master" | 16 | SRC_URI = "git://github.com/ThomasDickey/ncurses-snapshots.git;protocol=https;branch=master" |
17 | 17 | ||
18 | EXTRA_AUTORECONF = "-I m4" | 18 | EXTRA_AUTORECONF = "-I m4" |
19 | 19 | ||
diff --git a/meta/recipes-core/ncurses/ncurses_6.4.bb b/meta/recipes-core/ncurses/ncurses_6.4.bb index 97130c06d6..61558ecfa8 100644 --- a/meta/recipes-core/ncurses/ncurses_6.4.bb +++ b/meta/recipes-core/ncurses/ncurses_6.4.bb | |||
@@ -10,10 +10,10 @@ SRC_URI += "file://0001-tic-hang.patch \ | |||
10 | file://CVE-2023-45918.patch \ | 10 | file://CVE-2023-45918.patch \ |
11 | " | 11 | " |
12 | # commit id corresponds to the revision in package version | 12 | # commit id corresponds to the revision in package version |
13 | SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f" | 13 | SRCREV = "1003914e200fd622a27237abca155ce6bf2e6030" |
14 | S = "${WORKDIR}/git" | 14 | S = "${WORKDIR}/git" |
15 | EXTRA_OECONF += "--with-abi-version=5" | 15 | EXTRA_OECONF += "--with-abi-version=5" |
16 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)$" | 16 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+_\d+)$" |
17 | 17 | ||
18 | # This is needed when using patchlevel versions like 6.1+20181013 | 18 | # This is needed when using patchlevel versions like 6.1+20181013 |
19 | #CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}" | 19 | #CVE_VERSION = "${@d.getVar("PV").split('+')[0]}.${@d.getVar("PV").split('+')[1]}" |
diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb index 8906906bc3..93af08c182 100644 --- a/meta/recipes-core/os-release/os-release.bb +++ b/meta/recipes-core/os-release/os-release.bb | |||
@@ -24,7 +24,7 @@ ID = "${DISTRO}" | |||
24 | NAME = "${DISTRO_NAME}" | 24 | NAME = "${DISTRO_NAME}" |
25 | VERSION = "${DISTRO_VERSION}${@' (%s)' % DISTRO_CODENAME if 'DISTRO_CODENAME' in d else ''}" | 25 | VERSION = "${DISTRO_VERSION}${@' (%s)' % DISTRO_CODENAME if 'DISTRO_CODENAME' in d else ''}" |
26 | VERSION_ID = "${DISTRO_VERSION}" | 26 | VERSION_ID = "${DISTRO_VERSION}" |
27 | VERSION_CODENAME = "${DISTRO_CODENAME}" | 27 | VERSION_CODENAME = "${@d.getVar('DISTRO_CODENAME') or ''}" |
28 | PRETTY_NAME = "${DISTRO_NAME} ${VERSION}" | 28 | PRETTY_NAME = "${DISTRO_NAME} ${VERSION}" |
29 | 29 | ||
30 | # The vendor field is hardcoded to "openembedded" deliberately. We'd | 30 | # The vendor field is hardcoded to "openembedded" deliberately. We'd |
diff --git a/meta/recipes-core/systemd/systemd/00-create-volatile.conf b/meta/recipes-core/systemd/systemd/00-create-volatile.conf index c4277221a2..043b2ef1d8 100644 --- a/meta/recipes-core/systemd/systemd/00-create-volatile.conf +++ b/meta/recipes-core/systemd/systemd/00-create-volatile.conf | |||
@@ -6,3 +6,4 @@ | |||
6 | d /run/lock 1777 - - - | 6 | d /run/lock 1777 - - - |
7 | d /var/volatile/log - - - - | 7 | d /var/volatile/log - - - - |
8 | d /var/volatile/tmp 1777 - - | 8 | d /var/volatile/tmp 1777 - - |
9 | L /var/tmp - - - - /var/volatile/tmp | ||
diff --git a/meta/recipes-core/systemd/systemd_255.4.bb b/meta/recipes-core/systemd/systemd_255.4.bb index f58a1bc2b6..0ccca8a567 100644 --- a/meta/recipes-core/systemd/systemd_255.4.bb +++ b/meta/recipes-core/systemd/systemd_255.4.bb | |||
@@ -307,9 +307,10 @@ do_install() { | |||
307 | fi | 307 | fi |
308 | 308 | ||
309 | if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then | 309 | if "${@'true' if oe.types.boolean(d.getVar('VOLATILE_LOG_DIR')) else 'false'}"; then |
310 | # /var/log is typically a symbolic link to inside /var/volatile, | 310 | # base-files recipe provides /var/log which is a symlink to /var/volatile/log |
311 | # which is expected to be empty. | ||
312 | rm -rf ${D}${localstatedir}/log | 311 | rm -rf ${D}${localstatedir}/log |
312 | printf 'L\t\t%s/log\t\t-\t-\t-\t-\t%s/volatile/log\n' "${localstatedir}" \ | ||
313 | "${localstatedir}" >>${D}${nonarch_libdir}/tmpfiles.d/00-create-volatile.conf | ||
313 | elif [ -e ${D}${localstatedir}/log/journal ]; then | 314 | elif [ -e ${D}${localstatedir}/log/journal ]; then |
314 | chown root:systemd-journal ${D}${localstatedir}/log/journal | 315 | chown root:systemd-journal ${D}${localstatedir}/log/journal |
315 | 316 | ||
diff --git a/meta/recipes-core/udev/udev-extraconf/mount.sh b/meta/recipes-core/udev/udev-extraconf/mount.sh index c19e2aa68a..eb84a468be 100644 --- a/meta/recipes-core/udev/udev-extraconf/mount.sh +++ b/meta/recipes-core/udev/udev-extraconf/mount.sh | |||
@@ -98,7 +98,7 @@ automount_systemd() { | |||
98 | ;; | 98 | ;; |
99 | esac | 99 | esac |
100 | 100 | ||
101 | if ! $MOUNT --no-block -t auto $DEVNAME "$MOUNT_BASE/$name" | 101 | if ! $MOUNT --collect --no-block -t auto $DEVNAME "$MOUNT_BASE/$name" |
102 | then | 102 | then |
103 | #logger "mount.sh/automount" "$MOUNT -t auto $DEVNAME \"$MOUNT_BASE/$name\" failed!" | 103 | #logger "mount.sh/automount" "$MOUNT -t auto $DEVNAME \"$MOUNT_BASE/$name\" failed!" |
104 | rm_dir "$MOUNT_BASE/$name" | 104 | rm_dir "$MOUNT_BASE/$name" |
diff --git a/meta/recipes-core/util-linux/util-linux_2.39.3.bb b/meta/recipes-core/util-linux/util-linux_2.39.3.bb index 83b3f4e05b..79ddf2d115 100644 --- a/meta/recipes-core/util-linux/util-linux_2.39.3.bb +++ b/meta/recipes-core/util-linux/util-linux_2.39.3.bb | |||
@@ -90,7 +90,10 @@ EXTRA_OECONF:append = " --disable-hwclock-gplv3" | |||
90 | # build host versions during development | 90 | # build host versions during development |
91 | # | 91 | # |
92 | PACKAGECONFIG ?= "pcre2" | 92 | PACKAGECONFIG ?= "pcre2" |
93 | PACKAGECONFIG:class-target ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'chfn-chsh pam', '', d)}" | 93 | PACKAGECONFIG:class-target ?= "\ |
94 | libmount-mountfd-support \ | ||
95 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'chfn-chsh pam', '', d)} \ | ||
96 | " | ||
94 | # inherit manpages requires this to be present, however util-linux does not have | 97 | # inherit manpages requires this to be present, however util-linux does not have |
95 | # configuration options, and installs manpages always | 98 | # configuration options, and installs manpages always |
96 | PACKAGECONFIG[manpages] = "" | 99 | PACKAGECONFIG[manpages] = "" |
@@ -106,6 +109,13 @@ PACKAGECONFIG[pcre2] = ",,libpcre2" | |||
106 | PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" | 109 | PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" |
107 | PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," | 110 | PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," |
108 | PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" | 111 | PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" |
112 | # Using the new file descriptors based mount kernel API can cause rootfs remount failure with some older kernels. | ||
113 | # Of currently supported LTS kernels, the old mount API should be used with: | ||
114 | # - versions prior to 6.6.18 in the 6.6.y series. | ||
115 | # - versions prior to 6.1.79 in the 6.1.y series. | ||
116 | # - versions till at least 5.15.164 in the 5.15.y series. | ||
117 | # - with 5.10.y, 5.4.y and 4.19.y series kernels, libmount seemed to use the old API regardless of this option. | ||
118 | PACKAGECONFIG[libmount-mountfd-support] = "--enable-libmount-mountfd-support,--disable-libmount-mountfd-support" | ||
109 | 119 | ||
110 | EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} CPU= CPUOPT= 'OPT=${CFLAGS}'" | 120 | EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} CPU= CPUOPT= 'OPT=${CFLAGS}'" |
111 | 121 | ||
diff --git a/meta/recipes-devtools/apt/apt_2.6.1.bb b/meta/recipes-devtools/apt/apt_2.6.1.bb index fb4ff899d2..e688d30cae 100644 --- a/meta/recipes-devtools/apt/apt_2.6.1.bb +++ b/meta/recipes-devtools/apt/apt_2.6.1.bb | |||
@@ -111,7 +111,7 @@ Acquire | |||
111 | AllowInsecureRepositories "true"; | 111 | AllowInsecureRepositories "true"; |
112 | }; | 112 | }; |
113 | 113 | ||
114 | DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-debsig"}; | 114 | DPkg::Options {"--root=#ROOTFS#";"--admindir=#ROOTFS#/var/lib/dpkg";"--force-all";"--no-force-overwrite";"--no-debsig"}; |
115 | DPkg::Path ""; | 115 | DPkg::Path ""; |
116 | EOF | 116 | EOF |
117 | } | 117 | } |
diff --git a/meta/recipes-devtools/automake/automake/new_rt_path_for_test-driver.patch b/meta/recipes-devtools/automake/automake/new_rt_path_for_test-driver.patch index 1f71722334..f92ec6b548 100644 --- a/meta/recipes-devtools/automake/automake/new_rt_path_for_test-driver.patch +++ b/meta/recipes-devtools/automake/automake/new_rt_path_for_test-driver.patch | |||
@@ -5,7 +5,7 @@ Subject: [PATCH] Set relative to top_builddir path in Makefile to access | |||
5 | test-driver | 5 | test-driver |
6 | 6 | ||
7 | Signed-off-by: Adrian Calianu <adrian.calianu@enea.com> | 7 | Signed-off-by: Adrian Calianu <adrian.calianu@enea.com> |
8 | Upstream-Status: Pending | 8 | Upstream-Status: Inappropriate [specific to oe-core target ptest installation] |
9 | Bug-Report: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19042 | 9 | Bug-Report: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19042 |
10 | 10 | ||
11 | --- | 11 | --- |
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index c8f526b5c7..5d5ba3d6dc 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc | |||
@@ -20,7 +20,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" | |||
20 | 20 | ||
21 | CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier" | 21 | CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier" |
22 | 22 | ||
23 | SRCREV ?= "cbec9028dd3fa9b49e0204f1a989cea67cae32c6" | 23 | SRCREV ?= "8a6764d35e5c15d78de8aef8f27af3eefd9d7544" |
24 | BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https" | 24 | BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https" |
25 | SRC_URI = "\ | 25 | SRC_URI = "\ |
26 | ${BINUTILS_GIT_URI} \ | 26 | ${BINUTILS_GIT_URI} \ |
diff --git a/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb b/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb index 895f6d3b36..c6002d5e45 100644 --- a/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb +++ b/meta/recipes-devtools/dejagnu/dejagnu_1.6.3.bb | |||
@@ -2,7 +2,7 @@ SUMMARY = "GNU unit testing framework, written in Expect and Tcl" | |||
2 | DESCRIPTION = "DejaGnu is a framework for testing other programs. Its purpose \ | 2 | DESCRIPTION = "DejaGnu is a framework for testing other programs. Its purpose \ |
3 | is to provide a single front end for all tests." | 3 | is to provide a single front end for all tests." |
4 | HOMEPAGE = "https://www.gnu.org/software/dejagnu/" | 4 | HOMEPAGE = "https://www.gnu.org/software/dejagnu/" |
5 | LICENSE = "GPL-2.0-only" | 5 | LICENSE = "GPL-3.0-only" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" |
7 | SECTION = "devel" | 7 | SECTION = "devel" |
8 | 8 | ||
diff --git a/meta/recipes-devtools/desktop-file-utils/desktop-file-utils_0.27.bb b/meta/recipes-devtools/desktop-file-utils/desktop-file-utils_0.27.bb index 55c88afcc9..5285a6c6ea 100644 --- a/meta/recipes-devtools/desktop-file-utils/desktop-file-utils_0.27.bb +++ b/meta/recipes-devtools/desktop-file-utils/desktop-file-utils_0.27.bb | |||
@@ -7,7 +7,7 @@ LICENSE = "GPL-2.0-or-later" | |||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | 7 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ |
8 | file://src/validator.c;beginline=4;endline=27;md5=281e1114ee6c486a1a0a4295986b9416" | 8 | file://src/validator.c;beginline=4;endline=27;md5=281e1114ee6c486a1a0a4295986b9416" |
9 | 9 | ||
10 | SRC_URI = "http://freedesktop.org/software/${BPN}/releases/${BP}.tar.xz" | 10 | SRC_URI = "http://www.freedesktop.org/software/${BPN}/releases/${BP}.tar.xz" |
11 | SRC_URI[sha256sum] = "a0817df39ce385b6621880407c56f1f298168c040c2032cedf88d5b76affe836" | 11 | SRC_URI[sha256sum] = "a0817df39ce385b6621880407c56f1f298168c040c2032cedf88d5b76affe836" |
12 | 12 | ||
13 | DEPENDS = "glib-2.0" | 13 | DEPENDS = "glib-2.0" |
diff --git a/meta/recipes-devtools/dnf/dnf_4.19.0.bb b/meta/recipes-devtools/dnf/dnf_4.19.0.bb index 184dbea963..37a2cc7de2 100644 --- a/meta/recipes-devtools/dnf/dnf_4.19.0.bb +++ b/meta/recipes-devtools/dnf/dnf_4.19.0.bb | |||
@@ -18,7 +18,7 @@ SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protoc | |||
18 | file://0001-lock.py-fix-Exception-handling.patch \ | 18 | file://0001-lock.py-fix-Exception-handling.patch \ |
19 | " | 19 | " |
20 | 20 | ||
21 | SRC_URI:append:class-native = "file://0001-dnf-write-the-log-lock-to-root.patch" | 21 | SRC_URI:append:class-native = " file://0001-dnf-write-the-log-lock-to-root.patch" |
22 | 22 | ||
23 | SRCREV = "566a61f9d8a2830ac6dcc3a94c59224cef1c3d03" | 23 | SRCREV = "566a61f9d8a2830ac6dcc3a94c59224cef1c3d03" |
24 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" | 24 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" |
diff --git a/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch b/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch index 52e85705fa..a137764409 100644 --- a/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch +++ b/meta/recipes-devtools/dpkg/dpkg/0001-Add-support-for-riscv32-CPU.patch | |||
@@ -3,7 +3,7 @@ From: Khem Raj <raj.khem@gmail.com> | |||
3 | Date: Wed, 29 Apr 2020 22:02:23 -0700 | 3 | Date: Wed, 29 Apr 2020 22:02:23 -0700 |
4 | Subject: [PATCH] Add support for riscv32 CPU | 4 | Subject: [PATCH] Add support for riscv32 CPU |
5 | 5 | ||
6 | Upstream-Status: Pending | 6 | Upstream-Status: Inappropriate [not a debian architecture] |
7 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 7 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
8 | --- | 8 | --- |
9 | data/cputable | 1 + | 9 | data/cputable | 1 + |
diff --git a/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch b/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch index d66ab4476a..9677a8cd23 100644 --- a/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch +++ b/meta/recipes-devtools/dpkg/dpkg/0001-dpkg-Support-muslx32-build.patch | |||
@@ -3,7 +3,7 @@ From: sweeaun <swee.aun.khor@intel.com> | |||
3 | Date: Sun, 10 Sep 2017 00:14:15 -0700 | 3 | Date: Sun, 10 Sep 2017 00:14:15 -0700 |
4 | Subject: [PATCH] dpkg: Support muslx32 build | 4 | Subject: [PATCH] dpkg: Support muslx32 build |
5 | 5 | ||
6 | Upstream-Status: Pending | 6 | Upstream-Status: Inappropriate [not a debian architecture] |
7 | Changes made on ostable and tupletable to enable muslx32 build. | 7 | Changes made on ostable and tupletable to enable muslx32 build. |
8 | 8 | ||
9 | Signed-off-by: sweeaun <swee.aun.khor@intel.com> | 9 | Signed-off-by: sweeaun <swee.aun.khor@intel.com> |
diff --git a/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch b/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch index 8797ea55c6..76708f5bef 100644 --- a/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch +++ b/meta/recipes-devtools/dpkg/dpkg/0006-add-musleabi-to-known-target-tripets.patch | |||
@@ -5,7 +5,7 @@ Subject: [PATCH] add musleabi to known target tripets | |||
5 | 5 | ||
6 | helps compiling dpkg for musl/arm-softfloat | 6 | helps compiling dpkg for musl/arm-softfloat |
7 | 7 | ||
8 | Upstream-Status: Pending | 8 | Upstream-Status: Inappropriate [not a debian architecture] |
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
10 | Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> | 10 | Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> |
11 | --- | 11 | --- |
diff --git a/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch b/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch index d165616a19..417beafb63 100644 --- a/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch +++ b/meta/recipes-devtools/dpkg/dpkg/add_armeb_triplet_entry.patch | |||
@@ -21,7 +21,7 @@ the required combination of "gnueabi-linux-armeb" was not found in | |||
21 | the triplettable file thereby returning dpkg_arch as | 21 | the triplettable file thereby returning dpkg_arch as |
22 | empty in configure script. | 22 | empty in configure script. |
23 | 23 | ||
24 | Upstream-Status: Pending | 24 | Upstream-Status: Inappropriate [not a debian architecture] |
25 | 25 | ||
26 | Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com> | 26 | Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com> |
27 | Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> | 27 | Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> |
diff --git a/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch b/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch index 4e0d22acbb..f8be0f940e 100644 --- a/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch +++ b/meta/recipes-devtools/dpkg/dpkg/arch_pm.patch | |||
@@ -3,7 +3,7 @@ architecture for mips64, and possibly other arch's | |||
3 | because of faulty code added to Arch.pm in the latest | 3 | because of faulty code added to Arch.pm in the latest |
4 | release from upstream. We remove that code. | 4 | release from upstream. We remove that code. |
5 | 5 | ||
6 | Upstream-Status: Pending | 6 | Upstream-Status: Inappropriate [not a debian architecture] |
7 | 7 | ||
8 | Signed-off-by: Joe Slater <jslater@windriver.com> | 8 | Signed-off-by: Joe Slater <jslater@windriver.com> |
9 | 9 | ||
diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb index 174b35ec73..158e7af030 100644 --- a/meta/recipes-devtools/expect/expect_5.45.4.bb +++ b/meta/recipes-devtools/expect/expect_5.45.4.bb | |||
@@ -85,4 +85,4 @@ BBCLASSEXTEND = "native nativesdk" | |||
85 | 85 | ||
86 | # http://errors.yoctoproject.org/Errors/Details/766950/ | 86 | # http://errors.yoctoproject.org/Errors/Details/766950/ |
87 | # expect5.45.4/exp_chan.c:62:5: error: initialization of 'struct Tcl_ChannelTypeVersion_ *' from incompatible pointer type 'int (*)(void *, int)' [-Wincompatible-pointer-types] | 87 | # expect5.45.4/exp_chan.c:62:5: error: initialization of 'struct Tcl_ChannelTypeVersion_ *' from incompatible pointer type 'int (*)(void *, int)' [-Wincompatible-pointer-types] |
88 | CFLAGS += "-Wno-error=incompatible-pointer-types" | 88 | CFLAGS:append = " -Wno-error=incompatible-pointer-types" |
diff --git a/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch index b0b77dbfa0..9de883c2c7 100644 --- a/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch +++ b/meta/recipes-devtools/gcc/gcc/0007-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From aacfd6e14dd583b1fdc65691def61c5e1bc89708 Mon Sep 17 00:00:00 2001 | 1 | From 4067ae345f0ff1fbf37c0348f2af09257513b817 Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
3 | Date: Fri, 29 Mar 2013 09:24:50 +0400 | 3 | Date: Fri, 29 Mar 2013 09:24:50 +0400 |
4 | Subject: [PATCH] Define GLIBC_DYNAMIC_LINKER and UCLIBC_DYNAMIC_LINKER | 4 | Subject: [PATCH] Define GLIBC_DYNAMIC_LINKER and UCLIBC_DYNAMIC_LINKER |
@@ -185,7 +185,7 @@ index aecaa02a199..62f88f7f9a2 100644 | |||
185 | #undef GNU_USER_TARGET_LINK_SPEC | 185 | #undef GNU_USER_TARGET_LINK_SPEC |
186 | #define GNU_USER_TARGET_LINK_SPEC \ | 186 | #define GNU_USER_TARGET_LINK_SPEC \ |
187 | diff --git a/gcc/config/microblaze/linux.h b/gcc/config/microblaze/linux.h | 187 | diff --git a/gcc/config/microblaze/linux.h b/gcc/config/microblaze/linux.h |
188 | index e2e2c421c52..6f26480e3b5 100644 | 188 | index 5ed8ee518be..299d1a62c81 100644 |
189 | --- a/gcc/config/microblaze/linux.h | 189 | --- a/gcc/config/microblaze/linux.h |
190 | +++ b/gcc/config/microblaze/linux.h | 190 | +++ b/gcc/config/microblaze/linux.h |
191 | @@ -28,7 +28,7 @@ | 191 | @@ -28,7 +28,7 @@ |
@@ -193,7 +193,7 @@ index e2e2c421c52..6f26480e3b5 100644 | |||
193 | #define TLS_NEEDS_GOT 1 | 193 | #define TLS_NEEDS_GOT 1 |
194 | 194 | ||
195 | -#define GLIBC_DYNAMIC_LINKER "/lib/ld.so.1" | 195 | -#define GLIBC_DYNAMIC_LINKER "/lib/ld.so.1" |
196 | +#define GLIBC_DYNAMIC_LINKER SYSTEMLIBS_DIR "/ld.so.1" | 196 | +#define GLIBC_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld.so.1" |
197 | #define UCLIBC_DYNAMIC_LINKER "/lib/ld-uClibc.so.0" | 197 | #define UCLIBC_DYNAMIC_LINKER "/lib/ld-uClibc.so.0" |
198 | 198 | ||
199 | #if TARGET_BIG_ENDIAN_DEFAULT == 0 /* LE */ | 199 | #if TARGET_BIG_ENDIAN_DEFAULT == 0 /* LE */ |
diff --git a/meta/recipes-devtools/gcc/libgfortran.inc b/meta/recipes-devtools/gcc/libgfortran.inc index e810146d4d..c68645e392 100644 --- a/meta/recipes-devtools/gcc/libgfortran.inc +++ b/meta/recipes-devtools/gcc/libgfortran.inc | |||
@@ -47,8 +47,9 @@ do_install () { | |||
47 | chown -R root:root ${D} | 47 | chown -R root:root ${D} |
48 | } | 48 | } |
49 | 49 | ||
50 | # avoid virtual/libc | ||
50 | INHIBIT_DEFAULT_DEPS = "1" | 51 | INHIBIT_DEFAULT_DEPS = "1" |
51 | DEPENDS = "gcc-runtime gcc-cross-${TARGET_ARCH}" | 52 | DEPENDS = "virtual/${HOST_PREFIX}gcc virtual/${HOST_PREFIX}compilerlibs" |
52 | 53 | ||
53 | BBCLASSEXTEND = "nativesdk" | 54 | BBCLASSEXTEND = "nativesdk" |
54 | 55 | ||
diff --git a/meta/recipes-devtools/go/go-1.22.4.inc b/meta/recipes-devtools/go/go-1.22.6.inc index 44897daba4..834debaf9b 100644 --- a/meta/recipes-devtools/go/go-1.22.4.inc +++ b/meta/recipes-devtools/go/go-1.22.6.inc | |||
@@ -15,4 +15,4 @@ SRC_URI += "\ | |||
15 | file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ | 15 | file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ |
16 | file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ | 16 | file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ |
17 | " | 17 | " |
18 | SRC_URI[main.sha256sum] = "fed720678e728a7ca30ba8d1ded1caafe27d16028fab0232b8ba8e22008fb784" | 18 | SRC_URI[main.sha256sum] = "9e48d99d519882579917d8189c17e98c373ce25abaebb98772e2927088992a51" |
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.4.bb b/meta/recipes-devtools/go/go-binary-native_1.22.6.bb index 61da51be3a..ea4577f20a 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.22.4.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.22.6.bb | |||
@@ -9,9 +9,9 @@ PROVIDES = "go-native" | |||
9 | 9 | ||
10 | # Checksums available at https://go.dev/dl/ | 10 | # Checksums available at https://go.dev/dl/ |
11 | SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" | 11 | SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" |
12 | SRC_URI[go_linux_amd64.sha256sum] = "ba79d4526102575196273416239cca418a651e049c2b099f3159db85e7bade7d" | 12 | SRC_URI[go_linux_amd64.sha256sum] = "999805bed7d9039ec3da1a53bfbcafc13e367da52aa823cb60b68ba22d44c616" |
13 | SRC_URI[go_linux_arm64.sha256sum] = "a8e177c354d2e4a1b61020aca3562e27ea3e8f8247eca3170e3fa1e0c2f9e771" | 13 | SRC_URI[go_linux_arm64.sha256sum] = "c15fa895341b8eaf7f219fada25c36a610eb042985dc1a912410c1c90098eaf2" |
14 | SRC_URI[go_linux_ppc64le.sha256sum] = "a3e5834657ef92523f570f798fed42f1f87bc18222a16815ec76b84169649ec4" | 14 | SRC_URI[go_linux_ppc64le.sha256sum] = "9d99fce3f6f72a76630fe91ec0884dfe3db828def4713368424900fa98bb2bd6" |
15 | 15 | ||
16 | UPSTREAM_CHECK_URI = "https://golang.org/dl/" | 16 | UPSTREAM_CHECK_URI = "https://golang.org/dl/" |
17 | UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" | 17 | UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux" |
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.4.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.6.bb index 7ac9449e47..7ac9449e47 100644 --- a/meta/recipes-devtools/go/go-cross-canadian_1.22.4.bb +++ b/meta/recipes-devtools/go/go-cross-canadian_1.22.6.bb | |||
diff --git a/meta/recipes-devtools/go/go-cross_1.22.4.bb b/meta/recipes-devtools/go/go-cross_1.22.6.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/meta/recipes-devtools/go/go-cross_1.22.4.bb +++ b/meta/recipes-devtools/go/go-cross_1.22.6.bb | |||
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.4.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.6.bb index 1857c8a577..1857c8a577 100644 --- a/meta/recipes-devtools/go/go-crosssdk_1.22.4.bb +++ b/meta/recipes-devtools/go/go-crosssdk_1.22.6.bb | |||
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.4.bb b/meta/recipes-devtools/go/go-runtime_1.22.6.bb index 63464a1501..63464a1501 100644 --- a/meta/recipes-devtools/go/go-runtime_1.22.4.bb +++ b/meta/recipes-devtools/go/go-runtime_1.22.6.bb | |||
diff --git a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch index 564837c7cd..a8e5d6e86d 100644 --- a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch +++ b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 9a6c5040cbcd88b10ceb8ceaebc8d6158c086670 Mon Sep 17 00:00:00 2001 | 1 | From 9b3ebef0356594a447906f00fe80584952c08289 Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
3 | Date: Mon, 28 Mar 2022 10:59:03 -0700 | 3 | Date: Mon, 28 Mar 2022 10:59:03 -0700 |
4 | Subject: [PATCH 1/9] cmd/go: make content-based hash generation less pedantic | 4 | Subject: [PATCH] cmd/go: make content-based hash generation less pedantic |
5 | 5 | ||
6 | Go 1.10's build tool now uses content-based hashes to | 6 | Go 1.10's build tool now uses content-based hashes to |
7 | determine when something should be built or re-built. | 7 | determine when something should be built or re-built. |
@@ -32,7 +32,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
32 | 2 files changed, 36 insertions(+), 10 deletions(-) | 32 | 2 files changed, 36 insertions(+), 10 deletions(-) |
33 | 33 | ||
34 | diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go | 34 | diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go |
35 | index c7c2e83e0f..4a90d9da5c 100644 | 35 | index c7c2e83..4a90d9d 100644 |
36 | --- a/src/cmd/go/internal/envcmd/env.go | 36 | --- a/src/cmd/go/internal/envcmd/env.go |
37 | +++ b/src/cmd/go/internal/envcmd/env.go | 37 | +++ b/src/cmd/go/internal/envcmd/env.go |
38 | @@ -189,7 +189,7 @@ func ExtraEnvVarsCostly() []cfg.EnvVar { | 38 | @@ -189,7 +189,7 @@ func ExtraEnvVarsCostly() []cfg.EnvVar { |
@@ -45,7 +45,7 @@ index c7c2e83e0f..4a90d9da5c 100644 | |||
45 | // Should not happen - b.CFlags was given an empty package. | 45 | // Should not happen - b.CFlags was given an empty package. |
46 | fmt.Fprintf(os.Stderr, "go: invalid cflags: %v\n", err) | 46 | fmt.Fprintf(os.Stderr, "go: invalid cflags: %v\n", err) |
47 | diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go | 47 | diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go |
48 | index e05471b06c..9724cd07d0 100644 | 48 | index e05471b..9724cd0 100644 |
49 | --- a/src/cmd/go/internal/work/exec.go | 49 | --- a/src/cmd/go/internal/work/exec.go |
50 | +++ b/src/cmd/go/internal/work/exec.go | 50 | +++ b/src/cmd/go/internal/work/exec.go |
51 | @@ -232,6 +232,8 @@ func (b *Builder) Do(ctx context.Context, root *Action) { | 51 | @@ -232,6 +232,8 @@ func (b *Builder) Do(ctx context.Context, root *Action) { |
@@ -163,6 +163,3 @@ index e05471b06c..9724cd07d0 100644 | |||
163 | if err != nil { | 163 | if err != nil { |
164 | return "", "", err | 164 | return "", "", err |
165 | } | 165 | } |
166 | -- | ||
167 | 2.44.0 | ||
168 | |||
diff --git a/meta/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch b/meta/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch index 001c94a4e7..a69ada47b0 100644 --- a/meta/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch +++ b/meta/recipes-devtools/go/go/0002-cmd-go-Allow-GOTOOLDIR-to-be-overridden-in-the-envir.patch | |||
@@ -1,8 +1,7 @@ | |||
1 | From e3f9a8a69d3a340c1a1d0bba566e71f20f635a43 Mon Sep 17 00:00:00 2001 | 1 | From 687ff9d17f756145f9a58413070cccbd488d1ea2 Mon Sep 17 00:00:00 2001 |
2 | From: Alex Kube <alexander.j.kube@gmail.com> | 2 | From: Alex Kube <alexander.j.kube@gmail.com> |
3 | Date: Wed, 23 Oct 2019 21:15:37 +0430 | 3 | Date: Wed, 23 Oct 2019 21:15:37 +0430 |
4 | Subject: [PATCH 2/9] cmd/go: Allow GOTOOLDIR to be overridden in the | 4 | Subject: [PATCH] cmd/go: Allow GOTOOLDIR to be overridden in the environment |
5 | environment | ||
6 | 5 | ||
7 | to allow for split host/target build roots | 6 | to allow for split host/target build roots |
8 | 7 | ||
@@ -20,7 +19,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
20 | 2 files changed, 8 insertions(+), 2 deletions(-) | 19 | 2 files changed, 8 insertions(+), 2 deletions(-) |
21 | 20 | ||
22 | diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go | 21 | diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go |
23 | index 32e59b446a..06ee4de8a9 100644 | 22 | index 32e59b4..06ee4de 100644 |
24 | --- a/src/cmd/dist/build.go | 23 | --- a/src/cmd/dist/build.go |
25 | +++ b/src/cmd/dist/build.go | 24 | +++ b/src/cmd/dist/build.go |
26 | @@ -259,7 +259,9 @@ func xinit() { | 25 | @@ -259,7 +259,9 @@ func xinit() { |
@@ -35,7 +34,7 @@ index 32e59b446a..06ee4de8a9 100644 | |||
35 | goversion := findgoversion() | 34 | goversion := findgoversion() |
36 | isRelease = strings.HasPrefix(goversion, "release.") || strings.HasPrefix(goversion, "go") | 35 | isRelease = strings.HasPrefix(goversion, "release.") || strings.HasPrefix(goversion, "go") |
37 | diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go | 36 | diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go |
38 | index a8daa2dfc3..393ada39c9 100644 | 37 | index a8daa2d..393ada3 100644 |
39 | --- a/src/cmd/go/internal/cfg/cfg.go | 38 | --- a/src/cmd/go/internal/cfg/cfg.go |
40 | +++ b/src/cmd/go/internal/cfg/cfg.go | 39 | +++ b/src/cmd/go/internal/cfg/cfg.go |
41 | @@ -230,7 +230,11 @@ func SetGOROOT(goroot string, isTestGo bool) { | 40 | @@ -230,7 +230,11 @@ func SetGOROOT(goroot string, isTestGo bool) { |
@@ -51,6 +50,3 @@ index a8daa2dfc3..393ada39c9 100644 | |||
51 | } | 50 | } |
52 | } | 51 | } |
53 | } | 52 | } |
54 | -- | ||
55 | 2.44.0 | ||
56 | |||
diff --git a/meta/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch b/meta/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch index 9cab2969c8..abc5faa21c 100644 --- a/meta/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch +++ b/meta/recipes-devtools/go/go/0003-ld-add-soname-to-shareable-objects.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 7dde77b3ce8138314dd2736604b1b110dbcc0ac1 Mon Sep 17 00:00:00 2001 | 1 | From 01fe178b292db12d811811ff2d8d56b225e4b5e8 Mon Sep 17 00:00:00 2001 |
2 | From: Alex Kube <alexander.j.kube@gmail.com> | 2 | From: Alex Kube <alexander.j.kube@gmail.com> |
3 | Date: Wed, 23 Oct 2019 21:16:32 +0430 | 3 | Date: Wed, 23 Oct 2019 21:16:32 +0430 |
4 | Subject: [PATCH 3/9] ld: add soname to shareable objects | 4 | Subject: [PATCH] ld: add soname to shareable objects |
5 | 5 | ||
6 | so that OE's shared library dependency handling | 6 | so that OE's shared library dependency handling |
7 | can find them. | 7 | can find them. |
@@ -19,7 +19,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
19 | 1 file changed, 3 insertions(+) | 19 | 1 file changed, 3 insertions(+) |
20 | 20 | ||
21 | diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go | 21 | diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go |
22 | index eab74dc328..ae9bbc9093 100644 | 22 | index eab74dc..ae9bbc9 100644 |
23 | --- a/src/cmd/link/internal/ld/lib.go | 23 | --- a/src/cmd/link/internal/ld/lib.go |
24 | +++ b/src/cmd/link/internal/ld/lib.go | 24 | +++ b/src/cmd/link/internal/ld/lib.go |
25 | @@ -1576,6 +1576,7 @@ func (ctxt *Link) hostlink() { | 25 | @@ -1576,6 +1576,7 @@ func (ctxt *Link) hostlink() { |
@@ -46,6 +46,3 @@ index eab74dc328..ae9bbc9093 100644 | |||
46 | } | 46 | } |
47 | } | 47 | } |
48 | 48 | ||
49 | -- | ||
50 | 2.44.0 | ||
51 | |||
diff --git a/meta/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch b/meta/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch index 8889aef1cf..9df43c46d0 100644 --- a/meta/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch +++ b/meta/recipes-devtools/go/go/0004-make.bash-override-CC-when-building-dist-and-go_boot.patch | |||
@@ -1,8 +1,7 @@ | |||
1 | From 9f59e46991074d3e3c4d00f3971e62bfcd707167 Mon Sep 17 00:00:00 2001 | 1 | From e47d157631d1b97403f253c63d361b7380b32c22 Mon Sep 17 00:00:00 2001 |
2 | From: Alex Kube <alexander.j.kube@gmail.com> | 2 | From: Alex Kube <alexander.j.kube@gmail.com> |
3 | Date: Wed, 23 Oct 2019 21:17:16 +0430 | 3 | Date: Wed, 23 Oct 2019 21:17:16 +0430 |
4 | Subject: [PATCH 4/9] make.bash: override CC when building dist and | 4 | Subject: [PATCH] make.bash: override CC when building dist and go_bootstrap |
5 | go_bootstrap | ||
6 | 5 | ||
7 | for handling OE cross-canadian builds. | 6 | for handling OE cross-canadian builds. |
8 | 7 | ||
@@ -19,7 +18,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
19 | 1 file changed, 2 insertions(+), 2 deletions(-) | 18 | 1 file changed, 2 insertions(+), 2 deletions(-) |
20 | 19 | ||
21 | diff --git a/src/make.bash b/src/make.bash | 20 | diff --git a/src/make.bash b/src/make.bash |
22 | index 76ad51624a..074e129a24 100755 | 21 | index 76ad516..074e129 100755 |
23 | --- a/src/make.bash | 22 | --- a/src/make.bash |
24 | +++ b/src/make.bash | 23 | +++ b/src/make.bash |
25 | @@ -198,7 +198,7 @@ if [[ "$GOROOT_BOOTSTRAP" == "$GOROOT" ]]; then | 24 | @@ -198,7 +198,7 @@ if [[ "$GOROOT_BOOTSTRAP" == "$GOROOT" ]]; then |
@@ -40,6 +39,3 @@ index 76ad51624a..074e129a24 100755 | |||
40 | rm -f ./cmd/dist/dist | 39 | rm -f ./cmd/dist/dist |
41 | 40 | ||
42 | # DO NOT ADD ANY NEW CODE HERE. | 41 | # DO NOT ADD ANY NEW CODE HERE. |
43 | -- | ||
44 | 2.44.0 | ||
45 | |||
diff --git a/meta/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch b/meta/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch index 364fce907a..bc25d08fbf 100644 --- a/meta/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch +++ b/meta/recipes-devtools/go/go/0005-cmd-dist-separate-host-and-target-builds.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 6dda78d528e60993a4688cd9d49440a726378ac8 Mon Sep 17 00:00:00 2001 | 1 | From bae1cec790ff17c4c93a2f8fda27036e5e021f6d Mon Sep 17 00:00:00 2001 |
2 | From: Alex Kube <alexander.j.kube@gmail.com> | 2 | From: Alex Kube <alexander.j.kube@gmail.com> |
3 | Date: Wed, 23 Oct 2019 21:18:12 +0430 | 3 | Date: Wed, 23 Oct 2019 21:18:12 +0430 |
4 | Subject: [PATCH 5/9] cmd/dist: separate host and target builds | 4 | Subject: [PATCH] cmd/dist: separate host and target builds |
5 | 5 | ||
6 | Change the dist tool to allow for OE-style cross- | 6 | Change the dist tool to allow for OE-style cross- |
7 | and cross-canadian builds: | 7 | and cross-canadian builds: |
@@ -45,7 +45,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
45 | 1 file changed, 75 insertions(+), 1 deletion(-) | 45 | 1 file changed, 75 insertions(+), 1 deletion(-) |
46 | 46 | ||
47 | diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go | 47 | diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go |
48 | index 06ee4de8a9..74b7c7098f 100644 | 48 | index 06ee4de..016b1dd 100644 |
49 | --- a/src/cmd/dist/build.go | 49 | --- a/src/cmd/dist/build.go |
50 | +++ b/src/cmd/dist/build.go | 50 | +++ b/src/cmd/dist/build.go |
51 | @@ -46,6 +46,7 @@ var ( | 51 | @@ -46,6 +46,7 @@ var ( |
@@ -216,6 +216,3 @@ index 06ee4de8a9..74b7c7098f 100644 | |||
216 | 216 | ||
217 | if goos == "android" { | 217 | if goos == "android" { |
218 | // Make sure the exec wrapper will sync a fresh $GOROOT to the device. | 218 | // Make sure the exec wrapper will sync a fresh $GOROOT to the device. |
219 | -- | ||
220 | 2.44.0 | ||
221 | |||
diff --git a/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch b/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch index 262f1e96b8..4a57b07b7a 100644 --- a/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch +++ b/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From aff5a740d6286c04beb0593fc68b0aea5a95ad39 Mon Sep 17 00:00:00 2001 | 1 | From a31db6f78d851741aea1e76132a84a24138a5bc6 Mon Sep 17 00:00:00 2001 |
2 | From: Alex Kube <alexander.j.kube@gmail.com> | 2 | From: Alex Kube <alexander.j.kube@gmail.com> |
3 | Date: Wed, 23 Oct 2019 21:18:56 +0430 | 3 | Date: Wed, 23 Oct 2019 21:18:56 +0430 |
4 | Subject: [PATCH 6/9] cmd/go: make GOROOT precious by default | 4 | Subject: [PATCH] cmd/go: make GOROOT precious by default |
5 | 5 | ||
6 | The go build tool normally rebuilds whatever it detects is | 6 | The go build tool normally rebuilds whatever it detects is |
7 | stale. This can be a problem when GOROOT is intended to | 7 | stale. This can be a problem when GOROOT is intended to |
@@ -29,7 +29,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
29 | 3 files changed, 34 insertions(+) | 29 | 3 files changed, 34 insertions(+) |
30 | 30 | ||
31 | diff --git a/src/cmd/go/internal/work/action.go b/src/cmd/go/internal/work/action.go | 31 | diff --git a/src/cmd/go/internal/work/action.go b/src/cmd/go/internal/work/action.go |
32 | index a59072e591..9e35ebde0c 100644 | 32 | index a59072e..9e35ebd 100644 |
33 | --- a/src/cmd/go/internal/work/action.go | 33 | --- a/src/cmd/go/internal/work/action.go |
34 | +++ b/src/cmd/go/internal/work/action.go | 34 | +++ b/src/cmd/go/internal/work/action.go |
35 | @@ -754,6 +754,9 @@ func (b *Builder) addTransitiveLinkDeps(a, a1 *Action, shlib string) { | 35 | @@ -754,6 +754,9 @@ func (b *Builder) addTransitiveLinkDeps(a, a1 *Action, shlib string) { |
@@ -43,7 +43,7 @@ index a59072e591..9e35ebde0c 100644 | |||
43 | // TODO(rsc): The use of ModeInstall here is suspect, but if we only do ModeBuild, | 43 | // TODO(rsc): The use of ModeInstall here is suspect, but if we only do ModeBuild, |
44 | // we'll end up building an overall library or executable that depends at runtime | 44 | // we'll end up building an overall library or executable that depends at runtime |
45 | diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go | 45 | diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go |
46 | index 408edb5119..3d60252127 100644 | 46 | index 408edb5..3d60252 100644 |
47 | --- a/src/cmd/go/internal/work/build.go | 47 | --- a/src/cmd/go/internal/work/build.go |
48 | +++ b/src/cmd/go/internal/work/build.go | 48 | +++ b/src/cmd/go/internal/work/build.go |
49 | @@ -233,6 +233,8 @@ See also: go install, go get, go clean. | 49 | @@ -233,6 +233,8 @@ See also: go install, go get, go clean. |
@@ -67,7 +67,7 @@ index 408edb5119..3d60252127 100644 | |||
67 | 67 | ||
68 | // Note that flags consulted by other parts of the code | 68 | // Note that flags consulted by other parts of the code |
69 | diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go | 69 | diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go |
70 | index 9724cd07d0..544df461a2 100644 | 70 | index 9724cd0..544df46 100644 |
71 | --- a/src/cmd/go/internal/work/exec.go | 71 | --- a/src/cmd/go/internal/work/exec.go |
72 | +++ b/src/cmd/go/internal/work/exec.go | 72 | +++ b/src/cmd/go/internal/work/exec.go |
73 | @@ -544,6 +544,23 @@ func (b *Builder) build(ctx context.Context, a *Action) (err error) { | 73 | @@ -544,6 +544,23 @@ func (b *Builder) build(ctx context.Context, a *Action) (err error) { |
@@ -109,6 +109,3 @@ index 9724cd07d0..544df461a2 100644 | |||
109 | if err := b.Shell(a).Mkdir(a.Objdir); err != nil { | 109 | if err := b.Shell(a).Mkdir(a.Objdir); err != nil { |
110 | return err | 110 | return err |
111 | } | 111 | } |
112 | -- | ||
113 | 2.44.0 | ||
114 | |||
diff --git a/meta/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch b/meta/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch index c5bf28f54a..2fdd52974f 100644 --- a/meta/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch +++ b/meta/recipes-devtools/go/go/0007-exec.go-filter-out-build-specific-paths-from-linker-.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 083b5c74b12a1abeb11dd7f58a1cb1593d0000c0 Mon Sep 17 00:00:00 2001 | 1 | From 1097a07b097043e15fe29a85326dbd196401244a Mon Sep 17 00:00:00 2001 |
2 | From: Changqing Li <changqing.li@windriver.com> | 2 | From: Changqing Li <changqing.li@windriver.com> |
3 | Date: Tue, 27 Feb 2024 18:06:51 +0800 | 3 | Date: Tue, 27 Feb 2024 18:06:51 +0800 |
4 | Subject: [PATCH] exec.go: filter out build-specific paths from linker flags | 4 | Subject: [PATCH] exec.go: filter out build-specific paths from linker flags |
@@ -9,15 +9,16 @@ Filter out options that have build-specific paths. | |||
9 | Upstream-Status: Inappropriate [ Not perfect for upstream ] | 9 | Upstream-Status: Inappropriate [ Not perfect for upstream ] |
10 | 10 | ||
11 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | 11 | Signed-off-by: Changqing Li <changqing.li@windriver.com> |
12 | Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | ||
12 | --- | 13 | --- |
13 | src/cmd/go/internal/work/exec.go | 25 ++++++++++++++++++++++++- | 14 | src/cmd/go/internal/work/exec.go | 25 ++++++++++++++++++++++++- |
14 | 1 file changed, 24 insertions(+), 1 deletion(-) | 15 | 1 file changed, 24 insertions(+), 1 deletion(-) |
15 | 16 | ||
16 | diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go | 17 | diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go |
17 | index cde867b..e3ce17d 100644 | 18 | index 544df46..c8f297c 100644 |
18 | --- a/src/cmd/go/internal/work/exec.go | 19 | --- a/src/cmd/go/internal/work/exec.go |
19 | +++ b/src/cmd/go/internal/work/exec.go | 20 | +++ b/src/cmd/go/internal/work/exec.go |
20 | @@ -1358,6 +1358,29 @@ func (b *Builder) linkActionID(a *Action) cache.ActionID { | 21 | @@ -1401,6 +1401,29 @@ func (b *Builder) linkActionID(a *Action) cache.ActionID { |
21 | return h.Sum() | 22 | return h.Sum() |
22 | } | 23 | } |
23 | 24 | ||
@@ -47,7 +48,7 @@ index cde867b..e3ce17d 100644 | |||
47 | // printLinkerConfig prints the linker config into the hash h, | 48 | // printLinkerConfig prints the linker config into the hash h, |
48 | // as part of the computation of a linker-related action ID. | 49 | // as part of the computation of a linker-related action ID. |
49 | func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { | 50 | func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { |
50 | @@ -1368,7 +1391,7 @@ func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { | 51 | @@ -1411,7 +1434,7 @@ func (b *Builder) printLinkerConfig(h io.Writer, p *load.Package) { |
51 | case "gc": | 52 | case "gc": |
52 | fmt.Fprintf(h, "link %s %q %s\n", b.toolID("link"), forcedLdflags, ldBuildmode) | 53 | fmt.Fprintf(h, "link %s %q %s\n", b.toolID("link"), forcedLdflags, ldBuildmode) |
53 | if p != nil { | 54 | if p != nil { |
@@ -56,6 +57,3 @@ index cde867b..e3ce17d 100644 | |||
56 | } | 57 | } |
57 | 58 | ||
58 | // GOARM, GOMIPS, etc. | 59 | // GOARM, GOMIPS, etc. |
59 | -- | ||
60 | 2.25.1 | ||
61 | |||
diff --git a/meta/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch b/meta/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch index 0662f66af5..4c1f0ca145 100644 --- a/meta/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch +++ b/meta/recipes-devtools/go/go/0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch | |||
@@ -1,8 +1,8 @@ | |||
1 | From e0999902687e2e394499f7153db8d62440c4dab0 Mon Sep 17 00:00:00 2001 | 1 | From e5af6155f2d6e0758d11d6c12d6f47ea8e65b141 Mon Sep 17 00:00:00 2001 |
2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | 2 | From: Alexander Kanavin <alex.kanavin@gmail.com> |
3 | Date: Tue, 10 Nov 2020 16:33:27 +0000 | 3 | Date: Tue, 10 Nov 2020 16:33:27 +0000 |
4 | Subject: [PATCH 8/9] src/cmd/dist/buildgo.go: do not hardcode host compilers | 4 | Subject: [PATCH] src/cmd/dist/buildgo.go: do not hardcode host compilers into |
5 | into target binaries | 5 | target binaries |
6 | 6 | ||
7 | These come from $CC/$CXX on the build host and are not useful on targets; | 7 | These come from $CC/$CXX on the build host and are not useful on targets; |
8 | additionally as they contain host specific paths, this helps reproducibility. | 8 | additionally as they contain host specific paths, this helps reproducibility. |
@@ -16,7 +16,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
16 | 1 file changed, 4 insertions(+), 4 deletions(-) | 16 | 1 file changed, 4 insertions(+), 4 deletions(-) |
17 | 17 | ||
18 | diff --git a/src/cmd/dist/buildgo.go b/src/cmd/dist/buildgo.go | 18 | diff --git a/src/cmd/dist/buildgo.go b/src/cmd/dist/buildgo.go |
19 | index 884e9d729a..2f52edacfe 100644 | 19 | index 884e9d7..2f52eda 100644 |
20 | --- a/src/cmd/dist/buildgo.go | 20 | --- a/src/cmd/dist/buildgo.go |
21 | +++ b/src/cmd/dist/buildgo.go | 21 | +++ b/src/cmd/dist/buildgo.go |
22 | @@ -51,8 +51,8 @@ func mkzdefaultcc(dir, file string) { | 22 | @@ -51,8 +51,8 @@ func mkzdefaultcc(dir, file string) { |
@@ -41,6 +41,3 @@ index 884e9d729a..2f52edacfe 100644 | |||
41 | writefile(buf.String(), file, writeSkipSame) | 41 | writefile(buf.String(), file, writeSkipSame) |
42 | } | 42 | } |
43 | 43 | ||
44 | -- | ||
45 | 2.44.0 | ||
46 | |||
diff --git a/meta/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch b/meta/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch index cc45496e9c..d939cb4716 100644 --- a/meta/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch +++ b/meta/recipes-devtools/go/go/0009-go-Filter-build-paths-on-staticly-linked-arches.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 6c2438f187ca912c54a71b4ac65ab98999a019d2 Mon Sep 17 00:00:00 2001 | 1 | From 6bdd6405ce63c7aa4b35cd85833d03c7f1b9109a Mon Sep 17 00:00:00 2001 |
2 | From: Richard Purdie <richard.purdie@linuxfoundation.org> | 2 | From: Richard Purdie <richard.purdie@linuxfoundation.org> |
3 | Date: Sat, 2 Jul 2022 23:08:13 +0100 | 3 | Date: Sat, 2 Jul 2022 23:08:13 +0100 |
4 | Subject: [PATCH 9/9] go: Filter build paths on staticly linked arches | 4 | Subject: [PATCH] go: Filter build paths on staticly linked arches |
5 | 5 | ||
6 | Filter out build time paths from ldflags and other flags variables when they're | 6 | Filter out build time paths from ldflags and other flags variables when they're |
7 | embedded in the go binary so that builds are reproducible regardless of build | 7 | embedded in the go binary so that builds are reproducible regardless of build |
@@ -17,7 +17,7 @@ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | |||
17 | 1 file changed, 13 insertions(+), 2 deletions(-) | 17 | 1 file changed, 13 insertions(+), 2 deletions(-) |
18 | 18 | ||
19 | diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go | 19 | diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go |
20 | index 1549800afb..f41fb2c4ef 100644 | 20 | index 1549800..f41fb2c 100644 |
21 | --- a/src/cmd/go/internal/load/pkg.go | 21 | --- a/src/cmd/go/internal/load/pkg.go |
22 | +++ b/src/cmd/go/internal/load/pkg.go | 22 | +++ b/src/cmd/go/internal/load/pkg.go |
23 | @@ -2277,6 +2277,17 @@ func appendBuildSetting(info *debug.BuildInfo, key, value string) { | 23 | @@ -2277,6 +2277,17 @@ func appendBuildSetting(info *debug.BuildInfo, key, value string) { |
@@ -56,6 +56,3 @@ index 1549800afb..f41fb2c4ef 100644 | |||
56 | } | 56 | } |
57 | } | 57 | } |
58 | appendSetting("GOARCH", cfg.BuildContext.GOARCH) | 58 | appendSetting("GOARCH", cfg.BuildContext.GOARCH) |
59 | -- | ||
60 | 2.44.0 | ||
61 | |||
diff --git a/meta/recipes-devtools/go/go_1.22.4.bb b/meta/recipes-devtools/go/go_1.22.6.bb index 46f5fbc6be..46f5fbc6be 100644 --- a/meta/recipes-devtools/go/go_1.22.4.bb +++ b/meta/recipes-devtools/go/go_1.22.6.bb | |||
diff --git a/meta/recipes-devtools/libdnf/libdnf_0.73.1.bb b/meta/recipes-devtools/libdnf/libdnf_0.73.2.bb index 3ab840b1b0..ed433d4a9f 100644 --- a/meta/recipes-devtools/libdnf/libdnf_0.73.1.bb +++ b/meta/recipes-devtools/libdnf/libdnf_0.73.2.bb | |||
@@ -13,7 +13,7 @@ SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;p | |||
13 | file://armarch.patch \ | 13 | file://armarch.patch \ |
14 | " | 14 | " |
15 | 15 | ||
16 | SRCREV = "0120e70747dcf05e716792e2e846c62eccd44319" | 16 | SRCREV = "86bbb159732e43dd6dff98c96e99382843f7c63b" |
17 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)" | 17 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!4\.90)\d+(\.\d+)+)" |
18 | 18 | ||
19 | S = "${WORKDIR}/git" | 19 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/libedit/libedit_20230828-3.1.bb b/meta/recipes-devtools/libedit/libedit_20230828-3.1.bb index 1684b57d31..8ea09e176a 100644 --- a/meta/recipes-devtools/libedit/libedit_20230828-3.1.bb +++ b/meta/recipes-devtools/libedit/libedit_20230828-3.1.bb | |||
@@ -15,6 +15,13 @@ SRC_URI = "http://www.thrysoee.dk/editline/${BP}.tar.gz \ | |||
15 | " | 15 | " |
16 | SRC_URI[sha256sum] = "4ee8182b6e569290e7d1f44f0f78dac8716b35f656b76528f699c69c98814dad" | 16 | SRC_URI[sha256sum] = "4ee8182b6e569290e7d1f44f0f78dac8716b35f656b76528f699c69c98814dad" |
17 | 17 | ||
18 | # configure hardcodes /usr/bin search path bypassing HOSTTOOLS | ||
19 | CACHED_CONFIGUREVARS += "ac_cv_path_NROFF=/bin/false" | ||
20 | |||
21 | # remove at next version upgrade or when output changes | ||
22 | PR = "r1" | ||
23 | HASHEQUIV_HASH_VERSION .= ".1" | ||
24 | |||
18 | BBCLASSEXTEND = "native nativesdk" | 25 | BBCLASSEXTEND = "native nativesdk" |
19 | 26 | ||
20 | inherit update-alternatives | 27 | inherit update-alternatives |
diff --git a/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch b/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch new file mode 100644 index 0000000000..c05685e64d --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch | |||
@@ -0,0 +1,1086 @@ | |||
1 | commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea | ||
2 | Author: Lucas Duarte Prates <lucas.prates@arm.com> | ||
3 | Date: Thu Jun 20 10:22:01 2024 +0100 | ||
4 | |||
5 | [ARM] CMSE security mitigation on function arguments and returned values (#89944) | ||
6 | |||
7 | The ABI mandates two things related to function calls: | ||
8 | - Function arguments must be sign- or zero-extended to the register | ||
9 | size by the caller. | ||
10 | - Return values must be sign- or zero-extended to the register size by | ||
11 | the callee. | ||
12 | |||
13 | As consequence, callees can assume that function arguments have been | ||
14 | extended and so can callers with regards to return values. | ||
15 | |||
16 | Here lies the problem: Nonsecure code might deliberately ignore this | ||
17 | mandate with the intent of attempting an exploit. It might try to pass | ||
18 | values that lie outside the expected type's value range in order to | ||
19 | trigger undefined behaviour, e.g. out of bounds access. | ||
20 | |||
21 | With the mitigation implemented, Secure code always performs extension | ||
22 | of values passed by Nonsecure code. | ||
23 | |||
24 | This addresses the vulnerability described in CVE-2024-0151. | ||
25 | |||
26 | Patches by Victor Campos. | ||
27 | |||
28 | --------- | ||
29 | |||
30 | Co-authored-by: Victor Campos <victor.campos@arm.com> | ||
31 | |||
32 | Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea] | ||
33 | CVE: CVE-2024-0151 | ||
34 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
35 | --- | ||
36 | diff --git a/llvm/lib/Target/ARM/ARMISelLowering.cpp b/llvm/lib/Target/ARM/ARMISelLowering.cpp | ||
37 | index bfe137b95602..5490c3c9df6c 100644 | ||
38 | --- a/llvm/lib/Target/ARM/ARMISelLowering.cpp | ||
39 | +++ b/llvm/lib/Target/ARM/ARMISelLowering.cpp | ||
40 | @@ -156,6 +156,17 @@ static const MCPhysReg GPRArgRegs[] = { | ||
41 | ARM::R0, ARM::R1, ARM::R2, ARM::R3 | ||
42 | }; | ||
43 | |||
44 | +static SDValue handleCMSEValue(const SDValue &Value, const ISD::InputArg &Arg, | ||
45 | + SelectionDAG &DAG, const SDLoc &DL) { | ||
46 | + assert(Arg.ArgVT.isScalarInteger()); | ||
47 | + assert(Arg.ArgVT.bitsLT(MVT::i32)); | ||
48 | + SDValue Trunc = DAG.getNode(ISD::TRUNCATE, DL, Arg.ArgVT, Value); | ||
49 | + SDValue Ext = | ||
50 | + DAG.getNode(Arg.Flags.isSExt() ? ISD::SIGN_EXTEND : ISD::ZERO_EXTEND, DL, | ||
51 | + MVT::i32, Trunc); | ||
52 | + return Ext; | ||
53 | +} | ||
54 | + | ||
55 | void ARMTargetLowering::addTypeForNEON(MVT VT, MVT PromotedLdStVT) { | ||
56 | if (VT != PromotedLdStVT) { | ||
57 | setOperationAction(ISD::LOAD, VT, Promote); | ||
58 | @@ -2196,7 +2207,7 @@ SDValue ARMTargetLowering::LowerCallResult( | ||
59 | SDValue Chain, SDValue InGlue, CallingConv::ID CallConv, bool isVarArg, | ||
60 | const SmallVectorImpl<ISD::InputArg> &Ins, const SDLoc &dl, | ||
61 | SelectionDAG &DAG, SmallVectorImpl<SDValue> &InVals, bool isThisReturn, | ||
62 | - SDValue ThisVal) const { | ||
63 | + SDValue ThisVal, bool isCmseNSCall) const { | ||
64 | // Assign locations to each value returned by this call. | ||
65 | SmallVector<CCValAssign, 16> RVLocs; | ||
66 | CCState CCInfo(CallConv, isVarArg, DAG.getMachineFunction(), RVLocs, | ||
67 | @@ -2274,6 +2285,15 @@ SDValue ARMTargetLowering::LowerCallResult( | ||
68 | (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16)) | ||
69 | Val = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), Val); | ||
70 | |||
71 | + // On CMSE Non-secure Calls, call results (returned values) whose bitwidth | ||
72 | + // is less than 32 bits must be sign- or zero-extended after the call for | ||
73 | + // security reasons. Although the ABI mandates an extension done by the | ||
74 | + // callee, the latter cannot be trusted to follow the rules of the ABI. | ||
75 | + const ISD::InputArg &Arg = Ins[VA.getValNo()]; | ||
76 | + if (isCmseNSCall && Arg.ArgVT.isScalarInteger() && | ||
77 | + VA.getLocVT().isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32)) | ||
78 | + Val = handleCMSEValue(Val, Arg, DAG, dl); | ||
79 | + | ||
80 | InVals.push_back(Val); | ||
81 | } | ||
82 | |||
83 | @@ -2888,7 +2908,7 @@ ARMTargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI, | ||
84 | // return. | ||
85 | return LowerCallResult(Chain, InGlue, CallConv, isVarArg, Ins, dl, DAG, | ||
86 | InVals, isThisReturn, | ||
87 | - isThisReturn ? OutVals[0] : SDValue()); | ||
88 | + isThisReturn ? OutVals[0] : SDValue(), isCmseNSCall); | ||
89 | } | ||
90 | |||
91 | /// HandleByVal - Every parameter *after* a byval parameter is passed | ||
92 | @@ -4485,8 +4505,6 @@ SDValue ARMTargetLowering::LowerFormalArguments( | ||
93 | *DAG.getContext()); | ||
94 | CCInfo.AnalyzeFormalArguments(Ins, CCAssignFnForCall(CallConv, isVarArg)); | ||
95 | |||
96 | - SmallVector<SDValue, 16> ArgValues; | ||
97 | - SDValue ArgValue; | ||
98 | Function::const_arg_iterator CurOrigArg = MF.getFunction().arg_begin(); | ||
99 | unsigned CurArgIdx = 0; | ||
100 | |||
101 | @@ -4541,6 +4559,7 @@ SDValue ARMTargetLowering::LowerFormalArguments( | ||
102 | // Arguments stored in registers. | ||
103 | if (VA.isRegLoc()) { | ||
104 | EVT RegVT = VA.getLocVT(); | ||
105 | + SDValue ArgValue; | ||
106 | |||
107 | if (VA.needsCustom() && VA.getLocVT() == MVT::v2f64) { | ||
108 | // f64 and vector types are split up into multiple registers or | ||
109 | @@ -4604,16 +4623,6 @@ SDValue ARMTargetLowering::LowerFormalArguments( | ||
110 | case CCValAssign::BCvt: | ||
111 | ArgValue = DAG.getNode(ISD::BITCAST, dl, VA.getValVT(), ArgValue); | ||
112 | break; | ||
113 | - case CCValAssign::SExt: | ||
114 | - ArgValue = DAG.getNode(ISD::AssertSext, dl, RegVT, ArgValue, | ||
115 | - DAG.getValueType(VA.getValVT())); | ||
116 | - ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue); | ||
117 | - break; | ||
118 | - case CCValAssign::ZExt: | ||
119 | - ArgValue = DAG.getNode(ISD::AssertZext, dl, RegVT, ArgValue, | ||
120 | - DAG.getValueType(VA.getValVT())); | ||
121 | - ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue); | ||
122 | - break; | ||
123 | } | ||
124 | |||
125 | // f16 arguments have their size extended to 4 bytes and passed as if they | ||
126 | @@ -4623,6 +4632,15 @@ SDValue ARMTargetLowering::LowerFormalArguments( | ||
127 | (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16)) | ||
128 | ArgValue = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), ArgValue); | ||
129 | |||
130 | + // On CMSE Entry Functions, formal integer arguments whose bitwidth is | ||
131 | + // less than 32 bits must be sign- or zero-extended in the callee for | ||
132 | + // security reasons. Although the ABI mandates an extension done by the | ||
133 | + // caller, the latter cannot be trusted to follow the rules of the ABI. | ||
134 | + const ISD::InputArg &Arg = Ins[VA.getValNo()]; | ||
135 | + if (AFI->isCmseNSEntryFunction() && Arg.ArgVT.isScalarInteger() && | ||
136 | + RegVT.isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32)) | ||
137 | + ArgValue = handleCMSEValue(ArgValue, Arg, DAG, dl); | ||
138 | + | ||
139 | InVals.push_back(ArgValue); | ||
140 | } else { // VA.isRegLoc() | ||
141 | // Only arguments passed on the stack should make it here. | ||
142 | diff --git a/llvm/lib/Target/ARM/ARMISelLowering.h b/llvm/lib/Target/ARM/ARMISelLowering.h | ||
143 | index 62a52bdb03f7..a255e9b6fc36 100644 | ||
144 | --- a/llvm/lib/Target/ARM/ARMISelLowering.h | ||
145 | +++ b/llvm/lib/Target/ARM/ARMISelLowering.h | ||
146 | @@ -891,7 +891,7 @@ class VectorType; | ||
147 | const SmallVectorImpl<ISD::InputArg> &Ins, | ||
148 | const SDLoc &dl, SelectionDAG &DAG, | ||
149 | SmallVectorImpl<SDValue> &InVals, bool isThisReturn, | ||
150 | - SDValue ThisVal) const; | ||
151 | + SDValue ThisVal, bool isCmseNSCall) const; | ||
152 | |||
153 | bool supportSplitCSR(MachineFunction *MF) const override { | ||
154 | return MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS && | ||
155 | diff --git a/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll | ||
156 | new file mode 100644 | ||
157 | index 0000000000..58eef443c25e | ||
158 | --- /dev/null | ||
159 | +++ b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll | ||
160 | @@ -0,0 +1,552 @@ | ||
161 | +; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE | ||
162 | +; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE | ||
163 | +; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE | ||
164 | +; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE | ||
165 | + | ||
166 | +@get_idx = hidden local_unnamed_addr global ptr null, align 4 | ||
167 | +@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4 | ||
168 | + | ||
169 | +define i32 @access_i16() { | ||
170 | +; V8M-COMMON-LABEL: access_i16: | ||
171 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
172 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
173 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
174 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
175 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
176 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
177 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
178 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
179 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
180 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
181 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
182 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
183 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
184 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
185 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
186 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
187 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
188 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
189 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
190 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
191 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
192 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
193 | +; V8M-COMMON-NEXT: blxns r0 | ||
194 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
195 | +; V8M-COMMON-NEXT: add sp, #136 | ||
196 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
197 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
198 | +; V8M-COMMON-NEXT: sxth r0, r0 | ||
199 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
200 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
201 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
202 | +; | ||
203 | +; V81M-COMMON-LABEL: access_i16: | ||
204 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
205 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
206 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
207 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
208 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
209 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
210 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
211 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
212 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
213 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
214 | +; V81M-COMMON-NEXT: blxns r0 | ||
215 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
216 | +; V81M-COMMON-NEXT: add sp, #136 | ||
217 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
218 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
219 | +; V81M-COMMON-NEXT: sxth r0, r0 | ||
220 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
221 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
222 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
223 | +entry: | ||
224 | + %0 = load ptr, ptr @get_idx, align 4 | ||
225 | + %call = tail call signext i16 %0() "cmse_nonsecure_call" | ||
226 | + %idxprom = sext i16 %call to i32 | ||
227 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
228 | + %1 = load i32, ptr %arrayidx, align 4 | ||
229 | + ret i32 %1 | ||
230 | +} | ||
231 | + | ||
232 | +define i32 @access_u16() { | ||
233 | +; V8M-COMMON-LABEL: access_u16: | ||
234 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
235 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
236 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
237 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
238 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
239 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
240 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
241 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
242 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
243 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
244 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
245 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
246 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
247 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
248 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
249 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
250 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
251 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
252 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
253 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
254 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
255 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
256 | +; V8M-COMMON-NEXT: blxns r0 | ||
257 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
258 | +; V8M-COMMON-NEXT: add sp, #136 | ||
259 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
260 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
261 | +; V8M-COMMON-NEXT: uxth r0, r0 | ||
262 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
263 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
264 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
265 | +; | ||
266 | +; V81M-COMMON-LABEL: access_u16: | ||
267 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
268 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
269 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
270 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
271 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
272 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
273 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
274 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
275 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
276 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
277 | +; V81M-COMMON-NEXT: blxns r0 | ||
278 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
279 | +; V81M-COMMON-NEXT: add sp, #136 | ||
280 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
281 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
282 | +; V81M-COMMON-NEXT: uxth r0, r0 | ||
283 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
284 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
285 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
286 | +entry: | ||
287 | + %0 = load ptr, ptr @get_idx, align 4 | ||
288 | + %call = tail call zeroext i16 %0() "cmse_nonsecure_call" | ||
289 | + %idxprom = zext i16 %call to i32 | ||
290 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
291 | + %1 = load i32, ptr %arrayidx, align 4 | ||
292 | + ret i32 %1 | ||
293 | +} | ||
294 | + | ||
295 | +define i32 @access_i8() { | ||
296 | +; V8M-COMMON-LABEL: access_i8: | ||
297 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
298 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
299 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
300 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
301 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
302 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
303 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
304 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
305 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
306 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
307 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
308 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
309 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
310 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
311 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
312 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
313 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
314 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
315 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
316 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
317 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
318 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
319 | +; V8M-COMMON-NEXT: blxns r0 | ||
320 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
321 | +; V8M-COMMON-NEXT: add sp, #136 | ||
322 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
323 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
324 | +; V8M-COMMON-NEXT: sxtb r0, r0 | ||
325 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
326 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
327 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
328 | +; | ||
329 | +; V81M-COMMON-LABEL: access_i8: | ||
330 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
331 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
332 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
333 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
334 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
335 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
336 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
337 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
338 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
339 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
340 | +; V81M-COMMON-NEXT: blxns r0 | ||
341 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
342 | +; V81M-COMMON-NEXT: add sp, #136 | ||
343 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
344 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
345 | +; V81M-COMMON-NEXT: sxtb r0, r0 | ||
346 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
347 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
348 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
349 | +entry: | ||
350 | + %0 = load ptr, ptr @get_idx, align 4 | ||
351 | + %call = tail call signext i8 %0() "cmse_nonsecure_call" | ||
352 | + %idxprom = sext i8 %call to i32 | ||
353 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
354 | + %1 = load i32, ptr %arrayidx, align 4 | ||
355 | + ret i32 %1 | ||
356 | +} | ||
357 | + | ||
358 | +define i32 @access_u8() { | ||
359 | +; V8M-COMMON-LABEL: access_u8: | ||
360 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
361 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
362 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
363 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
364 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
365 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
366 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
367 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
368 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
369 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
370 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
371 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
372 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
373 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
374 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
375 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
376 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
377 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
378 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
379 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
380 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
381 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
382 | +; V8M-COMMON-NEXT: blxns r0 | ||
383 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
384 | +; V8M-COMMON-NEXT: add sp, #136 | ||
385 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
386 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
387 | +; V8M-COMMON-NEXT: uxtb r0, r0 | ||
388 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
389 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
390 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
391 | +; | ||
392 | +; V81M-COMMON-LABEL: access_u8: | ||
393 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
394 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
395 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
396 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
397 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
398 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
399 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
400 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
401 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
402 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
403 | +; V81M-COMMON-NEXT: blxns r0 | ||
404 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
405 | +; V81M-COMMON-NEXT: add sp, #136 | ||
406 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
407 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
408 | +; V81M-COMMON-NEXT: uxtb r0, r0 | ||
409 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
410 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
411 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
412 | +entry: | ||
413 | + %0 = load ptr, ptr @get_idx, align 4 | ||
414 | + %call = tail call zeroext i8 %0() "cmse_nonsecure_call" | ||
415 | + %idxprom = zext i8 %call to i32 | ||
416 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
417 | + %1 = load i32, ptr %arrayidx, align 4 | ||
418 | + ret i32 %1 | ||
419 | +} | ||
420 | + | ||
421 | +define i32 @access_i1() { | ||
422 | +; V8M-COMMON-LABEL: access_i1: | ||
423 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
424 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
425 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
426 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
427 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
428 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
429 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
430 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
431 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
432 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
433 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
434 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
435 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
436 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
437 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
438 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
439 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
440 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
441 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
442 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
443 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
444 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
445 | +; V8M-COMMON-NEXT: blxns r0 | ||
446 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
447 | +; V8M-COMMON-NEXT: add sp, #136 | ||
448 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
449 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
450 | +; V8M-COMMON-NEXT: and r0, r0, #1 | ||
451 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
452 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
453 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
454 | +; | ||
455 | +; V81M-COMMON-LABEL: access_i1: | ||
456 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
457 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
458 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
459 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
460 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
461 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
462 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
463 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
464 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
465 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
466 | +; V81M-COMMON-NEXT: blxns r0 | ||
467 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
468 | +; V81M-COMMON-NEXT: add sp, #136 | ||
469 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
470 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
471 | +; V81M-COMMON-NEXT: and r0, r0, #1 | ||
472 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
473 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
474 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
475 | +entry: | ||
476 | + %0 = load ptr, ptr @get_idx, align 4 | ||
477 | + %call = tail call zeroext i1 %0() "cmse_nonsecure_call" | ||
478 | + %idxprom = zext i1 %call to i32 | ||
479 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
480 | + %1 = load i32, ptr %arrayidx, align 4 | ||
481 | + ret i32 %1 | ||
482 | +} | ||
483 | + | ||
484 | +define i32 @access_i5() { | ||
485 | +; V8M-COMMON-LABEL: access_i5: | ||
486 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
487 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
488 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
489 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
490 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
491 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
492 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
493 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
494 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
495 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
496 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
497 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
498 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
499 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
500 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
501 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
502 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
503 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
504 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
505 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
506 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
507 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
508 | +; V8M-COMMON-NEXT: blxns r0 | ||
509 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
510 | +; V8M-COMMON-NEXT: add sp, #136 | ||
511 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
512 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
513 | +; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5 | ||
514 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
515 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
516 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
517 | +; | ||
518 | +; V81M-COMMON-LABEL: access_i5: | ||
519 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
520 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
521 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
522 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
523 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
524 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
525 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
526 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
527 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
528 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
529 | +; V81M-COMMON-NEXT: blxns r0 | ||
530 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
531 | +; V81M-COMMON-NEXT: add sp, #136 | ||
532 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
533 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
534 | +; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5 | ||
535 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
536 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
537 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
538 | +entry: | ||
539 | + %0 = load ptr, ptr @get_idx, align 4 | ||
540 | + %call = tail call signext i5 %0() "cmse_nonsecure_call" | ||
541 | + %idxprom = sext i5 %call to i32 | ||
542 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
543 | + %1 = load i32, ptr %arrayidx, align 4 | ||
544 | + ret i32 %1 | ||
545 | +} | ||
546 | + | ||
547 | +define i32 @access_u5() { | ||
548 | +; V8M-COMMON-LABEL: access_u5: | ||
549 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
550 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
551 | +; V8M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
552 | +; V8M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
553 | +; V8M-COMMON-NEXT: ldr r0, [r0] | ||
554 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
555 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
556 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
557 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
558 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
559 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
560 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
561 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
562 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
563 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
564 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
565 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
566 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
567 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
568 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
569 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
570 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
571 | +; V8M-COMMON-NEXT: blxns r0 | ||
572 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
573 | +; V8M-COMMON-NEXT: add sp, #136 | ||
574 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
575 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
576 | +; V8M-COMMON-NEXT: and r0, r0, #31 | ||
577 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
578 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
579 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
580 | +; | ||
581 | +; V81M-COMMON-LABEL: access_u5: | ||
582 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
583 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
584 | +; V81M-COMMON-NEXT: movw r0, :lower16:get_idx | ||
585 | +; V81M-COMMON-NEXT: movt r0, :upper16:get_idx | ||
586 | +; V81M-COMMON-NEXT: ldr r0, [r0] | ||
587 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
588 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
589 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
590 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
591 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
592 | +; V81M-COMMON-NEXT: blxns r0 | ||
593 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
594 | +; V81M-COMMON-NEXT: add sp, #136 | ||
595 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
596 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
597 | +; V81M-COMMON-NEXT: and r0, r0, #31 | ||
598 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
599 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
600 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
601 | +entry: | ||
602 | + %0 = load ptr, ptr @get_idx, align 4 | ||
603 | + %call = tail call zeroext i5 %0() "cmse_nonsecure_call" | ||
604 | + %idxprom = zext i5 %call to i32 | ||
605 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
606 | + %1 = load i32, ptr %arrayidx, align 4 | ||
607 | + ret i32 %1 | ||
608 | +} | ||
609 | + | ||
610 | +define i32 @access_i33(ptr %f) { | ||
611 | +; V8M-COMMON-LABEL: access_i33: | ||
612 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
613 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
614 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
615 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
616 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
617 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
618 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
619 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
620 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
621 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
622 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
623 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
624 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
625 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
626 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
627 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
628 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
629 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
630 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
631 | +; V8M-COMMON-NEXT: blxns r0 | ||
632 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
633 | +; V8M-COMMON-NEXT: add sp, #136 | ||
634 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
635 | +; V8M-LE-NEXT: and r0, r1, #1 | ||
636 | +; V8M-BE-NEXT: and r0, r0, #1 | ||
637 | +; V8M-COMMON-NEXT: rsb.w r0, r0, #0 | ||
638 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
639 | +; | ||
640 | +; V81M-COMMON-LABEL: access_i33: | ||
641 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
642 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
643 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
644 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
645 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
646 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
647 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
648 | +; V81M-COMMON-NEXT: blxns r0 | ||
649 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
650 | +; V81M-COMMON-NEXT: add sp, #136 | ||
651 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
652 | +; V81M-LE-NEXT: and r0, r1, #1 | ||
653 | +; V81M-BE-NEXT: and r0, r0, #1 | ||
654 | +; V81M-COMMON-NEXT: rsb.w r0, r0, #0 | ||
655 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
656 | +entry: | ||
657 | + %call = tail call i33 %f() "cmse_nonsecure_call" | ||
658 | + %shr = ashr i33 %call, 32 | ||
659 | + %conv = trunc nsw i33 %shr to i32 | ||
660 | + ret i32 %conv | ||
661 | +} | ||
662 | + | ||
663 | +define i32 @access_u33(ptr %f) { | ||
664 | +; V8M-COMMON-LABEL: access_u33: | ||
665 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
666 | +; V8M-COMMON-NEXT: push {r7, lr} | ||
667 | +; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
668 | +; V8M-COMMON-NEXT: bic r0, r0, #1 | ||
669 | +; V8M-COMMON-NEXT: sub sp, #136 | ||
670 | +; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
671 | +; V8M-COMMON-NEXT: mov r1, r0 | ||
672 | +; V8M-COMMON-NEXT: mov r2, r0 | ||
673 | +; V8M-COMMON-NEXT: mov r3, r0 | ||
674 | +; V8M-COMMON-NEXT: mov r4, r0 | ||
675 | +; V8M-COMMON-NEXT: mov r5, r0 | ||
676 | +; V8M-COMMON-NEXT: mov r6, r0 | ||
677 | +; V8M-COMMON-NEXT: mov r7, r0 | ||
678 | +; V8M-COMMON-NEXT: mov r8, r0 | ||
679 | +; V8M-COMMON-NEXT: mov r9, r0 | ||
680 | +; V8M-COMMON-NEXT: mov r10, r0 | ||
681 | +; V8M-COMMON-NEXT: mov r11, r0 | ||
682 | +; V8M-COMMON-NEXT: mov r12, r0 | ||
683 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 | ||
684 | +; V8M-COMMON-NEXT: blxns r0 | ||
685 | +; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
686 | +; V8M-COMMON-NEXT: add sp, #136 | ||
687 | +; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
688 | +; V8M-LE-NEXT: and r0, r1, #1 | ||
689 | +; V8M-BE-NEXT: and r0, r0, #1 | ||
690 | +; V8M-COMMON-NEXT: pop {r7, pc} | ||
691 | +; | ||
692 | +; V81M-COMMON-LABEL: access_u33: | ||
693 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
694 | +; V81M-COMMON-NEXT: push {r7, lr} | ||
695 | +; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
696 | +; V81M-COMMON-NEXT: bic r0, r0, #1 | ||
697 | +; V81M-COMMON-NEXT: sub sp, #136 | ||
698 | +; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} | ||
699 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} | ||
700 | +; V81M-COMMON-NEXT: blxns r0 | ||
701 | +; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} | ||
702 | +; V81M-COMMON-NEXT: add sp, #136 | ||
703 | +; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} | ||
704 | +; V81M-LE-NEXT: and r0, r1, #1 | ||
705 | +; V81M-BE-NEXT: and r0, r0, #1 | ||
706 | +; V81M-COMMON-NEXT: pop {r7, pc} | ||
707 | +entry: | ||
708 | + %call = tail call i33 %f() "cmse_nonsecure_call" | ||
709 | + %shr = lshr i33 %call, 32 | ||
710 | + %conv = trunc nuw nsw i33 %shr to i32 | ||
711 | + ret i32 %conv | ||
712 | +} | ||
713 | diff --git a/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll | ||
714 | new file mode 100644 | ||
715 | index 0000000000..c66ab00566dd | ||
716 | --- /dev/null | ||
717 | +++ b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll | ||
718 | @@ -0,0 +1,368 @@ | ||
719 | +; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE | ||
720 | +; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE | ||
721 | +; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE | ||
722 | +; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE | ||
723 | + | ||
724 | +@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4 | ||
725 | + | ||
726 | +define i32 @access_i16(i16 signext %idx) "cmse_nonsecure_entry" { | ||
727 | +; V8M-COMMON-LABEL: access_i16: | ||
728 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
729 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
730 | +; V8M-COMMON-NEXT: sxth r0, r0 | ||
731 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
732 | +; V8M-COMMON-NEXT: mov r2, lr | ||
733 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
734 | +; V8M-COMMON-NEXT: mov r1, lr | ||
735 | +; V8M-COMMON-NEXT: mov r3, lr | ||
736 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
737 | +; V8M-COMMON-NEXT: mov r12, lr | ||
738 | +; V8M-COMMON-NEXT: bxns lr | ||
739 | +; | ||
740 | +; V81M-COMMON-LABEL: access_i16: | ||
741 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
742 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
743 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
744 | +; V81M-COMMON-NEXT: sxth r0, r0 | ||
745 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
746 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
747 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
748 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
749 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
750 | +; V81M-COMMON-NEXT: bxns lr | ||
751 | +entry: | ||
752 | + %idxprom = sext i16 %idx to i32 | ||
753 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
754 | + %0 = load i32, ptr %arrayidx, align 4 | ||
755 | + ret i32 %0 | ||
756 | +} | ||
757 | + | ||
758 | +define i32 @access_u16(i16 zeroext %idx) "cmse_nonsecure_entry" { | ||
759 | +; V8M-COMMON-LABEL: access_u16: | ||
760 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
761 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
762 | +; V8M-COMMON-NEXT: uxth r0, r0 | ||
763 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
764 | +; V8M-COMMON-NEXT: mov r2, lr | ||
765 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
766 | +; V8M-COMMON-NEXT: mov r1, lr | ||
767 | +; V8M-COMMON-NEXT: mov r3, lr | ||
768 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
769 | +; V8M-COMMON-NEXT: mov r12, lr | ||
770 | +; V8M-COMMON-NEXT: bxns lr | ||
771 | +; | ||
772 | +; V81M-COMMON-LABEL: access_u16: | ||
773 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
774 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
775 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
776 | +; V81M-COMMON-NEXT: uxth r0, r0 | ||
777 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
778 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
779 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
780 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
781 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
782 | +; V81M-COMMON-NEXT: bxns lr | ||
783 | +entry: | ||
784 | + %idxprom = zext i16 %idx to i32 | ||
785 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
786 | + %0 = load i32, ptr %arrayidx, align 4 | ||
787 | + ret i32 %0 | ||
788 | +} | ||
789 | + | ||
790 | +define i32 @access_i8(i8 signext %idx) "cmse_nonsecure_entry" { | ||
791 | +; V8M-COMMON-LABEL: access_i8: | ||
792 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
793 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
794 | +; V8M-COMMON-NEXT: sxtb r0, r0 | ||
795 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
796 | +; V8M-COMMON-NEXT: mov r2, lr | ||
797 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
798 | +; V8M-COMMON-NEXT: mov r1, lr | ||
799 | +; V8M-COMMON-NEXT: mov r3, lr | ||
800 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
801 | +; V8M-COMMON-NEXT: mov r12, lr | ||
802 | +; V8M-COMMON-NEXT: bxns lr | ||
803 | +; | ||
804 | +; V81M-COMMON-LABEL: access_i8: | ||
805 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
806 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
807 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
808 | +; V81M-COMMON-NEXT: sxtb r0, r0 | ||
809 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
810 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
811 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
812 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
813 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
814 | +; V81M-COMMON-NEXT: bxns lr | ||
815 | +entry: | ||
816 | + %idxprom = sext i8 %idx to i32 | ||
817 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
818 | + %0 = load i32, ptr %arrayidx, align 4 | ||
819 | + ret i32 %0 | ||
820 | +} | ||
821 | + | ||
822 | +define i32 @access_u8(i8 zeroext %idx) "cmse_nonsecure_entry" { | ||
823 | +; V8M-COMMON-LABEL: access_u8: | ||
824 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
825 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
826 | +; V8M-COMMON-NEXT: uxtb r0, r0 | ||
827 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
828 | +; V8M-COMMON-NEXT: mov r2, lr | ||
829 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
830 | +; V8M-COMMON-NEXT: mov r1, lr | ||
831 | +; V8M-COMMON-NEXT: mov r3, lr | ||
832 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
833 | +; V8M-COMMON-NEXT: mov r12, lr | ||
834 | +; V8M-COMMON-NEXT: bxns lr | ||
835 | +; | ||
836 | +; V81M-COMMON-LABEL: access_u8: | ||
837 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
838 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
839 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
840 | +; V81M-COMMON-NEXT: uxtb r0, r0 | ||
841 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
842 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
843 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
844 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
845 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
846 | +; V81M-COMMON-NEXT: bxns lr | ||
847 | +entry: | ||
848 | + %idxprom = zext i8 %idx to i32 | ||
849 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
850 | + %0 = load i32, ptr %arrayidx, align 4 | ||
851 | + ret i32 %0 | ||
852 | +} | ||
853 | + | ||
854 | +define i32 @access_i1(i1 signext %idx) "cmse_nonsecure_entry" { | ||
855 | +; V8M-COMMON-LABEL: access_i1: | ||
856 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
857 | +; V8M-COMMON-NEXT: and r0, r0, #1 | ||
858 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
859 | +; V8M-COMMON-NEXT: rsbs r0, r0, #0 | ||
860 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
861 | +; V8M-COMMON-NEXT: and r0, r0, #1 | ||
862 | +; V8M-COMMON-NEXT: mov r2, lr | ||
863 | +; V8M-COMMON-NEXT: mov r3, lr | ||
864 | +; V8M-COMMON-NEXT: mov r12, lr | ||
865 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
866 | +; V8M-COMMON-NEXT: mov r1, lr | ||
867 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
868 | +; V8M-COMMON-NEXT: bxns lr | ||
869 | +; | ||
870 | +; V81M-COMMON-LABEL: access_i1: | ||
871 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
872 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
873 | +; V81M-COMMON-NEXT: and r0, r0, #1 | ||
874 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
875 | +; V81M-COMMON-NEXT: rsbs r0, r0, #0 | ||
876 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
877 | +; V81M-COMMON-NEXT: and r0, r0, #1 | ||
878 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
879 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
880 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
881 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
882 | +; V81M-COMMON-NEXT: bxns lr | ||
883 | +entry: | ||
884 | + %idxprom = zext i1 %idx to i32 | ||
885 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
886 | + %0 = load i32, ptr %arrayidx, align 4 | ||
887 | + ret i32 %0 | ||
888 | +} | ||
889 | + | ||
890 | +define i32 @access_i5(i5 signext %idx) "cmse_nonsecure_entry" { | ||
891 | +; V8M-COMMON-LABEL: access_i5: | ||
892 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
893 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
894 | +; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5 | ||
895 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
896 | +; V8M-COMMON-NEXT: mov r2, lr | ||
897 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
898 | +; V8M-COMMON-NEXT: mov r1, lr | ||
899 | +; V8M-COMMON-NEXT: mov r3, lr | ||
900 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
901 | +; V8M-COMMON-NEXT: mov r12, lr | ||
902 | +; V8M-COMMON-NEXT: bxns lr | ||
903 | +; | ||
904 | +; V81M-COMMON-LABEL: access_i5: | ||
905 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
906 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
907 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
908 | +; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5 | ||
909 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
910 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
911 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
912 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
913 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
914 | +; V81M-COMMON-NEXT: bxns lr | ||
915 | +entry: | ||
916 | + %idxprom = sext i5 %idx to i32 | ||
917 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
918 | + %0 = load i32, ptr %arrayidx, align 4 | ||
919 | + ret i32 %0 | ||
920 | +} | ||
921 | + | ||
922 | +define i32 @access_u5(i5 zeroext %idx) "cmse_nonsecure_entry" { | ||
923 | +; V8M-COMMON-LABEL: access_u5: | ||
924 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
925 | +; V8M-COMMON-NEXT: movw r1, :lower16:arr | ||
926 | +; V8M-COMMON-NEXT: and r0, r0, #31 | ||
927 | +; V8M-COMMON-NEXT: movt r1, :upper16:arr | ||
928 | +; V8M-COMMON-NEXT: mov r2, lr | ||
929 | +; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
930 | +; V8M-COMMON-NEXT: mov r1, lr | ||
931 | +; V8M-COMMON-NEXT: mov r3, lr | ||
932 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
933 | +; V8M-COMMON-NEXT: mov r12, lr | ||
934 | +; V8M-COMMON-NEXT: bxns lr | ||
935 | +; | ||
936 | +; V81M-COMMON-LABEL: access_u5: | ||
937 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
938 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
939 | +; V81M-COMMON-NEXT: movw r1, :lower16:arr | ||
940 | +; V81M-COMMON-NEXT: and r0, r0, #31 | ||
941 | +; V81M-COMMON-NEXT: movt r1, :upper16:arr | ||
942 | +; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] | ||
943 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
944 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
945 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
946 | +; V81M-COMMON-NEXT: bxns lr | ||
947 | +entry: | ||
948 | + %idxprom = zext i5 %idx to i32 | ||
949 | + %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom | ||
950 | + %0 = load i32, ptr %arrayidx, align 4 | ||
951 | + ret i32 %0 | ||
952 | +} | ||
953 | + | ||
954 | +define i32 @access_i33(i33 %arg) "cmse_nonsecure_entry" { | ||
955 | +; V8M-COMMON-LABEL: access_i33: | ||
956 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
957 | +; V8M-LE-NEXT: and r0, r1, #1 | ||
958 | +; V8M-BE-NEXT: and r0, r0, #1 | ||
959 | +; V8M-COMMON-NEXT: mov r1, lr | ||
960 | +; V8M-COMMON-NEXT: rsbs r0, r0, #0 | ||
961 | +; V8M-COMMON-NEXT: mov r2, lr | ||
962 | +; V8M-COMMON-NEXT: mov r3, lr | ||
963 | +; V8M-COMMON-NEXT: mov r12, lr | ||
964 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
965 | +; V8M-COMMON-NEXT: bxns lr | ||
966 | +; | ||
967 | +; V81M-COMMON-LABEL: access_i33: | ||
968 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
969 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
970 | +; V81M-LE-NEXT: and r0, r1, #1 | ||
971 | +; V81M-BE-NEXT: and r0, r0, #1 | ||
972 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
973 | +; V81M-COMMON-NEXT: rsbs r0, r0, #0 | ||
974 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
975 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
976 | +; V81M-COMMON-NEXT: bxns lr | ||
977 | +entry: | ||
978 | + %shr = ashr i33 %arg, 32 | ||
979 | + %conv = trunc nsw i33 %shr to i32 | ||
980 | + ret i32 %conv | ||
981 | +} | ||
982 | + | ||
983 | +define i32 @access_u33(i33 %arg) "cmse_nonsecure_entry" { | ||
984 | +; V8M-COMMON-LABEL: access_u33: | ||
985 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
986 | +; V8M-LE-NEXT: and r0, r1, #1 | ||
987 | +; V8M-BE-NEXT: and r0, r0, #1 | ||
988 | +; V8M-COMMON-NEXT: mov r1, lr | ||
989 | +; V8M-COMMON-NEXT: mov r2, lr | ||
990 | +; V8M-COMMON-NEXT: mov r3, lr | ||
991 | +; V8M-COMMON-NEXT: mov r12, lr | ||
992 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
993 | +; V8M-COMMON-NEXT: bxns lr | ||
994 | +; | ||
995 | +; V81M-COMMON-LABEL: access_u33: | ||
996 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
997 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
998 | +; V81M-LE-NEXT: and r0, r1, #1 | ||
999 | +; V81M-BE-NEXT: and r0, r0, #1 | ||
1000 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
1001 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
1002 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
1003 | +; V81M-COMMON-NEXT: bxns lr | ||
1004 | +entry: | ||
1005 | + %shr = lshr i33 %arg, 32 | ||
1006 | + %conv = trunc nuw nsw i33 %shr to i32 | ||
1007 | + ret i32 %conv | ||
1008 | +} | ||
1009 | + | ||
1010 | +define i32 @access_i65(ptr byval(i65) %0) "cmse_nonsecure_entry" { | ||
1011 | +; V8M-COMMON-LABEL: access_i65: | ||
1012 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
1013 | +; V8M-COMMON-NEXT: sub sp, #16 | ||
1014 | +; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} | ||
1015 | +; V8M-LE-NEXT: ldrb.w r0, [sp, #8] | ||
1016 | +; V8M-LE-NEXT: and r0, r0, #1 | ||
1017 | +; V8M-LE-NEXT: rsbs r0, r0, #0 | ||
1018 | +; V8M-BE-NEXT: movs r1, #0 | ||
1019 | +; V8M-BE-NEXT: sub.w r0, r1, r0, lsr #24 | ||
1020 | +; V8M-COMMON-NEXT: add sp, #16 | ||
1021 | +; V8M-COMMON-NEXT: mov r1, lr | ||
1022 | +; V8M-COMMON-NEXT: mov r2, lr | ||
1023 | +; V8M-COMMON-NEXT: mov r3, lr | ||
1024 | +; V8M-COMMON-NEXT: mov r12, lr | ||
1025 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
1026 | +; V8M-COMMON-NEXT: bxns lr | ||
1027 | +; | ||
1028 | +; V81M-COMMON-LABEL: access_i65: | ||
1029 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
1030 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
1031 | +; V81M-COMMON-NEXT: sub sp, #16 | ||
1032 | +; V81M-COMMON-NEXT: add sp, #4 | ||
1033 | +; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} | ||
1034 | +; V81M-LE-NEXT: ldrb.w r0, [sp, #8] | ||
1035 | +; V81M-LE-NEXT: and r0, r0, #1 | ||
1036 | +; V81M-LE-NEXT: rsbs r0, r0, #0 | ||
1037 | +; V81M-BE-NEXT: movs r1, #0 | ||
1038 | +; V81M-BE-NEXT: sub.w r0, r1, r0, lsr #24 | ||
1039 | +; V81M-COMMON-NEXT: sub sp, #4 | ||
1040 | +; V81M-COMMON-NEXT: add sp, #16 | ||
1041 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
1042 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
1043 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
1044 | +; V81M-COMMON-NEXT: bxns lr | ||
1045 | +entry: | ||
1046 | + %arg = load i65, ptr %0, align 8 | ||
1047 | + %shr = ashr i65 %arg, 64 | ||
1048 | + %conv = trunc nsw i65 %shr to i32 | ||
1049 | + ret i32 %conv | ||
1050 | +} | ||
1051 | + | ||
1052 | +define i32 @access_u65(ptr byval(i65) %0) "cmse_nonsecure_entry" { | ||
1053 | +; V8M-COMMON-LABEL: access_u65: | ||
1054 | +; V8M-COMMON: @ %bb.0: @ %entry | ||
1055 | +; V8M-COMMON-NEXT: sub sp, #16 | ||
1056 | +; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} | ||
1057 | +; V8M-LE-NEXT: ldrb.w r0, [sp, #8] | ||
1058 | +; V8M-BE-NEXT: lsrs r0, r0, #24 | ||
1059 | +; V8M-COMMON-NEXT: add sp, #16 | ||
1060 | +; V8M-COMMON-NEXT: mov r1, lr | ||
1061 | +; V8M-COMMON-NEXT: mov r2, lr | ||
1062 | +; V8M-COMMON-NEXT: mov r3, lr | ||
1063 | +; V8M-COMMON-NEXT: mov r12, lr | ||
1064 | +; V8M-COMMON-NEXT: msr apsr_nzcvq, lr | ||
1065 | +; V8M-COMMON-NEXT: bxns lr | ||
1066 | +; | ||
1067 | +; V81M-COMMON-LABEL: access_u65: | ||
1068 | +; V81M-COMMON: @ %bb.0: @ %entry | ||
1069 | +; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! | ||
1070 | +; V81M-COMMON-NEXT: sub sp, #16 | ||
1071 | +; V81M-COMMON-NEXT: add sp, #4 | ||
1072 | +; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} | ||
1073 | +; V81M-LE-NEXT: ldrb.w r0, [sp, #8] | ||
1074 | +; V81M-BE-NEXT: lsrs r0, r0, #24 | ||
1075 | +; V81M-COMMON-NEXT: sub sp, #4 | ||
1076 | +; V81M-COMMON-NEXT: add sp, #16 | ||
1077 | +; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} | ||
1078 | +; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 | ||
1079 | +; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} | ||
1080 | +; V81M-COMMON-NEXT: bxns lr | ||
1081 | +entry: | ||
1082 | + %arg = load i65, ptr %0, align 8 | ||
1083 | + %shr = lshr i65 %arg, 64 | ||
1084 | + %conv = trunc nuw nsw i65 %shr to i32 | ||
1085 | + ret i32 %conv | ||
1086 | +} | ||
diff --git a/meta/recipes-devtools/llvm/llvm_18.1.5.bb b/meta/recipes-devtools/llvm/llvm_18.1.6.bb index 4b6763e580..0496b8ed14 100644 --- a/meta/recipes-devtools/llvm/llvm_18.1.5.bb +++ b/meta/recipes-devtools/llvm/llvm_18.1.6.bb | |||
@@ -25,9 +25,10 @@ LLVM_RELEASE = "${PV}" | |||
25 | SRC_URI = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${PV}/llvm-project-${PV}.src.tar.xz \ | 25 | SRC_URI = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${PV}/llvm-project-${PV}.src.tar.xz \ |
26 | file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ | 26 | file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ |
27 | file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ | 27 | file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ |
28 | file://0002-llvm-Fix-CVE-2024-0151.patch;striplevel=2 \ | ||
28 | file://llvm-config \ | 29 | file://llvm-config \ |
29 | " | 30 | " |
30 | SRC_URI[sha256sum] = "3591a52761a7d390ede51af01ea73abfecc4b1d16445f9d019b67a57edd7de56" | 31 | SRC_URI[sha256sum] = "bd4b4cb6374bcd5fc5a3ba60cb80425d29da34f316b8821abc12c0db225cf6b4" |
31 | 32 | ||
32 | UPSTREAM_CHECK_URI = "https://github.com/llvm/llvm-project" | 33 | UPSTREAM_CHECK_URI = "https://github.com/llvm/llvm-project" |
33 | UPSTREAM_CHECK_REGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)" | 34 | UPSTREAM_CHECK_REGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)" |
@@ -54,7 +55,6 @@ def get_llvm_host_arch(bb, d): | |||
54 | return get_llvm_arch(bb, d, 'HOST_ARCH') | 55 | return get_llvm_arch(bb, d, 'HOST_ARCH') |
55 | 56 | ||
56 | PACKAGECONFIG ??= "libllvm" | 57 | PACKAGECONFIG ??= "libllvm" |
57 | PACKAGECONFIG:class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'libllvm', '', d)}" | ||
58 | # if optviewer OFF, force the modules to be not found or the ones on the host would be found | 58 | # if optviewer OFF, force the modules to be not found or the ones on the host would be found |
59 | PACKAGECONFIG[optviewer] = ",-DPY_PYGMENTS_FOUND=OFF -DPY_PYGMENTS_LEXERS_C_CPP_FOUND=OFF -DPY_YAML_FOUND=OFF,python3-pygments python3-pyyaml,python3-pygments python3-pyyaml" | 59 | PACKAGECONFIG[optviewer] = ",-DPY_PYGMENTS_FOUND=OFF -DPY_PYGMENTS_LEXERS_C_CPP_FOUND=OFF -DPY_YAML_FOUND=OFF,python3-pygments python3-pyyaml,python3-pygments python3-pyyaml" |
60 | PACKAGECONFIG[libllvm] = "" | 60 | PACKAGECONFIG[libllvm] = "" |
diff --git a/meta/recipes-devtools/makedevs/makedevs/makedevs.c b/meta/recipes-devtools/makedevs/makedevs/makedevs.c index df2e3cfad5..2254b54891 100644 --- a/meta/recipes-devtools/makedevs/makedevs/makedevs.c +++ b/meta/recipes-devtools/makedevs/makedevs/makedevs.c | |||
@@ -36,6 +36,7 @@ static const char *const app_name = "makedevs"; | |||
36 | static const char *const memory_exhausted = "memory exhausted"; | 36 | static const char *const memory_exhausted = "memory exhausted"; |
37 | static char default_rootdir[]="."; | 37 | static char default_rootdir[]="."; |
38 | static char *rootdir = default_rootdir; | 38 | static char *rootdir = default_rootdir; |
39 | static char *rootdir_prepend = default_rootdir; | ||
39 | static int trace = 0; | 40 | static int trace = 0; |
40 | 41 | ||
41 | struct name_id { | 42 | struct name_id { |
@@ -217,6 +218,9 @@ static unsigned long convert2guid(char *id_buf, struct name_id *search_list) | |||
217 | } | 218 | } |
218 | error_msg_and_die("No entry for %s in search list", id_buf); | 219 | error_msg_and_die("No entry for %s in search list", id_buf); |
219 | } | 220 | } |
221 | |||
222 | // Unreachable, but avoid an error with -Werror=return-type | ||
223 | return 0; | ||
220 | } | 224 | } |
221 | 225 | ||
222 | static void free_list(struct name_id *list) | 226 | static void free_list(struct name_id *list) |
@@ -379,8 +383,8 @@ static int interpret_table_entry(char *line) | |||
379 | error_msg_and_die("Device table entries require absolute paths"); | 383 | error_msg_and_die("Device table entries require absolute paths"); |
380 | } | 384 | } |
381 | name = xstrdup(path + 1); | 385 | name = xstrdup(path + 1); |
382 | /* prefix path with rootdir */ | 386 | /* prefix path with rootdir_prepend */ |
383 | sprintf(path, "%s/%s", rootdir, name); | 387 | sprintf(path, "%s/%s", rootdir_prepend, name); |
384 | 388 | ||
385 | /* XXX Why is name passed into all of the add_new_*() routines? */ | 389 | /* XXX Why is name passed into all of the add_new_*() routines? */ |
386 | switch (type) { | 390 | switch (type) { |
@@ -406,11 +410,11 @@ static int interpret_table_entry(char *line) | |||
406 | 410 | ||
407 | for (i = start; i < start + count; i++) { | 411 | for (i = start; i < start + count; i++) { |
408 | sprintf(buf, "%s%d", name, i); | 412 | sprintf(buf, "%s%d", name, i); |
409 | sprintf(path, "%s/%s%d", rootdir, name, i); | 413 | sprintf(path, "%s/%s%d", rootdir_prepend, name, i); |
410 | /* FIXME: MKDEV uses illicit insider knowledge of kernel | 414 | /* FIXME: MKDEV uses illicit insider knowledge of kernel |
411 | * major/minor representation... */ | 415 | * major/minor representation... */ |
412 | rdev = MKDEV(major, minor + (i - start) * increment); | 416 | rdev = MKDEV(major, minor + (i - start) * increment); |
413 | sprintf(path, "%s/%s\0", rootdir, buf); | 417 | sprintf(path, "%s/%s\0", rootdir_prepend, buf); |
414 | add_new_device(buf, path, uid, gid, mode, rdev); | 418 | add_new_device(buf, path, uid, gid, mode, rdev); |
415 | } | 419 | } |
416 | } else { | 420 | } else { |
@@ -541,12 +545,11 @@ int main(int argc, char **argv) | |||
541 | } else { | 545 | } else { |
542 | closedir(dir); | 546 | closedir(dir); |
543 | } | 547 | } |
544 | /* If "/" is specified, use "" because rootdir is always prepended to a | 548 | rootdir = xstrdup(optarg); |
545 | * string that starts with "/" */ | 549 | if (0 == strcmp(rootdir, "/")) |
546 | if (0 == strcmp(optarg, "/")) | 550 | rootdir_prepend = xstrdup(""); |
547 | rootdir = xstrdup(""); | ||
548 | else | 551 | else |
549 | rootdir = xstrdup(optarg); | 552 | rootdir_prepend = xstrdup(rootdir); |
550 | break; | 553 | break; |
551 | 554 | ||
552 | case 't': | 555 | case 't': |
diff --git a/meta/recipes-devtools/meson/meson_1.3.1.bb b/meta/recipes-devtools/meson/meson_1.3.1.bb index 9cc0cc31ab..f34af0e06d 100644 --- a/meta/recipes-devtools/meson/meson_1.3.1.bb +++ b/meta/recipes-devtools/meson/meson_1.3.1.bb | |||
@@ -86,7 +86,7 @@ ar = ${@meson_array('BUILD_AR', d)} | |||
86 | nm = ${@meson_array('BUILD_NM', d)} | 86 | nm = ${@meson_array('BUILD_NM', d)} |
87 | strip = ${@meson_array('BUILD_STRIP', d)} | 87 | strip = ${@meson_array('BUILD_STRIP', d)} |
88 | readelf = ${@meson_array('BUILD_READELF', d)} | 88 | readelf = ${@meson_array('BUILD_READELF', d)} |
89 | pkgconfig = 'pkg-config-native' | 89 | pkg-config = 'pkg-config-native' |
90 | 90 | ||
91 | [built-in options] | 91 | [built-in options] |
92 | c_args = ['-isystem@{OECORE_NATIVE_SYSROOT}${includedir_native}' , ${@var_list2str('BUILD_OPTIMIZATION', d)}] | 92 | c_args = ['-isystem@{OECORE_NATIVE_SYSROOT}${includedir_native}' , ${@var_list2str('BUILD_OPTIMIZATION', d)}] |
@@ -104,7 +104,7 @@ cpp = @CXX | |||
104 | ar = @AR | 104 | ar = @AR |
105 | nm = @NM | 105 | nm = @NM |
106 | strip = @STRIP | 106 | strip = @STRIP |
107 | pkgconfig = 'pkg-config' | 107 | pkg-config = 'pkg-config' |
108 | 108 | ||
109 | [built-in options] | 109 | [built-in options] |
110 | c_args = @CFLAGS | 110 | c_args = @CFLAGS |
diff --git a/meta/recipes-devtools/mmc/mmc-utils_git.bb b/meta/recipes-devtools/mmc/mmc-utils_git.bb index a7e4d369ff..9d3f673273 100644 --- a/meta/recipes-devtools/mmc/mmc-utils_git.bb +++ b/meta/recipes-devtools/mmc/mmc-utils_git.bb | |||
@@ -1,5 +1,5 @@ | |||
1 | SUMMARY = "Userspace tools for MMC/SD devices" | 1 | SUMMARY = "Userspace tools for MMC/SD devices" |
2 | HOMEPAGE = "http://git.kernel.org/cgit/linux/kernel/git/cjb/mmc-utils.git/" | 2 | HOMEPAGE = "https://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git/" |
3 | DESCRIPTION = "${SUMMARY}" | 3 | DESCRIPTION = "${SUMMARY}" |
4 | LICENSE = "GPL-2.0-only" | 4 | LICENSE = "GPL-2.0-only" |
5 | LIC_FILES_CHKSUM = "file://mmc.c;beginline=1;endline=20;md5=fae32792e20f4d27ade1c5a762d16b7d" | 5 | LIC_FILES_CHKSUM = "file://mmc.c;beginline=1;endline=20;md5=fae32792e20f4d27ade1c5a762d16b7d" |
@@ -9,7 +9,7 @@ SRCREV = "b5ca140312d279ad2f22068fd72a6230eea13436" | |||
9 | 9 | ||
10 | PV = "0.1+git" | 10 | PV = "0.1+git" |
11 | 11 | ||
12 | SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc-utils.git;branch=${SRCBRANCH};protocol=https" | 12 | SRC_URI = "git://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git;branch=${SRCBRANCH};protocol=https" |
13 | UPSTREAM_CHECK_COMMITS = "1" | 13 | UPSTREAM_CHECK_COMMITS = "1" |
14 | 14 | ||
15 | S = "${WORKDIR}/git" | 15 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/nasm/nasm_2.16.01.bb b/meta/recipes-devtools/nasm/nasm_2.16.03.bb index 219cc49360..281f3940e7 100644 --- a/meta/recipes-devtools/nasm/nasm_2.16.01.bb +++ b/meta/recipes-devtools/nasm/nasm_2.16.03.bb | |||
@@ -10,7 +10,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ | |||
10 | file://0002-Add-debug-prefix-map-option.patch \ | 10 | file://0002-Add-debug-prefix-map-option.patch \ |
11 | " | 11 | " |
12 | 12 | ||
13 | SRC_URI[sha256sum] = "35b6ad2ee048d41c4779f073f3efca7762a822b7d2d4ef4e8df24cf65747bb2e" | 13 | SRC_URI[sha256sum] = "bef3de159bcd61adf98bb7cc87ee9046e944644ad76b7633f18ab063edb29e57" |
14 | 14 | ||
15 | EXTRA_AUTORECONF:append = " -I autoconf/m4" | 15 | EXTRA_AUTORECONF:append = " -I autoconf/m4" |
16 | 16 | ||
diff --git a/meta/recipes-devtools/orc/orc_0.4.38.bb b/meta/recipes-devtools/orc/orc_0.4.39.bb index 5d2296694a..320abf536a 100644 --- a/meta/recipes-devtools/orc/orc_0.4.38.bb +++ b/meta/recipes-devtools/orc/orc_0.4.39.bb | |||
@@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause" | |||
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" | 5 | LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e" |
6 | 6 | ||
7 | SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" | 7 | SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz" |
8 | SRC_URI[sha256sum] = "a55a98d4772567aa3faed8fb84d540c3db77eaba16d3e2e10b044fbc9228668d" | 8 | SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0" |
9 | 9 | ||
10 | inherit meson pkgconfig gtk-doc | 10 | inherit meson pkgconfig gtk-doc |
11 | 11 | ||
diff --git a/meta/recipes-devtools/perl/files/determinism.patch b/meta/recipes-devtools/perl/files/determinism.patch index aa85ccef10..f2b1111552 100644 --- a/meta/recipes-devtools/perl/files/determinism.patch +++ b/meta/recipes-devtools/perl/files/determinism.patch | |||
@@ -8,9 +8,9 @@ b) Sort the order of the module lists from configure_mods.sh since otherwise | |||
8 | the result isn't the same leading to makefile differences. | 8 | the result isn't the same leading to makefile differences. |
9 | Reported upstream: https://github.com/arsv/perl-cross/issues/88 | 9 | Reported upstream: https://github.com/arsv/perl-cross/issues/88 |
10 | 10 | ||
11 | c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst | 11 | c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst |
12 | there for good measure) | 12 | there for good measure) |
13 | This needs to go to upstream perl (not done) | 13 | Submitted to upstream perl: https://github.com/dankogai/p5-encode/pull/179 |
14 | 14 | ||
15 | d) Use bash for perl-cross configure since otherwise trnl gets set to "\n" with bash | 15 | d) Use bash for perl-cross configure since otherwise trnl gets set to "\n" with bash |
16 | and "" with dash | 16 | and "" with dash |
@@ -18,7 +18,7 @@ d) Use bash for perl-cross configure since otherwise trnl gets set to "\n" with | |||
18 | 18 | ||
19 | RP 2020/2/7 | 19 | RP 2020/2/7 |
20 | 20 | ||
21 | Upstream-Status: Pending [75% submitted] | 21 | Upstream-Status: Submitted [see links above] |
22 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org | 22 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org |
23 | 23 | ||
24 | Index: perl-5.30.1/cpan/Encode/Byte/Makefile.PL | 24 | Index: perl-5.30.1/cpan/Encode/Byte/Makefile.PL |
diff --git a/meta/recipes-devtools/pseudo/files/glibc238.patch b/meta/recipes-devtools/pseudo/files/glibc238.patch index da4b8caee3..dfb5c283f6 100644 --- a/meta/recipes-devtools/pseudo/files/glibc238.patch +++ b/meta/recipes-devtools/pseudo/files/glibc238.patch | |||
@@ -9,7 +9,7 @@ Index: git/pseudo_wrappers.c | |||
9 | =================================================================== | 9 | =================================================================== |
10 | --- git.orig/pseudo_wrappers.c | 10 | --- git.orig/pseudo_wrappers.c |
11 | +++ git/pseudo_wrappers.c | 11 | +++ git/pseudo_wrappers.c |
12 | @@ -6,6 +6,15 @@ | 12 | @@ -6,6 +6,18 @@ |
13 | * SPDX-License-Identifier: LGPL-2.1-only | 13 | * SPDX-License-Identifier: LGPL-2.1-only |
14 | * | 14 | * |
15 | */ | 15 | */ |
@@ -21,6 +21,9 @@ Index: git/pseudo_wrappers.c | |||
21 | +#undef __GLIBC_USE_ISOC2X | 21 | +#undef __GLIBC_USE_ISOC2X |
22 | +#undef __GLIBC_USE_C2X_STRTOL | 22 | +#undef __GLIBC_USE_C2X_STRTOL |
23 | +#define __GLIBC_USE_C2X_STRTOL 0 | 23 | +#define __GLIBC_USE_C2X_STRTOL 0 |
24 | +#undef __GLIBC_USE_ISOC23 | ||
25 | +#undef __GLIBC_USE_C23_STRTOL | ||
26 | +#define __GLIBC_USE_C23_STRTOL 0 | ||
24 | + | 27 | + |
25 | #include <assert.h> | 28 | #include <assert.h> |
26 | #include <stdlib.h> | 29 | #include <stdlib.h> |
@@ -29,7 +32,7 @@ Index: git/pseudo_util.c | |||
29 | =================================================================== | 32 | =================================================================== |
30 | --- git.orig/pseudo_util.c | 33 | --- git.orig/pseudo_util.c |
31 | +++ git/pseudo_util.c | 34 | +++ git/pseudo_util.c |
32 | @@ -8,6 +8,14 @@ | 35 | @@ -8,6 +8,17 @@ |
33 | */ | 36 | */ |
34 | /* we need access to RTLD_NEXT for a horrible workaround */ | 37 | /* we need access to RTLD_NEXT for a horrible workaround */ |
35 | #define _GNU_SOURCE | 38 | #define _GNU_SOURCE |
@@ -41,6 +44,9 @@ Index: git/pseudo_util.c | |||
41 | +#undef __GLIBC_USE_ISOC2X | 44 | +#undef __GLIBC_USE_ISOC2X |
42 | +#undef __GLIBC_USE_C2X_STRTOL | 45 | +#undef __GLIBC_USE_C2X_STRTOL |
43 | +#define __GLIBC_USE_C2X_STRTOL 0 | 46 | +#define __GLIBC_USE_C2X_STRTOL 0 |
47 | +#undef __GLIBC_USE_ISOC23 | ||
48 | +#undef __GLIBC_USE_C23_STRTOL | ||
49 | +#define __GLIBC_USE_C23_STRTOL 0 | ||
44 | 50 | ||
45 | #include <ctype.h> | 51 | #include <ctype.h> |
46 | #include <errno.h> | 52 | #include <errno.h> |
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index c70b509233..7d8f71f65d 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb | |||
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \ | |||
14 | file://older-glibc-symbols.patch" | 14 | file://older-glibc-symbols.patch" |
15 | SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" | 15 | SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" |
16 | 16 | ||
17 | SRCREV = "0d292df61aeb886ae8ca33d9edc3b6d0ff5c0f0f" | 17 | SRCREV = "374089f2ed83da4d0d4e58df067142ff99c7eb12" |
18 | S = "${WORKDIR}/git" | 18 | S = "${WORKDIR}/git" |
19 | PV = "1.9.0+git" | 19 | PV = "1.9.0+git" |
20 | 20 | ||
diff --git a/meta/recipes-devtools/python/python3-attrs_23.2.0.bb b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb index a638097988..e39b64306c 100644 --- a/meta/recipes-devtools/python/python3-attrs_23.2.0.bb +++ b/meta/recipes-devtools/python/python3-attrs_23.2.0.bb | |||
@@ -20,7 +20,6 @@ DEPENDS += " \ | |||
20 | 20 | ||
21 | RDEPENDS:${PN}+= " \ | 21 | RDEPENDS:${PN}+= " \ |
22 | python3-compression \ | 22 | python3-compression \ |
23 | python3-ctypes \ | ||
24 | python3-crypt \ | 23 | python3-crypt \ |
25 | " | 24 | " |
26 | 25 | ||
diff --git a/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb b/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb index 93fa645f33..57b08b3700 100644 --- a/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb +++ b/meta/recipes-devtools/python/python3-bcrypt_4.1.2.bb | |||
@@ -33,5 +33,4 @@ RDEPENDS:${PN}:class-target += "\ | |||
33 | python3-cffi \ | 33 | python3-cffi \ |
34 | python3-ctypes \ | 34 | python3-ctypes \ |
35 | python3-shell \ | 35 | python3-shell \ |
36 | python3-six \ | ||
37 | " | 36 | " |
diff --git a/meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch b/meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch new file mode 100644 index 0000000000..a2ecc15d2c --- /dev/null +++ b/meta/recipes-devtools/python/python3-certifi/CVE-2024-39689.patch | |||
@@ -0,0 +1,69 @@ | |||
1 | From bd8153872e9c6fc98f4023df9c2deaffea2fa463 Mon Sep 17 00:00:00 2001 | ||
2 | From: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | ||
3 | Date: Wed, 3 Jul 2024 21:34:29 -0400 | ||
4 | Subject: [PATCH] 2024.07.04 (#295) | ||
5 | |||
6 | Co-authored-by: alex <772+alex@users.noreply.github.com> | ||
7 | |||
8 | CVE: CVE-2024-39689 | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463] | ||
11 | |||
12 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
13 | --- | ||
14 | certifi/cacert.pem | 40 ---------------------------------------- | ||
15 | 1 file changed, 40 deletions(-) | ||
16 | |||
17 | diff --git a/certifi/cacert.pem b/certifi/cacert.pem | ||
18 | index 1bec256..6bb8cf8 100644 | ||
19 | --- a/certifi/cacert.pem | ||
20 | +++ b/certifi/cacert.pem | ||
21 | @@ -3857,46 +3857,6 @@ DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ | ||
22 | +RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= | ||
23 | -----END CERTIFICATE----- | ||
24 | |||
25 | -# Issuer: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH | ||
26 | -# Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH | ||
27 | -# Label: "GLOBALTRUST 2020" | ||
28 | -# Serial: 109160994242082918454945253 | ||
29 | -# MD5 Fingerprint: 8a:c7:6f:cb:6d:e3:cc:a2:f1:7c:83:fa:0e:78:d7:e8 | ||
30 | -# SHA1 Fingerprint: d0:67:c1:13:51:01:0c:aa:d0:c7:6a:65:37:31:16:26:4f:53:71:a2 | ||
31 | -# SHA256 Fingerprint: 9a:29:6a:51:82:d1:d4:51:a2:e3:7f:43:9b:74:da:af:a2:67:52:33:29:f9:0f:9a:0d:20:07:c3:34:e2:3c:9a | ||
32 | ------BEGIN CERTIFICATE----- | ||
33 | -MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG | ||
34 | -A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw | ||
35 | -FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx | ||
36 | -MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u | ||
37 | -aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq | ||
38 | -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b | ||
39 | -RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z | ||
40 | -YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 | ||
41 | -QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw | ||
42 | -yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ | ||
43 | -BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ | ||
44 | -SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH | ||
45 | -r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 | ||
46 | -4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me | ||
47 | -dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw | ||
48 | -q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 | ||
49 | -nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC | ||
50 | -AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu | ||
51 | -H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA | ||
52 | -VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC | ||
53 | -XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd | ||
54 | -6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf | ||
55 | -+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi | ||
56 | -kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 | ||
57 | -wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB | ||
58 | -TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C | ||
59 | -MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn | ||
60 | -4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I | ||
61 | -aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy | ||
62 | -qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== | ||
63 | ------END CERTIFICATE----- | ||
64 | - | ||
65 | # Issuer: CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz | ||
66 | # Subject: CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz | ||
67 | # Label: "ANF Secure Server Root CA" | ||
68 | -- | ||
69 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/python/python3-certifi_2024.2.2.bb b/meta/recipes-devtools/python/python3-certifi_2024.2.2.bb index 4e61b8d9d4..116add2079 100644 --- a/meta/recipes-devtools/python/python3-certifi_2024.2.2.bb +++ b/meta/recipes-devtools/python/python3-certifi_2024.2.2.bb | |||
@@ -7,6 +7,9 @@ HOMEPAGE = " http://certifi.io/" | |||
7 | LICENSE = "ISC" | 7 | LICENSE = "ISC" |
8 | LIC_FILES_CHKSUM = "file://LICENSE;md5=11618cb6a975948679286b1211bd573c" | 8 | LIC_FILES_CHKSUM = "file://LICENSE;md5=11618cb6a975948679286b1211bd573c" |
9 | 9 | ||
10 | SRC_URI += "file://CVE-2024-39689.patch \ | ||
11 | " | ||
12 | |||
10 | SRC_URI[sha256sum] = "0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f" | 13 | SRC_URI[sha256sum] = "0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f" |
11 | 14 | ||
12 | inherit pypi setuptools3 | 15 | inherit pypi setuptools3 |
diff --git a/meta/recipes-devtools/python/python3-idna_3.6.bb b/meta/recipes-devtools/python/python3-idna_3.7.bb index 47c080cdf8..729aff1c46 100644 --- a/meta/recipes-devtools/python/python3-idna_3.6.bb +++ b/meta/recipes-devtools/python/python3-idna_3.7.bb | |||
@@ -1,9 +1,9 @@ | |||
1 | SUMMARY = "Internationalised Domain Names in Applications" | 1 | SUMMARY = "Internationalised Domain Names in Applications" |
2 | HOMEPAGE = "https://github.com/kjd/idna" | 2 | HOMEPAGE = "https://github.com/kjd/idna" |
3 | LICENSE = "BSD-3-Clause & Python-2.0 & Unicode-TOU" | 3 | LICENSE = "BSD-3-Clause & Python-2.0 & Unicode-TOU" |
4 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=dbec47b98e1469f6a104c82ff9698cee" | 4 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=204c0612e40a4dd46012a78d02c80fb1" |
5 | 5 | ||
6 | SRC_URI[sha256sum] = "9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca" | 6 | SRC_URI[sha256sum] = "028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc" |
7 | 7 | ||
8 | inherit pypi python_flit_core | 8 | inherit pypi python_flit_core |
9 | 9 | ||
diff --git a/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb b/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb index 636fb35811..2c02037011 100644 --- a/meta/recipes-devtools/python/python3-jinja2_3.1.3.bb +++ b/meta/recipes-devtools/python/python3-jinja2_3.1.4.bb | |||
@@ -2,17 +2,17 @@ SUMMARY = "Python Jinja2: A small but fast and easy to use stand-alone template | |||
2 | HOMEPAGE = "https://pypi.org/project/Jinja2/" | 2 | HOMEPAGE = "https://pypi.org/project/Jinja2/" |
3 | 3 | ||
4 | LICENSE = "BSD-3-Clause" | 4 | LICENSE = "BSD-3-Clause" |
5 | LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" | 5 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" |
6 | 6 | ||
7 | SRC_URI[sha256sum] = "ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90" | 7 | SRC_URI[sha256sum] = "4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369" |
8 | 8 | ||
9 | PYPI_PACKAGE = "Jinja2" | 9 | PYPI_PACKAGE = "jinja2" |
10 | 10 | ||
11 | CVE_PRODUCT = "jinja2 jinja" | 11 | CVE_PRODUCT = "jinja2 jinja" |
12 | 12 | ||
13 | CLEANBROKEN = "1" | 13 | CLEANBROKEN = "1" |
14 | 14 | ||
15 | inherit pypi setuptools3 ptest | 15 | inherit pypi python_flit_core ptest |
16 | 16 | ||
17 | SRC_URI += " \ | 17 | SRC_URI += " \ |
18 | file://run-ptest \ | 18 | file://run-ptest \ |
diff --git a/meta/recipes-devtools/python/python3-maturin/0001-Extract-extension-architecture-name-resolvation-code.patch b/meta/recipes-devtools/python/python3-maturin/0001-Extract-extension-architecture-name-resolvation-code.patch new file mode 100644 index 0000000000..f75d5a1ba8 --- /dev/null +++ b/meta/recipes-devtools/python/python3-maturin/0001-Extract-extension-architecture-name-resolvation-code.patch | |||
@@ -0,0 +1,107 @@ | |||
1 | From 42a97ee7100ad158d4b1ba6133ea13cc864a567f Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= | ||
3 | <vesa.jaaskelainen@vaisala.com> | ||
4 | Date: Sun, 1 Sep 2024 09:23:10 +0300 | ||
5 | Subject: [PATCH 1/5] Extract extension architecture name resolvation code as | ||
6 | helper | ||
7 | MIME-Version: 1.0 | ||
8 | Content-Type: text/plain; charset=UTF-8 | ||
9 | Content-Transfer-Encoding: 8bit | ||
10 | |||
11 | This commit introduces helper InterpreterConfig.get_python_ext_arch() that | ||
12 | can be used to determine the extension architecture name python uses in | ||
13 | `ext_suffix` for this architecture. | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/PyO3/maturin/commit/42a97ee7100ad158d4b1ba6133ea13cc864a567f] | ||
16 | |||
17 | Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> | ||
18 | --- | ||
19 | src/python_interpreter/config.rs | 18 ++++++------------ | ||
20 | src/target.rs | 16 ++++++++++++++++ | ||
21 | 2 files changed, 22 insertions(+), 12 deletions(-) | ||
22 | |||
23 | diff --git a/src/python_interpreter/config.rs b/src/python_interpreter/config.rs | ||
24 | index 912f9218..d76606f2 100644 | ||
25 | --- a/src/python_interpreter/config.rs | ||
26 | +++ b/src/python_interpreter/config.rs | ||
27 | @@ -47,15 +47,7 @@ impl InterpreterConfig { | ||
28 | // Python 2 is not supported | ||
29 | return None; | ||
30 | } | ||
31 | - let python_arch = if matches!(target.target_arch(), Arch::Armv6L | Arch::Armv7L) { | ||
32 | - "arm" | ||
33 | - } else if matches!(target.target_arch(), Arch::Powerpc64Le) && python_impl == PyPy { | ||
34 | - "ppc_64" | ||
35 | - } else if matches!(target.target_arch(), Arch::X86) && python_impl == PyPy { | ||
36 | - "x86" | ||
37 | - } else { | ||
38 | - target.get_python_arch() | ||
39 | - }; | ||
40 | + let python_ext_arch = target.get_python_ext_arch(python_impl); | ||
41 | // See https://github.com/pypa/auditwheel/issues/349 | ||
42 | let target_env = match python_impl { | ||
43 | CPython => { | ||
44 | @@ -77,7 +69,7 @@ impl InterpreterConfig { | ||
45 | let ldversion = format!("{}{}{}", major, minor, abiflags); | ||
46 | let ext_suffix = format!( | ||
47 | ".cpython-{}-{}-linux-{}.so", | ||
48 | - ldversion, python_arch, target_env | ||
49 | + ldversion, python_ext_arch, target_env | ||
50 | ); | ||
51 | Some(Self { | ||
52 | major, | ||
53 | @@ -90,7 +82,8 @@ impl InterpreterConfig { | ||
54 | } | ||
55 | (Os::Linux, PyPy) => { | ||
56 | let abi_tag = format!("pypy{}{}-{}", major, minor, PYPY_ABI_TAG); | ||
57 | - let ext_suffix = format!(".{}-{}-linux-{}.so", abi_tag, python_arch, target_env); | ||
58 | + let ext_suffix = | ||
59 | + format!(".{}-{}-linux-{}.so", abi_tag, python_ext_arch, target_env); | ||
60 | Some(Self { | ||
61 | major, | ||
62 | minor, | ||
63 | @@ -204,7 +197,8 @@ impl InterpreterConfig { | ||
64 | } | ||
65 | (Os::Emscripten, CPython) => { | ||
66 | let ldversion = format!("{}{}", major, minor); | ||
67 | - let ext_suffix = format!(".cpython-{}-{}-emscripten.so", ldversion, python_arch); | ||
68 | + let ext_suffix = | ||
69 | + format!(".cpython-{}-{}-emscripten.so", ldversion, python_ext_arch); | ||
70 | Some(Self { | ||
71 | major, | ||
72 | minor, | ||
73 | diff --git a/src/target.rs b/src/target.rs | ||
74 | index dc7df0cf..84bae559 100644 | ||
75 | --- a/src/target.rs | ||
76 | +++ b/src/target.rs | ||
77 | @@ -1,4 +1,5 @@ | ||
78 | use crate::cross_compile::is_cross_compiling; | ||
79 | +use crate::python_interpreter::InterpreterKind; | ||
80 | use crate::PlatformTag; | ||
81 | use anyhow::{anyhow, bail, format_err, Result}; | ||
82 | use platform_info::*; | ||
83 | @@ -368,6 +369,21 @@ impl Target { | ||
84 | } | ||
85 | } | ||
86 | |||
87 | + /// Returns the extension architecture name python uses in `ext_suffix` for this architecture. | ||
88 | + pub fn get_python_ext_arch(&self, python_impl: InterpreterKind) -> &str { | ||
89 | + if matches!(self.target_arch(), Arch::Armv6L | Arch::Armv7L) { | ||
90 | + "arm" | ||
91 | + } else if matches!(self.target_arch(), Arch::Powerpc64Le) | ||
92 | + && python_impl == InterpreterKind::PyPy | ||
93 | + { | ||
94 | + "ppc_64" | ||
95 | + } else if matches!(self.target_arch(), Arch::X86) && python_impl == InterpreterKind::PyPy { | ||
96 | + "x86" | ||
97 | + } else { | ||
98 | + self.get_python_arch() | ||
99 | + } | ||
100 | + } | ||
101 | + | ||
102 | /// Returns the name python uses in `sys.platform` for this os | ||
103 | pub fn get_python_os(&self) -> &str { | ||
104 | match self.os { | ||
105 | -- | ||
106 | 2.34.1 | ||
107 | |||
diff --git a/meta/recipes-devtools/python/python3-maturin/0002-Fix-cross-compilation-issue-with-linux-armv7l-archit.patch b/meta/recipes-devtools/python/python3-maturin/0002-Fix-cross-compilation-issue-with-linux-armv7l-archit.patch new file mode 100644 index 0000000000..4366dde111 --- /dev/null +++ b/meta/recipes-devtools/python/python3-maturin/0002-Fix-cross-compilation-issue-with-linux-armv7l-archit.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | From 0c6b8cc84eff72ed21098029aaba079b899dbee2 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= | ||
3 | <vesa.jaaskelainen@vaisala.com> | ||
4 | Date: Sun, 1 Sep 2024 09:23:40 +0300 | ||
5 | Subject: [PATCH 2/5] Fix cross compilation issue with linux-armv7l | ||
6 | architecture | ||
7 | MIME-Version: 1.0 | ||
8 | Content-Type: text/plain; charset=UTF-8 | ||
9 | Content-Transfer-Encoding: 8bit | ||
10 | |||
11 | When compiling under Yocto project for linux-armv7l target architecture | ||
12 | .so files were generated incorrectly as: | ||
13 | |||
14 | rpds.cpython-312-armv7l-linux-gnueabihf.so | ||
15 | |||
16 | Where as platform and EXT_SUFFIX are defined as: | ||
17 | |||
18 | >>> sysconfig.get_platform() | ||
19 | 'linux-armv7l' | ||
20 | >>> sysconfig.get_config_vars()['EXT_SUFFIX'] | ||
21 | '.cpython-312-arm-linux-gnueabihf.so' | ||
22 | |||
23 | Which should have caused the .so files as: | ||
24 | |||
25 | rpds.cpython-312-arm-linux-gnueabihf.so | ||
26 | |||
27 | Upstream-Status: Backport [https://github.com/PyO3/maturin/commit/0c6b8cc84eff72ed21098029aaba079b899dbee2] | ||
28 | |||
29 | Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> | ||
30 | --- | ||
31 | src/python_interpreter/config.rs | 8 ++++---- | ||
32 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
33 | |||
34 | diff --git a/src/python_interpreter/config.rs b/src/python_interpreter/config.rs | ||
35 | index d76606f2..5736aedc 100644 | ||
36 | --- a/src/python_interpreter/config.rs | ||
37 | +++ b/src/python_interpreter/config.rs | ||
38 | @@ -306,7 +306,7 @@ impl InterpreterConfig { | ||
39 | format!( | ||
40 | ".cpython-{}-{}-{}-{}.{}", | ||
41 | abi_tag, | ||
42 | - target.get_python_arch(), | ||
43 | + target.get_python_ext_arch(interpreter_kind), | ||
44 | target.get_python_os(), | ||
45 | target_env, | ||
46 | file_ext, | ||
47 | @@ -319,7 +319,7 @@ impl InterpreterConfig { | ||
48 | major, | ||
49 | minor, | ||
50 | abi_tag, | ||
51 | - target.get_python_arch(), | ||
52 | + target.get_python_ext_arch(interpreter_kind), | ||
53 | target.get_python_os(), | ||
54 | target_env, | ||
55 | file_ext, | ||
56 | @@ -330,7 +330,7 @@ impl InterpreterConfig { | ||
57 | format!( | ||
58 | ".{}-{}-{}.{}", | ||
59 | abi_tag.replace('_', "-"), | ||
60 | - target.get_python_arch(), | ||
61 | + target.get_python_ext_arch(interpreter_kind), | ||
62 | target.get_python_os(), | ||
63 | file_ext, | ||
64 | ) | ||
65 | @@ -341,7 +341,7 @@ impl InterpreterConfig { | ||
66 | format!( | ||
67 | ".cpython-{}-{}-{}.{}", | ||
68 | abi_tag, | ||
69 | - target.get_python_arch(), | ||
70 | + target.get_python_ext_arch(interpreter_kind), | ||
71 | target.get_python_os(), | ||
72 | file_ext | ||
73 | ) | ||
74 | -- | ||
75 | 2.34.1 | ||
76 | |||
diff --git a/meta/recipes-devtools/python/python3-maturin/0003-Extract-extension-ABI-name-resolvation-code-as-helpe.patch b/meta/recipes-devtools/python/python3-maturin/0003-Extract-extension-ABI-name-resolvation-code-as-helpe.patch new file mode 100644 index 0000000000..b4a7f69492 --- /dev/null +++ b/meta/recipes-devtools/python/python3-maturin/0003-Extract-extension-ABI-name-resolvation-code-as-helpe.patch | |||
@@ -0,0 +1,98 @@ | |||
1 | From fa64426f3a98a0455721c23ec86bd2240708b45e Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= | ||
3 | <vesa.jaaskelainen@vaisala.com> | ||
4 | Date: Sun, 1 Sep 2024 15:55:07 +0300 | ||
5 | Subject: [PATCH 3/5] Extract extension ABI name resolvation code as helper | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | This commit introduces helper InterpreterConfig.get_python_target_env() | ||
11 | that can be used to determine the extension ABI python uses in | ||
12 | `ext_suffix` for this architecture. | ||
13 | |||
14 | Upstream-Status: Backport [https://github.com/PyO3/maturin/commit/fa64426f3a98a0455721c23ec86bd2240708b45e] | ||
15 | |||
16 | Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> | ||
17 | --- | ||
18 | src/python_interpreter/config.rs | 19 ++----------------- | ||
19 | src/target.rs | 20 ++++++++++++++++++++ | ||
20 | 2 files changed, 22 insertions(+), 17 deletions(-) | ||
21 | |||
22 | diff --git a/src/python_interpreter/config.rs b/src/python_interpreter/config.rs | ||
23 | index 5736aedc..938e9955 100644 | ||
24 | --- a/src/python_interpreter/config.rs | ||
25 | +++ b/src/python_interpreter/config.rs | ||
26 | @@ -48,17 +48,7 @@ impl InterpreterConfig { | ||
27 | return None; | ||
28 | } | ||
29 | let python_ext_arch = target.get_python_ext_arch(python_impl); | ||
30 | - // See https://github.com/pypa/auditwheel/issues/349 | ||
31 | - let target_env = match python_impl { | ||
32 | - CPython => { | ||
33 | - if python_version >= (3, 11) { | ||
34 | - target.target_env().to_string() | ||
35 | - } else { | ||
36 | - target.target_env().to_string().replace("musl", "gnu") | ||
37 | - } | ||
38 | - } | ||
39 | - PyPy | GraalPy => "gnu".to_string(), | ||
40 | - }; | ||
41 | + let target_env = target.get_python_target_env(python_impl, python_version); | ||
42 | match (target.target_os(), python_impl) { | ||
43 | (Os::Linux, CPython) => { | ||
44 | let abiflags = if python_version < (3, 8) { | ||
45 | @@ -294,12 +284,7 @@ impl InterpreterConfig { | ||
46 | }; | ||
47 | let file_ext = if target.is_windows() { "pyd" } else { "so" }; | ||
48 | let ext_suffix = if target.is_linux() || target.is_macos() { | ||
49 | - // See https://github.com/pypa/auditwheel/issues/349 | ||
50 | - let target_env = if (major, minor) >= (3, 11) { | ||
51 | - target.target_env().to_string() | ||
52 | - } else { | ||
53 | - target.target_env().to_string().replace("musl", "gnu") | ||
54 | - }; | ||
55 | + let target_env = target.get_python_target_env(interpreter_kind, (major, minor)); | ||
56 | match interpreter_kind { | ||
57 | InterpreterKind::CPython => ext_suffix.unwrap_or_else(|| { | ||
58 | // Eg: .cpython-38-x86_64-linux-gnu.so | ||
59 | diff --git a/src/target.rs b/src/target.rs | ||
60 | index 84bae559..ad8ebaba 100644 | ||
61 | --- a/src/target.rs | ||
62 | +++ b/src/target.rs | ||
63 | @@ -1,5 +1,6 @@ | ||
64 | use crate::cross_compile::is_cross_compiling; | ||
65 | use crate::python_interpreter::InterpreterKind; | ||
66 | +use crate::python_interpreter::InterpreterKind::{CPython, GraalPy, PyPy}; | ||
67 | use crate::PlatformTag; | ||
68 | use anyhow::{anyhow, bail, format_err, Result}; | ||
69 | use platform_info::*; | ||
70 | @@ -384,6 +385,25 @@ impl Target { | ||
71 | } | ||
72 | } | ||
73 | |||
74 | + /// Returns the environment python uses in `ext_suffix` for this architecture. | ||
75 | + pub fn get_python_target_env( | ||
76 | + &self, | ||
77 | + python_impl: InterpreterKind, | ||
78 | + python_version: (usize, usize), | ||
79 | + ) -> String { | ||
80 | + match python_impl { | ||
81 | + CPython => { | ||
82 | + // For musl handling see https://github.com/pypa/auditwheel/issues/349 | ||
83 | + if python_version >= (3, 11) { | ||
84 | + self.target_env().to_string() | ||
85 | + } else { | ||
86 | + self.target_env().to_string().replace("musl", "gnu") | ||
87 | + } | ||
88 | + } | ||
89 | + PyPy | GraalPy => "gnu".to_string(), | ||
90 | + } | ||
91 | + } | ||
92 | + | ||
93 | /// Returns the name python uses in `sys.platform` for this os | ||
94 | pub fn get_python_os(&self) -> &str { | ||
95 | match self.os { | ||
96 | -- | ||
97 | 2.34.1 | ||
98 | |||
diff --git a/meta/recipes-devtools/python/python3-maturin/0004-Fix-cross-compilation-issue-with-linux-ppc-architect.patch b/meta/recipes-devtools/python/python3-maturin/0004-Fix-cross-compilation-issue-with-linux-ppc-architect.patch new file mode 100644 index 0000000000..bda5dca8f6 --- /dev/null +++ b/meta/recipes-devtools/python/python3-maturin/0004-Fix-cross-compilation-issue-with-linux-ppc-architect.patch | |||
@@ -0,0 +1,68 @@ | |||
1 | From f2c892109a05db144e8b18bcbcf9c24fe8d977c4 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= | ||
3 | <vesa.jaaskelainen@vaisala.com> | ||
4 | Date: Sun, 1 Sep 2024 15:55:16 +0300 | ||
5 | Subject: [PATCH 4/5] Fix cross compilation issue with linux-ppc architecture | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | When compiling under Yocto project for linux-ppc target architecture | ||
11 | .so files were generated incorrectly as: | ||
12 | |||
13 | rpds.cpython-312-ppc-linux-gnu.so | ||
14 | |||
15 | Where as platform and EXT_SUFFIX are defined as: | ||
16 | |||
17 | >>> sysconfig.get_platform() | ||
18 | 'linux-ppc' | ||
19 | >>> sysconfig.get_config_vars()['EXT_SUFFIX'] | ||
20 | '.cpython-312-powerpc-linux-gnu.so' | ||
21 | |||
22 | Which should have caused the .so files as: | ||
23 | |||
24 | rpds.cpython-312-powerpc-linux-gnu.so | ||
25 | |||
26 | Upstream-Status: Backport [https://github.com/PyO3/maturin/commit/f2c892109a05db144e8b18bcbcf9c24fe8d977c4] | ||
27 | |||
28 | Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> | ||
29 | --- | ||
30 | src/python_interpreter/config.rs | 8 ++++++++ | ||
31 | src/target.rs | 2 ++ | ||
32 | 2 files changed, 10 insertions(+) | ||
33 | |||
34 | diff --git a/src/python_interpreter/config.rs b/src/python_interpreter/config.rs | ||
35 | index 938e9955..8f883887 100644 | ||
36 | --- a/src/python_interpreter/config.rs | ||
37 | +++ b/src/python_interpreter/config.rs | ||
38 | @@ -424,6 +424,14 @@ mod test { | ||
39 | ".cpython-310-powerpc64le-linux-gnu.so" | ||
40 | ); | ||
41 | |||
42 | + let sysconfig = InterpreterConfig::lookup_one( | ||
43 | + &Target::from_target_triple(Some("powerpc-unknown-linux-gnu".to_string())).unwrap(), | ||
44 | + InterpreterKind::CPython, | ||
45 | + (3, 10), | ||
46 | + ) | ||
47 | + .unwrap(); | ||
48 | + assert_eq!(sysconfig.ext_suffix, ".cpython-310-powerpc-linux-gnu.so"); | ||
49 | + | ||
50 | let sysconfig = InterpreterConfig::lookup_one( | ||
51 | &Target::from_target_triple(Some("s390x-unknown-linux-gnu".to_string())).unwrap(), | ||
52 | InterpreterKind::CPython, | ||
53 | diff --git a/src/target.rs b/src/target.rs | ||
54 | index ad8ebaba..93afd9bb 100644 | ||
55 | --- a/src/target.rs | ||
56 | +++ b/src/target.rs | ||
57 | @@ -380,6 +380,8 @@ impl Target { | ||
58 | "ppc_64" | ||
59 | } else if matches!(self.target_arch(), Arch::X86) && python_impl == InterpreterKind::PyPy { | ||
60 | "x86" | ||
61 | + } else if matches!(self.target_arch(), Arch::Powerpc) { | ||
62 | + "powerpc" | ||
63 | } else { | ||
64 | self.get_python_arch() | ||
65 | } | ||
66 | -- | ||
67 | 2.34.1 | ||
68 | |||
diff --git a/meta/recipes-devtools/python/python3-maturin/0005-Fix-cross-compilation-issue-with-linux-mips64-archit.patch b/meta/recipes-devtools/python/python3-maturin/0005-Fix-cross-compilation-issue-with-linux-mips64-archit.patch new file mode 100644 index 0000000000..b24196d5dd --- /dev/null +++ b/meta/recipes-devtools/python/python3-maturin/0005-Fix-cross-compilation-issue-with-linux-mips64-archit.patch | |||
@@ -0,0 +1,82 @@ | |||
1 | From 5fe643579bcc63d824f6a0f0936fff451c622903 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= | ||
3 | <vesa.jaaskelainen@vaisala.com> | ||
4 | Date: Sun, 1 Sep 2024 15:55:54 +0300 | ||
5 | Subject: [PATCH 5/5] Fix cross compilation issue with linux-mips64 | ||
6 | architecture | ||
7 | MIME-Version: 1.0 | ||
8 | Content-Type: text/plain; charset=UTF-8 | ||
9 | Content-Transfer-Encoding: 8bit | ||
10 | |||
11 | When compiling under Yocto project for linux-mips64 target architecture | ||
12 | .so files were generated incorrectly as: | ||
13 | |||
14 | rpds.cpython-312-mips64-linux-gnu.so | ||
15 | |||
16 | Where as platform and EXT_SUFFIX are defined as: | ||
17 | |||
18 | >>> sysconfig.get_platform() | ||
19 | 'linux-mips64' | ||
20 | >>> sysconfig.get_config_vars()['EXT_SUFFIX'] | ||
21 | '.cpython-312-mips64-linux-gnuabi64.so' | ||
22 | |||
23 | Which should have caused the .so files as: | ||
24 | |||
25 | rpds.cpython-312-mips64-linux-gnuabi64.so | ||
26 | |||
27 | Upstream-Status: Backport [https://github.com/PyO3/maturin/commit/5fe643579bcc63d824f6a0f0936fff451c622903] | ||
28 | |||
29 | Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> | ||
30 | --- | ||
31 | src/python_interpreter/config.rs | 19 +++++++++++++++++++ | ||
32 | src/target.rs | 4 +++- | ||
33 | 2 files changed, 22 insertions(+), 1 deletion(-) | ||
34 | |||
35 | diff --git a/src/python_interpreter/config.rs b/src/python_interpreter/config.rs | ||
36 | index 8f883887..ef656010 100644 | ||
37 | --- a/src/python_interpreter/config.rs | ||
38 | +++ b/src/python_interpreter/config.rs | ||
39 | @@ -432,6 +432,25 @@ mod test { | ||
40 | .unwrap(); | ||
41 | assert_eq!(sysconfig.ext_suffix, ".cpython-310-powerpc-linux-gnu.so"); | ||
42 | |||
43 | + let sysconfig = InterpreterConfig::lookup_one( | ||
44 | + &Target::from_target_triple(Some("mips64-unknown-linux-gnu".to_string())).unwrap(), | ||
45 | + InterpreterKind::CPython, | ||
46 | + (3, 10), | ||
47 | + ) | ||
48 | + .unwrap(); | ||
49 | + assert_eq!( | ||
50 | + sysconfig.ext_suffix, | ||
51 | + ".cpython-310-mips64-linux-gnuabi64.so" | ||
52 | + ); | ||
53 | + | ||
54 | + let sysconfig = InterpreterConfig::lookup_one( | ||
55 | + &Target::from_target_triple(Some("mips-unknown-linux-gnu".to_string())).unwrap(), | ||
56 | + InterpreterKind::CPython, | ||
57 | + (3, 10), | ||
58 | + ) | ||
59 | + .unwrap(); | ||
60 | + assert_eq!(sysconfig.ext_suffix, ".cpython-310-mips-linux-gnu.so"); | ||
61 | + | ||
62 | let sysconfig = InterpreterConfig::lookup_one( | ||
63 | &Target::from_target_triple(Some("s390x-unknown-linux-gnu".to_string())).unwrap(), | ||
64 | InterpreterKind::CPython, | ||
65 | diff --git a/src/target.rs b/src/target.rs | ||
66 | index 93afd9bb..25fc6c07 100644 | ||
67 | --- a/src/target.rs | ||
68 | +++ b/src/target.rs | ||
69 | @@ -396,7 +396,9 @@ impl Target { | ||
70 | match python_impl { | ||
71 | CPython => { | ||
72 | // For musl handling see https://github.com/pypa/auditwheel/issues/349 | ||
73 | - if python_version >= (3, 11) { | ||
74 | + if matches!(self.target_arch(), Arch::Mips64 | Arch::Mips64el) && self.is_linux() { | ||
75 | + "gnuabi64".to_string() | ||
76 | + } else if python_version >= (3, 11) { | ||
77 | self.target_env().to_string() | ||
78 | } else { | ||
79 | self.target_env().to_string().replace("musl", "gnu") | ||
80 | -- | ||
81 | 2.34.1 | ||
82 | |||
diff --git a/meta/recipes-devtools/python/python3-maturin_1.4.0.bb b/meta/recipes-devtools/python/python3-maturin_1.4.0.bb index ed19ee647a..7322de0d08 100644 --- a/meta/recipes-devtools/python/python3-maturin_1.4.0.bb +++ b/meta/recipes-devtools/python/python3-maturin_1.4.0.bb | |||
@@ -7,6 +7,13 @@ LIC_FILES_CHKSUM = "file://license-apache;md5=1836efb2eb779966696f473ee8540542 \ | |||
7 | 7 | ||
8 | SRC_URI += "file://0001-Add-32-bit-RISC-V-support.patch" | 8 | SRC_URI += "file://0001-Add-32-bit-RISC-V-support.patch" |
9 | SRC_URI[sha256sum] = "ed12e1768094a7adeafc3a74ebdb8dc2201fa64c4e7e31f14cfc70378bf93790" | 9 | SRC_URI[sha256sum] = "ed12e1768094a7adeafc3a74ebdb8dc2201fa64c4e7e31f14cfc70378bf93790" |
10 | SRC_URI:append = "\ | ||
11 | file://0001-Extract-extension-architecture-name-resolvation-code.patch \ | ||
12 | file://0002-Fix-cross-compilation-issue-with-linux-armv7l-archit.patch \ | ||
13 | file://0003-Extract-extension-ABI-name-resolvation-code-as-helpe.patch \ | ||
14 | file://0004-Fix-cross-compilation-issue-with-linux-ppc-architect.patch \ | ||
15 | file://0005-Fix-cross-compilation-issue-with-linux-mips64-archit.patch \ | ||
16 | " | ||
10 | 17 | ||
11 | S = "${WORKDIR}/maturin-${PV}" | 18 | S = "${WORKDIR}/maturin-${PV}" |
12 | 19 | ||
diff --git a/meta/recipes-devtools/python/python3-pycryptodome_3.20.0.bb b/meta/recipes-devtools/python/python3-pycryptodome_3.20.0.bb index d24fa58d43..6c93c205ac 100644 --- a/meta/recipes-devtools/python/python3-pycryptodome_3.20.0.bb +++ b/meta/recipes-devtools/python/python3-pycryptodome_3.20.0.bb | |||
@@ -1,5 +1,5 @@ | |||
1 | require python-pycryptodome.inc | 1 | require python-pycryptodome.inc |
2 | inherit setuptools3 | 2 | inherit python_setuptools_build_meta |
3 | 3 | ||
4 | SRC_URI[sha256sum] = "09609209ed7de61c2b560cc5c8c4fbf892f8b15b1faf7e4cbffac97db1fffda7" | 4 | SRC_URI[sha256sum] = "09609209ed7de61c2b560cc5c8c4fbf892f8b15b1faf7e4cbffac97db1fffda7" |
5 | 5 | ||
diff --git a/meta/recipes-devtools/python/python3-pycryptodomex_3.20.0.bb b/meta/recipes-devtools/python/python3-pycryptodomex_3.20.0.bb index 2673ea8326..54578d2850 100644 --- a/meta/recipes-devtools/python/python3-pycryptodomex_3.20.0.bb +++ b/meta/recipes-devtools/python/python3-pycryptodomex_3.20.0.bb | |||
@@ -1,5 +1,5 @@ | |||
1 | require python-pycryptodome.inc | 1 | require python-pycryptodome.inc |
2 | inherit setuptools3 | 2 | inherit python_setuptools_build_meta |
3 | 3 | ||
4 | SRC_URI[sha256sum] = "7a710b79baddd65b806402e14766c721aee8fb83381769c27920f26476276c1e" | 4 | SRC_URI[sha256sum] = "7a710b79baddd65b806402e14766c721aee8fb83381769c27920f26476276c1e" |
5 | 5 | ||
diff --git a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb index 9ea3075482..116f214bfa 100644 --- a/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb +++ b/meta/recipes-devtools/python/python3-pyopenssl_24.0.0.bb | |||
@@ -15,7 +15,6 @@ FILES:${PN}-tests = "${libdir}/${PYTHON_DIR}/site-packages/OpenSSL/test" | |||
15 | 15 | ||
16 | RDEPENDS:${PN}:class-target = " \ | 16 | RDEPENDS:${PN}:class-target = " \ |
17 | python3-cryptography \ | 17 | python3-cryptography \ |
18 | python3-six \ | ||
19 | python3-threading \ | 18 | python3-threading \ |
20 | " | 19 | " |
21 | RDEPENDS:${PN}-tests = "${PN}" | 20 | RDEPENDS:${PN}-tests = "${PN}" |
diff --git a/meta/recipes-devtools/python/python3-requests_2.31.0.bb b/meta/recipes-devtools/python/python3-requests_2.31.0.bb index df48cd54c3..287b4f8eee 100644 --- a/meta/recipes-devtools/python/python3-requests_2.31.0.bb +++ b/meta/recipes-devtools/python/python3-requests_2.31.0.bb | |||
@@ -1,5 +1,5 @@ | |||
1 | SUMMARY = "Python HTTP for Humans." | 1 | SUMMARY = "Python HTTP for Humans." |
2 | HOMEPAGE = "http://python-requests.org" | 2 | HOMEPAGE = "https://requests.readthedocs.io" |
3 | LICENSE = "Apache-2.0" | 3 | LICENSE = "Apache-2.0" |
4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" | 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" |
5 | 5 | ||
@@ -8,12 +8,10 @@ SRC_URI[sha256sum] = "942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd | |||
8 | inherit pypi setuptools3 | 8 | inherit pypi setuptools3 |
9 | 9 | ||
10 | RDEPENDS:${PN} += " \ | 10 | RDEPENDS:${PN} += " \ |
11 | python3-certifi \ | ||
11 | python3-email \ | 12 | python3-email \ |
12 | python3-json \ | 13 | python3-json \ |
13 | python3-ndg-httpsclient \ | ||
14 | python3-netserver \ | 14 | python3-netserver \ |
15 | python3-pyasn1 \ | ||
16 | python3-pyopenssl \ | ||
17 | python3-pysocks \ | 15 | python3-pysocks \ |
18 | python3-urllib3 \ | 16 | python3-urllib3 \ |
19 | python3-chardet \ | 17 | python3-chardet \ |
diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2024-6345.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2024-6345.patch new file mode 100644 index 0000000000..ac520be74a --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2024-6345.patch | |||
@@ -0,0 +1,312 @@ | |||
1 | From 88807c7062788254f654ea8c03427adc859321f0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason R. Coombs <jaraco@jaraco.com> | ||
3 | Date: Mon Apr 29 20:01:38 2024 -0400 | ||
4 | Subject: [PATCH] Merge pull request #4332 from pypa/debt/package-index-vcs | ||
5 | |||
6 | Modernize package_index VCS handling | ||
7 | |||
8 | CVE: CVE-2024-6345 | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0] | ||
11 | |||
12 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
13 | --- | ||
14 | setup.cfg | 1 + | ||
15 | setuptools/package_index.py | 145 ++++++++++++++------------ | ||
16 | setuptools/tests/test_packageindex.py | 56 +++++----- | ||
17 | 3 files changed, 106 insertions(+), 96 deletions(-) | ||
18 | |||
19 | diff --git a/setup.cfg b/setup.cfg | ||
20 | index edf9798..238d00a 100644 | ||
21 | --- a/setup.cfg | ||
22 | +++ b/setup.cfg | ||
23 | @@ -65,6 +65,7 @@ testing = | ||
24 | sys_platform != "cygwin" | ||
25 | jaraco.develop >= 7.21; python_version >= "3.9" and sys_platform != "cygwin" | ||
26 | pytest-home >= 0.5 | ||
27 | + pytest-subprocess | ||
28 | testing-integration = | ||
29 | pytest | ||
30 | pytest-xdist | ||
31 | diff --git a/setuptools/package_index.py b/setuptools/package_index.py | ||
32 | index 271aa97..00a972d 100644 | ||
33 | --- a/setuptools/package_index.py | ||
34 | +++ b/setuptools/package_index.py | ||
35 | @@ -1,6 +1,7 @@ | ||
36 | """PyPI and direct package downloading.""" | ||
37 | |||
38 | import sys | ||
39 | +import subprocess | ||
40 | import os | ||
41 | import re | ||
42 | import io | ||
43 | @@ -585,7 +586,7 @@ class PackageIndex(Environment): | ||
44 | scheme = URL_SCHEME(spec) | ||
45 | if scheme: | ||
46 | # It's a url, download it to tmpdir | ||
47 | - found = self._download_url(scheme.group(1), spec, tmpdir) | ||
48 | + found = self._download_url(spec, tmpdir) | ||
49 | base, fragment = egg_info_for_url(spec) | ||
50 | if base.endswith('.py'): | ||
51 | found = self.gen_setup(found, fragment, tmpdir) | ||
52 | @@ -814,7 +815,7 @@ class PackageIndex(Environment): | ||
53 | else: | ||
54 | raise DistutilsError("Download error for %s: %s" % (url, v)) from v | ||
55 | |||
56 | - def _download_url(self, scheme, url, tmpdir): | ||
57 | + def _download_url(self, url, tmpdir): | ||
58 | # Determine download filename | ||
59 | # | ||
60 | name, fragment = egg_info_for_url(url) | ||
61 | @@ -829,19 +830,59 @@ class PackageIndex(Environment): | ||
62 | |||
63 | filename = os.path.join(tmpdir, name) | ||
64 | |||
65 | - # Download the file | ||
66 | - # | ||
67 | - if scheme == 'svn' or scheme.startswith('svn+'): | ||
68 | - return self._download_svn(url, filename) | ||
69 | - elif scheme == 'git' or scheme.startswith('git+'): | ||
70 | - return self._download_git(url, filename) | ||
71 | - elif scheme.startswith('hg+'): | ||
72 | - return self._download_hg(url, filename) | ||
73 | - elif scheme == 'file': | ||
74 | - return urllib.request.url2pathname(urllib.parse.urlparse(url)[2]) | ||
75 | - else: | ||
76 | - self.url_ok(url, True) # raises error if not allowed | ||
77 | - return self._attempt_download(url, filename) | ||
78 | + return self._download_vcs(url, filename) or self._download_other(url, filename) | ||
79 | + | ||
80 | + @staticmethod | ||
81 | + def _resolve_vcs(url): | ||
82 | + """ | ||
83 | + >>> rvcs = PackageIndex._resolve_vcs | ||
84 | + >>> rvcs('git+http://foo/bar') | ||
85 | + 'git' | ||
86 | + >>> rvcs('hg+https://foo/bar') | ||
87 | + 'hg' | ||
88 | + >>> rvcs('git:myhost') | ||
89 | + 'git' | ||
90 | + >>> rvcs('hg:myhost') | ||
91 | + >>> rvcs('http://foo/bar') | ||
92 | + """ | ||
93 | + scheme = urllib.parse.urlsplit(url).scheme | ||
94 | + pre, sep, post = scheme.partition('+') | ||
95 | + # svn and git have their own protocol; hg does not | ||
96 | + allowed = set(['svn', 'git'] + ['hg'] * bool(sep)) | ||
97 | + return next(iter({pre} & allowed), None) | ||
98 | + | ||
99 | + def _download_vcs(self, url, spec_filename): | ||
100 | + vcs = self._resolve_vcs(url) | ||
101 | + if not vcs: | ||
102 | + return | ||
103 | + if vcs == 'svn': | ||
104 | + raise DistutilsError( | ||
105 | + f"Invalid config, SVN download is not supported: {url}" | ||
106 | + ) | ||
107 | + | ||
108 | + filename, _, _ = spec_filename.partition('#') | ||
109 | + url, rev = self._vcs_split_rev_from_url(url) | ||
110 | + | ||
111 | + self.info(f"Doing {vcs} clone from {url} to {filename}") | ||
112 | + subprocess.check_call([vcs, 'clone', '--quiet', url, filename]) | ||
113 | + | ||
114 | + co_commands = dict( | ||
115 | + git=[vcs, '-C', filename, 'checkout', '--quiet', rev], | ||
116 | + hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'], | ||
117 | + ) | ||
118 | + if rev is not None: | ||
119 | + self.info(f"Checking out {rev}") | ||
120 | + subprocess.check_call(co_commands[vcs]) | ||
121 | + | ||
122 | + return filename | ||
123 | + | ||
124 | + def _download_other(self, url, filename): | ||
125 | + scheme = urllib.parse.urlsplit(url).scheme | ||
126 | + if scheme == 'file': # pragma: no cover | ||
127 | + return urllib.request.url2pathname(urllib.parse.urlparse(url).path) | ||
128 | + # raise error if not allowed | ||
129 | + self.url_ok(url, True) | ||
130 | + return self._attempt_download(url, filename) | ||
131 | |||
132 | def scan_url(self, url): | ||
133 | self.process_url(url, True) | ||
134 | @@ -857,64 +898,36 @@ class PackageIndex(Environment): | ||
135 | os.unlink(filename) | ||
136 | raise DistutilsError(f"Unexpected HTML page found at {url}") | ||
137 | |||
138 | - def _download_svn(self, url, _filename): | ||
139 | - raise DistutilsError(f"Invalid config, SVN download is not supported: {url}") | ||
140 | - | ||
141 | @staticmethod | ||
142 | - def _vcs_split_rev_from_url(url, pop_prefix=False): | ||
143 | - scheme, netloc, path, query, frag = urllib.parse.urlsplit(url) | ||
144 | + def _vcs_split_rev_from_url(url): | ||
145 | + """ | ||
146 | + Given a possible VCS URL, return a clean URL and resolved revision if any. | ||
147 | + >>> vsrfu = PackageIndex._vcs_split_rev_from_url | ||
148 | + >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools') | ||
149 | + ('https://github.com/pypa/setuptools', 'v69.0.0') | ||
150 | + >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools') | ||
151 | + ('https://github.com/pypa/setuptools', None) | ||
152 | + >>> vsrfu('http://foo/bar') | ||
153 | + ('http://foo/bar', None) | ||
154 | + """ | ||
155 | + parts = urllib.parse.urlsplit(url) | ||
156 | |||
157 | - scheme = scheme.split('+', 1)[-1] | ||
158 | + clean_scheme = parts.scheme.split('+', 1)[-1] | ||
159 | |||
160 | # Some fragment identification fails | ||
161 | - path = path.split('#', 1)[0] | ||
162 | - | ||
163 | - rev = None | ||
164 | - if '@' in path: | ||
165 | - path, rev = path.rsplit('@', 1) | ||
166 | - | ||
167 | - # Also, discard fragment | ||
168 | - url = urllib.parse.urlunsplit((scheme, netloc, path, query, '')) | ||
169 | - | ||
170 | - return url, rev | ||
171 | - | ||
172 | - def _download_git(self, url, filename): | ||
173 | - filename = filename.split('#', 1)[0] | ||
174 | - url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) | ||
175 | - | ||
176 | - self.info("Doing git clone from %s to %s", url, filename) | ||
177 | - os.system("git clone --quiet %s %s" % (url, filename)) | ||
178 | - | ||
179 | - if rev is not None: | ||
180 | - self.info("Checking out %s", rev) | ||
181 | - os.system( | ||
182 | - "git -C %s checkout --quiet %s" | ||
183 | - % ( | ||
184 | - filename, | ||
185 | - rev, | ||
186 | - ) | ||
187 | - ) | ||
188 | + no_fragment_path, _, _ = parts.path.partition('#') | ||
189 | |||
190 | - return filename | ||
191 | + pre, sep, post = no_fragment_path.rpartition('@') | ||
192 | + clean_path, rev = (pre, post) if sep else (post, None) | ||
193 | |||
194 | - def _download_hg(self, url, filename): | ||
195 | - filename = filename.split('#', 1)[0] | ||
196 | - url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) | ||
197 | + resolved = parts._replace( | ||
198 | + scheme=clean_scheme, | ||
199 | + path=clean_path, | ||
200 | + # discard the fragment | ||
201 | + fragment='', | ||
202 | + ).geturl() | ||
203 | |||
204 | - self.info("Doing hg clone from %s to %s", url, filename) | ||
205 | - os.system("hg clone --quiet %s %s" % (url, filename)) | ||
206 | - | ||
207 | - if rev is not None: | ||
208 | - self.info("Updating to %s", rev) | ||
209 | - os.system( | ||
210 | - "hg --cwd %s up -C -r %s -q" | ||
211 | - % ( | ||
212 | - filename, | ||
213 | - rev, | ||
214 | - ) | ||
215 | - ) | ||
216 | - | ||
217 | - return filename | ||
218 | + return resolved, rev | ||
219 | |||
220 | def debug(self, msg, *args): | ||
221 | log.debug(msg, *args) | ||
222 | diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py | ||
223 | index 41b9661..e4cd91a 100644 | ||
224 | --- a/setuptools/tests/test_packageindex.py | ||
225 | +++ b/setuptools/tests/test_packageindex.py | ||
226 | @@ -2,7 +2,6 @@ import distutils.errors | ||
227 | import urllib.request | ||
228 | import urllib.error | ||
229 | import http.client | ||
230 | -from unittest import mock | ||
231 | |||
232 | import pytest | ||
233 | |||
234 | @@ -171,49 +170,46 @@ class TestPackageIndex: | ||
235 | assert dists[0].version == '' | ||
236 | assert dists[1].version == vc | ||
237 | |||
238 | - def test_download_git_with_rev(self, tmpdir): | ||
239 | + def test_download_git_with_rev(self, tmp_path, fp): | ||
240 | url = 'git+https://github.example/group/project@master#egg=foo' | ||
241 | index = setuptools.package_index.PackageIndex() | ||
242 | |||
243 | - with mock.patch("os.system") as os_system_mock: | ||
244 | - result = index.download(url, str(tmpdir)) | ||
245 | + expected_dir = tmp_path / 'project@master' | ||
246 | + fp.register([ | ||
247 | + 'git', | ||
248 | + 'clone', | ||
249 | + '--quiet', | ||
250 | + 'https://github.example/group/project', | ||
251 | + expected_dir, | ||
252 | + ]) | ||
253 | + fp.register(['git', '-C', expected_dir, 'checkout', '--quiet', 'master']) | ||
254 | |||
255 | - os_system_mock.assert_called() | ||
256 | + result = index.download(url, tmp_path) | ||
257 | |||
258 | - expected_dir = str(tmpdir / 'project@master') | ||
259 | - expected = ( | ||
260 | - 'git clone --quiet ' 'https://github.example/group/project {expected_dir}' | ||
261 | - ).format(**locals()) | ||
262 | - first_call_args = os_system_mock.call_args_list[0][0] | ||
263 | - assert first_call_args == (expected,) | ||
264 | + assert result == str(expected_dir) | ||
265 | + assert len(fp.calls) == 2 | ||
266 | |||
267 | - tmpl = 'git -C {expected_dir} checkout --quiet master' | ||
268 | - expected = tmpl.format(**locals()) | ||
269 | - assert os_system_mock.call_args_list[1][0] == (expected,) | ||
270 | - assert result == expected_dir | ||
271 | - | ||
272 | - def test_download_git_no_rev(self, tmpdir): | ||
273 | + def test_download_git_no_rev(self, tmp_path, fp): | ||
274 | url = 'git+https://github.example/group/project#egg=foo' | ||
275 | index = setuptools.package_index.PackageIndex() | ||
276 | |||
277 | - with mock.patch("os.system") as os_system_mock: | ||
278 | - result = index.download(url, str(tmpdir)) | ||
279 | - | ||
280 | - os_system_mock.assert_called() | ||
281 | - | ||
282 | - expected_dir = str(tmpdir / 'project') | ||
283 | - expected = ( | ||
284 | - 'git clone --quiet ' 'https://github.example/group/project {expected_dir}' | ||
285 | - ).format(**locals()) | ||
286 | - os_system_mock.assert_called_once_with(expected) | ||
287 | - | ||
288 | - def test_download_svn(self, tmpdir): | ||
289 | + expected_dir = tmp_path / 'project' | ||
290 | + fp.register([ | ||
291 | + 'git', | ||
292 | + 'clone', | ||
293 | + '--quiet', | ||
294 | + 'https://github.example/group/project', | ||
295 | + expected_dir, | ||
296 | + ]) | ||
297 | + index.download(url, tmp_path) | ||
298 | + | ||
299 | + def test_download_svn(self, tmp_path): | ||
300 | url = 'svn+https://svn.example/project#egg=foo' | ||
301 | index = setuptools.package_index.PackageIndex() | ||
302 | |||
303 | msg = r".*SVN download is not supported.*" | ||
304 | with pytest.raises(distutils.errors.DistutilsError, match=msg): | ||
305 | - index.download(url, str(tmpdir)) | ||
306 | + index.download(url, tmp_path) | ||
307 | |||
308 | |||
309 | class TestContentCheckers: | ||
310 | -- | ||
311 | 2.40.0 | ||
312 | |||
diff --git a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb index 77d4e0aa03..7b9b02059f 100644 --- a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb +++ b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb | |||
@@ -9,14 +9,15 @@ inherit pypi python_setuptools_build_meta | |||
9 | SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" | 9 | SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" |
10 | 10 | ||
11 | SRC_URI += " \ | 11 | SRC_URI += " \ |
12 | file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch" | 12 | file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \ |
13 | file://CVE-2024-6345.patch \ | ||
14 | " | ||
13 | 15 | ||
14 | SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8" | 16 | SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8" |
15 | 17 | ||
16 | DEPENDS += "python3" | 18 | DEPENDS += "python3" |
17 | 19 | ||
18 | RDEPENDS:${PN} = "\ | 20 | RDEPENDS:${PN} = "\ |
19 | python3-2to3 \ | ||
20 | python3-compile \ | 21 | python3-compile \ |
21 | python3-compression \ | 22 | python3-compression \ |
22 | python3-ctypes \ | 23 | python3-ctypes \ |
diff --git a/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch new file mode 100644 index 0000000000..88b84c6024 --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From 999d4e74d34afa233ad8ad0c70b989d77a21957f Mon Sep 17 00:00:00 2001 | ||
2 | From: Petr Viktorin <encukou@gmail.com> | ||
3 | Date: Wed, 23 Aug 2023 20:00:07 +0200 | ||
4 | Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to | ||
5 | set it (#108369) | ||
6 | |||
7 | Upstream-Status: Backport [https://github.com/python/cpython/pull/108369] | ||
8 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
9 | --- | ||
10 | Lib/tarfile.py | 3 ++- | ||
11 | .../Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst | 3 +++ | ||
12 | 2 files changed, 5 insertions(+), 1 deletion(-) | ||
13 | create mode 100644 Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst | ||
14 | |||
15 | diff --git a/Lib/tarfile.py b/Lib/tarfile.py | ||
16 | index 3bbbcaa..473167d 100755 | ||
17 | --- a/Lib/tarfile.py | ||
18 | +++ b/Lib/tarfile.py | ||
19 | @@ -2557,7 +2557,8 @@ class TarFile(object): | ||
20 | os.lchown(targetpath, u, g) | ||
21 | else: | ||
22 | os.chown(targetpath, u, g) | ||
23 | - except OSError as e: | ||
24 | + except (OSError, OverflowError) as e: | ||
25 | + # OverflowError can be raised if an ID doesn't fit in `id_t` | ||
26 | raise ExtractError("could not change owner") from e | ||
27 | |||
28 | def chmod(self, tarinfo, targetpath): | ||
29 | diff --git a/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst | ||
30 | new file mode 100644 | ||
31 | index 0000000..ffca413 | ||
32 | --- /dev/null | ||
33 | +++ b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst | ||
34 | @@ -0,0 +1,3 @@ | ||
35 | +:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on | ||
36 | +an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to | ||
37 | +set the ID. | ||
38 | -- | ||
39 | 2.45.0 | ||
40 | |||
diff --git a/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch new file mode 100644 index 0000000000..6ebbaf10e0 --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-test_active_children-skip-problematic-test.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From bf3eb28bba24509a3e1cd40f1f0e26db833779a2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Trevor Gamblin <tgamblin@baylibre.com> | ||
3 | Date: Thu, 13 Jun 2024 10:54:31 -0400 | ||
4 | Subject: [PATCH] test_active_children: skip problematic test | ||
5 | |||
6 | This test is failing in some tests on the Autobuilder. Since it's of a | ||
7 | similar nature to other failing/hanging tests, disable it for now. | ||
8 | |||
9 | Upstream-Status: Inappropriate [OE-Specific] | ||
10 | |||
11 | Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
12 | --- | ||
13 | Lib/test/_test_multiprocessing.py | 1 + | ||
14 | 1 file changed, 1 insertion(+) | ||
15 | |||
16 | diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py | ||
17 | index 3955123455..a1861fa3a0 100644 | ||
18 | --- a/Lib/test/_test_multiprocessing.py | ||
19 | +++ b/Lib/test/_test_multiprocessing.py | ||
20 | @@ -579,6 +579,7 @@ def test_cpu_count(self): | ||
21 | self.assertTrue(type(cpus) is int) | ||
22 | self.assertTrue(cpus >= 1) | ||
23 | |||
24 | + @unittest.skip("skipping problematic test") | ||
25 | def test_active_children(self): | ||
26 | self.assertEqual(type(self.active_children()), list) | ||
27 | |||
28 | -- | ||
29 | 2.45.2 | ||
30 | |||
diff --git a/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch new file mode 100644 index 0000000000..f0a7cfd39b --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-test_deadlock-skip-problematic-test.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From d7e3f26e7094fbe20e2271d75f18ac3b23a67f58 Mon Sep 17 00:00:00 2001 | ||
2 | From: Trevor Gamblin <tgamblin@baylibre.com> | ||
3 | Date: Wed, 12 Jun 2024 10:29:03 -0400 | ||
4 | Subject: [PATCH] test_deadlock: skip problematic test | ||
5 | |||
6 | This test hangs frequently when run on the Autobuilder. Disable it in | ||
7 | testing until the cause can be determined. | ||
8 | |||
9 | Upstream-Status: Inappropriate [OE-Specific] | ||
10 | |||
11 | Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
12 | --- | ||
13 | Lib/test/test_concurrent_futures/test_deadlock.py | 1 + | ||
14 | 1 file changed, 1 insertion(+) | ||
15 | |||
16 | diff --git a/Lib/test/test_concurrent_futures/test_deadlock.py b/Lib/test/test_concurrent_futures/test_deadlock.py | ||
17 | index 1db4cd0099..fd07895a17 100644 | ||
18 | --- a/Lib/test/test_concurrent_futures/test_deadlock.py | ||
19 | +++ b/Lib/test/test_concurrent_futures/test_deadlock.py | ||
20 | @@ -90,6 +90,7 @@ def __reduce__(self): | ||
21 | return _raise_error_ignore_stderr, (UnpicklingError, ) | ||
22 | |||
23 | |||
24 | +@unittest.skip("skipping problematic test") | ||
25 | class ExecutorDeadlockTest: | ||
26 | TIMEOUT = support.LONG_TIMEOUT | ||
27 | |||
28 | -- | ||
29 | 2.45.2 | ||
30 | |||
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch new file mode 100644 index 0000000000..e8d297c721 --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From d9d916d5ea946c945323679d1709de1b87029b96 Mon Sep 17 00:00:00 2001 | ||
2 | From: Trevor Gamblin <tgamblin@baylibre.com> | ||
3 | Date: Tue, 13 Aug 2024 11:07:05 -0400 | ||
4 | Subject: [PATCH] test_readline: skip limited history test | ||
5 | |||
6 | This test was added recently and is failing on the ptest image when | ||
7 | using the default PACKAGECONFIG settings (i.e. with editline instead of | ||
8 | readline).. Disable it until the proper fix is determined. | ||
9 | |||
10 | A bug has been opened upstream: https://github.com/python/cpython/issues/123018 | ||
11 | |||
12 | Upstream-Status: Inappropriate [OE-specific] | ||
13 | |||
14 | Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
15 | --- | ||
16 | Lib/test/test_readline.py | 2 ++ | ||
17 | 1 file changed, 2 insertions(+) | ||
18 | |||
19 | Index: Python-3.12.6/Lib/test/test_readline.py | ||
20 | =================================================================== | ||
21 | --- Python-3.12.6.orig/Lib/test/test_readline.py | ||
22 | +++ Python-3.12.6/Lib/test/test_readline.py | ||
23 | @@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest. | ||
24 | self.assertEqual(readline.get_history_item(1), "entrée 1") | ||
25 | self.assertEqual(readline.get_history_item(2), "entrée 22") | ||
26 | |||
27 | + @unittest.skip("Skipping problematic test") | ||
28 | def test_write_read_limited_history(self): | ||
29 | previous_length = readline.get_history_length() | ||
30 | self.addCleanup(readline.set_history_length, previous_length) | ||
31 | @@ -371,6 +372,7 @@ readline.write_history_file(history_file | ||
32 | self.assertIn(b"done", output) | ||
33 | |||
34 | |||
35 | + @unittest.skip("Skipping problematic test") | ||
36 | def test_write_read_limited_history(self): | ||
37 | previous_length = readline.get_history_length() | ||
38 | self.addCleanup(readline.set_history_length, previous_length) | ||
diff --git a/meta/recipes-devtools/python/python3/deterministic_imports.patch b/meta/recipes-devtools/python/python3/deterministic_imports.patch index 104df94964..2de6ae2e98 100644 --- a/meta/recipes-devtools/python/python3/deterministic_imports.patch +++ b/meta/recipes-devtools/python/python3/deterministic_imports.patch | |||
@@ -11,7 +11,7 @@ has caused a long string of different issues for us. | |||
11 | 11 | ||
12 | As a result, patch this to a behaviour which works for us. | 12 | As a result, patch this to a behaviour which works for us. |
13 | 13 | ||
14 | Upstream-Status: Pending [need to talk to upstream to see if they'll take one or both fixes] | 14 | Upstream-Status: Submitted [https://github.com/python/cpython/issues/120492; need to first talk to upstream to see if they'll take one or both fixes] |
15 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | 15 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
16 | 16 | ||
17 | --- | 17 | --- |
diff --git a/meta/recipes-devtools/python/python3_3.12.4.bb b/meta/recipes-devtools/python/python3_3.12.6.bb index 0cb84b91b4..ae69f0e781 100644 --- a/meta/recipes-devtools/python/python3_3.12.4.bb +++ b/meta/recipes-devtools/python/python3_3.12.6.bb | |||
@@ -31,13 +31,17 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ | |||
31 | file://0001-test_storlines-skip-due-to-load-variability.patch \ | 31 | file://0001-test_storlines-skip-due-to-load-variability.patch \ |
32 | file://0001-gh-114492-Initialize-struct-termios-before-calling-t.patch \ | 32 | file://0001-gh-114492-Initialize-struct-termios-before-calling-t.patch \ |
33 | file://0001-test_shutdown-skip-problematic-test.patch \ | 33 | file://0001-test_shutdown-skip-problematic-test.patch \ |
34 | file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \ | ||
35 | file://0001-test_deadlock-skip-problematic-test.patch \ | ||
36 | file://0001-test_active_children-skip-problematic-test.patch \ | ||
37 | file://0001-test_readline-skip-limited-history-test.patch \ | ||
34 | " | 38 | " |
35 | 39 | ||
36 | SRC_URI:append:class-native = " \ | 40 | SRC_URI:append:class-native = " \ |
37 | file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ | 41 | file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ |
38 | " | 42 | " |
39 | 43 | ||
40 | SRC_URI[sha256sum] = "f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554" | 44 | SRC_URI[sha256sum] = "1999658298cf2fb837dffed8ff3c033ef0c98ef20cf73c5d5f66bed5ab89697c" |
41 | 45 | ||
42 | # exclude pre-releases for both python 2.x and 3.x | 46 | # exclude pre-releases for both python 2.x and 3.x |
43 | UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" | 47 | UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" |
diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.1.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb index a77953529b..a77953529b 100644 --- a/meta/recipes-devtools/qemu/qemu-native_8.2.1.bb +++ b/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb | |||
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.1.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb index 0634b34242..0634b34242 100644 --- a/meta/recipes-devtools/qemu/qemu-system-native_8.2.1.bb +++ b/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb | |||
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 4501f84c2b..e9f63b9eaf 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -34,14 +34,24 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
34 | file://fixedmeson.patch \ | 34 | file://fixedmeson.patch \ |
35 | file://no-pip.patch \ | 35 | file://no-pip.patch \ |
36 | file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \ | 36 | file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \ |
37 | file://0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch \ | ||
38 | file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \ | 37 | file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \ |
39 | file://0003-linux-user-Add-strace-for-shmat.patch \ | 38 | file://0003-linux-user-Add-strace-for-shmat.patch \ |
40 | file://0004-linux-user-Rewrite-target_shmat.patch \ | 39 | file://0004-linux-user-Rewrite-target_shmat.patch \ |
41 | file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ | 40 | file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ |
42 | file://CVE-2023-6683.patch \ | ||
43 | file://qemu-guest-agent.init \ | 41 | file://qemu-guest-agent.init \ |
44 | file://qemu-guest-agent.udev \ | 42 | file://qemu-guest-agent.udev \ |
43 | file://CVE-2024-4467-0001.patch \ | ||
44 | file://CVE-2024-4467-0002.patch \ | ||
45 | file://CVE-2024-4467-0003.patch \ | ||
46 | file://CVE-2024-4467-0004.patch \ | ||
47 | file://CVE-2024-4467-0005.patch \ | ||
48 | file://CVE-2024-7409-0001.patch \ | ||
49 | file://CVE-2024-7409-0002.patch \ | ||
50 | file://CVE-2024-7409-0003.patch \ | ||
51 | file://CVE-2024-7409-0004.patch \ | ||
52 | file://0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch \ | ||
53 | file://0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch \ | ||
54 | file://0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch \ | ||
45 | " | 55 | " |
46 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 56 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
47 | 57 | ||
@@ -58,7 +68,7 @@ SRC_URI:append:class-native = " \ | |||
58 | file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ | 68 | file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ |
59 | " | 69 | " |
60 | 70 | ||
61 | SRC_URI[sha256sum] = "8562751158175f9d187c5f22b57555abe3c870f0325c8ced12c34c6d987729be" | 71 | SRC_URI[sha256sum] = "dc747fb366809455317601c4876bd1f6829a32a23e83fb76e45ab12c2a569964" |
62 | 72 | ||
63 | CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." | 73 | CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." |
64 | 74 | ||
@@ -76,6 +86,8 @@ CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies only against versions before | |||
76 | 86 | ||
77 | CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" | 87 | CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" |
78 | 88 | ||
89 | CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 and earlier" | ||
90 | |||
79 | CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" | 91 | CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier" |
80 | 92 | ||
81 | COMPATIBLE_HOST:mipsarchn32 = "null" | 93 | COMPATIBLE_HOST:mipsarchn32 = "null" |
diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch deleted file mode 100644 index 2eaebe883c..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch +++ /dev/null | |||
@@ -1,56 +0,0 @@ | |||
1 | From 4517e2046610722879761bcdb60edbb2b929c848 Mon Sep 17 00:00:00 2001 | ||
2 | From: Richard Henderson <richard.henderson@linaro.org> | ||
3 | Date: Wed, 28 Feb 2024 10:25:14 -1000 | ||
4 | Subject: [PATCH 1/5] linux-user/x86_64: Handle the vsyscall page in | ||
5 | open_self_maps_{2,4} | ||
6 | |||
7 | This is the only case in which we expect to have no host memory backing | ||
8 | for a guest memory page, because in general linux user processes cannot | ||
9 | map any pages in the top half of the 64-bit address space. | ||
10 | |||
11 | Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] | ||
12 | |||
13 | Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2170 | ||
14 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
15 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
16 | --- | ||
17 | linux-user/syscall.c | 16 ++++++++++++++++ | ||
18 | 1 file changed, 16 insertions(+) | ||
19 | |||
20 | diff --git a/linux-user/syscall.c b/linux-user/syscall.c | ||
21 | index a114f29a8..8307a8a61 100644 | ||
22 | --- a/linux-user/syscall.c | ||
23 | +++ b/linux-user/syscall.c | ||
24 | @@ -7922,6 +7922,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d, | ||
25 | path = "[heap]"; | ||
26 | } else if (start == info->vdso) { | ||
27 | path = "[vdso]"; | ||
28 | +#ifdef TARGET_X86_64 | ||
29 | + } else if (start == TARGET_VSYSCALL_PAGE) { | ||
30 | + path = "[vsyscall]"; | ||
31 | +#endif | ||
32 | } | ||
33 | |||
34 | /* Except null device (MAP_ANON), adjust offset for this fragment. */ | ||
35 | @@ -8010,6 +8014,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start, | ||
36 | uintptr_t host_start = (uintptr_t)g2h_untagged(guest_start); | ||
37 | uintptr_t host_last = (uintptr_t)g2h_untagged(guest_end - 1); | ||
38 | |||
39 | +#ifdef TARGET_X86_64 | ||
40 | + /* | ||
41 | + * Because of the extremely high position of the page within the guest | ||
42 | + * virtual address space, this is not backed by host memory at all. | ||
43 | + * Therefore the loop below would fail. This is the only instance | ||
44 | + * of not having host backing memory. | ||
45 | + */ | ||
46 | + if (guest_start == TARGET_VSYSCALL_PAGE) { | ||
47 | + return open_self_maps_3(opaque, guest_start, guest_end, flags); | ||
48 | + } | ||
49 | +#endif | ||
50 | + | ||
51 | while (1) { | ||
52 | IntervalTreeNode *n = | ||
53 | interval_tree_iter_first(d->host_maps, host_start, host_start); | ||
54 | -- | ||
55 | 2.34.1 | ||
56 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch b/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch new file mode 100644 index 0000000000..39a6a85162 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch | |||
@@ -0,0 +1,75 @@ | |||
1 | From bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Henrique Barboza <dbarboza@ventanamicro.com> | ||
3 | Date: Fri, 8 Dec 2023 15:38:31 -0300 | ||
4 | Subject: [PATCH 1/3] target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32 | ||
5 | |||
6 | KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using | ||
7 | kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when | ||
8 | running with TARGET_RISCV64. The most likely reason why no one noticed | ||
9 | this is because we're not implementing kvm_cpu_synchronize_state() in | ||
10 | RISC-V yet. | ||
11 | |||
12 | Create a new helper that returns a KVM ID with u32 size and use it in | ||
13 | RISCV_FP_F_REG(). | ||
14 | |||
15 | Reported-by: Andrew Jones <ajones@ventanamicro.com> | ||
16 | Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> | ||
17 | Reviewed-by: Andrew Jones <ajones@ventanamicro.com> | ||
18 | Message-ID: <20231208183835.2411523-2-dbarboza@ventanamicro.com> | ||
19 | Signed-off-by: Alistair Francis <alistair.francis@wdc.com> | ||
20 | (cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838) | ||
21 | Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> | ||
22 | |||
23 | Upstream-Status: Backport [bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9] | ||
24 | |||
25 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
26 | --- | ||
27 | target/riscv/kvm/kvm-cpu.c | 11 ++++++++--- | ||
28 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
29 | |||
30 | diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c | ||
31 | index c1675158fe..2eef2be86a 100644 | ||
32 | --- a/target/riscv/kvm/kvm-cpu.c | ||
33 | +++ b/target/riscv/kvm/kvm-cpu.c | ||
34 | @@ -72,6 +72,11 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type, | ||
35 | return id; | ||
36 | } | ||
37 | |||
38 | +static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx) | ||
39 | +{ | ||
40 | + return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx; | ||
41 | +} | ||
42 | + | ||
43 | #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \ | ||
44 | KVM_REG_RISCV_CORE_REG(name)) | ||
45 | |||
46 | @@ -81,7 +86,7 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type, | ||
47 | #define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \ | ||
48 | KVM_REG_RISCV_TIMER_REG(name)) | ||
49 | |||
50 | -#define RISCV_FP_F_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, idx) | ||
51 | +#define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx) | ||
52 | |||
53 | #define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx) | ||
54 | |||
55 | @@ -586,7 +591,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs) | ||
56 | if (riscv_has_ext(env, RVF)) { | ||
57 | uint32_t reg; | ||
58 | for (i = 0; i < 32; i++) { | ||
59 | - ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), ®); | ||
60 | + ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), ®); | ||
61 | if (ret) { | ||
62 | return ret; | ||
63 | } | ||
64 | @@ -620,7 +625,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs) | ||
65 | uint32_t reg; | ||
66 | for (i = 0; i < 32; i++) { | ||
67 | reg = env->fpr[i]; | ||
68 | - ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), ®); | ||
69 | + ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), ®); | ||
70 | if (ret) { | ||
71 | return ret; | ||
72 | } | ||
73 | -- | ||
74 | 2.25.1 | ||
75 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch new file mode 100644 index 0000000000..9480d3e0b5 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From 125b95d79e746cbab6b72683b3382dd372e38c61 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Henrique Barboza <dbarboza@ventanamicro.com> | ||
3 | Date: Fri, 8 Dec 2023 15:38:32 -0300 | ||
4 | Subject: [PATCH 2/3] target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64 | ||
5 | |||
6 | KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in | ||
7 | RISCV_FP_D_REG() ends up encoding the wrong size if we're running with | ||
8 | TARGET_RISCV32. | ||
9 | |||
10 | Create a new helper that returns a KVM ID with u64 size and use it with | ||
11 | RISCV_FP_D_REG(). | ||
12 | |||
13 | Reported-by: Andrew Jones <ajones@ventanamicro.com> | ||
14 | Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> | ||
15 | Reviewed-by: Andrew Jones <ajones@ventanamicro.com> | ||
16 | Message-ID: <20231208183835.2411523-3-dbarboza@ventanamicro.com> | ||
17 | Signed-off-by: Alistair Francis <alistair.francis@wdc.com> | ||
18 | (cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084) | ||
19 | Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> | ||
20 | |||
21 | Upstream-Status: Backport [125b95d79e746cbab6b72683b3382dd372e38c61] | ||
22 | |||
23 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
24 | --- | ||
25 | target/riscv/kvm/kvm-cpu.c | 11 ++++++++--- | ||
26 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
27 | |||
28 | diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c | ||
29 | index 2eef2be86a..82ed4455a5 100644 | ||
30 | --- a/target/riscv/kvm/kvm-cpu.c | ||
31 | +++ b/target/riscv/kvm/kvm-cpu.c | ||
32 | @@ -77,6 +77,11 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx) | ||
33 | return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx; | ||
34 | } | ||
35 | |||
36 | +static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx) | ||
37 | +{ | ||
38 | + return KVM_REG_RISCV | KVM_REG_SIZE_U64 | type | idx; | ||
39 | +} | ||
40 | + | ||
41 | #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \ | ||
42 | KVM_REG_RISCV_CORE_REG(name)) | ||
43 | |||
44 | @@ -88,7 +93,7 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx) | ||
45 | |||
46 | #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx) | ||
47 | |||
48 | -#define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx) | ||
49 | +#define RISCV_FP_D_REG(idx) kvm_riscv_reg_id_u64(KVM_REG_RISCV_FP_D, idx) | ||
50 | |||
51 | #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \ | ||
52 | do { \ | ||
53 | @@ -579,7 +584,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs) | ||
54 | if (riscv_has_ext(env, RVD)) { | ||
55 | uint64_t reg; | ||
56 | for (i = 0; i < 32; i++) { | ||
57 | - ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), ®); | ||
58 | + ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), ®); | ||
59 | if (ret) { | ||
60 | return ret; | ||
61 | } | ||
62 | @@ -613,7 +618,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs) | ||
63 | uint64_t reg; | ||
64 | for (i = 0; i < 32; i++) { | ||
65 | reg = env->fpr[i]; | ||
66 | - ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), ®); | ||
67 | + ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), ®); | ||
68 | if (ret) { | ||
69 | return ret; | ||
70 | } | ||
71 | -- | ||
72 | 2.25.1 | ||
73 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch b/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch new file mode 100644 index 0000000000..1ea1bcfe70 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch | |||
@@ -0,0 +1,107 @@ | |||
1 | From cbae1080988e0f1af0fb4c816205f7647f6de16f Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Henrique Barboza <dbarboza@ventanamicro.com> | ||
3 | Date: Fri, 8 Dec 2023 15:38:33 -0300 | ||
4 | Subject: [PATCH 3/3] target/riscv/kvm: change timer regs size to u64 | ||
5 | |||
6 | KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at | ||
7 | this moment we'll return u32 regs if we're running a RISCV32 target. | ||
8 | |||
9 | Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it. | ||
10 | |||
11 | Reported-by: Andrew Jones <ajones@ventanamicro.com> | ||
12 | Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> | ||
13 | Reviewed-by: Andrew Jones <ajones@ventanamicro.com> | ||
14 | Message-ID: <20231208183835.2411523-4-dbarboza@ventanamicro.com> | ||
15 | Signed-off-by: Alistair Francis <alistair.francis@wdc.com> | ||
16 | (cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529) | ||
17 | Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> | ||
18 | |||
19 | Upstream-Status: Backport [cbae1080988e0f1af0fb4c816205f7647f6de16f] | ||
20 | |||
21 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
22 | --- | ||
23 | target/riscv/kvm/kvm-cpu.c | 26 +++++++++++++------------- | ||
24 | 1 file changed, 13 insertions(+), 13 deletions(-) | ||
25 | |||
26 | diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c | ||
27 | index 82ed4455a5..ddbe820e10 100644 | ||
28 | --- a/target/riscv/kvm/kvm-cpu.c | ||
29 | +++ b/target/riscv/kvm/kvm-cpu.c | ||
30 | @@ -88,7 +88,7 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx) | ||
31 | #define RISCV_CSR_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \ | ||
32 | KVM_REG_RISCV_CSR_REG(name)) | ||
33 | |||
34 | -#define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \ | ||
35 | +#define RISCV_TIMER_REG(name) kvm_riscv_reg_id_u64(KVM_REG_RISCV_TIMER, \ | ||
36 | KVM_REG_RISCV_TIMER_REG(name)) | ||
37 | |||
38 | #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx) | ||
39 | @@ -111,17 +111,17 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx) | ||
40 | } \ | ||
41 | } while (0) | ||
42 | |||
43 | -#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \ | ||
44 | +#define KVM_RISCV_GET_TIMER(cs, name, reg) \ | ||
45 | do { \ | ||
46 | - int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \ | ||
47 | + int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), ®); \ | ||
48 | if (ret) { \ | ||
49 | abort(); \ | ||
50 | } \ | ||
51 | } while (0) | ||
52 | |||
53 | -#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \ | ||
54 | +#define KVM_RISCV_SET_TIMER(cs, name, reg) \ | ||
55 | do { \ | ||
56 | - int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \ | ||
57 | + int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), ®); \ | ||
58 | if (ret) { \ | ||
59 | abort(); \ | ||
60 | } \ | ||
61 | @@ -649,10 +649,10 @@ static void kvm_riscv_get_regs_timer(CPUState *cs) | ||
62 | return; | ||
63 | } | ||
64 | |||
65 | - KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time); | ||
66 | - KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare); | ||
67 | - KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state); | ||
68 | - KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency); | ||
69 | + KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time); | ||
70 | + KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare); | ||
71 | + KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state); | ||
72 | + KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency); | ||
73 | |||
74 | env->kvm_timer_dirty = true; | ||
75 | } | ||
76 | @@ -666,8 +666,8 @@ static void kvm_riscv_put_regs_timer(CPUState *cs) | ||
77 | return; | ||
78 | } | ||
79 | |||
80 | - KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time); | ||
81 | - KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare); | ||
82 | + KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time); | ||
83 | + KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare); | ||
84 | |||
85 | /* | ||
86 | * To set register of RISCV_TIMER_REG(state) will occur a error from KVM | ||
87 | @@ -676,7 +676,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs) | ||
88 | * TODO If KVM changes, adapt here. | ||
89 | */ | ||
90 | if (env->kvm_timer_state) { | ||
91 | - KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state); | ||
92 | + KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state); | ||
93 | } | ||
94 | |||
95 | /* | ||
96 | @@ -685,7 +685,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs) | ||
97 | * during the migration. | ||
98 | */ | ||
99 | if (migration_is_running(migrate_get_current()->state)) { | ||
100 | - KVM_RISCV_GET_TIMER(cs, env, frequency, reg); | ||
101 | + KVM_RISCV_GET_TIMER(cs, frequency, reg); | ||
102 | if (reg != env->kvm_timer_frequency) { | ||
103 | error_report("Dst Hosts timer frequency != Src Hosts"); | ||
104 | } | ||
105 | -- | ||
106 | 2.25.1 | ||
107 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch deleted file mode 100644 index 732cb6af18..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch +++ /dev/null | |||
@@ -1,91 +0,0 @@ | |||
1 | From 405484b29f6548c7b86549b0f961b906337aa68a Mon Sep 17 00:00:00 2001 | ||
2 | From: Fiona Ebner <f.ebner@proxmox.com> | ||
3 | Date: Wed, 24 Jan 2024 11:57:48 +0100 | ||
4 | Subject: [PATCH] ui/clipboard: mark type as not available when there is no | ||
5 | data | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT | ||
11 | message with len=0. In qemu_clipboard_set_data(), the clipboard info | ||
12 | will be updated setting data to NULL (because g_memdup(data, size) | ||
13 | returns NULL when size is 0). If the client does not set the | ||
14 | VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then | ||
15 | the 'request' callback for the clipboard peer is not initialized. | ||
16 | Later, because data is NULL, qemu_clipboard_request() can be reached | ||
17 | via vdagent_chr_write() and vdagent_clipboard_recv_request() and | ||
18 | there, the clipboard owner's 'request' callback will be attempted to | ||
19 | be called, but that is a NULL pointer. | ||
20 | |||
21 | In particular, this can happen when using the KRDC (22.12.3) VNC | ||
22 | client. | ||
23 | |||
24 | Another scenario leading to the same issue is with two clients (say | ||
25 | noVNC and KRDC): | ||
26 | |||
27 | The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and | ||
28 | initializes its cbpeer. | ||
29 | |||
30 | The KRDC client does not, but triggers a vnc_client_cut_text() (note | ||
31 | it's not the _ext variant)). There, a new clipboard info with it as | ||
32 | the 'owner' is created and via qemu_clipboard_set_data() is called, | ||
33 | which in turn calls qemu_clipboard_update() with that info. | ||
34 | |||
35 | In qemu_clipboard_update(), the notifier for the noVNC client will be | ||
36 | called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the | ||
37 | noVNC client. The 'owner' in that clipboard info is the clipboard peer | ||
38 | for the KRDC client, which did not initialize the 'request' function. | ||
39 | That sounds correct to me, it is the owner of that clipboard info. | ||
40 | |||
41 | Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set | ||
42 | the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it | ||
43 | passes), that clipboard info is passed to qemu_clipboard_request() and | ||
44 | the original segfault still happens. | ||
45 | |||
46 | Fix the issue by handling updates with size 0 differently. In | ||
47 | particular, mark in the clipboard info that the type is not available. | ||
48 | |||
49 | While at it, switch to g_memdup2(), because g_memdup() is deprecated. | ||
50 | |||
51 | Cc: qemu-stable@nongnu.org | ||
52 | Fixes: CVE-2023-6683 | ||
53 | Reported-by: Markus Frank <m.frank@proxmox.com> | ||
54 | Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com> | ||
55 | Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> | ||
56 | Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> | ||
57 | Tested-by: Markus Frank <m.frank@proxmox.com> | ||
58 | Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com> | ||
59 | |||
60 | CVE: CVE-2023-6683 | ||
61 | |||
62 | Upstream-Status: Backport [https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a] | ||
63 | Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> | ||
64 | |||
65 | --- | ||
66 | ui/clipboard.c | 12 +++++++++--- | ||
67 | 1 file changed, 9 insertions(+), 3 deletions(-) | ||
68 | |||
69 | diff --git a/ui/clipboard.c b/ui/clipboard.c | ||
70 | index 3d14bffaf80f..b3f6fa3c9e1f 100644 | ||
71 | --- a/ui/clipboard.c | ||
72 | +++ b/ui/clipboard.c | ||
73 | @@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, | ||
74 | } | ||
75 | |||
76 | g_free(info->types[type].data); | ||
77 | - info->types[type].data = g_memdup(data, size); | ||
78 | - info->types[type].size = size; | ||
79 | - info->types[type].available = true; | ||
80 | + if (size) { | ||
81 | + info->types[type].data = g_memdup2(data, size); | ||
82 | + info->types[type].size = size; | ||
83 | + info->types[type].available = true; | ||
84 | + } else { | ||
85 | + info->types[type].data = NULL; | ||
86 | + info->types[type].size = 0; | ||
87 | + info->types[type].available = false; | ||
88 | + } | ||
89 | |||
90 | if (update) { | ||
91 | qemu_clipboard_update(info); | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch new file mode 100644 index 0000000000..dbcc71bb4e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch | |||
@@ -0,0 +1,112 @@ | |||
1 | From bd385a5298d7062668e804d73944d52aec9549f1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Kevin Wolf <kwolf@redhat.com> | ||
3 | Date: Fri, 16 Aug 2024 08:29:04 +0000 | ||
4 | Subject: [PATCH] qcow2: Don't open data_file with BDRV_O_NO_IO | ||
5 | |||
6 | One use case for 'qemu-img info' is verifying that untrusted images | ||
7 | don't reference an unwanted external file, be it as a backing file or an | ||
8 | external data file. To make sure that calling 'qemu-img info' can't | ||
9 | already have undesired side effects with a malicious image, just don't | ||
10 | open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do | ||
11 | I/O, we don't need to have it open. | ||
12 | |||
13 | This changes the output of iotests case 061, which used 'qemu-img info' | ||
14 | to show that opening an image with an invalid data file fails. After | ||
15 | this patch, it succeeds. Replace this part of the test with a qemu-io | ||
16 | call, but keep the final 'qemu-img info' to show that the invalid data | ||
17 | file is correctly displayed in the output. | ||
18 | |||
19 | Fixes: CVE-2024-4467 | ||
20 | Cc: qemu-stable@nongnu.org | ||
21 | Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||
22 | Reviewed-by: Eric Blake <eblake@redhat.com> | ||
23 | Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> | ||
24 | Reviewed-by: Hanna Czenczek <hreitz@redhat.com> | ||
25 | |||
26 | CVE: CVE-2024-4667 | ||
27 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1] | ||
28 | |||
29 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
30 | --- | ||
31 | block/qcow2.c | 17 ++++++++++++++++- | ||
32 | tests/qemu-iotests/061 | 6 ++++-- | ||
33 | tests/qemu-iotests/061.out | 8 ++++++-- | ||
34 | 3 files changed, 26 insertions(+), 5 deletions(-) | ||
35 | |||
36 | diff --git a/block/qcow2.c b/block/qcow2.c | ||
37 | index 13e032bd5..7af7c0bee 100644 | ||
38 | --- a/block/qcow2.c | ||
39 | +++ b/block/qcow2.c | ||
40 | @@ -1636,7 +1636,22 @@ qcow2_do_open(BlockDriverState *bs, QDict *options, int flags, | ||
41 | goto fail; | ||
42 | } | ||
43 | |||
44 | - if (open_data_file) { | ||
45 | + if (open_data_file && (flags & BDRV_O_NO_IO)) { | ||
46 | + /* | ||
47 | + * Don't open the data file for 'qemu-img info' so that it can be used | ||
48 | + * to verify that an untrusted qcow2 image doesn't refer to external | ||
49 | + * files. | ||
50 | + * | ||
51 | + * Note: This still makes has_data_file() return true. | ||
52 | + */ | ||
53 | + if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) { | ||
54 | + s->data_file = NULL; | ||
55 | + } else { | ||
56 | + s->data_file = bs->file; | ||
57 | + } | ||
58 | + qdict_extract_subqdict(options, NULL, "data-file."); | ||
59 | + qdict_del(options, "data-file"); | ||
60 | + } else if (open_data_file) { | ||
61 | /* Open external data file */ | ||
62 | bdrv_graph_co_rdunlock(); | ||
63 | s->data_file = bdrv_co_open_child(NULL, options, "data-file", bs, | ||
64 | diff --git a/tests/qemu-iotests/061 b/tests/qemu-iotests/061 | ||
65 | index 53c7d428e..b71ac097d 100755 | ||
66 | --- a/tests/qemu-iotests/061 | ||
67 | +++ b/tests/qemu-iotests/061 | ||
68 | @@ -326,12 +326,14 @@ $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG" | ||
69 | echo | ||
70 | _make_test_img -o "compat=1.1,data_file=$TEST_IMG.data" 64M | ||
71 | $QEMU_IMG amend -o "data_file=foo" "$TEST_IMG" | ||
72 | -_img_info --format-specific | ||
73 | +$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt | ||
74 | +$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io | ||
75 | TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts | ||
76 | |||
77 | echo | ||
78 | $QEMU_IMG amend -o "data_file=" --image-opts "data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" | ||
79 | -_img_info --format-specific | ||
80 | +$QEMU_IO -c "read 0 4k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt | ||
81 | +$QEMU_IO -c "open -o data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" -c "read 0 4k" | _filter_qemu_io | ||
82 | TEST_IMG="data-file.filename=$TEST_IMG.data,file.filename=$TEST_IMG" _img_info --format-specific --image-opts | ||
83 | |||
84 | echo | ||
85 | diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out | ||
86 | index 139fc6817..24c33add7 100644 | ||
87 | --- a/tests/qemu-iotests/061.out | ||
88 | +++ b/tests/qemu-iotests/061.out | ||
89 | @@ -545,7 +545,9 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 | ||
90 | qemu-img: data-file can only be set for images that use an external data file | ||
91 | |||
92 | Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 data_file=TEST_DIR/t.IMGFMT.data | ||
93 | -qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 'foo': No such file or directory | ||
94 | +qemu-io: can't open device TEST_DIR/t.IMGFMT: Could not open 'foo': No such file or directory | ||
95 | +read 4096/4096 bytes at offset 0 | ||
96 | +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) | ||
97 | image: TEST_DIR/t.IMGFMT | ||
98 | file format: IMGFMT | ||
99 | virtual size: 64 MiB (67108864 bytes) | ||
100 | @@ -560,7 +562,9 @@ Format specific information: | ||
101 | corrupt: false | ||
102 | extended l2: false | ||
103 | |||
104 | -qemu-img: Could not open 'TEST_DIR/t.IMGFMT': 'data-file' is required for this image | ||
105 | +qemu-io: can't open device TEST_DIR/t.IMGFMT: 'data-file' is required for this image | ||
106 | +read 4096/4096 bytes at offset 0 | ||
107 | +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) | ||
108 | image: TEST_DIR/t.IMGFMT | ||
109 | file format: IMGFMT | ||
110 | virtual size: 64 MiB (67108864 bytes) | ||
111 | -- | ||
112 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch new file mode 100644 index 0000000000..686176189c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From 2eb42a728d27a43fdcad5f37d3f65706ce6deba5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Kevin Wolf <kwolf@redhat.com> | ||
3 | Date: Fri, 16 Aug 2024 09:35:24 +0000 | ||
4 | Subject: [PATCH] iotests/244: Don't store data-file with protocol in image | ||
5 | |||
6 | We want to disable filename parsing for data files because it's too easy | ||
7 | to abuse in malicious image files. Make the test ready for the change by | ||
8 | passing the data file explicitly in command line options. | ||
9 | |||
10 | Cc: qemu-stable@nongnu.org | ||
11 | Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||
12 | Reviewed-by: Eric Blake <eblake@redhat.com> | ||
13 | Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> | ||
14 | Reviewed-by: Hanna Czenczek <hreitz@redhat.com> | ||
15 | |||
16 | CVE: CVE-2024-4467 | ||
17 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5] | ||
18 | |||
19 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
20 | --- | ||
21 | tests/qemu-iotests/244 | 19 ++++++++++++++++--- | ||
22 | 1 file changed, 16 insertions(+), 3 deletions(-) | ||
23 | |||
24 | diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244 | ||
25 | index 3e61fa25b..bb9cc6512 100755 | ||
26 | --- a/tests/qemu-iotests/244 | ||
27 | +++ b/tests/qemu-iotests/244 | ||
28 | @@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG" | ||
29 | $QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG" | ||
30 | |||
31 | # blkdebug doesn't support copy offloading, so this tests the error path | ||
32 | -$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG" | ||
33 | -$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG" | ||
34 | -$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG" | ||
35 | +test_img_with_blkdebug="json:{ | ||
36 | + 'driver': 'qcow2', | ||
37 | + 'file': { | ||
38 | + 'driver': 'file', | ||
39 | + 'filename': '$TEST_IMG' | ||
40 | + }, | ||
41 | + 'data-file': { | ||
42 | + 'driver': 'blkdebug', | ||
43 | + 'image': { | ||
44 | + 'driver': 'file', | ||
45 | + 'filename': '$TEST_IMG.data' | ||
46 | + } | ||
47 | + } | ||
48 | +}" | ||
49 | +$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug" | ||
50 | +$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug" | ||
51 | |||
52 | echo | ||
53 | echo "=== Flushing should flush the data file ===" | ||
54 | -- | ||
55 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch new file mode 100644 index 0000000000..02611d6732 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | From 7e1110664ecbc4826f3c978ccb06b6c1bce823e6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Kevin Wolf <kwolf@redhat.com> | ||
3 | Date: Fri, 16 Aug 2024 10:24:58 +0000 | ||
4 | Subject: [PATCH] iotests/270: Don't store data-file with json: prefix in image | ||
5 | |||
6 | We want to disable filename parsing for data files because it's too easy | ||
7 | to abuse in malicious image files. Make the test ready for the change by | ||
8 | passing the data file explicitly in command line options. | ||
9 | |||
10 | Cc: qemu-stable@nongnu.org | ||
11 | Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||
12 | Reviewed-by: Eric Blake <eblake@redhat.com> | ||
13 | Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> | ||
14 | Reviewed-by: Hanna Czenczek <hreitz@redhat.com> | ||
15 | |||
16 | CVE: CVE-2024-4467 | ||
17 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6] | ||
18 | |||
19 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
20 | --- | ||
21 | tests/qemu-iotests/270 | 14 +++++++++++--- | ||
22 | 1 file changed, 11 insertions(+), 3 deletions(-) | ||
23 | |||
24 | diff --git a/tests/qemu-iotests/270 b/tests/qemu-iotests/270 | ||
25 | index 74352342d..c37b674aa 100755 | ||
26 | --- a/tests/qemu-iotests/270 | ||
27 | +++ b/tests/qemu-iotests/270 | ||
28 | @@ -60,8 +60,16 @@ _make_test_img -o cluster_size=2M,data_file="$TEST_IMG.orig" \ | ||
29 | # "write" 2G of data without using any space. | ||
30 | # (qemu-img create does not like it, though, because null-co does not | ||
31 | # support image creation.) | ||
32 | -$QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \ | ||
33 | - "$TEST_IMG" | ||
34 | +test_img_with_null_data="json:{ | ||
35 | + 'driver': '$IMGFMT', | ||
36 | + 'file': { | ||
37 | + 'filename': '$TEST_IMG' | ||
38 | + }, | ||
39 | + 'data-file': { | ||
40 | + 'driver': 'null-co', | ||
41 | + 'size':'4294967296' | ||
42 | + } | ||
43 | +}" | ||
44 | |||
45 | # This gives us a range of: | ||
46 | # 2^31 - 512 + 768 - 1 = 2^31 + 255 > 2^31 | ||
47 | @@ -74,7 +82,7 @@ $QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \ | ||
48 | # on L2 boundaries, we need large L2 tables; hence the cluster size of | ||
49 | # 2 MB. (Anything from 256 kB should work, though, because then one L2 | ||
50 | # table covers 8 GB.) | ||
51 | -$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$TEST_IMG" | _filter_qemu_io | ||
52 | +$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$test_img_with_null_data" | _filter_qemu_io | ||
53 | |||
54 | _check_test_img | ||
55 | |||
56 | -- | ||
57 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch new file mode 100644 index 0000000000..7568a453c4 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch | |||
@@ -0,0 +1,1187 @@ | |||
1 | From 6bc30f19498547fac9cef98316a65cf6c1f14205 Mon Sep 17 00:00:00 2001 | ||
2 | From: Stefan Hajnoczi <stefanha@redhat.com> | ||
3 | Date: Tue, 5 Dec 2023 13:20:02 -0500 | ||
4 | Subject: [PATCH] graph-lock: remove AioContext locking | ||
5 | |||
6 | Stop acquiring/releasing the AioContext lock in | ||
7 | bdrv_graph_wrlock()/bdrv_graph_unlock() since the lock no longer has any | ||
8 | effect. | ||
9 | |||
10 | The distinction between bdrv_graph_wrunlock() and | ||
11 | bdrv_graph_wrunlock_ctx() becomes meaningless and they can be collapsed | ||
12 | into one function. | ||
13 | |||
14 | Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | ||
15 | Reviewed-by: Eric Blake <eblake@redhat.com> | ||
16 | Reviewed-by: Kevin Wolf <kwolf@redhat.com> | ||
17 | Message-ID: <20231205182011.1976568-6-stefanha@redhat.com> | ||
18 | Signed-off-by: Kevin Wolf <kwolf@redhat.com> | ||
19 | |||
20 | CVE: CVE-2024-4467 | ||
21 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205] | ||
22 | |||
23 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
24 | --- | ||
25 | block.c | 50 +++++++++++++++--------------- | ||
26 | block/backup.c | 4 +-- | ||
27 | block/blklogwrites.c | 8 ++--- | ||
28 | block/blkverify.c | 4 +-- | ||
29 | block/block-backend.c | 11 +++---- | ||
30 | block/commit.c | 16 +++++----- | ||
31 | block/graph-lock.c | 44 ++------------------------ | ||
32 | block/mirror.c | 22 ++++++------- | ||
33 | block/qcow2.c | 4 +-- | ||
34 | block/quorum.c | 8 ++--- | ||
35 | block/replication.c | 14 ++++----- | ||
36 | block/snapshot.c | 4 +-- | ||
37 | block/stream.c | 12 +++---- | ||
38 | block/vmdk.c | 20 ++++++------ | ||
39 | blockdev.c | 8 ++--- | ||
40 | blockjob.c | 12 +++---- | ||
41 | include/block/graph-lock.h | 21 ++----------- | ||
42 | scripts/block-coroutine-wrapper.py | 4 +-- | ||
43 | tests/unit/test-bdrv-drain.c | 40 ++++++++++++------------ | ||
44 | tests/unit/test-bdrv-graph-mod.c | 20 ++++++------ | ||
45 | 20 files changed, 133 insertions(+), 193 deletions(-) | ||
46 | |||
47 | diff --git a/block.c b/block.c | ||
48 | index bfb0861ec..25e1ebc60 100644 | ||
49 | --- a/block.c | ||
50 | +++ b/block.c | ||
51 | @@ -1708,12 +1708,12 @@ bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv, const char *node_name, | ||
52 | open_failed: | ||
53 | bs->drv = NULL; | ||
54 | |||
55 | - bdrv_graph_wrlock(NULL); | ||
56 | + bdrv_graph_wrlock(); | ||
57 | if (bs->file != NULL) { | ||
58 | bdrv_unref_child(bs, bs->file); | ||
59 | assert(!bs->file); | ||
60 | } | ||
61 | - bdrv_graph_wrunlock(NULL); | ||
62 | + bdrv_graph_wrunlock(); | ||
63 | |||
64 | g_free(bs->opaque); | ||
65 | bs->opaque = NULL; | ||
66 | @@ -3575,9 +3575,9 @@ int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd, | ||
67 | |||
68 | bdrv_ref(drain_bs); | ||
69 | bdrv_drained_begin(drain_bs); | ||
70 | - bdrv_graph_wrlock(backing_hd); | ||
71 | + bdrv_graph_wrlock(); | ||
72 | ret = bdrv_set_backing_hd_drained(bs, backing_hd, errp); | ||
73 | - bdrv_graph_wrunlock(backing_hd); | ||
74 | + bdrv_graph_wrunlock(); | ||
75 | bdrv_drained_end(drain_bs); | ||
76 | bdrv_unref(drain_bs); | ||
77 | |||
78 | @@ -3790,13 +3790,13 @@ BdrvChild *bdrv_open_child(const char *filename, | ||
79 | return NULL; | ||
80 | } | ||
81 | |||
82 | - bdrv_graph_wrlock(NULL); | ||
83 | + bdrv_graph_wrlock(); | ||
84 | ctx = bdrv_get_aio_context(bs); | ||
85 | aio_context_acquire(ctx); | ||
86 | child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role, | ||
87 | errp); | ||
88 | aio_context_release(ctx); | ||
89 | - bdrv_graph_wrunlock(NULL); | ||
90 | + bdrv_graph_wrunlock(); | ||
91 | |||
92 | return child; | ||
93 | } | ||
94 | @@ -4650,9 +4650,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp) | ||
95 | aio_context_release(ctx); | ||
96 | } | ||
97 | |||
98 | - bdrv_graph_wrlock(NULL); | ||
99 | + bdrv_graph_wrlock(); | ||
100 | tran_commit(tran); | ||
101 | - bdrv_graph_wrunlock(NULL); | ||
102 | + bdrv_graph_wrunlock(); | ||
103 | |||
104 | QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) { | ||
105 | BlockDriverState *bs = bs_entry->state.bs; | ||
106 | @@ -4669,9 +4669,9 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp) | ||
107 | goto cleanup; | ||
108 | |||
109 | abort: | ||
110 | - bdrv_graph_wrlock(NULL); | ||
111 | + bdrv_graph_wrlock(); | ||
112 | tran_abort(tran); | ||
113 | - bdrv_graph_wrunlock(NULL); | ||
114 | + bdrv_graph_wrunlock(); | ||
115 | |||
116 | QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) { | ||
117 | if (bs_entry->prepared) { | ||
118 | @@ -4852,12 +4852,12 @@ bdrv_reopen_parse_file_or_backing(BDRVReopenState *reopen_state, | ||
119 | } | ||
120 | |||
121 | bdrv_graph_rdunlock_main_loop(); | ||
122 | - bdrv_graph_wrlock(new_child_bs); | ||
123 | + bdrv_graph_wrlock(); | ||
124 | |||
125 | ret = bdrv_set_file_or_backing_noperm(bs, new_child_bs, is_backing, | ||
126 | tran, errp); | ||
127 | |||
128 | - bdrv_graph_wrunlock_ctx(ctx); | ||
129 | + bdrv_graph_wrunlock(); | ||
130 | |||
131 | if (old_ctx != ctx) { | ||
132 | aio_context_release(ctx); | ||
133 | @@ -5209,14 +5209,14 @@ static void bdrv_close(BlockDriverState *bs) | ||
134 | bs->drv = NULL; | ||
135 | } | ||
136 | |||
137 | - bdrv_graph_wrlock(bs); | ||
138 | + bdrv_graph_wrlock(); | ||
139 | QLIST_FOREACH_SAFE(child, &bs->children, next, next) { | ||
140 | bdrv_unref_child(bs, child); | ||
141 | } | ||
142 | |||
143 | assert(!bs->backing); | ||
144 | assert(!bs->file); | ||
145 | - bdrv_graph_wrunlock(bs); | ||
146 | + bdrv_graph_wrunlock(); | ||
147 | |||
148 | g_free(bs->opaque); | ||
149 | bs->opaque = NULL; | ||
150 | @@ -5509,9 +5509,9 @@ int bdrv_drop_filter(BlockDriverState *bs, Error **errp) | ||
151 | bdrv_graph_rdunlock_main_loop(); | ||
152 | |||
153 | bdrv_drained_begin(child_bs); | ||
154 | - bdrv_graph_wrlock(bs); | ||
155 | + bdrv_graph_wrlock(); | ||
156 | ret = bdrv_replace_node_common(bs, child_bs, true, true, errp); | ||
157 | - bdrv_graph_wrunlock(bs); | ||
158 | + bdrv_graph_wrunlock(); | ||
159 | bdrv_drained_end(child_bs); | ||
160 | |||
161 | return ret; | ||
162 | @@ -5561,7 +5561,7 @@ int bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top, | ||
163 | aio_context_acquire(old_context); | ||
164 | new_context = NULL; | ||
165 | |||
166 | - bdrv_graph_wrlock(bs_top); | ||
167 | + bdrv_graph_wrlock(); | ||
168 | |||
169 | child = bdrv_attach_child_noperm(bs_new, bs_top, "backing", | ||
170 | &child_of_bds, bdrv_backing_role(bs_new), | ||
171 | @@ -5593,7 +5593,7 @@ out: | ||
172 | tran_finalize(tran, ret); | ||
173 | |||
174 | bdrv_refresh_limits(bs_top, NULL, NULL); | ||
175 | - bdrv_graph_wrunlock(bs_top); | ||
176 | + bdrv_graph_wrunlock(); | ||
177 | |||
178 | bdrv_drained_end(bs_top); | ||
179 | bdrv_drained_end(bs_new); | ||
180 | @@ -5620,7 +5620,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs, | ||
181 | bdrv_ref(old_bs); | ||
182 | bdrv_drained_begin(old_bs); | ||
183 | bdrv_drained_begin(new_bs); | ||
184 | - bdrv_graph_wrlock(new_bs); | ||
185 | + bdrv_graph_wrlock(); | ||
186 | |||
187 | bdrv_replace_child_tran(child, new_bs, tran); | ||
188 | |||
189 | @@ -5631,7 +5631,7 @@ int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs, | ||
190 | |||
191 | tran_finalize(tran, ret); | ||
192 | |||
193 | - bdrv_graph_wrunlock(new_bs); | ||
194 | + bdrv_graph_wrunlock(); | ||
195 | bdrv_drained_end(old_bs); | ||
196 | bdrv_drained_end(new_bs); | ||
197 | bdrv_unref(old_bs); | ||
198 | @@ -5718,9 +5718,9 @@ BlockDriverState *bdrv_insert_node(BlockDriverState *bs, QDict *options, | ||
199 | bdrv_ref(bs); | ||
200 | bdrv_drained_begin(bs); | ||
201 | bdrv_drained_begin(new_node_bs); | ||
202 | - bdrv_graph_wrlock(new_node_bs); | ||
203 | + bdrv_graph_wrlock(); | ||
204 | ret = bdrv_replace_node(bs, new_node_bs, errp); | ||
205 | - bdrv_graph_wrunlock(new_node_bs); | ||
206 | + bdrv_graph_wrunlock(); | ||
207 | bdrv_drained_end(new_node_bs); | ||
208 | bdrv_drained_end(bs); | ||
209 | bdrv_unref(bs); | ||
210 | @@ -5975,7 +5975,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, | ||
211 | |||
212 | bdrv_ref(top); | ||
213 | bdrv_drained_begin(base); | ||
214 | - bdrv_graph_wrlock(base); | ||
215 | + bdrv_graph_wrlock(); | ||
216 | |||
217 | if (!top->drv || !base->drv) { | ||
218 | goto exit_wrlock; | ||
219 | @@ -6015,7 +6015,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, | ||
220 | * That's a FIXME. | ||
221 | */ | ||
222 | bdrv_replace_node_common(top, base, false, false, &local_err); | ||
223 | - bdrv_graph_wrunlock(base); | ||
224 | + bdrv_graph_wrunlock(); | ||
225 | |||
226 | if (local_err) { | ||
227 | error_report_err(local_err); | ||
228 | @@ -6052,7 +6052,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, | ||
229 | goto exit; | ||
230 | |||
231 | exit_wrlock: | ||
232 | - bdrv_graph_wrunlock(base); | ||
233 | + bdrv_graph_wrunlock(); | ||
234 | exit: | ||
235 | bdrv_drained_end(base); | ||
236 | bdrv_unref(top); | ||
237 | diff --git a/block/backup.c b/block/backup.c | ||
238 | index 8aae5836d..ec29d6b81 100644 | ||
239 | --- a/block/backup.c | ||
240 | +++ b/block/backup.c | ||
241 | @@ -496,10 +496,10 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, | ||
242 | block_copy_set_speed(bcs, speed); | ||
243 | |||
244 | /* Required permissions are taken by copy-before-write filter target */ | ||
245 | - bdrv_graph_wrlock(target); | ||
246 | + bdrv_graph_wrlock(); | ||
247 | block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, | ||
248 | &error_abort); | ||
249 | - bdrv_graph_wrunlock(target); | ||
250 | + bdrv_graph_wrunlock(); | ||
251 | |||
252 | return &job->common; | ||
253 | |||
254 | diff --git a/block/blklogwrites.c b/block/blklogwrites.c | ||
255 | index 84e03f309..ba717dab4 100644 | ||
256 | --- a/block/blklogwrites.c | ||
257 | +++ b/block/blklogwrites.c | ||
258 | @@ -251,9 +251,9 @@ static int blk_log_writes_open(BlockDriverState *bs, QDict *options, int flags, | ||
259 | ret = 0; | ||
260 | fail_log: | ||
261 | if (ret < 0) { | ||
262 | - bdrv_graph_wrlock(NULL); | ||
263 | + bdrv_graph_wrlock(); | ||
264 | bdrv_unref_child(bs, s->log_file); | ||
265 | - bdrv_graph_wrunlock(NULL); | ||
266 | + bdrv_graph_wrunlock(); | ||
267 | s->log_file = NULL; | ||
268 | } | ||
269 | fail: | ||
270 | @@ -265,10 +265,10 @@ static void blk_log_writes_close(BlockDriverState *bs) | ||
271 | { | ||
272 | BDRVBlkLogWritesState *s = bs->opaque; | ||
273 | |||
274 | - bdrv_graph_wrlock(NULL); | ||
275 | + bdrv_graph_wrlock(); | ||
276 | bdrv_unref_child(bs, s->log_file); | ||
277 | s->log_file = NULL; | ||
278 | - bdrv_graph_wrunlock(NULL); | ||
279 | + bdrv_graph_wrunlock(); | ||
280 | } | ||
281 | |||
282 | static int64_t coroutine_fn GRAPH_RDLOCK | ||
283 | diff --git a/block/blkverify.c b/block/blkverify.c | ||
284 | index 9b17c4664..ec45d8335 100644 | ||
285 | --- a/block/blkverify.c | ||
286 | +++ b/block/blkverify.c | ||
287 | @@ -151,10 +151,10 @@ static void blkverify_close(BlockDriverState *bs) | ||
288 | { | ||
289 | BDRVBlkverifyState *s = bs->opaque; | ||
290 | |||
291 | - bdrv_graph_wrlock(NULL); | ||
292 | + bdrv_graph_wrlock(); | ||
293 | bdrv_unref_child(bs, s->test_file); | ||
294 | s->test_file = NULL; | ||
295 | - bdrv_graph_wrunlock(NULL); | ||
296 | + bdrv_graph_wrunlock(); | ||
297 | } | ||
298 | |||
299 | static int64_t coroutine_fn GRAPH_RDLOCK | ||
300 | diff --git a/block/block-backend.c b/block/block-backend.c | ||
301 | index 86315d62c..a2348b31e 100644 | ||
302 | --- a/block/block-backend.c | ||
303 | +++ b/block/block-backend.c | ||
304 | @@ -885,7 +885,6 @@ void blk_remove_bs(BlockBackend *blk) | ||
305 | { | ||
306 | ThrottleGroupMember *tgm = &blk->public.throttle_group_member; | ||
307 | BdrvChild *root; | ||
308 | - AioContext *ctx; | ||
309 | |||
310 | GLOBAL_STATE_CODE(); | ||
311 | |||
312 | @@ -915,10 +914,9 @@ void blk_remove_bs(BlockBackend *blk) | ||
313 | root = blk->root; | ||
314 | blk->root = NULL; | ||
315 | |||
316 | - ctx = bdrv_get_aio_context(root->bs); | ||
317 | - bdrv_graph_wrlock(root->bs); | ||
318 | + bdrv_graph_wrlock(); | ||
319 | bdrv_root_unref_child(root); | ||
320 | - bdrv_graph_wrunlock_ctx(ctx); | ||
321 | + bdrv_graph_wrunlock(); | ||
322 | } | ||
323 | |||
324 | /* | ||
325 | @@ -929,16 +927,15 @@ void blk_remove_bs(BlockBackend *blk) | ||
326 | int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp) | ||
327 | { | ||
328 | ThrottleGroupMember *tgm = &blk->public.throttle_group_member; | ||
329 | - AioContext *ctx = bdrv_get_aio_context(bs); | ||
330 | |||
331 | GLOBAL_STATE_CODE(); | ||
332 | bdrv_ref(bs); | ||
333 | - bdrv_graph_wrlock(bs); | ||
334 | + bdrv_graph_wrlock(); | ||
335 | blk->root = bdrv_root_attach_child(bs, "root", &child_root, | ||
336 | BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, | ||
337 | blk->perm, blk->shared_perm, | ||
338 | blk, errp); | ||
339 | - bdrv_graph_wrunlock_ctx(ctx); | ||
340 | + bdrv_graph_wrunlock(); | ||
341 | if (blk->root == NULL) { | ||
342 | return -EPERM; | ||
343 | } | ||
344 | diff --git a/block/commit.c b/block/commit.c | ||
345 | index 69cc75be0..1dd7a65ff 100644 | ||
346 | --- a/block/commit.c | ||
347 | +++ b/block/commit.c | ||
348 | @@ -100,9 +100,9 @@ static void commit_abort(Job *job) | ||
349 | bdrv_graph_rdunlock_main_loop(); | ||
350 | |||
351 | bdrv_drained_begin(commit_top_backing_bs); | ||
352 | - bdrv_graph_wrlock(commit_top_backing_bs); | ||
353 | + bdrv_graph_wrlock(); | ||
354 | bdrv_replace_node(s->commit_top_bs, commit_top_backing_bs, &error_abort); | ||
355 | - bdrv_graph_wrunlock(commit_top_backing_bs); | ||
356 | + bdrv_graph_wrunlock(); | ||
357 | bdrv_drained_end(commit_top_backing_bs); | ||
358 | |||
359 | bdrv_unref(s->commit_top_bs); | ||
360 | @@ -339,7 +339,7 @@ void commit_start(const char *job_id, BlockDriverState *bs, | ||
361 | * this is the responsibility of the interface (i.e. whoever calls | ||
362 | * commit_start()). | ||
363 | */ | ||
364 | - bdrv_graph_wrlock(top); | ||
365 | + bdrv_graph_wrlock(); | ||
366 | s->base_overlay = bdrv_find_overlay(top, base); | ||
367 | assert(s->base_overlay); | ||
368 | |||
369 | @@ -370,19 +370,19 @@ void commit_start(const char *job_id, BlockDriverState *bs, | ||
370 | ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0, | ||
371 | iter_shared_perms, errp); | ||
372 | if (ret < 0) { | ||
373 | - bdrv_graph_wrunlock(top); | ||
374 | + bdrv_graph_wrunlock(); | ||
375 | goto fail; | ||
376 | } | ||
377 | } | ||
378 | |||
379 | if (bdrv_freeze_backing_chain(commit_top_bs, base, errp) < 0) { | ||
380 | - bdrv_graph_wrunlock(top); | ||
381 | + bdrv_graph_wrunlock(); | ||
382 | goto fail; | ||
383 | } | ||
384 | s->chain_frozen = true; | ||
385 | |||
386 | ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp); | ||
387 | - bdrv_graph_wrunlock(top); | ||
388 | + bdrv_graph_wrunlock(); | ||
389 | |||
390 | if (ret < 0) { | ||
391 | goto fail; | ||
392 | @@ -434,9 +434,9 @@ fail: | ||
393 | * otherwise this would fail because of lack of permissions. */ | ||
394 | if (commit_top_bs) { | ||
395 | bdrv_drained_begin(top); | ||
396 | - bdrv_graph_wrlock(top); | ||
397 | + bdrv_graph_wrlock(); | ||
398 | bdrv_replace_node(commit_top_bs, top, &error_abort); | ||
399 | - bdrv_graph_wrunlock(top); | ||
400 | + bdrv_graph_wrunlock(); | ||
401 | bdrv_drained_end(top); | ||
402 | } | ||
403 | } | ||
404 | diff --git a/block/graph-lock.c b/block/graph-lock.c | ||
405 | index 079e878d9..c81162b14 100644 | ||
406 | --- a/block/graph-lock.c | ||
407 | +++ b/block/graph-lock.c | ||
408 | @@ -106,27 +106,12 @@ static uint32_t reader_count(void) | ||
409 | return rd; | ||
410 | } | ||
411 | |||
412 | -void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs) | ||
413 | +void no_coroutine_fn bdrv_graph_wrlock(void) | ||
414 | { | ||
415 | - AioContext *ctx = NULL; | ||
416 | - | ||
417 | GLOBAL_STATE_CODE(); | ||
418 | assert(!qatomic_read(&has_writer)); | ||
419 | assert(!qemu_in_coroutine()); | ||
420 | |||
421 | - /* | ||
422 | - * Release only non-mainloop AioContext. The mainloop often relies on the | ||
423 | - * BQL and doesn't lock the main AioContext before doing things. | ||
424 | - */ | ||
425 | - if (bs) { | ||
426 | - ctx = bdrv_get_aio_context(bs); | ||
427 | - if (ctx != qemu_get_aio_context()) { | ||
428 | - aio_context_release(ctx); | ||
429 | - } else { | ||
430 | - ctx = NULL; | ||
431 | - } | ||
432 | - } | ||
433 | - | ||
434 | /* Make sure that constantly arriving new I/O doesn't cause starvation */ | ||
435 | bdrv_drain_all_begin_nopoll(); | ||
436 | |||
437 | @@ -155,27 +140,13 @@ void no_coroutine_fn bdrv_graph_wrlock(BlockDriverState *bs) | ||
438 | } while (reader_count() >= 1); | ||
439 | |||
440 | bdrv_drain_all_end(); | ||
441 | - | ||
442 | - if (ctx) { | ||
443 | - aio_context_acquire(bdrv_get_aio_context(bs)); | ||
444 | - } | ||
445 | } | ||
446 | |||
447 | -void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx) | ||
448 | +void no_coroutine_fn bdrv_graph_wrunlock(void) | ||
449 | { | ||
450 | GLOBAL_STATE_CODE(); | ||
451 | assert(qatomic_read(&has_writer)); | ||
452 | |||
453 | - /* | ||
454 | - * Release only non-mainloop AioContext. The mainloop often relies on the | ||
455 | - * BQL and doesn't lock the main AioContext before doing things. | ||
456 | - */ | ||
457 | - if (ctx && ctx != qemu_get_aio_context()) { | ||
458 | - aio_context_release(ctx); | ||
459 | - } else { | ||
460 | - ctx = NULL; | ||
461 | - } | ||
462 | - | ||
463 | WITH_QEMU_LOCK_GUARD(&aio_context_list_lock) { | ||
464 | /* | ||
465 | * No need for memory barriers, this works in pair with | ||
466 | @@ -197,17 +168,6 @@ void no_coroutine_fn bdrv_graph_wrunlock_ctx(AioContext *ctx) | ||
467 | * progress. | ||
468 | */ | ||
469 | aio_bh_poll(qemu_get_aio_context()); | ||
470 | - | ||
471 | - if (ctx) { | ||
472 | - aio_context_acquire(ctx); | ||
473 | - } | ||
474 | -} | ||
475 | - | ||
476 | -void no_coroutine_fn bdrv_graph_wrunlock(BlockDriverState *bs) | ||
477 | -{ | ||
478 | - AioContext *ctx = bs ? bdrv_get_aio_context(bs) : NULL; | ||
479 | - | ||
480 | - bdrv_graph_wrunlock_ctx(ctx); | ||
481 | } | ||
482 | |||
483 | void coroutine_fn bdrv_graph_co_rdlock(void) | ||
484 | diff --git a/block/mirror.c b/block/mirror.c | ||
485 | index abbddb39e..f9db6f0f7 100644 | ||
486 | --- a/block/mirror.c | ||
487 | +++ b/block/mirror.c | ||
488 | @@ -768,7 +768,7 @@ static int mirror_exit_common(Job *job) | ||
489 | * check for an op blocker on @to_replace, and we have our own | ||
490 | * there. | ||
491 | */ | ||
492 | - bdrv_graph_wrlock(target_bs); | ||
493 | + bdrv_graph_wrlock(); | ||
494 | if (bdrv_recurse_can_replace(src, to_replace)) { | ||
495 | bdrv_replace_node(to_replace, target_bs, &local_err); | ||
496 | } else { | ||
497 | @@ -777,7 +777,7 @@ static int mirror_exit_common(Job *job) | ||
498 | "would not lead to an abrupt change of visible data", | ||
499 | to_replace->node_name, target_bs->node_name); | ||
500 | } | ||
501 | - bdrv_graph_wrunlock(target_bs); | ||
502 | + bdrv_graph_wrunlock(); | ||
503 | bdrv_drained_end(to_replace); | ||
504 | if (local_err) { | ||
505 | error_report_err(local_err); | ||
506 | @@ -800,9 +800,9 @@ static int mirror_exit_common(Job *job) | ||
507 | * valid. | ||
508 | */ | ||
509 | block_job_remove_all_bdrv(bjob); | ||
510 | - bdrv_graph_wrlock(mirror_top_bs); | ||
511 | + bdrv_graph_wrlock(); | ||
512 | bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort); | ||
513 | - bdrv_graph_wrunlock(mirror_top_bs); | ||
514 | + bdrv_graph_wrunlock(); | ||
515 | |||
516 | bdrv_drained_end(target_bs); | ||
517 | bdrv_unref(target_bs); | ||
518 | @@ -1916,13 +1916,13 @@ static BlockJob *mirror_start_job( | ||
519 | */ | ||
520 | bdrv_disable_dirty_bitmap(s->dirty_bitmap); | ||
521 | |||
522 | - bdrv_graph_wrlock(bs); | ||
523 | + bdrv_graph_wrlock(); | ||
524 | ret = block_job_add_bdrv(&s->common, "source", bs, 0, | ||
525 | BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE | | ||
526 | BLK_PERM_CONSISTENT_READ, | ||
527 | errp); | ||
528 | if (ret < 0) { | ||
529 | - bdrv_graph_wrunlock(bs); | ||
530 | + bdrv_graph_wrunlock(); | ||
531 | goto fail; | ||
532 | } | ||
533 | |||
534 | @@ -1967,17 +1967,17 @@ static BlockJob *mirror_start_job( | ||
535 | ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0, | ||
536 | iter_shared_perms, errp); | ||
537 | if (ret < 0) { | ||
538 | - bdrv_graph_wrunlock(bs); | ||
539 | + bdrv_graph_wrunlock(); | ||
540 | goto fail; | ||
541 | } | ||
542 | } | ||
543 | |||
544 | if (bdrv_freeze_backing_chain(mirror_top_bs, target, errp) < 0) { | ||
545 | - bdrv_graph_wrunlock(bs); | ||
546 | + bdrv_graph_wrunlock(); | ||
547 | goto fail; | ||
548 | } | ||
549 | } | ||
550 | - bdrv_graph_wrunlock(bs); | ||
551 | + bdrv_graph_wrunlock(); | ||
552 | |||
553 | QTAILQ_INIT(&s->ops_in_flight); | ||
554 | |||
555 | @@ -2003,12 +2003,12 @@ fail: | ||
556 | |||
557 | bs_opaque->stop = true; | ||
558 | bdrv_drained_begin(bs); | ||
559 | - bdrv_graph_wrlock(bs); | ||
560 | + bdrv_graph_wrlock(); | ||
561 | assert(mirror_top_bs->backing->bs == bs); | ||
562 | bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing, | ||
563 | &error_abort); | ||
564 | bdrv_replace_node(mirror_top_bs, bs, &error_abort); | ||
565 | - bdrv_graph_wrunlock(bs); | ||
566 | + bdrv_graph_wrunlock(); | ||
567 | bdrv_drained_end(bs); | ||
568 | |||
569 | bdrv_unref(mirror_top_bs); | ||
570 | diff --git a/block/qcow2.c b/block/qcow2.c | ||
571 | index 7af7c0bee..77dd49d4f 100644 | ||
572 | --- a/block/qcow2.c | ||
573 | +++ b/block/qcow2.c | ||
574 | @@ -2822,9 +2822,9 @@ qcow2_do_close(BlockDriverState *bs, bool close_data_file) | ||
575 | if (close_data_file && has_data_file(bs)) { | ||
576 | GLOBAL_STATE_CODE(); | ||
577 | bdrv_graph_rdunlock_main_loop(); | ||
578 | - bdrv_graph_wrlock(NULL); | ||
579 | + bdrv_graph_wrlock(); | ||
580 | bdrv_unref_child(bs, s->data_file); | ||
581 | - bdrv_graph_wrunlock(NULL); | ||
582 | + bdrv_graph_wrunlock(); | ||
583 | s->data_file = NULL; | ||
584 | bdrv_graph_rdlock_main_loop(); | ||
585 | } | ||
586 | diff --git a/block/quorum.c b/block/quorum.c | ||
587 | index 505b8b3e1..db8fe891c 100644 | ||
588 | --- a/block/quorum.c | ||
589 | +++ b/block/quorum.c | ||
590 | @@ -1037,14 +1037,14 @@ static int quorum_open(BlockDriverState *bs, QDict *options, int flags, | ||
591 | |||
592 | close_exit: | ||
593 | /* cleanup on error */ | ||
594 | - bdrv_graph_wrlock(NULL); | ||
595 | + bdrv_graph_wrlock(); | ||
596 | for (i = 0; i < s->num_children; i++) { | ||
597 | if (!opened[i]) { | ||
598 | continue; | ||
599 | } | ||
600 | bdrv_unref_child(bs, s->children[i]); | ||
601 | } | ||
602 | - bdrv_graph_wrunlock(NULL); | ||
603 | + bdrv_graph_wrunlock(); | ||
604 | g_free(s->children); | ||
605 | g_free(opened); | ||
606 | exit: | ||
607 | @@ -1057,11 +1057,11 @@ static void quorum_close(BlockDriverState *bs) | ||
608 | BDRVQuorumState *s = bs->opaque; | ||
609 | int i; | ||
610 | |||
611 | - bdrv_graph_wrlock(NULL); | ||
612 | + bdrv_graph_wrlock(); | ||
613 | for (i = 0; i < s->num_children; i++) { | ||
614 | bdrv_unref_child(bs, s->children[i]); | ||
615 | } | ||
616 | - bdrv_graph_wrunlock(NULL); | ||
617 | + bdrv_graph_wrunlock(); | ||
618 | |||
619 | g_free(s->children); | ||
620 | } | ||
621 | diff --git a/block/replication.c b/block/replication.c | ||
622 | index 5ded5f1ca..424b537ff 100644 | ||
623 | --- a/block/replication.c | ||
624 | +++ b/block/replication.c | ||
625 | @@ -560,7 +560,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, | ||
626 | return; | ||
627 | } | ||
628 | |||
629 | - bdrv_graph_wrlock(bs); | ||
630 | + bdrv_graph_wrlock(); | ||
631 | |||
632 | bdrv_ref(hidden_disk->bs); | ||
633 | s->hidden_disk = bdrv_attach_child(bs, hidden_disk->bs, "hidden disk", | ||
634 | @@ -568,7 +568,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, | ||
635 | &local_err); | ||
636 | if (local_err) { | ||
637 | error_propagate(errp, local_err); | ||
638 | - bdrv_graph_wrunlock(bs); | ||
639 | + bdrv_graph_wrunlock(); | ||
640 | aio_context_release(aio_context); | ||
641 | return; | ||
642 | } | ||
643 | @@ -579,7 +579,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, | ||
644 | BDRV_CHILD_DATA, &local_err); | ||
645 | if (local_err) { | ||
646 | error_propagate(errp, local_err); | ||
647 | - bdrv_graph_wrunlock(bs); | ||
648 | + bdrv_graph_wrunlock(); | ||
649 | aio_context_release(aio_context); | ||
650 | return; | ||
651 | } | ||
652 | @@ -592,7 +592,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, | ||
653 | if (!top_bs || !bdrv_is_root_node(top_bs) || | ||
654 | !check_top_bs(top_bs, bs)) { | ||
655 | error_setg(errp, "No top_bs or it is invalid"); | ||
656 | - bdrv_graph_wrunlock(bs); | ||
657 | + bdrv_graph_wrunlock(); | ||
658 | reopen_backing_file(bs, false, NULL); | ||
659 | aio_context_release(aio_context); | ||
660 | return; | ||
661 | @@ -600,7 +600,7 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode, | ||
662 | bdrv_op_block_all(top_bs, s->blocker); | ||
663 | bdrv_op_unblock(top_bs, BLOCK_OP_TYPE_DATAPLANE, s->blocker); | ||
664 | |||
665 | - bdrv_graph_wrunlock(bs); | ||
666 | + bdrv_graph_wrunlock(); | ||
667 | |||
668 | s->backup_job = backup_job_create( | ||
669 | NULL, s->secondary_disk->bs, s->hidden_disk->bs, | ||
670 | @@ -691,12 +691,12 @@ static void replication_done(void *opaque, int ret) | ||
671 | if (ret == 0) { | ||
672 | s->stage = BLOCK_REPLICATION_DONE; | ||
673 | |||
674 | - bdrv_graph_wrlock(NULL); | ||
675 | + bdrv_graph_wrlock(); | ||
676 | bdrv_unref_child(bs, s->secondary_disk); | ||
677 | s->secondary_disk = NULL; | ||
678 | bdrv_unref_child(bs, s->hidden_disk); | ||
679 | s->hidden_disk = NULL; | ||
680 | - bdrv_graph_wrunlock(NULL); | ||
681 | + bdrv_graph_wrunlock(); | ||
682 | |||
683 | s->error = 0; | ||
684 | } else { | ||
685 | diff --git a/block/snapshot.c b/block/snapshot.c | ||
686 | index c4d40e80d..6fd720aef 100644 | ||
687 | --- a/block/snapshot.c | ||
688 | +++ b/block/snapshot.c | ||
689 | @@ -292,9 +292,9 @@ int bdrv_snapshot_goto(BlockDriverState *bs, | ||
690 | } | ||
691 | |||
692 | /* .bdrv_open() will re-attach it */ | ||
693 | - bdrv_graph_wrlock(NULL); | ||
694 | + bdrv_graph_wrlock(); | ||
695 | bdrv_unref_child(bs, fallback); | ||
696 | - bdrv_graph_wrunlock(NULL); | ||
697 | + bdrv_graph_wrunlock(); | ||
698 | |||
699 | ret = bdrv_snapshot_goto(fallback_bs, snapshot_id, errp); | ||
700 | open_ret = drv->bdrv_open(bs, options, bs->open_flags, &local_err); | ||
701 | diff --git a/block/stream.c b/block/stream.c | ||
702 | index 01fe7c0f1..048c2d282 100644 | ||
703 | --- a/block/stream.c | ||
704 | +++ b/block/stream.c | ||
705 | @@ -99,9 +99,9 @@ static int stream_prepare(Job *job) | ||
706 | } | ||
707 | } | ||
708 | |||
709 | - bdrv_graph_wrlock(s->target_bs); | ||
710 | + bdrv_graph_wrlock(); | ||
711 | bdrv_set_backing_hd_drained(unfiltered_bs, base, &local_err); | ||
712 | - bdrv_graph_wrunlock(s->target_bs); | ||
713 | + bdrv_graph_wrunlock(); | ||
714 | |||
715 | /* | ||
716 | * This call will do I/O, so the graph can change again from here on. | ||
717 | @@ -366,10 +366,10 @@ void stream_start(const char *job_id, BlockDriverState *bs, | ||
718 | * already have our own plans. Also don't allow resize as the image size is | ||
719 | * queried only at the job start and then cached. | ||
720 | */ | ||
721 | - bdrv_graph_wrlock(bs); | ||
722 | + bdrv_graph_wrlock(); | ||
723 | if (block_job_add_bdrv(&s->common, "active node", bs, 0, | ||
724 | basic_flags | BLK_PERM_WRITE, errp)) { | ||
725 | - bdrv_graph_wrunlock(bs); | ||
726 | + bdrv_graph_wrunlock(); | ||
727 | goto fail; | ||
728 | } | ||
729 | |||
730 | @@ -389,11 +389,11 @@ void stream_start(const char *job_id, BlockDriverState *bs, | ||
731 | ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0, | ||
732 | basic_flags, errp); | ||
733 | if (ret < 0) { | ||
734 | - bdrv_graph_wrunlock(bs); | ||
735 | + bdrv_graph_wrunlock(); | ||
736 | goto fail; | ||
737 | } | ||
738 | } | ||
739 | - bdrv_graph_wrunlock(bs); | ||
740 | + bdrv_graph_wrunlock(); | ||
741 | |||
742 | s->base_overlay = base_overlay; | ||
743 | s->above_base = above_base; | ||
744 | diff --git a/block/vmdk.c b/block/vmdk.c | ||
745 | index d6971c706..bf78e1238 100644 | ||
746 | --- a/block/vmdk.c | ||
747 | +++ b/block/vmdk.c | ||
748 | @@ -272,7 +272,7 @@ static void vmdk_free_extents(BlockDriverState *bs) | ||
749 | BDRVVmdkState *s = bs->opaque; | ||
750 | VmdkExtent *e; | ||
751 | |||
752 | - bdrv_graph_wrlock(NULL); | ||
753 | + bdrv_graph_wrlock(); | ||
754 | for (i = 0; i < s->num_extents; i++) { | ||
755 | e = &s->extents[i]; | ||
756 | g_free(e->l1_table); | ||
757 | @@ -283,7 +283,7 @@ static void vmdk_free_extents(BlockDriverState *bs) | ||
758 | bdrv_unref_child(bs, e->file); | ||
759 | } | ||
760 | } | ||
761 | - bdrv_graph_wrunlock(NULL); | ||
762 | + bdrv_graph_wrunlock(); | ||
763 | |||
764 | g_free(s->extents); | ||
765 | } | ||
766 | @@ -1247,9 +1247,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, | ||
767 | 0, 0, 0, 0, 0, &extent, errp); | ||
768 | if (ret < 0) { | ||
769 | bdrv_graph_rdunlock_main_loop(); | ||
770 | - bdrv_graph_wrlock(NULL); | ||
771 | + bdrv_graph_wrlock(); | ||
772 | bdrv_unref_child(bs, extent_file); | ||
773 | - bdrv_graph_wrunlock(NULL); | ||
774 | + bdrv_graph_wrunlock(); | ||
775 | bdrv_graph_rdlock_main_loop(); | ||
776 | goto out; | ||
777 | } | ||
778 | @@ -1266,9 +1266,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, | ||
779 | g_free(buf); | ||
780 | if (ret) { | ||
781 | bdrv_graph_rdunlock_main_loop(); | ||
782 | - bdrv_graph_wrlock(NULL); | ||
783 | + bdrv_graph_wrlock(); | ||
784 | bdrv_unref_child(bs, extent_file); | ||
785 | - bdrv_graph_wrunlock(NULL); | ||
786 | + bdrv_graph_wrunlock(); | ||
787 | bdrv_graph_rdlock_main_loop(); | ||
788 | goto out; | ||
789 | } | ||
790 | @@ -1277,9 +1277,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, | ||
791 | ret = vmdk_open_se_sparse(bs, extent_file, bs->open_flags, errp); | ||
792 | if (ret) { | ||
793 | bdrv_graph_rdunlock_main_loop(); | ||
794 | - bdrv_graph_wrlock(NULL); | ||
795 | + bdrv_graph_wrlock(); | ||
796 | bdrv_unref_child(bs, extent_file); | ||
797 | - bdrv_graph_wrunlock(NULL); | ||
798 | + bdrv_graph_wrunlock(); | ||
799 | bdrv_graph_rdlock_main_loop(); | ||
800 | goto out; | ||
801 | } | ||
802 | @@ -1287,9 +1287,9 @@ vmdk_parse_extents(const char *desc, BlockDriverState *bs, QDict *options, | ||
803 | } else { | ||
804 | error_setg(errp, "Unsupported extent type '%s'", type); | ||
805 | bdrv_graph_rdunlock_main_loop(); | ||
806 | - bdrv_graph_wrlock(NULL); | ||
807 | + bdrv_graph_wrlock(); | ||
808 | bdrv_unref_child(bs, extent_file); | ||
809 | - bdrv_graph_wrunlock(NULL); | ||
810 | + bdrv_graph_wrunlock(); | ||
811 | bdrv_graph_rdlock_main_loop(); | ||
812 | ret = -ENOTSUP; | ||
813 | goto out; | ||
814 | diff --git a/blockdev.c b/blockdev.c | ||
815 | index c91f49e7b..9e1381169 100644 | ||
816 | --- a/blockdev.c | ||
817 | +++ b/blockdev.c | ||
818 | @@ -1611,9 +1611,9 @@ static void external_snapshot_abort(void *opaque) | ||
819 | } | ||
820 | |||
821 | bdrv_drained_begin(state->new_bs); | ||
822 | - bdrv_graph_wrlock(state->old_bs); | ||
823 | + bdrv_graph_wrlock(); | ||
824 | bdrv_replace_node(state->new_bs, state->old_bs, &error_abort); | ||
825 | - bdrv_graph_wrunlock(state->old_bs); | ||
826 | + bdrv_graph_wrunlock(); | ||
827 | bdrv_drained_end(state->new_bs); | ||
828 | |||
829 | bdrv_unref(state->old_bs); /* bdrv_replace_node() ref'ed old_bs */ | ||
830 | @@ -3657,7 +3657,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child, | ||
831 | BlockDriverState *parent_bs, *new_bs = NULL; | ||
832 | BdrvChild *p_child; | ||
833 | |||
834 | - bdrv_graph_wrlock(NULL); | ||
835 | + bdrv_graph_wrlock(); | ||
836 | |||
837 | parent_bs = bdrv_lookup_bs(parent, parent, errp); | ||
838 | if (!parent_bs) { | ||
839 | @@ -3693,7 +3693,7 @@ void qmp_x_blockdev_change(const char *parent, const char *child, | ||
840 | } | ||
841 | |||
842 | out: | ||
843 | - bdrv_graph_wrunlock(NULL); | ||
844 | + bdrv_graph_wrunlock(); | ||
845 | } | ||
846 | |||
847 | BlockJobInfoList *qmp_query_block_jobs(Error **errp) | ||
848 | diff --git a/blockjob.c b/blockjob.c | ||
849 | index b7a29052b..731041231 100644 | ||
850 | --- a/blockjob.c | ||
851 | +++ b/blockjob.c | ||
852 | @@ -199,7 +199,7 @@ void block_job_remove_all_bdrv(BlockJob *job) | ||
853 | * to process an already freed BdrvChild. | ||
854 | */ | ||
855 | aio_context_release(job->job.aio_context); | ||
856 | - bdrv_graph_wrlock(NULL); | ||
857 | + bdrv_graph_wrlock(); | ||
858 | aio_context_acquire(job->job.aio_context); | ||
859 | while (job->nodes) { | ||
860 | GSList *l = job->nodes; | ||
861 | @@ -212,7 +212,7 @@ void block_job_remove_all_bdrv(BlockJob *job) | ||
862 | |||
863 | g_slist_free_1(l); | ||
864 | } | ||
865 | - bdrv_graph_wrunlock_ctx(job->job.aio_context); | ||
866 | + bdrv_graph_wrunlock(); | ||
867 | } | ||
868 | |||
869 | bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs) | ||
870 | @@ -514,7 +514,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver, | ||
871 | int ret; | ||
872 | GLOBAL_STATE_CODE(); | ||
873 | |||
874 | - bdrv_graph_wrlock(bs); | ||
875 | + bdrv_graph_wrlock(); | ||
876 | |||
877 | if (job_id == NULL && !(flags & JOB_INTERNAL)) { | ||
878 | job_id = bdrv_get_device_name(bs); | ||
879 | @@ -523,7 +523,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver, | ||
880 | job = job_create(job_id, &driver->job_driver, txn, bdrv_get_aio_context(bs), | ||
881 | flags, cb, opaque, errp); | ||
882 | if (job == NULL) { | ||
883 | - bdrv_graph_wrunlock(bs); | ||
884 | + bdrv_graph_wrunlock(); | ||
885 | return NULL; | ||
886 | } | ||
887 | |||
888 | @@ -563,11 +563,11 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver, | ||
889 | goto fail; | ||
890 | } | ||
891 | |||
892 | - bdrv_graph_wrunlock(bs); | ||
893 | + bdrv_graph_wrunlock(); | ||
894 | return job; | ||
895 | |||
896 | fail: | ||
897 | - bdrv_graph_wrunlock(bs); | ||
898 | + bdrv_graph_wrunlock(); | ||
899 | job_early_fail(&job->job); | ||
900 | return NULL; | ||
901 | } | ||
902 | diff --git a/include/block/graph-lock.h b/include/block/graph-lock.h | ||
903 | index 22b5db1ed..d7545e82d 100644 | ||
904 | --- a/include/block/graph-lock.h | ||
905 | +++ b/include/block/graph-lock.h | ||
906 | @@ -110,34 +110,17 @@ void unregister_aiocontext(AioContext *ctx); | ||
907 | * | ||
908 | * The wrlock can only be taken from the main loop, with BQL held, as only the | ||
909 | * main loop is allowed to modify the graph. | ||
910 | - * | ||
911 | - * If @bs is non-NULL, its AioContext is temporarily released. | ||
912 | - * | ||
913 | - * This function polls. Callers must not hold the lock of any AioContext other | ||
914 | - * than the current one and the one of @bs. | ||
915 | */ | ||
916 | void no_coroutine_fn TSA_ACQUIRE(graph_lock) TSA_NO_TSA | ||
917 | -bdrv_graph_wrlock(BlockDriverState *bs); | ||
918 | +bdrv_graph_wrlock(void); | ||
919 | |||
920 | /* | ||
921 | * bdrv_graph_wrunlock: | ||
922 | * Write finished, reset global has_writer to 0 and restart | ||
923 | * all readers that are waiting. | ||
924 | - * | ||
925 | - * If @bs is non-NULL, its AioContext is temporarily released. | ||
926 | - */ | ||
927 | -void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA | ||
928 | -bdrv_graph_wrunlock(BlockDriverState *bs); | ||
929 | - | ||
930 | -/* | ||
931 | - * bdrv_graph_wrunlock_ctx: | ||
932 | - * Write finished, reset global has_writer to 0 and restart | ||
933 | - * all readers that are waiting. | ||
934 | - * | ||
935 | - * If @ctx is non-NULL, its lock is temporarily released. | ||
936 | */ | ||
937 | void no_coroutine_fn TSA_RELEASE(graph_lock) TSA_NO_TSA | ||
938 | -bdrv_graph_wrunlock_ctx(AioContext *ctx); | ||
939 | +bdrv_graph_wrunlock(void); | ||
940 | |||
941 | /* | ||
942 | * bdrv_graph_co_rdlock: | ||
943 | diff --git a/scripts/block-coroutine-wrapper.py b/scripts/block-coroutine-wrapper.py | ||
944 | index a38e5833f..38364fa55 100644 | ||
945 | --- a/scripts/block-coroutine-wrapper.py | ||
946 | +++ b/scripts/block-coroutine-wrapper.py | ||
947 | @@ -261,8 +261,8 @@ def gen_no_co_wrapper(func: FuncDecl) -> str: | ||
948 | graph_lock=' bdrv_graph_rdlock_main_loop();' | ||
949 | graph_unlock=' bdrv_graph_rdunlock_main_loop();' | ||
950 | elif func.graph_wrlock: | ||
951 | - graph_lock=' bdrv_graph_wrlock(NULL);' | ||
952 | - graph_unlock=' bdrv_graph_wrunlock(NULL);' | ||
953 | + graph_lock=' bdrv_graph_wrlock();' | ||
954 | + graph_unlock=' bdrv_graph_wrunlock();' | ||
955 | |||
956 | return f"""\ | ||
957 | /* | ||
958 | diff --git a/tests/unit/test-bdrv-drain.c b/tests/unit/test-bdrv-drain.c | ||
959 | index 704d1a3f3..d9754dfeb 100644 | ||
960 | --- a/tests/unit/test-bdrv-drain.c | ||
961 | +++ b/tests/unit/test-bdrv-drain.c | ||
962 | @@ -807,9 +807,9 @@ static void test_blockjob_common_drain_node(enum drain_type drain_type, | ||
963 | tjob->bs = src; | ||
964 | job = &tjob->common; | ||
965 | |||
966 | - bdrv_graph_wrlock(target); | ||
967 | + bdrv_graph_wrlock(); | ||
968 | block_job_add_bdrv(job, "target", target, 0, BLK_PERM_ALL, &error_abort); | ||
969 | - bdrv_graph_wrunlock(target); | ||
970 | + bdrv_graph_wrunlock(); | ||
971 | |||
972 | switch (result) { | ||
973 | case TEST_JOB_SUCCESS: | ||
974 | @@ -991,11 +991,11 @@ static void bdrv_test_top_close(BlockDriverState *bs) | ||
975 | { | ||
976 | BdrvChild *c, *next_c; | ||
977 | |||
978 | - bdrv_graph_wrlock(NULL); | ||
979 | + bdrv_graph_wrlock(); | ||
980 | QLIST_FOREACH_SAFE(c, &bs->children, next, next_c) { | ||
981 | bdrv_unref_child(bs, c); | ||
982 | } | ||
983 | - bdrv_graph_wrunlock(NULL); | ||
984 | + bdrv_graph_wrunlock(); | ||
985 | } | ||
986 | |||
987 | static int coroutine_fn GRAPH_RDLOCK | ||
988 | @@ -1085,10 +1085,10 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, | ||
989 | |||
990 | null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL, | ||
991 | &error_abort); | ||
992 | - bdrv_graph_wrlock(NULL); | ||
993 | + bdrv_graph_wrlock(); | ||
994 | bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, | ||
995 | BDRV_CHILD_DATA, &error_abort); | ||
996 | - bdrv_graph_wrunlock(NULL); | ||
997 | + bdrv_graph_wrunlock(); | ||
998 | |||
999 | /* This child will be the one to pass to requests through to, and | ||
1000 | * it will stall until a drain occurs */ | ||
1001 | @@ -1096,21 +1096,21 @@ static void do_test_delete_by_drain(bool detach_instead_of_delete, | ||
1002 | &error_abort); | ||
1003 | child_bs->total_sectors = 65536 >> BDRV_SECTOR_BITS; | ||
1004 | /* Takes our reference to child_bs */ | ||
1005 | - bdrv_graph_wrlock(NULL); | ||
1006 | + bdrv_graph_wrlock(); | ||
1007 | tts->wait_child = bdrv_attach_child(bs, child_bs, "wait-child", | ||
1008 | &child_of_bds, | ||
1009 | BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY, | ||
1010 | &error_abort); | ||
1011 | - bdrv_graph_wrunlock(NULL); | ||
1012 | + bdrv_graph_wrunlock(); | ||
1013 | |||
1014 | /* This child is just there to be deleted | ||
1015 | * (for detach_instead_of_delete == true) */ | ||
1016 | null_bs = bdrv_open("null-co://", NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL, | ||
1017 | &error_abort); | ||
1018 | - bdrv_graph_wrlock(NULL); | ||
1019 | + bdrv_graph_wrlock(); | ||
1020 | bdrv_attach_child(bs, null_bs, "null-child", &child_of_bds, BDRV_CHILD_DATA, | ||
1021 | &error_abort); | ||
1022 | - bdrv_graph_wrunlock(NULL); | ||
1023 | + bdrv_graph_wrunlock(); | ||
1024 | |||
1025 | blk = blk_new(qemu_get_aio_context(), BLK_PERM_ALL, BLK_PERM_ALL); | ||
1026 | blk_insert_bs(blk, bs, &error_abort); | ||
1027 | @@ -1193,14 +1193,14 @@ static void no_coroutine_fn detach_indirect_bh(void *opaque) | ||
1028 | |||
1029 | bdrv_dec_in_flight(data->child_b->bs); | ||
1030 | |||
1031 | - bdrv_graph_wrlock(NULL); | ||
1032 | + bdrv_graph_wrlock(); | ||
1033 | bdrv_unref_child(data->parent_b, data->child_b); | ||
1034 | |||
1035 | bdrv_ref(data->c); | ||
1036 | data->child_c = bdrv_attach_child(data->parent_b, data->c, "PB-C", | ||
1037 | &child_of_bds, BDRV_CHILD_DATA, | ||
1038 | &error_abort); | ||
1039 | - bdrv_graph_wrunlock(NULL); | ||
1040 | + bdrv_graph_wrunlock(); | ||
1041 | } | ||
1042 | |||
1043 | static void coroutine_mixed_fn detach_by_parent_aio_cb(void *opaque, int ret) | ||
1044 | @@ -1298,7 +1298,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb) | ||
1045 | /* Set child relationships */ | ||
1046 | bdrv_ref(b); | ||
1047 | bdrv_ref(a); | ||
1048 | - bdrv_graph_wrlock(NULL); | ||
1049 | + bdrv_graph_wrlock(); | ||
1050 | child_b = bdrv_attach_child(parent_b, b, "PB-B", &child_of_bds, | ||
1051 | BDRV_CHILD_DATA, &error_abort); | ||
1052 | child_a = bdrv_attach_child(parent_b, a, "PB-A", &child_of_bds, | ||
1053 | @@ -1308,7 +1308,7 @@ static void TSA_NO_TSA test_detach_indirect(bool by_parent_cb) | ||
1054 | bdrv_attach_child(parent_a, a, "PA-A", | ||
1055 | by_parent_cb ? &child_of_bds : &detach_by_driver_cb_class, | ||
1056 | BDRV_CHILD_DATA, &error_abort); | ||
1057 | - bdrv_graph_wrunlock(NULL); | ||
1058 | + bdrv_graph_wrunlock(); | ||
1059 | |||
1060 | g_assert_cmpint(parent_a->refcnt, ==, 1); | ||
1061 | g_assert_cmpint(parent_b->refcnt, ==, 1); | ||
1062 | @@ -1727,7 +1727,7 @@ static void test_drop_intermediate_poll(void) | ||
1063 | * Establish the chain last, so the chain links are the first | ||
1064 | * elements in the BDS.parents lists | ||
1065 | */ | ||
1066 | - bdrv_graph_wrlock(NULL); | ||
1067 | + bdrv_graph_wrlock(); | ||
1068 | for (i = 0; i < 3; i++) { | ||
1069 | if (i) { | ||
1070 | /* Takes the reference to chain[i - 1] */ | ||
1071 | @@ -1735,7 +1735,7 @@ static void test_drop_intermediate_poll(void) | ||
1072 | &chain_child_class, BDRV_CHILD_COW, &error_abort); | ||
1073 | } | ||
1074 | } | ||
1075 | - bdrv_graph_wrunlock(NULL); | ||
1076 | + bdrv_graph_wrunlock(); | ||
1077 | |||
1078 | job = block_job_create("job", &test_simple_job_driver, NULL, job_node, | ||
1079 | 0, BLK_PERM_ALL, 0, 0, NULL, NULL, &error_abort); | ||
1080 | @@ -1982,10 +1982,10 @@ static void do_test_replace_child_mid_drain(int old_drain_count, | ||
1081 | new_child_bs->total_sectors = 1; | ||
1082 | |||
1083 | bdrv_ref(old_child_bs); | ||
1084 | - bdrv_graph_wrlock(NULL); | ||
1085 | + bdrv_graph_wrlock(); | ||
1086 | bdrv_attach_child(parent_bs, old_child_bs, "child", &child_of_bds, | ||
1087 | BDRV_CHILD_COW, &error_abort); | ||
1088 | - bdrv_graph_wrunlock(NULL); | ||
1089 | + bdrv_graph_wrunlock(); | ||
1090 | parent_s->setup_completed = true; | ||
1091 | |||
1092 | for (i = 0; i < old_drain_count; i++) { | ||
1093 | @@ -2016,9 +2016,9 @@ static void do_test_replace_child_mid_drain(int old_drain_count, | ||
1094 | g_assert(parent_bs->quiesce_counter == old_drain_count); | ||
1095 | bdrv_drained_begin(old_child_bs); | ||
1096 | bdrv_drained_begin(new_child_bs); | ||
1097 | - bdrv_graph_wrlock(NULL); | ||
1098 | + bdrv_graph_wrlock(); | ||
1099 | bdrv_replace_node(old_child_bs, new_child_bs, &error_abort); | ||
1100 | - bdrv_graph_wrunlock(NULL); | ||
1101 | + bdrv_graph_wrunlock(); | ||
1102 | bdrv_drained_end(new_child_bs); | ||
1103 | bdrv_drained_end(old_child_bs); | ||
1104 | g_assert(parent_bs->quiesce_counter == new_drain_count); | ||
1105 | diff --git a/tests/unit/test-bdrv-graph-mod.c b/tests/unit/test-bdrv-graph-mod.c | ||
1106 | index 074adcbb9..8ee6ef38d 100644 | ||
1107 | --- a/tests/unit/test-bdrv-graph-mod.c | ||
1108 | +++ b/tests/unit/test-bdrv-graph-mod.c | ||
1109 | @@ -137,10 +137,10 @@ static void test_update_perm_tree(void) | ||
1110 | |||
1111 | blk_insert_bs(root, bs, &error_abort); | ||
1112 | |||
1113 | - bdrv_graph_wrlock(NULL); | ||
1114 | + bdrv_graph_wrlock(); | ||
1115 | bdrv_attach_child(filter, bs, "child", &child_of_bds, | ||
1116 | BDRV_CHILD_DATA, &error_abort); | ||
1117 | - bdrv_graph_wrunlock(NULL); | ||
1118 | + bdrv_graph_wrunlock(); | ||
1119 | |||
1120 | aio_context_acquire(qemu_get_aio_context()); | ||
1121 | ret = bdrv_append(filter, bs, NULL); | ||
1122 | @@ -206,11 +206,11 @@ static void test_should_update_child(void) | ||
1123 | |||
1124 | bdrv_set_backing_hd(target, bs, &error_abort); | ||
1125 | |||
1126 | - bdrv_graph_wrlock(NULL); | ||
1127 | + bdrv_graph_wrlock(); | ||
1128 | g_assert(target->backing->bs == bs); | ||
1129 | bdrv_attach_child(filter, target, "target", &child_of_bds, | ||
1130 | BDRV_CHILD_DATA, &error_abort); | ||
1131 | - bdrv_graph_wrunlock(NULL); | ||
1132 | + bdrv_graph_wrunlock(); | ||
1133 | aio_context_acquire(qemu_get_aio_context()); | ||
1134 | bdrv_append(filter, bs, &error_abort); | ||
1135 | aio_context_release(qemu_get_aio_context()); | ||
1136 | @@ -248,7 +248,7 @@ static void test_parallel_exclusive_write(void) | ||
1137 | bdrv_ref(base); | ||
1138 | bdrv_ref(fl1); | ||
1139 | |||
1140 | - bdrv_graph_wrlock(NULL); | ||
1141 | + bdrv_graph_wrlock(); | ||
1142 | bdrv_attach_child(top, fl1, "backing", &child_of_bds, | ||
1143 | BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, | ||
1144 | &error_abort); | ||
1145 | @@ -260,7 +260,7 @@ static void test_parallel_exclusive_write(void) | ||
1146 | &error_abort); | ||
1147 | |||
1148 | bdrv_replace_node(fl1, fl2, &error_abort); | ||
1149 | - bdrv_graph_wrunlock(NULL); | ||
1150 | + bdrv_graph_wrunlock(); | ||
1151 | |||
1152 | bdrv_drained_end(fl2); | ||
1153 | bdrv_drained_end(fl1); | ||
1154 | @@ -367,7 +367,7 @@ static void test_parallel_perm_update(void) | ||
1155 | */ | ||
1156 | bdrv_ref(base); | ||
1157 | |||
1158 | - bdrv_graph_wrlock(NULL); | ||
1159 | + bdrv_graph_wrlock(); | ||
1160 | bdrv_attach_child(top, ws, "file", &child_of_bds, BDRV_CHILD_DATA, | ||
1161 | &error_abort); | ||
1162 | c_fl1 = bdrv_attach_child(ws, fl1, "first", &child_of_bds, | ||
1163 | @@ -380,7 +380,7 @@ static void test_parallel_perm_update(void) | ||
1164 | bdrv_attach_child(fl2, base, "backing", &child_of_bds, | ||
1165 | BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, | ||
1166 | &error_abort); | ||
1167 | - bdrv_graph_wrunlock(NULL); | ||
1168 | + bdrv_graph_wrunlock(); | ||
1169 | |||
1170 | /* Select fl1 as first child to be active */ | ||
1171 | s->selected = c_fl1; | ||
1172 | @@ -434,11 +434,11 @@ static void test_append_greedy_filter(void) | ||
1173 | BlockDriverState *base = no_perm_node("base"); | ||
1174 | BlockDriverState *fl = exclusive_writer_node("fl1"); | ||
1175 | |||
1176 | - bdrv_graph_wrlock(NULL); | ||
1177 | + bdrv_graph_wrlock(); | ||
1178 | bdrv_attach_child(top, base, "backing", &child_of_bds, | ||
1179 | BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY, | ||
1180 | &error_abort); | ||
1181 | - bdrv_graph_wrunlock(NULL); | ||
1182 | + bdrv_graph_wrunlock(); | ||
1183 | |||
1184 | aio_context_acquire(qemu_get_aio_context()); | ||
1185 | bdrv_append(fl, base, &error_abort); | ||
1186 | -- | ||
1187 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch new file mode 100644 index 0000000000..bcdd0fbed8 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch | |||
@@ -0,0 +1,239 @@ | |||
1 | From 7ead946998610657d38d1a505d5f25300d4ca613 Mon Sep 17 00:00:00 2001 | ||
2 | From: Kevin Wolf <kwolf@redhat.com> | ||
3 | Date: Thu, 25 Apr 2024 14:56:02 +0000 | ||
4 | Subject: [PATCH] block: Parse filenames only when explicitly requested | ||
5 | |||
6 | When handling image filenames from legacy options such as -drive or from | ||
7 | tools, these filenames are parsed for protocol prefixes, including for | ||
8 | the json:{} pseudo-protocol. | ||
9 | |||
10 | This behaviour is intended for filenames that come directly from the | ||
11 | command line and for backing files, which may come from the image file | ||
12 | itself. Higher level management tools generally take care to verify that | ||
13 | untrusted images don't contain a bad (or any) backing file reference; | ||
14 | 'qemu-img info' is a suitable tool for this. | ||
15 | |||
16 | However, for other files that can be referenced in images, such as | ||
17 | qcow2 data files or VMDK extents, the string from the image file is | ||
18 | usually not verified by management tools - and 'qemu-img info' wouldn't | ||
19 | be suitable because in contrast to backing files, it already opens these | ||
20 | other referenced files. So here the string should be interpreted as a | ||
21 | literal local filename. More complex configurations need to be specified | ||
22 | explicitly on the command line or in QMP... | ||
23 | |||
24 | CVE: CVE-2024-4467 | ||
25 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613] | ||
26 | |||
27 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
28 | --- | ||
29 | block.c | 94 ++++++++++++++++++++++++++++++++++----------------------- | ||
30 | 1 file changed, 57 insertions(+), 37 deletions(-) | ||
31 | |||
32 | diff --git a/block.c b/block.c | ||
33 | index 25e1ebc60..f3cb32cd7 100644 | ||
34 | --- a/block.c | ||
35 | +++ b/block.c | ||
36 | @@ -86,6 +86,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename, | ||
37 | BlockDriverState *parent, | ||
38 | const BdrvChildClass *child_class, | ||
39 | BdrvChildRole child_role, | ||
40 | + bool parse_filename, | ||
41 | Error **errp); | ||
42 | |||
43 | static bool bdrv_recurse_has_child(BlockDriverState *bs, | ||
44 | @@ -2047,7 +2048,8 @@ static void parse_json_protocol(QDict *options, const char **pfilename, | ||
45 | * block driver has been specified explicitly. | ||
46 | */ | ||
47 | static int bdrv_fill_options(QDict **options, const char *filename, | ||
48 | - int *flags, Error **errp) | ||
49 | + int *flags, bool allow_parse_filename, | ||
50 | + Error **errp) | ||
51 | { | ||
52 | const char *drvname; | ||
53 | bool protocol = *flags & BDRV_O_PROTOCOL; | ||
54 | @@ -2089,7 +2091,7 @@ static int bdrv_fill_options(QDict **options, const char *filename, | ||
55 | if (protocol && filename) { | ||
56 | if (!qdict_haskey(*options, "filename")) { | ||
57 | qdict_put_str(*options, "filename", filename); | ||
58 | - parse_filename = true; | ||
59 | + parse_filename = allow_parse_filename; | ||
60 | } else { | ||
61 | error_setg(errp, "Can't specify 'file' and 'filename' options at " | ||
62 | "the same time"); | ||
63 | @@ -3675,7 +3677,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options, | ||
64 | } | ||
65 | |||
66 | backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs, | ||
67 | - &child_of_bds, bdrv_backing_role(bs), errp); | ||
68 | + &child_of_bds, bdrv_backing_role(bs), true, | ||
69 | + errp); | ||
70 | if (!backing_hd) { | ||
71 | bs->open_flags |= BDRV_O_NO_BACKING; | ||
72 | error_prepend(errp, "Could not open backing file: "); | ||
73 | @@ -3712,7 +3715,8 @@ free_exit: | ||
74 | static BlockDriverState * | ||
75 | bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key, | ||
76 | BlockDriverState *parent, const BdrvChildClass *child_class, | ||
77 | - BdrvChildRole child_role, bool allow_none, Error **errp) | ||
78 | + BdrvChildRole child_role, bool allow_none, | ||
79 | + bool parse_filename, Error **errp) | ||
80 | { | ||
81 | BlockDriverState *bs = NULL; | ||
82 | QDict *image_options; | ||
83 | @@ -3743,7 +3747,8 @@ bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key, | ||
84 | } | ||
85 | |||
86 | bs = bdrv_open_inherit(filename, reference, image_options, 0, | ||
87 | - parent, child_class, child_role, errp); | ||
88 | + parent, child_class, child_role, parse_filename, | ||
89 | + errp); | ||
90 | if (!bs) { | ||
91 | goto done; | ||
92 | } | ||
93 | @@ -3753,6 +3758,33 @@ done: | ||
94 | return bs; | ||
95 | } | ||
96 | |||
97 | +static BdrvChild *bdrv_open_child_common(const char *filename, | ||
98 | + QDict *options, const char *bdref_key, | ||
99 | + BlockDriverState *parent, | ||
100 | + const BdrvChildClass *child_class, | ||
101 | + BdrvChildRole child_role, | ||
102 | + bool allow_none, bool parse_filename, | ||
103 | + Error **errp) | ||
104 | +{ | ||
105 | + BlockDriverState *bs; | ||
106 | + BdrvChild *child; | ||
107 | + | ||
108 | + GLOBAL_STATE_CODE(); | ||
109 | + | ||
110 | + bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class, | ||
111 | + child_role, allow_none, parse_filename, errp); | ||
112 | + if (bs == NULL) { | ||
113 | + return NULL; | ||
114 | + } | ||
115 | + | ||
116 | + bdrv_graph_wrlock(); | ||
117 | + child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role, | ||
118 | + errp); | ||
119 | + bdrv_graph_wrunlock(); | ||
120 | + | ||
121 | + return child; | ||
122 | +} | ||
123 | + | ||
124 | /* | ||
125 | * Opens a disk image whose options are given as BlockdevRef in another block | ||
126 | * device's options. | ||
127 | @@ -3778,31 +3810,15 @@ BdrvChild *bdrv_open_child(const char *filename, | ||
128 | BdrvChildRole child_role, | ||
129 | bool allow_none, Error **errp) | ||
130 | { | ||
131 | - BlockDriverState *bs; | ||
132 | - BdrvChild *child; | ||
133 | - AioContext *ctx; | ||
134 | - | ||
135 | - GLOBAL_STATE_CODE(); | ||
136 | - | ||
137 | - bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class, | ||
138 | - child_role, allow_none, errp); | ||
139 | - if (bs == NULL) { | ||
140 | - return NULL; | ||
141 | - } | ||
142 | - | ||
143 | - bdrv_graph_wrlock(); | ||
144 | - ctx = bdrv_get_aio_context(bs); | ||
145 | - aio_context_acquire(ctx); | ||
146 | - child = bdrv_attach_child(parent, bs, bdref_key, child_class, child_role, | ||
147 | - errp); | ||
148 | - aio_context_release(ctx); | ||
149 | - bdrv_graph_wrunlock(); | ||
150 | - | ||
151 | - return child; | ||
152 | + return bdrv_open_child_common(filename, options, bdref_key, parent, | ||
153 | + child_class, child_role, allow_none, false, | ||
154 | + errp); | ||
155 | } | ||
156 | |||
157 | /* | ||
158 | - * Wrapper on bdrv_open_child() for most popular case: open primary child of bs. | ||
159 | + * This does mostly the same as bdrv_open_child(), but for opening the primary | ||
160 | + * child of a node. A notable difference from bdrv_open_child() is that it | ||
161 | + * enables filename parsing for protocol names (including json:). | ||
162 | * | ||
163 | * The caller must hold the lock of the main AioContext and no other AioContext. | ||
164 | * @parent can move to a different AioContext in this function. Callers must | ||
165 | @@ -3819,8 +3835,8 @@ int bdrv_open_file_child(const char *filename, | ||
166 | role = parent->drv->is_filter ? | ||
167 | (BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY) : BDRV_CHILD_IMAGE; | ||
168 | |||
169 | - if (!bdrv_open_child(filename, options, bdref_key, parent, | ||
170 | - &child_of_bds, role, false, errp)) | ||
171 | + if (!bdrv_open_child_common(filename, options, bdref_key, parent, | ||
172 | + &child_of_bds, role, false, true, errp)) | ||
173 | { | ||
174 | return -EINVAL; | ||
175 | } | ||
176 | @@ -3865,7 +3881,8 @@ BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp) | ||
177 | |||
178 | } | ||
179 | |||
180 | - bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp); | ||
181 | + bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, false, | ||
182 | + errp); | ||
183 | obj = NULL; | ||
184 | qobject_unref(obj); | ||
185 | visit_free(v); | ||
186 | @@ -3962,7 +3979,7 @@ static BlockDriverState * no_coroutine_fn | ||
187 | bdrv_open_inherit(const char *filename, const char *reference, QDict *options, | ||
188 | int flags, BlockDriverState *parent, | ||
189 | const BdrvChildClass *child_class, BdrvChildRole child_role, | ||
190 | - Error **errp) | ||
191 | + bool parse_filename, Error **errp) | ||
192 | { | ||
193 | int ret; | ||
194 | BlockBackend *file = NULL; | ||
195 | @@ -4011,9 +4028,11 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options, | ||
196 | } | ||
197 | |||
198 | /* json: syntax counts as explicit options, as if in the QDict */ | ||
199 | - parse_json_protocol(options, &filename, &local_err); | ||
200 | - if (local_err) { | ||
201 | - goto fail; | ||
202 | + if (parse_filename) { | ||
203 | + parse_json_protocol(options, &filename, &local_err); | ||
204 | + if (local_err) { | ||
205 | + goto fail; | ||
206 | + } | ||
207 | } | ||
208 | |||
209 | bs->explicit_options = qdict_clone_shallow(options); | ||
210 | @@ -4038,7 +4057,8 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options, | ||
211 | parent->open_flags, parent->options); | ||
212 | } | ||
213 | |||
214 | - ret = bdrv_fill_options(&options, filename, &flags, &local_err); | ||
215 | + ret = bdrv_fill_options(&options, filename, &flags, parse_filename, | ||
216 | + &local_err); | ||
217 | if (ret < 0) { | ||
218 | goto fail; | ||
219 | } | ||
220 | @@ -4107,7 +4127,7 @@ bdrv_open_inherit(const char *filename, const char *reference, QDict *options, | ||
221 | |||
222 | file_bs = bdrv_open_child_bs(filename, options, "file", bs, | ||
223 | &child_of_bds, BDRV_CHILD_IMAGE, | ||
224 | - true, &local_err); | ||
225 | + true, true, &local_err); | ||
226 | if (local_err) { | ||
227 | goto fail; | ||
228 | } | ||
229 | @@ -4270,7 +4290,7 @@ BlockDriverState *bdrv_open(const char *filename, const char *reference, | ||
230 | GLOBAL_STATE_CODE(); | ||
231 | |||
232 | return bdrv_open_inherit(filename, reference, options, flags, NULL, | ||
233 | - NULL, 0, errp); | ||
234 | + NULL, 0, true, errp); | ||
235 | } | ||
236 | |||
237 | /* Return true if the NULL-terminated @list contains @str */ | ||
238 | -- | ||
239 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch new file mode 100644 index 0000000000..631e93a6d2 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch | |||
@@ -0,0 +1,167 @@ | |||
1 | From fb1c2aaa981e0a2fa6362c9985f1296b74f055ac Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Blake <eblake@redhat.com> | ||
3 | Date: Wed, 7 Aug 2024 08:50:01 -0500 | ||
4 | Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add() | ||
5 | |||
6 | Upcoming patches to fix a CVE need to track an opaque pointer passed | ||
7 | in by the owner of a client object, as well as request for a time | ||
8 | limit on how fast negotiation must complete. Prepare for that by | ||
9 | changing the signature of nbd_client_new() and adding an accessor to | ||
10 | get at the opaque pointer, although for now the two servers | ||
11 | (qemu-nbd.c and blockdev-nbd.c) do not change behavior even though | ||
12 | they pass in a new default timeout value. | ||
13 | |||
14 | Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> | ||
15 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
16 | Message-ID: <20240807174943.771624-11-eblake@redhat.com> | ||
17 | Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> | ||
18 | [eblake: s/LIMIT/MAX_SECS/ as suggested by Dan] | ||
19 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
20 | |||
21 | CVE: CVE-2024-7409 | ||
22 | |||
23 | Upstream-Status: Backport [https://github.com/qemu/qemu/commit/fb1c2aaa981e0a2fa6362c9985f1296b74f055ac] | ||
24 | |||
25 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
26 | --- | ||
27 | blockdev-nbd.c | 6 ++++-- | ||
28 | include/block/nbd.h | 11 ++++++++++- | ||
29 | nbd/server.c | 20 +++++++++++++++++--- | ||
30 | qemu-nbd.c | 4 +++- | ||
31 | 4 files changed, 34 insertions(+), 7 deletions(-) | ||
32 | |||
33 | diff --git a/blockdev-nbd.c b/blockdev-nbd.c | ||
34 | index 213012435..267a1de90 100644 | ||
35 | --- a/blockdev-nbd.c | ||
36 | +++ b/blockdev-nbd.c | ||
37 | @@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, | ||
38 | nbd_update_server_watch(nbd_server); | ||
39 | |||
40 | qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); | ||
41 | - nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz, | ||
42 | - nbd_blockdev_client_closed); | ||
43 | + /* TODO - expose handshake timeout as QMP option */ | ||
44 | + nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, | ||
45 | + nbd_server->tlscreds, nbd_server->tlsauthz, | ||
46 | + nbd_blockdev_client_closed, NULL); | ||
47 | } | ||
48 | |||
49 | static void nbd_update_server_watch(NBDServerData *s) | ||
50 | diff --git a/include/block/nbd.h b/include/block/nbd.h | ||
51 | index 4e7bd6342..1d4d65922 100644 | ||
52 | --- a/include/block/nbd.h | ||
53 | +++ b/include/block/nbd.h | ||
54 | @@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts; | ||
55 | |||
56 | extern const BlockExportDriver blk_exp_nbd; | ||
57 | |||
58 | +/* | ||
59 | + * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must | ||
60 | + * succeed at NBD_OPT_GO before being forcefully dropped as too slow. | ||
61 | + */ | ||
62 | +#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 | ||
63 | + | ||
64 | /* Handshake phase structs - this struct is passed on the wire */ | ||
65 | |||
66 | typedef struct NBDOption { | ||
67 | @@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp); | ||
68 | NBDExport *nbd_export_find(const char *name); | ||
69 | |||
70 | void nbd_client_new(QIOChannelSocket *sioc, | ||
71 | + uint32_t handshake_max_secs, | ||
72 | QCryptoTLSCreds *tlscreds, | ||
73 | const char *tlsauthz, | ||
74 | - void (*close_fn)(NBDClient *, bool)); | ||
75 | + void (*close_fn)(NBDClient *, bool), | ||
76 | + void *owner); | ||
77 | +void *nbd_client_owner(NBDClient *client); | ||
78 | void nbd_client_get(NBDClient *client); | ||
79 | void nbd_client_put(NBDClient *client); | ||
80 | |||
81 | diff --git a/nbd/server.c b/nbd/server.c | ||
82 | index 091b57119..f8881936e 100644 | ||
83 | --- a/nbd/server.c | ||
84 | +++ b/nbd/server.c | ||
85 | @@ -124,12 +124,14 @@ struct NBDMetaContexts { | ||
86 | struct NBDClient { | ||
87 | int refcount; /* atomic */ | ||
88 | void (*close_fn)(NBDClient *client, bool negotiated); | ||
89 | + void *owner; | ||
90 | |||
91 | QemuMutex lock; | ||
92 | |||
93 | NBDExport *exp; | ||
94 | QCryptoTLSCreds *tlscreds; | ||
95 | char *tlsauthz; | ||
96 | + uint32_t handshake_max_secs; | ||
97 | QIOChannelSocket *sioc; /* The underlying data channel */ | ||
98 | QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */ | ||
99 | |||
100 | @@ -3160,6 +3162,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) | ||
101 | |||
102 | qemu_co_mutex_init(&client->send_lock); | ||
103 | |||
104 | + /* TODO - utilize client->handshake_max_secs */ | ||
105 | if (nbd_negotiate(client, &local_err)) { | ||
106 | if (local_err) { | ||
107 | error_report_err(local_err); | ||
108 | @@ -3174,14 +3177,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque) | ||
109 | } | ||
110 | |||
111 | /* | ||
112 | - * Create a new client listener using the given channel @sioc. | ||
113 | + * Create a new client listener using the given channel @sioc and @owner. | ||
114 | * Begin servicing it in a coroutine. When the connection closes, call | ||
115 | - * @close_fn with an indication of whether the client completed negotiation. | ||
116 | + * @close_fn with an indication of whether the client completed negotiation | ||
117 | + * within @handshake_max_secs seconds (0 for unbounded). | ||
118 | */ | ||
119 | void nbd_client_new(QIOChannelSocket *sioc, | ||
120 | + uint32_t handshake_max_secs, | ||
121 | QCryptoTLSCreds *tlscreds, | ||
122 | const char *tlsauthz, | ||
123 | - void (*close_fn)(NBDClient *, bool)) | ||
124 | + void (*close_fn)(NBDClient *, bool), | ||
125 | + void *owner) | ||
126 | { | ||
127 | NBDClient *client; | ||
128 | Coroutine *co; | ||
129 | @@ -3194,13 +3200,21 @@ void nbd_client_new(QIOChannelSocket *sioc, | ||
130 | object_ref(OBJECT(client->tlscreds)); | ||
131 | } | ||
132 | client->tlsauthz = g_strdup(tlsauthz); | ||
133 | + client->handshake_max_secs = handshake_max_secs; | ||
134 | client->sioc = sioc; | ||
135 | qio_channel_set_delay(QIO_CHANNEL(sioc), false); | ||
136 | object_ref(OBJECT(client->sioc)); | ||
137 | client->ioc = QIO_CHANNEL(sioc); | ||
138 | object_ref(OBJECT(client->ioc)); | ||
139 | client->close_fn = close_fn; | ||
140 | + client->owner = owner; | ||
141 | |||
142 | co = qemu_coroutine_create(nbd_co_client_start, client); | ||
143 | qemu_coroutine_enter(co); | ||
144 | } | ||
145 | + | ||
146 | +void * | ||
147 | +nbd_client_owner(NBDClient *client) | ||
148 | +{ | ||
149 | + return client->owner; | ||
150 | +} | ||
151 | diff --git a/qemu-nbd.c b/qemu-nbd.c | ||
152 | index 186e6468b..5fa399c0b 100644 | ||
153 | --- a/qemu-nbd.c | ||
154 | +++ b/qemu-nbd.c | ||
155 | @@ -389,7 +389,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, | ||
156 | |||
157 | nb_fds++; | ||
158 | nbd_update_server_watch(); | ||
159 | - nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed); | ||
160 | + /* TODO - expose handshake timeout as command line option */ | ||
161 | + nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, | ||
162 | + tlscreds, tlsauthz, nbd_client_closed, NULL); | ||
163 | } | ||
164 | |||
165 | static void nbd_update_server_watch(void) | ||
166 | -- | ||
167 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch new file mode 100644 index 0000000000..ca8ef0b44d --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch | |||
@@ -0,0 +1,175 @@ | |||
1 | From c8a76dbd90c2f48df89b75bef74917f90a59b623 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Blake <eblake@redhat.com> | ||
3 | Date: Tue, 6 Aug 2024 13:53:00 -0500 | ||
4 | Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100 | ||
5 | |||
6 | Allowing an unlimited number of clients to any web service is a recipe | ||
7 | for a rudimentary denial of service attack: the client merely needs to | ||
8 | open lots of sockets without closing them, until qemu no longer has | ||
9 | any more fds available to allocate. | ||
10 | |||
11 | For qemu-nbd, we default to allowing only 1 connection unless more are | ||
12 | explicitly asked for (-e or --shared); this was historically picked as | ||
13 | a nice default (without an explicit -t, a non-persistent qemu-nbd goes | ||
14 | away after a client disconnects, without needing any additional | ||
15 | follow-up commands), and we are not going to change that interface now | ||
16 | (besides, someday we want to point people towards qemu-storage-daemon | ||
17 | instead of qemu-nbd). | ||
18 | |||
19 | But for qemu proper, and the newer qemu-storage-daemon, the QMP | ||
20 | nbd-server-start command has historically had a default of unlimited | ||
21 | number of connections, in part because unlike qemu-nbd it is | ||
22 | inherently persistent until nbd-server-stop. Allowing multiple client | ||
23 | sockets is particularly useful for clients that can take advantage of | ||
24 | MULTI_CONN (creating parallel sockets to increase throughput), | ||
25 | although known clients that do so (such as libnbd's nbdcopy) typically | ||
26 | use only 8 or 16 connections (the benefits of scaling diminish once | ||
27 | more sockets are competing for kernel attention). Picking a number | ||
28 | large enough for typical use cases, but not unlimited, makes it | ||
29 | slightly harder for a malicious client to perform a denial of service | ||
30 | merely by opening lots of connections withot progressing through the | ||
31 | handshake. | ||
32 | |||
33 | This change does not eliminate CVE-2024-7409 on its own, but reduces | ||
34 | the chance for fd exhaustion or unlimited memory usage as an attack | ||
35 | surface. On the other hand, by itself, it makes it more obvious that | ||
36 | with a finite limit, we have the problem of an unauthenticated client | ||
37 | holding 100 fds opened as a way to block out a legitimate client from | ||
38 | being able to connect; thus, later patches will further add timeouts | ||
39 | to reject clients that are not making progress. | ||
40 | |||
41 | This is an INTENTIONAL change in behavior, and will break any client | ||
42 | of nbd-server-start that was not passing an explicit max-connections | ||
43 | parameter, yet expects more than 100 simultaneous connections. We are | ||
44 | not aware of any such client (as stated above, most clients aware of | ||
45 | MULTI_CONN get by just fine on 8 or 16 connections, and probably cope | ||
46 | with later connections failing by relying on the earlier connections; | ||
47 | libvirt has not yet been passing max-connections, but generally | ||
48 | creates NBD servers with the intent for a single client for the sake | ||
49 | of live storage migration; meanwhile, the KubeSAN project anticipates | ||
50 | a large cluster sharing multiple clients [up to 8 per node, and up to | ||
51 | 100 nodes in a cluster], but it currently uses qemu-nbd with an | ||
52 | explicit --shared=0 rather than qemu-storage-daemon with | ||
53 | nbd-server-start). | ||
54 | |||
55 | We considered using a deprecation period (declare that omitting | ||
56 | max-parameters is deprecated, and make it mandatory in 3 releases - | ||
57 | then we don't need to pick an arbitrary default); that has zero risk | ||
58 | of breaking any apps that accidentally depended on more than 100 | ||
59 | connections, and where such breakage might not be noticed under unit | ||
60 | testing but only under the larger loads of production usage. But it | ||
61 | does not close the denial-of-service hole until far into the future, | ||
62 | and requires all apps to change to add the parameter even if 100 was | ||
63 | good enough. It also has a drawback that any app (like libvirt) that | ||
64 | is accidentally relying on an unlimited default should seriously | ||
65 | consider their own CVE now, at which point they are going to change to | ||
66 | pass explicit max-connections sooner than waiting for 3 qemu releases. | ||
67 | Finally, if our changed default breaks an app, that app can always | ||
68 | pass in an explicit max-parameters with a larger value. | ||
69 | |||
70 | It is also intentional that the HMP interface to nbd-server-start is | ||
71 | not changed to expose max-connections (any client needing to fine-tune | ||
72 | things should be using QMP). | ||
73 | |||
74 | Suggested-by: Daniel P. Berrangé <berrange@redhat.com> | ||
75 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
76 | Message-ID: <20240807174943.771624-12-eblake@redhat.com> | ||
77 | Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> | ||
78 | [ericb: Expand commit message to summarize Dan's argument for why we | ||
79 | break corner-case back-compat behavior without a deprecation period] | ||
80 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
81 | |||
82 | CVE: CVE-2024-7409 | ||
83 | |||
84 | Upstream-Status: Backport [https://github.com/qemu/qemu/commit/c8a76dbd90c2f48df89b75bef74917f90a59b623] | ||
85 | |||
86 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
87 | --- | ||
88 | block/monitor/block-hmp-cmds.c | 3 ++- | ||
89 | blockdev-nbd.c | 8 ++++++++ | ||
90 | include/block/nbd.h | 7 +++++++ | ||
91 | qapi/block-export.json | 4 ++-- | ||
92 | 4 files changed, 19 insertions(+), 3 deletions(-) | ||
93 | |||
94 | diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c | ||
95 | index c729cbf1e..78a697585 100644 | ||
96 | --- a/block/monitor/block-hmp-cmds.c | ||
97 | +++ b/block/monitor/block-hmp-cmds.c | ||
98 | @@ -415,7 +415,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict) | ||
99 | goto exit; | ||
100 | } | ||
101 | |||
102 | - nbd_server_start(addr, NULL, NULL, 0, &local_err); | ||
103 | + nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS, | ||
104 | + &local_err); | ||
105 | qapi_free_SocketAddress(addr); | ||
106 | if (local_err != NULL) { | ||
107 | goto exit; | ||
108 | diff --git a/blockdev-nbd.c b/blockdev-nbd.c | ||
109 | index 267a1de90..24ba5382d 100644 | ||
110 | --- a/blockdev-nbd.c | ||
111 | +++ b/blockdev-nbd.c | ||
112 | @@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds, | ||
113 | |||
114 | void nbd_server_start_options(NbdServerOptions *arg, Error **errp) | ||
115 | { | ||
116 | + if (!arg->has_max_connections) { | ||
117 | + arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS; | ||
118 | + } | ||
119 | + | ||
120 | nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz, | ||
121 | arg->max_connections, errp); | ||
122 | } | ||
123 | @@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr, | ||
124 | { | ||
125 | SocketAddress *addr_flat = socket_address_flatten(addr); | ||
126 | |||
127 | + if (!has_max_connections) { | ||
128 | + max_connections = NBD_DEFAULT_MAX_CONNECTIONS; | ||
129 | + } | ||
130 | + | ||
131 | nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp); | ||
132 | qapi_free_SocketAddress(addr_flat); | ||
133 | } | ||
134 | diff --git a/include/block/nbd.h b/include/block/nbd.h | ||
135 | index 1d4d65922..d4f8b21ae 100644 | ||
136 | --- a/include/block/nbd.h | ||
137 | +++ b/include/block/nbd.h | ||
138 | @@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd; | ||
139 | */ | ||
140 | #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10 | ||
141 | |||
142 | +/* | ||
143 | + * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at | ||
144 | + * once; must be large enough to allow a MULTI_CONN-aware client like | ||
145 | + * nbdcopy to create its typical number of 8-16 sockets. | ||
146 | + */ | ||
147 | +#define NBD_DEFAULT_MAX_CONNECTIONS 100 | ||
148 | + | ||
149 | /* Handshake phase structs - this struct is passed on the wire */ | ||
150 | |||
151 | typedef struct NBDOption { | ||
152 | diff --git a/qapi/block-export.json b/qapi/block-export.json | ||
153 | index 7874a49ba..1d255d77e 100644 | ||
154 | --- a/qapi/block-export.json | ||
155 | +++ b/qapi/block-export.json | ||
156 | @@ -28,7 +28,7 @@ | ||
157 | # @max-connections: The maximum number of connections to allow at the | ||
158 | # same time, 0 for unlimited. Setting this to 1 also stops the | ||
159 | # server from advertising multiple client support (since 5.2; | ||
160 | -# default: 0) | ||
161 | +# default: 100) | ||
162 | # | ||
163 | # Since: 4.2 | ||
164 | ## | ||
165 | @@ -63,7 +63,7 @@ | ||
166 | # @max-connections: The maximum number of connections to allow at the | ||
167 | # same time, 0 for unlimited. Setting this to 1 also stops the | ||
168 | # server from advertising multiple client support (since 5.2; | ||
169 | -# default: 0). | ||
170 | +# default: 100). | ||
171 | # | ||
172 | # Returns: error if the server is already running. | ||
173 | # | ||
174 | -- | ||
175 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch new file mode 100644 index 0000000000..b2b9b15c54 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch | |||
@@ -0,0 +1,126 @@ | |||
1 | From b9b72cb3ce15b693148bd09cef7e50110566d8a0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Blake <eblake@redhat.com> | ||
3 | Date: Thu, 8 Aug 2024 16:05:08 -0500 | ||
4 | Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients | ||
5 | |||
6 | A client that opens a socket but does not negotiate is merely hogging | ||
7 | qemu's resources (an open fd and a small amount of memory); and a | ||
8 | malicious client that can access the port where NBD is listening can | ||
9 | attempt a denial of service attack by intentionally opening and | ||
10 | abandoning lots of unfinished connections. The previous patch put a | ||
11 | default bound on the number of such ongoing connections, but once that | ||
12 | limit is hit, no more clients can connect (including legitimate ones). | ||
13 | The solution is to insist that clients complete handshake within a | ||
14 | reasonable time limit, defaulting to 10 seconds. A client that has | ||
15 | not successfully completed NBD_OPT_GO by then (including the case of | ||
16 | where the client didn't know TLS credentials to even reach the point | ||
17 | of NBD_OPT_GO) is wasting our time and does not deserve to stay | ||
18 | connected. Later patches will allow fine-tuning the limit away from | ||
19 | the default value (including disabling it for doing integration | ||
20 | testing of the handshake process itself). | ||
21 | |||
22 | Note that this patch in isolation actually makes it more likely to see | ||
23 | qemu SEGV after nbd-server-stop, as any client socket still connected | ||
24 | when the server shuts down will now be closed after 10 seconds rather | ||
25 | than at the client's whims. That will be addressed in the next patch. | ||
26 | |||
27 | For a demo of this patch in action: | ||
28 | $ qemu-nbd -f raw -r -t -e 10 file & | ||
29 | $ nbdsh --opt-mode -c ' | ||
30 | H = list() | ||
31 | for i in range(20): | ||
32 | print(i) | ||
33 | H.insert(i, nbd.NBD()) | ||
34 | H[i].set_opt_mode(True) | ||
35 | H[i].connect_uri("nbd://localhost") | ||
36 | ' | ||
37 | $ kill $! | ||
38 | |||
39 | where later connections get to start progressing once earlier ones are | ||
40 | forcefully dropped for taking too long, rather than hanging. | ||
41 | |||
42 | Suggested-by: Daniel P. Berrangé <berrange@redhat.com> | ||
43 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
44 | Message-ID: <20240807174943.771624-13-eblake@redhat.com> | ||
45 | Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> | ||
46 | [eblake: rebase to changes earlier in series, reduce scope of timer] | ||
47 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
48 | |||
49 | CVE: CVE-2024-7409 | ||
50 | |||
51 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/b9b72cb3ce15b693148bd09cef7e50110566d8a0] | ||
52 | |||
53 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
54 | --- | ||
55 | nbd/server.c | 28 +++++++++++++++++++++++++++- | ||
56 | nbd/trace-events | 1 + | ||
57 | 2 files changed, 28 insertions(+), 1 deletion(-) | ||
58 | |||
59 | diff --git a/nbd/server.c b/nbd/server.c | ||
60 | index f8881936e..6155e329a 100644 | ||
61 | --- a/nbd/server.c | ||
62 | +++ b/nbd/server.c | ||
63 | @@ -3155,22 +3155,48 @@ static void nbd_client_receive_next_request(NBDClient *client) | ||
64 | } | ||
65 | } | ||
66 | |||
67 | +static void nbd_handshake_timer_cb(void *opaque) | ||
68 | +{ | ||
69 | + QIOChannel *ioc = opaque; | ||
70 | + | ||
71 | + trace_nbd_handshake_timer_cb(); | ||
72 | + qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL); | ||
73 | +} | ||
74 | + | ||
75 | static coroutine_fn void nbd_co_client_start(void *opaque) | ||
76 | { | ||
77 | NBDClient *client = opaque; | ||
78 | Error *local_err = NULL; | ||
79 | + QEMUTimer *handshake_timer = NULL; | ||
80 | |||
81 | qemu_co_mutex_init(&client->send_lock); | ||
82 | |||
83 | - /* TODO - utilize client->handshake_max_secs */ | ||
84 | + /* | ||
85 | + * Create a timer to bound the time spent in negotiation. If the | ||
86 | + * timer expires, it is likely nbd_negotiate will fail because the | ||
87 | + * socket was shutdown. | ||
88 | + */ | ||
89 | + if (client->handshake_max_secs > 0) { | ||
90 | + handshake_timer = aio_timer_new(qemu_get_aio_context(), | ||
91 | + QEMU_CLOCK_REALTIME, | ||
92 | + SCALE_NS, | ||
93 | + nbd_handshake_timer_cb, | ||
94 | + client->sioc); | ||
95 | + timer_mod(handshake_timer, | ||
96 | + qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + | ||
97 | + client->handshake_max_secs * NANOSECONDS_PER_SECOND); | ||
98 | + } | ||
99 | + | ||
100 | if (nbd_negotiate(client, &local_err)) { | ||
101 | if (local_err) { | ||
102 | error_report_err(local_err); | ||
103 | } | ||
104 | + timer_free(handshake_timer); | ||
105 | client_close(client, false); | ||
106 | return; | ||
107 | } | ||
108 | |||
109 | + timer_free(handshake_timer); | ||
110 | WITH_QEMU_LOCK_GUARD(&client->lock) { | ||
111 | nbd_client_receive_next_request(client); | ||
112 | } | ||
113 | diff --git a/nbd/trace-events b/nbd/trace-events | ||
114 | index 00ae3216a..cbd0a4ab7 100644 | ||
115 | --- a/nbd/trace-events | ||
116 | +++ b/nbd/trace-events | ||
117 | @@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload | ||
118 | nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64 | ||
119 | nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32 | ||
120 | nbd_trip(void) "Reading request" | ||
121 | +nbd_handshake_timer_cb(void) "client took too long to negotiate" | ||
122 | |||
123 | # client-connection.c | ||
124 | nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64 | ||
125 | -- | ||
126 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch new file mode 100644 index 0000000000..9515c631ad --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch | |||
@@ -0,0 +1,164 @@ | |||
1 | From 3e7ef738c8462c45043a1d39f702a0990406a3b3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Blake <eblake@redhat.com> | ||
3 | Date: Wed, 7 Aug 2024 12:23:13 -0500 | ||
4 | Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop | ||
5 | |||
6 | A malicious client can attempt to connect to an NBD server, and then | ||
7 | intentionally delay progress in the handshake, including if it does | ||
8 | not know the TLS secrets. Although the previous two patches reduce | ||
9 | this behavior by capping the default max-connections parameter and | ||
10 | killing slow clients, they did not eliminate the possibility of a | ||
11 | client waiting to close the socket until after the QMP nbd-server-stop | ||
12 | command is executed, at which point qemu would SEGV when trying to | ||
13 | dereference the NULL nbd_server global which is no longer present. | ||
14 | This amounts to a denial of service attack. Worse, if another NBD | ||
15 | server is started before the malicious client disconnects, I cannot | ||
16 | rule out additional adverse effects when the old client interferes | ||
17 | with the connection count of the new server (although the most likely | ||
18 | is a crash due to an assertion failure when checking | ||
19 | nbd_server->connections > 0). | ||
20 | |||
21 | For environments without this patch, the CVE can be mitigated by | ||
22 | ensuring (such as via a firewall) that only trusted clients can | ||
23 | connect to an NBD server. Note that using frameworks like libvirt | ||
24 | that ensure that TLS is used and that nbd-server-stop is not executed | ||
25 | while any trusted clients are still connected will only help if there | ||
26 | is also no possibility for an untrusted client to open a connection | ||
27 | but then stall on the NBD handshake. | ||
28 | |||
29 | Given the previous patches, it would be possible to guarantee that no | ||
30 | clients remain connected by having nbd-server-stop sleep for longer | ||
31 | than the default handshake deadline before finally freeing the global | ||
32 | nbd_server object, but that could make QMP non-responsive for a long | ||
33 | time. So intead, this patch fixes the problem by tracking all client | ||
34 | sockets opened while the server is running, and forcefully closing any | ||
35 | such sockets remaining without a completed handshake at the time of | ||
36 | nbd-server-stop, then waiting until the coroutines servicing those | ||
37 | sockets notice the state change. nbd-server-stop now has a second | ||
38 | AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the | ||
39 | blk_exp_close_all_type() that disconnects all clients that completed | ||
40 | handshakes), but forced socket shutdown is enough to progress the | ||
41 | coroutines and quickly tear down all clients before the server is | ||
42 | freed, thus finally fixing the CVE. | ||
43 | |||
44 | This patch relies heavily on the fact that nbd/server.c guarantees | ||
45 | that it only calls nbd_blockdev_client_closed() from the main loop | ||
46 | (see the assertion in nbd_client_put() and the hoops used in | ||
47 | nbd_client_put_nonzero() to achieve that); if we did not have that | ||
48 | guarantee, we would also need a mutex protecting our accesses of the | ||
49 | list of connections to survive re-entrancy from independent iothreads. | ||
50 | |||
51 | Although I did not actually try to test old builds, it looks like this | ||
52 | problem has existed since at least commit 862172f45c (v2.12.0, 2017) - | ||
53 | even back when that patch started using a QIONetListener to handle | ||
54 | listening on multiple sockets, nbd_server_free() was already unaware | ||
55 | that the nbd_blockdev_client_closed callback can be reached later by a | ||
56 | client thread that has not completed handshakes (and therefore the | ||
57 | client's socket never got added to the list closed in | ||
58 | nbd_export_close_all), despite that patch intentionally tearing down | ||
59 | the QIONetListener to prevent new clients. | ||
60 | |||
61 | Reported-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com> | ||
62 | Fixes: CVE-2024-7409 | ||
63 | CC: qemu-stable@nongnu.org | ||
64 | Signed-off-by: Eric Blake <eblake@redhat.com> | ||
65 | Message-ID: <20240807174943.771624-14-eblake@redhat.com> | ||
66 | Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> | ||
67 | |||
68 | CVE: CVE-2024-7409 | ||
69 | |||
70 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/3e7ef738c8462c45043a1d39f702a0990406a3b3] | ||
71 | |||
72 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
73 | --- | ||
74 | blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++- | ||
75 | 1 file changed, 34 insertions(+), 1 deletion(-) | ||
76 | |||
77 | diff --git a/blockdev-nbd.c b/blockdev-nbd.c | ||
78 | index 24ba5382d..f73409ae4 100644 | ||
79 | --- a/blockdev-nbd.c | ||
80 | +++ b/blockdev-nbd.c | ||
81 | @@ -21,12 +21,18 @@ | ||
82 | #include "io/channel-socket.h" | ||
83 | #include "io/net-listener.h" | ||
84 | |||
85 | +typedef struct NBDConn { | ||
86 | + QIOChannelSocket *cioc; | ||
87 | + QLIST_ENTRY(NBDConn) next; | ||
88 | +} NBDConn; | ||
89 | + | ||
90 | typedef struct NBDServerData { | ||
91 | QIONetListener *listener; | ||
92 | QCryptoTLSCreds *tlscreds; | ||
93 | char *tlsauthz; | ||
94 | uint32_t max_connections; | ||
95 | uint32_t connections; | ||
96 | + QLIST_HEAD(, NBDConn) conns; | ||
97 | } NBDServerData; | ||
98 | |||
99 | static NBDServerData *nbd_server; | ||
100 | @@ -51,6 +57,14 @@ int nbd_server_max_connections(void) | ||
101 | |||
102 | static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) | ||
103 | { | ||
104 | + NBDConn *conn = nbd_client_owner(client); | ||
105 | + | ||
106 | + assert(qemu_in_main_thread() && nbd_server); | ||
107 | + | ||
108 | + object_unref(OBJECT(conn->cioc)); | ||
109 | + QLIST_REMOVE(conn, next); | ||
110 | + g_free(conn); | ||
111 | + | ||
112 | nbd_client_put(client); | ||
113 | assert(nbd_server->connections > 0); | ||
114 | nbd_server->connections--; | ||
115 | @@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) | ||
116 | static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, | ||
117 | gpointer opaque) | ||
118 | { | ||
119 | + NBDConn *conn = g_new0(NBDConn, 1); | ||
120 | + | ||
121 | + assert(qemu_in_main_thread() && nbd_server); | ||
122 | nbd_server->connections++; | ||
123 | + object_ref(OBJECT(cioc)); | ||
124 | + conn->cioc = cioc; | ||
125 | + QLIST_INSERT_HEAD(&nbd_server->conns, conn, next); | ||
126 | nbd_update_server_watch(nbd_server); | ||
127 | |||
128 | qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); | ||
129 | /* TODO - expose handshake timeout as QMP option */ | ||
130 | nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS, | ||
131 | nbd_server->tlscreds, nbd_server->tlsauthz, | ||
132 | - nbd_blockdev_client_closed, NULL); | ||
133 | + nbd_blockdev_client_closed, conn); | ||
134 | } | ||
135 | |||
136 | static void nbd_update_server_watch(NBDServerData *s) | ||
137 | @@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s) | ||
138 | |||
139 | static void nbd_server_free(NBDServerData *server) | ||
140 | { | ||
141 | + NBDConn *conn, *tmp; | ||
142 | + | ||
143 | if (!server) { | ||
144 | return; | ||
145 | } | ||
146 | |||
147 | + /* | ||
148 | + * Forcefully close the listener socket, and any clients that have | ||
149 | + * not yet disconnected on their own. | ||
150 | + */ | ||
151 | qio_net_listener_disconnect(server->listener); | ||
152 | object_unref(OBJECT(server->listener)); | ||
153 | + QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) { | ||
154 | + qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH, | ||
155 | + NULL); | ||
156 | + } | ||
157 | + | ||
158 | + AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0); | ||
159 | + | ||
160 | if (server->tlscreds) { | ||
161 | object_unref(OBJECT(server->tlscreds)); | ||
162 | } | ||
163 | -- | ||
164 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/qemu/qemu_8.2.1.bb b/meta/recipes-devtools/qemu/qemu_8.2.3.bb index dc1352232e..dc1352232e 100644 --- a/meta/recipes-devtools/qemu/qemu_8.2.1.bb +++ b/meta/recipes-devtools/qemu/qemu_8.2.3.bb | |||
diff --git a/meta/recipes-devtools/rpm/files/0001-CMakeLists.txt-set-libdir-to-CMAKE_INSTALL_FULL_LIBD.patch b/meta/recipes-devtools/rpm/files/0001-CMakeLists.txt-set-libdir-to-CMAKE_INSTALL_FULL_LIBD.patch new file mode 100644 index 0000000000..1bd83e7bef --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-CMakeLists.txt-set-libdir-to-CMAKE_INSTALL_FULL_LIBD.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From fea9cea49aa0844de14126e54d05b91ba619427f Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Fri, 26 Jul 2024 17:18:30 +0800 | ||
4 | Subject: [PATCH] CMakeLists.txt: set libdir to ${CMAKE_INSTALL_FULL_LIBDIR} in | ||
5 | macros | ||
6 | |||
7 | There is a patch in oe-core[1] to avoid hardcoded paths in macros. It | ||
8 | tries to use libdir to expand %_libdir in macros.in. However, in | ||
9 | upstream commit[2], libdir for macros in CMakeLists.txt is set to | ||
10 | ${prefix}/=LIB=, which causes %_libdir to expand to ${prefix}/=LIB= | ||
11 | instead of the correct path in the final macros. | ||
12 | |||
13 | On target: | ||
14 | $ rpm --showrc | grep _libdir | ||
15 | [snip] | ||
16 | -13: _libdir ${prefix}/=LIB= | ||
17 | [snip] | ||
18 | |||
19 | This also causes %__pkgconfig_path in fileattrs/pkgconfig.attr to become | ||
20 | an invalid regular expression when building rpm packages. This results a | ||
21 | warning in log.do_package_write_rpm in all packages: | ||
22 | |||
23 | Warning: Ignoring invalid regular expression ^((${prefix}/=LIB=|usr/share)/pkgconfig/.*.pc|usr/bin/pkg-config)$ | ||
24 | |||
25 | Set libdir to ${CMAKE_INSTALL_FULL_LIBDIR} instead of ${prefix}/=LIB= to | ||
26 | make sure it is expanded to the correct path in macros. | ||
27 | |||
28 | [1] https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch | ||
29 | [2] https://github.com/rpm-software-management/rpm/commit/d2abb7a48760418aacd7f17c8b64e39c25ca50c9 | ||
30 | |||
31 | Upstream-Status: Inappropriate [oe specific] | ||
32 | |||
33 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
34 | --- | ||
35 | CMakeLists.txt | 2 +- | ||
36 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
37 | |||
38 | diff --git a/CMakeLists.txt b/CMakeLists.txt | ||
39 | index ed847c09a1..385b5040c6 100644 | ||
40 | --- a/CMakeLists.txt | ||
41 | +++ b/CMakeLists.txt | ||
42 | @@ -84,7 +84,7 @@ function(makemacros) | ||
43 | set(sysconfdir "${CMAKE_INSTALL_FULL_SYSCONFDIR}") | ||
44 | set(sharedstatedir "${CMAKE_INSTALL_FULL_SHAREDSTATEDIR}") | ||
45 | set(localstatedir "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}") | ||
46 | - set(libdir "\${prefix}/=LIB=") | ||
47 | + set(libdir "${CMAKE_INSTALL_FULL_LIBDIR}") | ||
48 | set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}") | ||
49 | set(oldincludedir "${CMAKE_INSTALL_FULL_OLDINCLUDEDIR}") | ||
50 | set(infodir "\${prefix}/${CMAKE_INSTALL_INFODIR}") | ||
51 | -- | ||
52 | 2.25.1 | ||
53 | |||
diff --git a/meta/recipes-devtools/rpm/rpm_4.19.1.1.bb b/meta/recipes-devtools/rpm/rpm_4.19.1.1.bb index 0802f26295..9330323797 100644 --- a/meta/recipes-devtools/rpm/rpm_4.19.1.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.19.1.1.bb | |||
@@ -38,6 +38,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.19.x;protoc | |||
38 | file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ | 38 | file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ |
39 | file://0001-CMakeLists.txt-look-for-lua-with-pkg-config-rather-t.patch \ | 39 | file://0001-CMakeLists.txt-look-for-lua-with-pkg-config-rather-t.patch \ |
40 | file://0002-rpmio-rpmglob.c-avoid-using-GLOB_BRACE-if-undefined-.patch \ | 40 | file://0002-rpmio-rpmglob.c-avoid-using-GLOB_BRACE-if-undefined-.patch \ |
41 | file://0001-CMakeLists.txt-set-libdir-to-CMAKE_INSTALL_FULL_LIBD.patch \ | ||
41 | " | 42 | " |
42 | 43 | ||
43 | PE = "1" | 44 | PE = "1" |
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch new file mode 100644 index 0000000000..17c7e30176 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From 2ebb50d2dc302917a6f57c1239dc9e700dfe0e34 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nobuyoshi Nakada <nobu@ruby-lang.org> | ||
3 | Date: Thu, 27 Jul 2023 15:53:01 +0800 | ||
4 | Subject: [PATCH] Fix quadratic backtracking on invalid relative URI | ||
5 | |||
6 | https://hackerone.com/reports/1958260 | ||
7 | |||
8 | CVE: CVE-2023-36617 | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1] | ||
11 | |||
12 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
13 | --- | ||
14 | lib/uri/rfc2396_parser.rb | 4 ++-- | ||
15 | test/uri/test_parser.rb | 12 ++++++++++++ | ||
16 | 2 files changed, 14 insertions(+), 2 deletions(-) | ||
17 | |||
18 | diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb | ||
19 | index 76a8f99..00c66cf 100644 | ||
20 | --- a/lib/uri/rfc2396_parser.rb | ||
21 | +++ b/lib/uri/rfc2396_parser.rb | ||
22 | @@ -497,8 +497,8 @@ module URI | ||
23 | ret = {} | ||
24 | |||
25 | # for URI::split | ||
26 | - ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) | ||
27 | - ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) | ||
28 | + ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) | ||
29 | + ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) | ||
30 | |||
31 | # for URI::extract | ||
32 | ret[:URI_REF] = Regexp.new(pattern[:URI_REF]) | ||
33 | diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb | ||
34 | index 72fb590..721e05e 100644 | ||
35 | --- a/test/uri/test_parser.rb | ||
36 | +++ b/test/uri/test_parser.rb | ||
37 | @@ -79,4 +79,16 @@ class URI::TestParser < Test::Unit::TestCase | ||
38 | assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com")) | ||
39 | assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]")) | ||
40 | end | ||
41 | + | ||
42 | + def test_rfc2822_parse_relative_uri | ||
43 | + pre = ->(length) { | ||
44 | + " " * length + "\0" | ||
45 | + } | ||
46 | + parser = URI::RFC2396_Parser.new | ||
47 | + assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri| | ||
48 | + assert_raise(URI::InvalidURIError) do | ||
49 | + parser.split(uri) | ||
50 | + end | ||
51 | + end | ||
52 | + end | ||
53 | end | ||
54 | -- | ||
55 | 2.25.1 | ||
56 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch new file mode 100644 index 0000000000..7c51deaa42 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From eea5868120509c245216c4b5c2d4b5db1c593d0e Mon Sep 17 00:00:00 2001 | ||
2 | From: Nobuyoshi Nakada <nobu@ruby-lang.org> | ||
3 | Date: Thu, 27 Jul 2023 16:16:30 +0800 | ||
4 | Subject: [PATCH] Fix quadratic backtracking on invalid port number | ||
5 | |||
6 | https://hackerone.com/reports/1958260 | ||
7 | |||
8 | CVE: CVE-2023-36617 | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8] | ||
11 | |||
12 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
13 | --- | ||
14 | lib/uri/rfc3986_parser.rb | 2 +- | ||
15 | test/uri/test_parser.rb | 10 ++++++++++ | ||
16 | 2 files changed, 11 insertions(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb | ||
19 | index dd24a40..9b1663d 100644 | ||
20 | --- a/lib/uri/rfc3986_parser.rb | ||
21 | +++ b/lib/uri/rfc3986_parser.rb | ||
22 | @@ -100,7 +100,7 @@ module URI | ||
23 | QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, | ||
24 | FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, | ||
25 | OPAQUE: /\A(?:[^\/].*)?\z/, | ||
26 | - PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/, | ||
27 | + PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/, | ||
28 | } | ||
29 | end | ||
30 | |||
31 | diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb | ||
32 | index 721e05e..cee0acb 100644 | ||
33 | --- a/test/uri/test_parser.rb | ||
34 | +++ b/test/uri/test_parser.rb | ||
35 | @@ -91,4 +91,14 @@ class URI::TestParser < Test::Unit::TestCase | ||
36 | end | ||
37 | end | ||
38 | end | ||
39 | + | ||
40 | + def test_rfc3986_port_check | ||
41 | + pre = ->(length) {"\t" * length + "a"} | ||
42 | + uri = URI.parse("http://my.example.com") | ||
43 | + assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port| | ||
44 | + assert_raise(URI::InvalidComponentError) do | ||
45 | + uri.port = port | ||
46 | + end | ||
47 | + end | ||
48 | + end | ||
49 | end | ||
50 | -- | ||
51 | 2.25.1 | ||
52 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch new file mode 100644 index 0000000000..f69f3bcf4f --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch | |||
@@ -0,0 +1,97 @@ | |||
1 | From da7a0c7553ef7250ca665a3fecdc01dbaacbb43d Mon Sep 17 00:00:00 2001 | ||
2 | From: Nobuyoshi Nakada <nobu@...> | ||
3 | Date: Mon, 15 Apr 2024 11:40:00 +0000 | ||
4 | Subject: [PATCH] Filter marshaled objets | ||
5 | |||
6 | CVE: CVE-2024-27281 | ||
7 | Upstream-Status: Backport [https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d] | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | lib/rdoc/store.rb | 45 ++++++++++++++++++++++++++------------------- | ||
11 | 1 file changed, 26 insertions(+), 19 deletions(-) | ||
12 | |||
13 | diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb | ||
14 | index 9fc540d..5b663d7 100644 | ||
15 | --- a/lib/rdoc/store.rb | ||
16 | +++ b/lib/rdoc/store.rb | ||
17 | @@ -556,9 +556,7 @@ class RDoc::Store | ||
18 | def load_cache | ||
19 | #orig_enc = @encoding | ||
20 | |||
21 | - File.open cache_path, 'rb' do |io| | ||
22 | - @cache = Marshal.load io | ||
23 | - end | ||
24 | + @cache = marshal_load(cache_path) | ||
25 | |||
26 | load_enc = @cache[:encoding] | ||
27 | |||
28 | @@ -615,9 +613,7 @@ class RDoc::Store | ||
29 | def load_class_data klass_name | ||
30 | file = class_file klass_name | ||
31 | |||
32 | - File.open file, 'rb' do |io| | ||
33 | - Marshal.load io | ||
34 | - end | ||
35 | + marshal_load(file) | ||
36 | rescue Errno::ENOENT => e | ||
37 | error = MissingFileError.new(self, file, klass_name) | ||
38 | error.set_backtrace e.backtrace | ||
39 | @@ -630,14 +626,10 @@ class RDoc::Store | ||
40 | def load_method klass_name, method_name | ||
41 | file = method_file klass_name, method_name | ||
42 | |||
43 | - File.open file, 'rb' do |io| | ||
44 | - obj = Marshal.load io | ||
45 | - obj.store = self | ||
46 | - obj.parent = | ||
47 | - find_class_or_module(klass_name) || load_class(klass_name) unless | ||
48 | - obj.parent | ||
49 | - obj | ||
50 | - end | ||
51 | + obj = marshal_load(file) | ||
52 | + obj.store = self | ||
53 | + obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name) | ||
54 | + obj | ||
55 | rescue Errno::ENOENT => e | ||
56 | error = MissingFileError.new(self, file, klass_name + method_name) | ||
57 | error.set_backtrace e.backtrace | ||
58 | @@ -650,11 +642,9 @@ class RDoc::Store | ||
59 | def load_page page_name | ||
60 | file = page_file page_name | ||
61 | |||
62 | - File.open file, 'rb' do |io| | ||
63 | - obj = Marshal.load io | ||
64 | - obj.store = self | ||
65 | - obj | ||
66 | - end | ||
67 | + obj = marshal_load(file) | ||
68 | + obj.store = self | ||
69 | + obj | ||
70 | rescue Errno::ENOENT => e | ||
71 | error = MissingFileError.new(self, file, page_name) | ||
72 | error.set_backtrace e.backtrace | ||
73 | @@ -976,4 +966,21 @@ class RDoc::Store | ||
74 | @unique_modules | ||
75 | end | ||
76 | |||
77 | + private | ||
78 | + def marshal_load(file) | ||
79 | + File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)} | ||
80 | + end | ||
81 | + | ||
82 | + MarshalFilter = proc do |obj| | ||
83 | + case obj | ||
84 | + when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text | ||
85 | + else | ||
86 | + unless obj.class.name.start_with("RDoc::") | ||
87 | + raise TypeError, "not permitted class: #{obj.class.name}" | ||
88 | + end | ||
89 | + end | ||
90 | + obj | ||
91 | + end | ||
92 | + private_constant :MarshalFilter | ||
93 | + | ||
94 | end | ||
95 | -- | ||
96 | 2.25.1 | ||
97 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch new file mode 100644 index 0000000000..dde7979278 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001 | ||
2 | From: Hiroshi SHIBATA <hsbt@ruby-lang.org> | ||
3 | Date: Fri, 12 Apr 2024 15:01:47 +1000 | ||
4 | Subject: [PATCH] Fix Use-After-Free issue for Regexp | ||
5 | |||
6 | Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com> | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a] | ||
9 | CVE: CVE-2024-27282 | ||
10 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
11 | |||
12 | regexec.c | 2 +- | ||
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/regexec.c b/regexec.c | ||
16 | index 73694ab14a0b0a..140691ad42489f 100644 | ||
17 | --- a/regexec.c | ||
18 | +++ b/regexec.c | ||
19 | @@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, | ||
20 | CASE(OP_MEMORY_END_PUSH_REC) MOP_IN(OP_MEMORY_END_PUSH_REC); | ||
21 | GET_MEMNUM_INC(mem, p); | ||
22 | STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */ | ||
23 | - STACK_PUSH_MEM_END(mem, s); | ||
24 | mem_start_stk[mem] = GET_STACK_INDEX(stkp); | ||
25 | + STACK_PUSH_MEM_END(mem, s); | ||
26 | MOP_OUT; | ||
27 | JUMP; | ||
28 | |||
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb index 481fe7c23d..508154dad5 100644 --- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb +++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb | |||
@@ -31,6 +31,10 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ | |||
31 | file://0006-Make-gemspecs-reproducible.patch \ | 31 | file://0006-Make-gemspecs-reproducible.patch \ |
32 | file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ | 32 | file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \ |
33 | file://0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch \ | 33 | file://0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch \ |
34 | file://CVE-2023-36617_1.patch \ | ||
35 | file://CVE-2023-36617_2.patch \ | ||
36 | file://CVE-2024-27281.patch \ | ||
37 | file://CVE-2024-27282.patch \ | ||
34 | " | 38 | " |
35 | UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" | 39 | UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" |
36 | 40 | ||
@@ -71,6 +75,7 @@ EXTRA_OECONF = "\ | |||
71 | --enable-load-relative \ | 75 | --enable-load-relative \ |
72 | --with-pkg-config=pkg-config \ | 76 | --with-pkg-config=pkg-config \ |
73 | --with-static-linked-ext \ | 77 | --with-static-linked-ext \ |
78 | --with-mantype=man \ | ||
74 | " | 79 | " |
75 | 80 | ||
76 | EXTRA_OECONF:append:libc-musl = "\ | 81 | EXTRA_OECONF:append:libc-musl = "\ |
diff --git a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb index d2bf266f9d..fe016e72d4 100644 --- a/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb +++ b/meta/recipes-devtools/rust/libstd-rs_1.75.0.bb | |||
@@ -15,6 +15,8 @@ S = "${RUSTSRC}/library/sysroot" | |||
15 | RUSTLIB_DEP = "" | 15 | RUSTLIB_DEP = "" |
16 | inherit cargo | 16 | inherit cargo |
17 | 17 | ||
18 | CVE_PRODUCT = "rust" | ||
19 | |||
18 | DEPENDS:append:libc-musl = " libunwind" | 20 | DEPENDS:append:libc-musl = " libunwind" |
19 | # rv32 does not have libunwind ported yet | 21 | # rv32 does not have libunwind ported yet |
20 | DEPENDS:remove:riscv32 = "libunwind" | 22 | DEPENDS:remove:riscv32 = "libunwind" |
diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc b/meta/recipes-devtools/rust/rust-cross-canadian.inc index 7bfef6d175..8a51a02293 100644 --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc | |||
@@ -1,5 +1,6 @@ | |||
1 | SUMMARY = "Rust compiler and runtime libaries (cross-canadian for ${TARGET_ARCH} target)" | 1 | SUMMARY = "Rust compiler and runtime libaries (cross-canadian for ${TARGET_ARCH} target)" |
2 | PN = "rust-cross-canadian-${TRANSLATED_TARGET_ARCH}" | 2 | PN = "rust-cross-canadian-${TRANSLATED_TARGET_ARCH}" |
3 | CVE_PRODUCT = "rust" | ||
3 | 4 | ||
4 | inherit rust-target-config | 5 | inherit rust-target-config |
5 | inherit rust-common | 6 | inherit rust-common |
diff --git a/meta/recipes-devtools/rust/rust_1.75.0.bb b/meta/recipes-devtools/rust/rust_1.75.0.bb index 76e1fe2d84..c33f31d261 100644 --- a/meta/recipes-devtools/rust/rust_1.75.0.bb +++ b/meta/recipes-devtools/rust/rust_1.75.0.bb | |||
@@ -70,6 +70,10 @@ addtask do_test_compile after do_configure do_rust_gen_targets | |||
70 | do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot" | 70 | do_rust_setup_snapshot[dirs] += "${WORKDIR}/rust-snapshot" |
71 | do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER" | 71 | do_rust_setup_snapshot[vardepsexclude] += "UNINATIVE_LOADER" |
72 | 72 | ||
73 | # there is a need to enable some more rust tools for the project | ||
74 | # We can extend a list of more tools via this variable | ||
75 | RUST_ENABLE_EXTRA_TOOLS ?= "rust-demangler" | ||
76 | |||
73 | python do_configure() { | 77 | python do_configure() { |
74 | import json | 78 | import json |
75 | import configparser | 79 | import configparser |
@@ -141,7 +145,7 @@ python do_configure() { | |||
141 | config.add_section("build") | 145 | config.add_section("build") |
142 | config.set("build", "submodules", e(False)) | 146 | config.set("build", "submodules", e(False)) |
143 | config.set("build", "docs", e(False)) | 147 | config.set("build", "docs", e(False)) |
144 | config.set("build", "tools", ["rust-demangler",]) | 148 | config.set("build", "tools", e(d.getVar("RUST_ENABLE_EXTRA_TOOLS").split())) |
145 | 149 | ||
146 | rustc = d.expand("${WORKDIR}/rust-snapshot/bin/rustc") | 150 | rustc = d.expand("${WORKDIR}/rust-snapshot/bin/rustc") |
147 | config.set("build", "rustc", e(rustc)) | 151 | config.set("build", "rustc", e(rustc)) |
diff --git a/meta/recipes-extended/cpio/cpio_2.15.bb b/meta/recipes-extended/cpio/cpio_2.15.bb index 52070f59a2..95f82cdf3a 100644 --- a/meta/recipes-extended/cpio/cpio_2.15.bb +++ b/meta/recipes-extended/cpio/cpio_2.15.bb | |||
@@ -16,6 +16,7 @@ SRC_URI[sha256sum] = "efa50ef983137eefc0a02fdb51509d624b5e3295c980aa127ceee41834 | |||
16 | inherit autotools gettext texinfo ptest | 16 | inherit autotools gettext texinfo ptest |
17 | 17 | ||
18 | CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS" | 18 | CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS" |
19 | CVE_STATUS[CVE-2023-7216] = "disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html" | ||
19 | 20 | ||
20 | EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" | 21 | EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" |
21 | 22 | ||
diff --git a/meta/recipes-extended/cups/cups/0001-use-echo-only-in-init.patch b/meta/recipes-extended/cups/cups/0001-use-echo-only-in-init.patch index 80bbad0a44..e6bd400779 100644 --- a/meta/recipes-extended/cups/cups/0001-use-echo-only-in-init.patch +++ b/meta/recipes-extended/cups/cups/0001-use-echo-only-in-init.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From a3f4d8ba97f4669a95943a7e65eb61aa44ce7999 Mon Sep 17 00:00:00 2001 | 1 | From ddfe6ed6a89226985e8c9f0751c026aabc0927a0 Mon Sep 17 00:00:00 2001 |
2 | From: Saul Wold <sgw@linux.intel.com> | 2 | From: Saul Wold <sgw@linux.intel.com> |
3 | Date: Thu, 13 Dec 2012 19:03:52 -0800 | 3 | Date: Thu, 13 Dec 2012 19:03:52 -0800 |
4 | Subject: [PATCH 1/4] use echo only in init | 4 | Subject: [PATCH] use echo only in init |
5 | 5 | ||
6 | Upstream-Status: Inappropriate [embedded specific] | 6 | Upstream-Status: Inappropriate [embedded specific] |
7 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | 7 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> |
@@ -10,10 +10,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | |||
10 | 1 file changed, 1 insertion(+), 1 deletion(-) | 10 | 1 file changed, 1 insertion(+), 1 deletion(-) |
11 | 11 | ||
12 | diff --git a/scheduler/cups.sh.in b/scheduler/cups.sh.in | 12 | diff --git a/scheduler/cups.sh.in b/scheduler/cups.sh.in |
13 | index 89ac36d..6618a0f 100644 | 13 | index 74cce18..c57f0db 100644 |
14 | --- a/scheduler/cups.sh.in | 14 | --- a/scheduler/cups.sh.in |
15 | +++ b/scheduler/cups.sh.in | 15 | +++ b/scheduler/cups.sh.in |
16 | @@ -50,7 +50,7 @@ case "`uname`" in | 16 | @@ -51,7 +51,7 @@ case "`uname`" in |
17 | ECHO_ERROR=: | 17 | ECHO_ERROR=: |
18 | ;; | 18 | ;; |
19 | 19 | ||
@@ -22,6 +22,3 @@ index 89ac36d..6618a0f 100644 | |||
22 | IS_ON=/bin/true | 22 | IS_ON=/bin/true |
23 | if test -f /etc/init.d/functions; then | 23 | if test -f /etc/init.d/functions; then |
24 | . /etc/init.d/functions | 24 | . /etc/init.d/functions |
25 | -- | ||
26 | 2.17.1 | ||
27 | |||
diff --git a/meta/recipes-extended/cups/cups/0002-don-t-try-to-run-generated-binaries.patch b/meta/recipes-extended/cups/cups/0002-don-t-try-to-run-generated-binaries.patch index 2bc26edbfc..75270cb0cb 100644 --- a/meta/recipes-extended/cups/cups/0002-don-t-try-to-run-generated-binaries.patch +++ b/meta/recipes-extended/cups/cups/0002-don-t-try-to-run-generated-binaries.patch | |||
@@ -1,21 +1,20 @@ | |||
1 | From 3e9a965dcd65ab2d40b753b6f792a1a4559182aa Mon Sep 17 00:00:00 2001 | 1 | From ff6c7168c3f26094b3a18298208a28831d1c1fd5 Mon Sep 17 00:00:00 2001 |
2 | From: Koen Kooi <koen@dominion.thruhere.net> | 2 | From: Koen Kooi <koen@dominion.thruhere.net> |
3 | Date: Sun, 30 Jan 2011 16:37:27 +0100 | 3 | Date: Sun, 30 Jan 2011 16:37:27 +0100 |
4 | Subject: [PATCH 2/4] don't try to run generated binaries | 4 | Subject: [PATCH] don't try to run generated binaries |
5 | 5 | ||
6 | Upstream-Status: Inappropriate [embedded specific] | 6 | Upstream-Status: Inappropriate [embedded specific] |
7 | 7 | ||
8 | Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> | 8 | Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> |
9 | |||
10 | --- | 9 | --- |
11 | ppdc/Makefile | 32 ++++++++++++++++---------------- | 10 | ppdc/Makefile | 4 ++-- |
12 | 1 file changed, 16 insertions(+), 16 deletions(-) | 11 | 1 file changed, 2 insertions(+), 2 deletions(-) |
13 | 12 | ||
14 | diff --git a/ppdc/Makefile b/ppdc/Makefile | 13 | diff --git a/ppdc/Makefile b/ppdc/Makefile |
15 | index 32e2e0b..f1478d4 100644 | 14 | index e36ed11..3fe97e1 100644 |
16 | --- a/ppdc/Makefile | 15 | --- a/ppdc/Makefile |
17 | +++ b/ppdc/Makefile | 16 | +++ b/ppdc/Makefile |
18 | @@ -186,8 +186,8 @@ genstrings: genstrings.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC) \ | 17 | @@ -187,8 +187,8 @@ genstrings: genstrings.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC) \ |
19 | $(LD_CXX) $(ARCHFLAGS) $(ALL_LDFLAGS) -o genstrings genstrings.o \ | 18 | $(LD_CXX) $(ARCHFLAGS) $(ALL_LDFLAGS) -o genstrings genstrings.o \ |
20 | libcupsppdc.a $(LINKCUPSSTATIC) | 19 | libcupsppdc.a $(LINKCUPSSTATIC) |
21 | $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@ | 20 | $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@ |
@@ -26,6 +25,3 @@ index 32e2e0b..f1478d4 100644 | |||
26 | 25 | ||
27 | 26 | ||
28 | # | 27 | # |
29 | -- | ||
30 | 2.17.1 | ||
31 | |||
diff --git a/meta/recipes-extended/cups/cups/0004-cups-fix-multilib-install-file-conflicts.patch b/meta/recipes-extended/cups/cups/0004-cups-fix-multilib-install-file-conflicts.patch index bc9260307c..d49fb8f2c2 100644 --- a/meta/recipes-extended/cups/cups/0004-cups-fix-multilib-install-file-conflicts.patch +++ b/meta/recipes-extended/cups/cups/0004-cups-fix-multilib-install-file-conflicts.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 7dbda1887aa19ab720aff22312f4caff2d575f62 Mon Sep 17 00:00:00 2001 | 1 | From 6e286b582571ffca3f7874076d70eec6fd5713f6 Mon Sep 17 00:00:00 2001 |
2 | From: Kai Kang <kai.kang@windriver.com> | 2 | From: Kai Kang <kai.kang@windriver.com> |
3 | Date: Wed, 3 Oct 2018 00:27:11 +0800 | 3 | Date: Wed, 3 Oct 2018 00:27:11 +0800 |
4 | Subject: [PATCH 4/4] cups: fix multilib install file conflicts | 4 | Subject: [PATCH] cups: fix multilib install file conflicts |
5 | 5 | ||
6 | @CUPS_SERVERBIN@ is ${libdir} related that causes multilib install file | 6 | @CUPS_SERVERBIN@ is ${libdir} related that causes multilib install file |
7 | conflict. Remove @CUPS_SERVERBIN@ from the comment line of cups-files.conf to | 7 | conflict. Remove @CUPS_SERVERBIN@ from the comment line of cups-files.conf to |
@@ -10,16 +10,15 @@ avoid the conflict. | |||
10 | Upstream-Status: Inappropriate [OE specific] | 10 | Upstream-Status: Inappropriate [OE specific] |
11 | 11 | ||
12 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | 12 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
13 | |||
14 | --- | 13 | --- |
15 | conf/cups-files.conf.in | 2 +- | 14 | conf/cups-files.conf.in | 2 +- |
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | 15 | 1 file changed, 1 insertion(+), 1 deletion(-) |
17 | 16 | ||
18 | diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in | 17 | diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in |
19 | index 4a78ba6..03c6582 100644 | 18 | index 93584a1..65b7052 100644 |
20 | --- a/conf/cups-files.conf.in | 19 | --- a/conf/cups-files.conf.in |
21 | +++ b/conf/cups-files.conf.in | 20 | +++ b/conf/cups-files.conf.in |
22 | @@ -73,7 +73,7 @@ PageLog @CUPS_LOGDIR@/page_log | 21 | @@ -67,7 +67,7 @@ PageLog @CUPS_LOGDIR@/page_log |
23 | #RequestRoot @CUPS_REQUESTS@ | 22 | #RequestRoot @CUPS_REQUESTS@ |
24 | 23 | ||
25 | # Location of helper programs... | 24 | # Location of helper programs... |
@@ -28,6 +27,3 @@ index 4a78ba6..03c6582 100644 | |||
28 | 27 | ||
29 | # SSL/TLS keychain for the scheduler... | 28 | # SSL/TLS keychain for the scheduler... |
30 | #ServerKeychain @CUPS_SERVERKEYCHAIN@ | 29 | #ServerKeychain @CUPS_SERVERKEYCHAIN@ |
31 | -- | ||
32 | 2.17.1 | ||
33 | |||
diff --git a/meta/recipes-extended/cups/cups_2.4.9.bb b/meta/recipes-extended/cups/cups_2.4.10.bb index e0a3522004..e16ad47cf5 100644 --- a/meta/recipes-extended/cups/cups_2.4.9.bb +++ b/meta/recipes-extended/cups/cups_2.4.10.bb | |||
@@ -2,4 +2,4 @@ require cups.inc | |||
2 | 2 | ||
3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" | 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" |
4 | 4 | ||
5 | SRC_URI[sha256sum] = "38fbf4535a10554113e013d54fedda03ee88007ea6a9761d626a04e1e4489e8c" | 5 | SRC_URI[sha256sum] = "d75757c2bc0f7a28b02ee4d52ca9e4b1aa1ba2affe16b985854f5336940e5ad7" |
diff --git a/meta/recipes-extended/ed/ed_1.20.1.bb b/meta/recipes-extended/ed/ed_1.20.2.bb index 9ae53002c3..2b78b080ba 100644 --- a/meta/recipes-extended/ed/ed_1.20.1.bb +++ b/meta/recipes-extended/ed/ed_1.20.2.bb | |||
@@ -19,7 +19,7 @@ bindir = "${base_bindir}" | |||
19 | SRC_URI = "${GNU_MIRROR}/ed/${BP}.tar.lz" | 19 | SRC_URI = "${GNU_MIRROR}/ed/${BP}.tar.lz" |
20 | UPSTREAM_CHECK_URI = "${GNU_MIRROR}/ed/" | 20 | UPSTREAM_CHECK_URI = "${GNU_MIRROR}/ed/" |
21 | 21 | ||
22 | SRC_URI[sha256sum] = "b1a463b297a141f9876c4b1fcd01477f645cded92168090e9a35db2af4babbca" | 22 | SRC_URI[sha256sum] = "65fec7318f48c2ca17f334ac0f4703defe62037bb13cc23920de077b5fa24523" |
23 | 23 | ||
24 | EXTRA_OEMAKE = "-e MAKEFLAGS=" | 24 | EXTRA_OEMAKE = "-e MAKEFLAGS=" |
25 | 25 | ||
diff --git a/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch b/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch index 5be2fd97ee..6fffd1f373 100644 --- a/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch +++ b/meta/recipes-extended/gawk/gawk/0001-m4-readline-add-missing-includes.patch | |||
@@ -14,7 +14,7 @@ conftest.c:146:14: error: implicit declaration of function 'open'; did you mean | |||
14 | Add the missing includes so that the check doesn't always fail due to | 14 | Add the missing includes so that the check doesn't always fail due to |
15 | these errors. | 15 | these errors. |
16 | 16 | ||
17 | Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-gawk/2024-05/msg00000.html] | 17 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gawk.git/commit/?id=c1613c310d71b87f509458e0259ecd10eda2b140] |
18 | Signed-off-by: Ross Burton <ross.burton@arm.com> | 18 | Signed-off-by: Ross Burton <ross.burton@arm.com> |
19 | --- | 19 | --- |
20 | m4/readline.m4 | 2 ++ | 20 | m4/readline.m4 | 2 ++ |
diff --git a/meta/recipes-extended/gawk/gawk_5.3.0.bb b/meta/recipes-extended/gawk/gawk_5.3.0.bb index e94cf19db4..ac9d8500d6 100644 --- a/meta/recipes-extended/gawk/gawk_5.3.0.bb +++ b/meta/recipes-extended/gawk/gawk_5.3.0.bb | |||
@@ -52,6 +52,8 @@ do_install_ptest() { | |||
52 | cp ${S}/test/$i* ${D}${PTEST_PATH}/test | 52 | cp ${S}/test/$i* ${D}${PTEST_PATH}/test |
53 | done | 53 | done |
54 | sed -i \ | 54 | sed -i \ |
55 | -e 's|#! /bin/gawk|#! ${bindir}/gawk|g' \ | ||
56 | -e 's|#! /usr/local/bin/gawk|#! ${bindir}/gawk|g' \ | ||
55 | -e 's|#!${base_bindir}/awk|#!${bindir}/awk|g' ${D}${PTEST_PATH}/test/*.awk | 57 | -e 's|#!${base_bindir}/awk|#!${bindir}/awk|g' ${D}${PTEST_PATH}/test/*.awk |
56 | 58 | ||
57 | sed -i -e "s|GAWKLOCALE|LANG|g" ${D}${PTEST_PATH}/test/Maketests | 59 | sed -i -e "s|GAWKLOCALE|LANG|g" ${D}${PTEST_PATH}/test/Maketests |
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch deleted file mode 100644 index 692d35157f..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch +++ /dev/null | |||
@@ -1,84 +0,0 @@ | |||
1 | From 3b1735085ecef20b29e8db3416ab36de93e86d1f Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <Ken.Sharp@artifex.com> | ||
3 | Date: Thu, 21 Mar 2024 09:01:15 +0000 | ||
4 | Subject: [PATCH 5/5] Uniprint device - prevent string configuration changes | ||
5 | when SAFER | ||
6 | |||
7 | Bug #707662 | ||
8 | |||
9 | We cannot sanitise the string arguments used by the Uniprint device | ||
10 | because they can potentially include anything. | ||
11 | |||
12 | This commit ensures that these strings are locked and cannot be | ||
13 | changed by PostScript once SAFER is activated. Full configuration from | ||
14 | the command line is still possible (see the *.upp files in lib). | ||
15 | |||
16 | This addresses CVE-2024-29510 | ||
17 | |||
18 | CVE: CVE-2024-29510 | ||
19 | |||
20 | Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e] | ||
21 | |||
22 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
23 | --- | ||
24 | devices/gdevupd.c | 31 +++++++++++++++++++++++++++++++ | ||
25 | 1 file changed, 31 insertions(+) | ||
26 | |||
27 | diff --git a/devices/gdevupd.c b/devices/gdevupd.c | ||
28 | index 740dae0..a50571a 100644 | ||
29 | --- a/devices/gdevupd.c | ||
30 | +++ b/devices/gdevupd.c | ||
31 | @@ -1887,6 +1887,16 @@ out on this copies. | ||
32 | if(!upd_strings[i]) continue; | ||
33 | UPD_PARAM_READ(param_read_string,upd_strings[i],value,udev->memory); | ||
34 | if(0 == code) { | ||
35 | + if (gs_is_path_control_active(udev->memory)) { | ||
36 | + if (strings[i].size != value.size) | ||
37 | + error = gs_error_invalidaccess; | ||
38 | + else { | ||
39 | + if (strings[i].data && memcmp(strings[i].data, value.data, strings[i].size) != 0) | ||
40 | + error = gs_error_invalidaccess; | ||
41 | + } | ||
42 | + if (error < 0) | ||
43 | + goto exit; | ||
44 | + } | ||
45 | if(0 <= error) error |= UPD_PUT_STRINGS; | ||
46 | UPD_MM_DEL_PARAM(udev->memory, strings[i]); | ||
47 | if(!value.size) { | ||
48 | @@ -1904,6 +1914,26 @@ out on this copies. | ||
49 | if(!upd_string_a[i]) continue; | ||
50 | UPD_PARAM_READ(param_read_string_array,upd_string_a[i],value,udev->memory); | ||
51 | if(0 == code) { | ||
52 | + if (gs_is_path_control_active(udev->memory)) { | ||
53 | + if (string_a[i].size != value.size) | ||
54 | + error = gs_error_invalidaccess; | ||
55 | + else { | ||
56 | + int loop; | ||
57 | + for (loop = 0;loop < string_a[i].size;loop++) { | ||
58 | + gs_param_string *tmp1 = (gs_param_string *)&(string_a[i].data[loop]); | ||
59 | + gs_param_string *tmp2 = (gs_param_string *)&value.data[loop]; | ||
60 | + | ||
61 | + if (tmp1->size != tmp2->size) | ||
62 | + error = gs_error_invalidaccess; | ||
63 | + else { | ||
64 | + if (tmp1->data && memcmp(tmp1->data, tmp2->data, tmp1->size) != 0) | ||
65 | + error = gs_error_invalidaccess; | ||
66 | + } | ||
67 | + } | ||
68 | + } | ||
69 | + if (error < 0) | ||
70 | + goto exit; | ||
71 | + } | ||
72 | if(0 <= error) error |= UPD_PUT_STRING_A; | ||
73 | UPD_MM_DEL_APARAM(udev->memory, string_a[i]); | ||
74 | if(!value.size) { | ||
75 | @@ -2098,6 +2128,7 @@ transferred into the device-structure. In the case of "uniprint", this may | ||
76 | if(0 > code) error = code; | ||
77 | } | ||
78 | |||
79 | +exit: | ||
80 | if(0 < error) { /* Actually something loaded without error */ | ||
81 | |||
82 | if(!(upd = udev->upd)) { | ||
83 | -- | ||
84 | 2.40.0 | ||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch deleted file mode 100644 index 2f20c66ea3..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <Ken.Sharp@artifex.com> | ||
3 | Date: Tue, 26 Mar 2024 12:02:57 +0000 | ||
4 | Subject: [PATCH 2/5] Bug #707691 | ||
5 | |||
6 | Part 1; when stripping a potential Current Working Dirctory specifier | ||
7 | from a path, make certain it really is a CWD, and not simply large | ||
8 | ebough to be a CWD. | ||
9 | |||
10 | Reasons are in the bug thread, this is not (IMO) serious. | ||
11 | |||
12 | This is part of the fix for CVE-2024-33869 | ||
13 | |||
14 | CVE: CVE-2024-33869 | ||
15 | |||
16 | Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973] | ||
17 | |||
18 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
19 | --- | ||
20 | base/gpmisc.c | 4 ++-- | ||
21 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
22 | |||
23 | diff --git a/base/gpmisc.c b/base/gpmisc.c | ||
24 | index c4a69b0..1d4d5d8 100644 | ||
25 | --- a/base/gpmisc.c | ||
26 | +++ b/base/gpmisc.c | ||
27 | @@ -1164,8 +1164,8 @@ gp_validate_path_len(const gs_memory_t *mem, | ||
28 | |||
29 | continue; | ||
30 | } | ||
31 | - else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { | ||
32 | - buffer = bufferfull + cdirstrl + dirsepstrl; | ||
33 | + else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull | ||
34 | + && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) { | ||
35 | continue; | ||
36 | } | ||
37 | break; | ||
38 | -- | ||
39 | 2.40.0 | ||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch deleted file mode 100644 index 5dcbcca998..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch +++ /dev/null | |||
@@ -1,52 +0,0 @@ | |||
1 | From f5336e5b4154f515ac83bc5b9eba94302e6618d4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <Ken.Sharp@artifex.com> | ||
3 | Date: Tue, 26 Mar 2024 12:07:18 +0000 | ||
4 | Subject: [PATCH 3/5] Bug 707691 part 2 | ||
5 | |||
6 | See bug thread for details | ||
7 | |||
8 | This is the second part of the fix for CVE-2024-33869 | ||
9 | |||
10 | CVE: CVE-2024-33869 | ||
11 | |||
12 | Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83] | ||
13 | |||
14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
15 | --- | ||
16 | base/gpmisc.c | 21 +++++++++++++++++++++ | ||
17 | 1 file changed, 21 insertions(+) | ||
18 | |||
19 | diff --git a/base/gpmisc.c b/base/gpmisc.c | ||
20 | index 1d4d5d8..b0d5c71 100644 | ||
21 | --- a/base/gpmisc.c | ||
22 | +++ b/base/gpmisc.c | ||
23 | @@ -1090,6 +1090,27 @@ gp_validate_path_len(const gs_memory_t *mem, | ||
24 | rlen = len; | ||
25 | } | ||
26 | else { | ||
27 | + char *test = (char *)path, *test1; | ||
28 | + uint tlen = len, slen; | ||
29 | + | ||
30 | + /* Look for any pipe (%pipe% or '|' specifications between path separators | ||
31 | + * Reject any path spec which has a %pipe% or '|' anywhere except at the start. | ||
32 | + */ | ||
33 | + while (tlen > 0) { | ||
34 | + if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) { | ||
35 | + code = gs_note_error(gs_error_invalidfileaccess); | ||
36 | + goto exit; | ||
37 | + } | ||
38 | + test1 = test; | ||
39 | + slen = search_separator((const char **)&test, path + len, test1, 1); | ||
40 | + if(slen == 0) | ||
41 | + break; | ||
42 | + test += slen; | ||
43 | + tlen -= test - test1; | ||
44 | + if (test >= path + len) | ||
45 | + break; | ||
46 | + } | ||
47 | + | ||
48 | rlen = len+1; | ||
49 | bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); | ||
50 | if (bufferfull == NULL) | ||
51 | -- | ||
52 | 2.40.0 | ||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch deleted file mode 100644 index 9c2b9dcfa2..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch +++ /dev/null | |||
@@ -1,99 +0,0 @@ | |||
1 | From 79aef19c685984dc3da2dc090450407d9fbcff80 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ken Sharp <Ken.Sharp@artifex.com> | ||
3 | Date: Tue, 26 Mar 2024 12:00:14 +0000 | ||
4 | Subject: [PATCH 1/5] Bug #707686 | ||
5 | |||
6 | See bug thread for details | ||
7 | |||
8 | In addition to the noted bug; an error path (return from | ||
9 | gp_file_name_reduce not successful) could elad to a memory leak as we | ||
10 | did not free 'bufferfull'. Fix that too. | ||
11 | |||
12 | This addresses CVE-2024-33870 | ||
13 | |||
14 | CVE: CVE-2024-33870 | ||
15 | |||
16 | Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc] | ||
17 | |||
18 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
19 | --- | ||
20 | base/gpmisc.c | 36 ++++++++++++++++++++++++++++++++---- | ||
21 | 1 file changed, 32 insertions(+), 4 deletions(-) | ||
22 | |||
23 | diff --git a/base/gpmisc.c b/base/gpmisc.c | ||
24 | index 2b0064b..c4a69b0 100644 | ||
25 | --- a/base/gpmisc.c | ||
26 | +++ b/base/gpmisc.c | ||
27 | @@ -1,4 +1,4 @@ | ||
28 | -/* Copyright (C) 2001-2023 Artifex Software, Inc. | ||
29 | +/* Copyright (C) 2001-2024 Artifex Software, Inc. | ||
30 | All Rights Reserved. | ||
31 | |||
32 | This software is provided AS-IS with no warranty, either express or | ||
33 | @@ -1042,7 +1042,7 @@ gp_validate_path_len(const gs_memory_t *mem, | ||
34 | const uint len, | ||
35 | const char *mode) | ||
36 | { | ||
37 | - char *buffer, *bufferfull; | ||
38 | + char *buffer, *bufferfull = NULL; | ||
39 | uint rlen; | ||
40 | int code = 0; | ||
41 | const char *cdirstr = gp_file_name_current(); | ||
42 | @@ -1096,8 +1096,10 @@ gp_validate_path_len(const gs_memory_t *mem, | ||
43 | return gs_error_VMerror; | ||
44 | |||
45 | buffer = bufferfull + prefix_len; | ||
46 | - if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) | ||
47 | - return gs_error_invalidfileaccess; | ||
48 | + if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) { | ||
49 | + code = gs_note_error(gs_error_invalidfileaccess); | ||
50 | + goto exit; | ||
51 | + } | ||
52 | buffer[rlen] = 0; | ||
53 | } | ||
54 | while (1) { | ||
55 | @@ -1132,9 +1134,34 @@ gp_validate_path_len(const gs_memory_t *mem, | ||
56 | code = gs_note_error(gs_error_invalidfileaccess); | ||
57 | } | ||
58 | if (code < 0 && prefix_len > 0 && buffer > bufferfull) { | ||
59 | + uint newlen = rlen + cdirstrl + dirsepstrl; | ||
60 | + char *newbuffer; | ||
61 | + int code; | ||
62 | + | ||
63 | buffer = bufferfull; | ||
64 | memcpy(buffer, cdirstr, cdirstrl); | ||
65 | memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl); | ||
66 | + | ||
67 | + /* We've prepended a './' or similar for the current working directory. We need | ||
68 | + * to execute file_name_reduce on that, to eliminate any '../' or similar from | ||
69 | + * the (new) full path. | ||
70 | + */ | ||
71 | + newbuffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, newlen + 1, "gp_validate_path"); | ||
72 | + if (newbuffer == NULL) { | ||
73 | + code = gs_note_error(gs_error_VMerror); | ||
74 | + goto exit; | ||
75 | + } | ||
76 | + | ||
77 | + memcpy(newbuffer, buffer, rlen + cdirstrl + dirsepstrl); | ||
78 | + newbuffer[newlen] = 0x00; | ||
79 | + | ||
80 | + code = gp_file_name_reduce(newbuffer, (uint)newlen, buffer, &newlen); | ||
81 | + gs_free_object(mem->thread_safe_memory, newbuffer, "gp_validate_path"); | ||
82 | + if (code != gp_combine_success) { | ||
83 | + code = gs_note_error(gs_error_invalidfileaccess); | ||
84 | + goto exit; | ||
85 | + } | ||
86 | + | ||
87 | continue; | ||
88 | } | ||
89 | else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { | ||
90 | @@ -1153,6 +1180,7 @@ gp_validate_path_len(const gs_memory_t *mem, | ||
91 | gs_path_control_flag_is_scratch_file); | ||
92 | } | ||
93 | |||
94 | +exit: | ||
95 | gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path"); | ||
96 | #ifdef EACCES | ||
97 | if (code == gs_error_invalidfileaccess) | ||
98 | -- | ||
99 | 2.40.0 | ||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch deleted file mode 100644 index abe6384997..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001 | ||
2 | From: Zdenek Hutyra <zhutyra@centrum.cz> | ||
3 | Date: Mon, 22 Apr 2024 13:33:47 +0100 | ||
4 | Subject: [PATCH 4/5] OPVP device - prevent unsafe parameter change with SAFER | ||
5 | |||
6 | Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library" | ||
7 | |||
8 | The "Driver" parameter for the "opvp"/"oprp" device specifies the name | ||
9 | of a dynamic library and allows any library to be loaded. | ||
10 | |||
11 | The patch does not allow changing this parameter after activating path | ||
12 | control. | ||
13 | |||
14 | This addresses CVE-2024-33871 | ||
15 | |||
16 | CVE: CVE-2024-33871 | ||
17 | |||
18 | Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc2396] | ||
19 | |||
20 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
21 | --- | ||
22 | contrib/opvp/gdevopvp.c | 6 ++++++ | ||
23 | 1 file changed, 6 insertions(+) | ||
24 | |||
25 | diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c | ||
26 | index 74200cf..80eb23b 100644 | ||
27 | --- a/contrib/opvp/gdevopvp.c | ||
28 | +++ b/contrib/opvp/gdevopvp.c | ||
29 | @@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist) | ||
30 | code = param_read_string(plist, pname, &vdps); | ||
31 | switch (code) { | ||
32 | case 0: | ||
33 | + if (gs_is_path_control_active(dev->memory) | ||
34 | + && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size | ||
35 | + || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) { | ||
36 | + param_signal_error(plist, pname, gs_error_invalidaccess); | ||
37 | + return_error(gs_error_invalidaccess); | ||
38 | + } | ||
39 | buff = realloc(buff, vdps.size + 1); | ||
40 | memcpy(buff, vdps.data, vdps.size); | ||
41 | buff[vdps.size] = 0; | ||
42 | -- | ||
43 | 2.40.0 | ||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch index 15c7eb5a77..67f14bd368 100644 --- a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch +++ b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 0ccbaa134093bf6afc79f2d20d061bca5a8754ed Mon Sep 17 00:00:00 2001 | 1 | From b36713c8f1ba0e5755b78845a433354a63663b1a Mon Sep 17 00:00:00 2001 |
2 | From: Kai Kang <kai.kang@windriver.com> | 2 | From: Kai Kang <kai.kang@windriver.com> |
3 | Date: Thu, 29 Mar 2018 16:02:05 +0800 | 3 | Date: Thu, 29 Mar 2018 16:02:05 +0800 |
4 | Subject: [PATCH 04/10] avoid host contamination | 4 | Subject: [PATCH] avoid host contamination |
5 | 5 | ||
6 | Remove hardcode path refer to host to avoid host contamination. | 6 | Remove hardcode path refer to host to avoid host contamination. |
7 | 7 | ||
@@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | |||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | 15 | 1 file changed, 1 insertion(+), 1 deletion(-) |
16 | 16 | ||
17 | diff --git a/devices/devs.mak b/devices/devs.mak | 17 | diff --git a/devices/devs.mak b/devices/devs.mak |
18 | index 846aa50..9570182 100644 | 18 | index 186f704..88ab8c9 100644 |
19 | --- a/devices/devs.mak | 19 | --- a/devices/devs.mak |
20 | +++ b/devices/devs.mak | 20 | +++ b/devices/devs.mak |
21 | @@ -393,7 +393,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\ | 21 | @@ -397,7 +397,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\ |
22 | ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT | 22 | ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT |
23 | 23 | ||
24 | $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS) | 24 | $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS) |
@@ -27,6 +27,3 @@ index 846aa50..9570182 100644 | |||
27 | 27 | ||
28 | ###### --------------- Memory-buffered printer devices --------------- ###### | 28 | ###### --------------- Memory-buffered printer devices --------------- ###### |
29 | 29 | ||
30 | -- | ||
31 | 1.8.3.1 | ||
32 | |||
diff --git a/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch b/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch deleted file mode 100644 index 7873396045..0000000000 --- a/meta/recipes-extended/ghostscript/ghostscript/configure.ac-add-option-to-explicitly-disable-neon.patch +++ /dev/null | |||
@@ -1,99 +0,0 @@ | |||
1 | From fd37229a17822c5ad21a369f670b8a6f6cc6b95b Mon Sep 17 00:00:00 2001 | ||
2 | From: Benjamin Bara <benjamin.bara@skidata.com> | ||
3 | Date: Mon, 4 Sep 2023 12:16:39 +0200 | ||
4 | Subject: [PATCH] configure.ac: add option to explicitly disable neon | ||
5 | |||
6 | Uncomment an already existing possibility to explicitly disable neon and | ||
7 | use it on both implemented neon checks. | ||
8 | |||
9 | Upstream-Status: Submitted [https://bugs.ghostscript.com/show_bug.cgi?id=707097] | ||
10 | |||
11 | Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com> | ||
12 | --- | ||
13 | configure.ac | 52 +++++++++++++++++++++++++++++----------------------- | ||
14 | 1 file changed, 29 insertions(+), 23 deletions(-) | ||
15 | |||
16 | diff --git a/configure.ac b/configure.ac | ||
17 | index 09d881dd1..62718e15e 100644 | ||
18 | --- a/configure.ac | ||
19 | +++ b/configure.ac | ||
20 | @@ -749,6 +749,33 @@ SUBCONFIG_OPTS="--build=$build --host=$host" | ||
21 | # SUBCONFIG_OPTS="$SUBCONFIG_OPTS --host=$host_alias" | ||
22 | #fi | ||
23 | |||
24 | +dnl -------------------------------------------------- | ||
25 | +dnl Check for NEON support | ||
26 | +dnl -------------------------------------------------- | ||
27 | +save_cflags=$CFLAGS | ||
28 | +AC_MSG_CHECKING([neon support]) | ||
29 | +CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53" | ||
30 | +HAVE_NEON="" | ||
31 | +AC_LINK_IFELSE( | ||
32 | + [AC_LANG_PROGRAM([#include "arm_neon.h"], [ | ||
33 | + int32x4_t round = vdupq_n_s32(10); | ||
34 | + return(0); | ||
35 | + ])], | ||
36 | + [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""]) | ||
37 | + | ||
38 | +AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon], | ||
39 | + [Do not use neon instrinsics]), [ | ||
40 | + if test "x$enable_neon" = xno; then | ||
41 | + HAVE_NEON="" | ||
42 | + fi]) | ||
43 | + | ||
44 | +if test "x$HAVE_NEON" != x; then | ||
45 | + AC_MSG_RESULT(yes) | ||
46 | +else | ||
47 | + AC_MSG_RESULT(no) | ||
48 | +fi | ||
49 | +CFLAGS=$save_cflags | ||
50 | + | ||
51 | dnl -------------------------------------------------- | ||
52 | dnl Check for libraries | ||
53 | dnl -------------------------------------------------- | ||
54 | @@ -971,11 +998,12 @@ if test x$with_tesseract != xno; then | ||
55 | [TESS_NEON="-mfpu=neon -mcpu=cortex-a53 -D__ARM_NEON__"], | ||
56 | [TESS_NEON=""]) | ||
57 | |||
58 | - if test "x$TESS_NEON" != x; then | ||
59 | + if test "x$TESS_NEON" != x && test "x$enable_neon" != xno; then | ||
60 | AC_MSG_RESULT(yes) | ||
61 | TESS_CXXFLAGS="$TESS_CXXFLAGS -DHAVE_NEON" | ||
62 | else | ||
63 | AC_MSG_RESULT(no) | ||
64 | + TESS_NEON="" | ||
65 | fi | ||
66 | |||
67 | CXXFLAGS="$save_cxxflags" | ||
68 | @@ -2387,28 +2415,6 @@ if test x$WITH_CAL != x0; then | ||
69 | AC_MSG_RESULT(no) | ||
70 | fi | ||
71 | |||
72 | - AC_MSG_CHECKING([neon support]) | ||
73 | - CFLAGS="$save_cflags $OPT_CFLAGS -mfpu=neon -mcpu=cortex-a53" | ||
74 | - HAVE_NEON="" | ||
75 | - AC_LINK_IFELSE( | ||
76 | - [AC_LANG_PROGRAM([#include "arm_neon.h"], [ | ||
77 | - int32x4_t round = vdupq_n_s32(10); | ||
78 | - return(0); | ||
79 | - ])], | ||
80 | - [HAVE_NEON="-DHAVE_NEON"], [HAVE_NEON=""]) | ||
81 | - | ||
82 | - #AC_ARG_ENABLE([neon], AS_HELP_STRING([--disable-neon], | ||
83 | - # [Do not use neon instrinsics]), [ | ||
84 | - # if test "x$enable_neon" = xno; then | ||
85 | - # HAVE_NEON="" | ||
86 | - # fi]) | ||
87 | - | ||
88 | - if test "x$HAVE_NEON" != x; then | ||
89 | - AC_MSG_RESULT(yes) | ||
90 | - else | ||
91 | - AC_MSG_RESULT(no) | ||
92 | - fi | ||
93 | - | ||
94 | #AC_SUBST(HAVE_SSE4_2) | ||
95 | #AC_SUBST(HAVE_NEON) | ||
96 | CFLAGS=$save_cflags | ||
97 | -- | ||
98 | 2.34.1 | ||
99 | |||
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb index db9481816a..0504f5244f 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb | |||
@@ -25,15 +25,9 @@ def gs_verdir(v): | |||
25 | SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \ | 25 | SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \ |
26 | file://ghostscript-9.16-Werror-return-type.patch \ | 26 | file://ghostscript-9.16-Werror-return-type.patch \ |
27 | file://avoid-host-contamination.patch \ | 27 | file://avoid-host-contamination.patch \ |
28 | file://configure.ac-add-option-to-explicitly-disable-neon.patch \ | ||
29 | file://CVE-2024-33870.patch \ | ||
30 | file://CVE-2024-33869-0001.patch \ | ||
31 | file://CVE-2024-33869-0002.patch \ | ||
32 | file://CVE-2024-33871.patch \ | ||
33 | file://CVE-2024-29510.patch \ | ||
34 | " | 28 | " |
35 | 29 | ||
36 | SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9" | 30 | SRC_URI[sha256sum] = "31cd01682ad23a801cc3bbc222a55f07c4ea3e068bdfb447792d54db21a2e8ad" |
37 | 31 | ||
38 | PACKAGECONFIG ??= "" | 32 | PACKAGECONFIG ??= "" |
39 | PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" | 33 | PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" |
diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch index 8824bf2af7..0fe2261511 100644 --- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch +++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch | |||
@@ -1,22 +1,24 @@ | |||
1 | From 0096c854d5015918ed154dccb3ad472fd06c1010 Mon Sep 17 00:00:00 2001 | 1 | From 653db8b938166db7833135f615b90c38a3f27a30 Mon Sep 17 00:00:00 2001 |
2 | From: "Maxin B. John" <maxin.john@intel.com> | 2 | From: "Maxin B. John" <maxin.john@intel.com> |
3 | Date: Tue, 21 Feb 2017 11:16:31 +0200 | 3 | Date: Thu, 25 Apr 2024 10:51:02 +0200 |
4 | Subject: [PATCH] configure: Add option to enable/disable libnfnetlink | 4 | Subject: [PATCH] configure: Add option to enable/disable libnfnetlink |
5 | 5 | ||
6 | This changes the configure behaviour from autodetecting | 6 | Default behavior (autodetecting) does not change, but specifying |
7 | for libnfnetlink to having an option to disable it explicitly | 7 | either option would explicitly disable or enable libnfnetlink support, |
8 | 8 | and if the library is not found in the latter case, ./configure will error | |
9 | Upstream-Status: Pending | 9 | out. |
10 | 10 | ||
11 | Upstream-Status: Backport [https://git.netfilter.org/iptables/commit/?id=653db8b938166db7833135f615b90c38a3f27a30] | ||
11 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
12 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | 13 | Signed-off-by: Maxin B. John <maxin.john@intel.com> |
13 | 14 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | |
15 | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||
14 | --- | 16 | --- |
15 | configure.ac | 10 +++++++--- | 17 | configure.ac | 13 +++++++++++-- |
16 | 1 file changed, 7 insertions(+), 3 deletions(-) | 18 | 1 file changed, 11 insertions(+), 2 deletions(-) |
17 | 19 | ||
18 | diff --git a/configure.ac b/configure.ac | 20 | diff --git a/configure.ac b/configure.ac |
19 | index d99fa3b..d607772 100644 | 21 | index d99fa3b9..2293702b 100644 |
20 | --- a/configure.ac | 22 | --- a/configure.ac |
21 | +++ b/configure.ac | 23 | +++ b/configure.ac |
22 | @@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], | 24 | @@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], |
@@ -25,21 +27,27 @@ index d99fa3b..d607772 100644 | |||
25 | [enable_nftables="$enableval"], [enable_nftables="yes"]) | 27 | [enable_nftables="$enableval"], [enable_nftables="yes"]) |
26 | +AC_ARG_ENABLE([libnfnetlink], | 28 | +AC_ARG_ENABLE([libnfnetlink], |
27 | + AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), | 29 | + AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), |
28 | + [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"]) | 30 | + [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="auto"]) |
29 | AC_ARG_ENABLE([connlabel], | 31 | AC_ARG_ENABLE([connlabel], |
30 | AS_HELP_STRING([--disable-connlabel], | 32 | AS_HELP_STRING([--disable-connlabel], |
31 | [Do not build libnetfilter_conntrack]), | 33 | [Do not build libnetfilter_conntrack]), |
32 | @@ -113,9 +116,10 @@ AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"]) | 34 | @@ -113,8 +116,14 @@ AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"]) |
33 | AM_CONDITIONAL([ENABLE_NFTABLES], [test "$enable_nftables" = "yes"]) | 35 | AM_CONDITIONAL([ENABLE_NFTABLES], [test "$enable_nftables" = "yes"]) |
34 | AM_CONDITIONAL([ENABLE_CONNLABEL], [test "$enable_connlabel" = "yes"]) | 36 | AM_CONDITIONAL([ENABLE_CONNLABEL], [test "$enable_connlabel" = "yes"]) |
35 | 37 | ||
36 | -PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], | 38 | -PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], |
37 | - [nfnetlink=1], [nfnetlink=0]) | 39 | - [nfnetlink=1], [nfnetlink=0]) |
38 | -AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) | 40 | +# If specified explicitly on the command line, error out when library was not found |
39 | +AS_IF([test "x$enable_libnfnetlink" = "xyes"], [ | 41 | +# Otherwise, disable and continue |
40 | + PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0]) | 42 | +AS_IF([test "x$enable_libnfnetlink" = "xyes"], |
41 | + ]) | 43 | + [PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], |
42 | +AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"]) | 44 | + [nfnetlink=1])], |
45 | + [test "x$enable_libnfnetlink" = "xauto"], | ||
46 | + [PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], | ||
47 | + [nfnetlink=1], [nfnetlink=0])]) | ||
48 | AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) | ||
43 | 49 | ||
44 | if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then | 50 | if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then |
45 | PKG_CHECK_MODULES([libpcap], [libpcap], [], [ | 51 | -- |
52 | 2.39.2 | ||
53 | |||
diff --git a/meta/recipes-extended/iptables/iptables/0005-nft-ruleparse-Add-missing-braces-around-ternary.patch b/meta/recipes-extended/iptables/iptables/0005-nft-ruleparse-Add-missing-braces-around-ternary.patch new file mode 100644 index 0000000000..4cbc8bdaf4 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/0005-nft-ruleparse-Add-missing-braces-around-ternary.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 2026b08bce7fe87b5964f7912e1eef30f04922c1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Phil Sutter <phil@nwl.cc> | ||
3 | Date: Fri, 26 Jan 2024 18:43:10 +0100 | ||
4 | Subject: [PATCH] nft: ruleparse: Add missing braces around ternary | ||
5 | |||
6 | The expression evaluated the sum before the ternay, consequently not | ||
7 | adding target->size if tgsize was zero. | ||
8 | |||
9 | Identified by ASAN for a simple rule using standard target: | ||
10 | | # ebtables -A INPUT -s de:ad:be:ef:0:00 -j RETURN | ||
11 | | # ebtables -D INPUT -s de:ad:be:ef:0:00 -j RETURN | ||
12 | | ================================================================= | ||
13 | | ==18925==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000120 at pc 0x7f627a4c75c5 bp 0x7ffe882b5180 sp 0x7ffe882b4928 | ||
14 | | READ of size 8 at 0x603000000120 thread T0 | ||
15 | | [...] | ||
16 | |||
17 | Upstream-Status: Backport [2026b08bce7fe87b5964f7912e1eef30f04922c1] | ||
18 | |||
19 | Fixes: 2a6eee89083c8 ("nft-ruleparse: Introduce nft_create_target()") | ||
20 | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||
21 | --- | ||
22 | iptables/nft-ruleparse.c | 2 +- | ||
23 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
24 | |||
25 | diff --git a/iptables/nft-ruleparse.c b/iptables/nft-ruleparse.c | ||
26 | index 0bbdf44faf..3b1cbe4fa1 100644 | ||
27 | --- a/iptables/nft-ruleparse.c | ||
28 | +++ b/iptables/nft-ruleparse.c | ||
29 | @@ -94,7 +94,7 @@ __nft_create_target(struct nft_xt_ctx *ctx, const char *name, size_t tgsize) | ||
30 | if (!target) | ||
31 | return NULL; | ||
32 | |||
33 | - size = XT_ALIGN(sizeof(*target->t)) + tgsize ?: target->size; | ||
34 | + size = XT_ALIGN(sizeof(*target->t)) + (tgsize ?: target->size); | ||
35 | |||
36 | target->t = xtables_calloc(1, size); | ||
37 | target->t->u.target_size = size; | ||
diff --git a/meta/recipes-extended/iptables/iptables_1.8.10.bb b/meta/recipes-extended/iptables/iptables_1.8.10.bb index cd2f3bce0b..f1ee1efe28 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.10.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.10.bb | |||
@@ -16,6 +16,7 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.xz \ | |||
16 | file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ | 16 | file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ |
17 | file://0002-iptables-xshared.h-add-missing-sys.types.h-include.patch \ | 17 | file://0002-iptables-xshared.h-add-missing-sys.types.h-include.patch \ |
18 | file://0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch \ | 18 | file://0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch \ |
19 | file://0005-nft-ruleparse-Add-missing-braces-around-ternary.patch \ | ||
19 | " | 20 | " |
20 | SRC_URI[sha256sum] = "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c" | 21 | SRC_URI[sha256sum] = "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c" |
21 | 22 | ||
@@ -75,6 +76,8 @@ do_install:append() { | |||
75 | # if libnftnl is included, make the iptables symlink point to the nft-based binary by default | 76 | # if libnftnl is included, make the iptables symlink point to the nft-based binary by default |
76 | if ${@bb.utils.contains('PACKAGECONFIG', 'libnftnl', 'true', 'false', d)} ; then | 77 | if ${@bb.utils.contains('PACKAGECONFIG', 'libnftnl', 'true', 'false', d)} ; then |
77 | ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables | 78 | ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables |
79 | ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables-save | ||
80 | ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables-restore | ||
78 | fi | 81 | fi |
79 | } | 82 | } |
80 | 83 | ||
diff --git a/meta/recipes-extended/less/files/CVE-2024-32487.patch b/meta/recipes-extended/less/files/CVE-2024-32487.patch new file mode 100644 index 0000000000..2d33099cd3 --- /dev/null +++ b/meta/recipes-extended/less/files/CVE-2024-32487.patch | |||
@@ -0,0 +1,74 @@ | |||
1 | From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Nudelman <markn@greenwoodsoftware.com> | ||
3 | Date: Thu, 11 Apr 2024 17:49:48 -0700 | ||
4 | Subject: [PATCH] Fix bug when viewing a file whose name contains a newline. | ||
5 | |||
6 | CVE: CVE-2024-32487 | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33] | ||
9 | |||
10 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
11 | --- | ||
12 | filename.c | 29 ++++++++++++++++++++++++----- | ||
13 | 1 file changed, 24 insertions(+), 5 deletions(-) | ||
14 | |||
15 | diff --git a/filename.c b/filename.c | ||
16 | index a8726dc..c4b35b1 100644 | ||
17 | --- a/filename.c | ||
18 | +++ b/filename.c | ||
19 | @@ -133,6 +133,15 @@ static int metachar(char c) | ||
20 | return (strchr(metachars(), c) != NULL); | ||
21 | } | ||
22 | |||
23 | +/* | ||
24 | + * Must use quotes rather than escape char for this metachar? | ||
25 | + */ | ||
26 | +static int must_quote(char c) | ||
27 | +{ | ||
28 | + /* {{ Maybe the set of must_quote chars should be configurable? }} */ | ||
29 | + return (c == '\n'); | ||
30 | +} | ||
31 | + | ||
32 | /* | ||
33 | * Insert a backslash before each metacharacter in a string. | ||
34 | */ | ||
35 | @@ -164,6 +173,9 @@ public char * shell_quote(char *s) | ||
36 | * doesn't support escape chars. Use quotes. | ||
37 | */ | ||
38 | use_quotes = 1; | ||
39 | + } else if (must_quote(*p)) | ||
40 | + { | ||
41 | + len += 3; /* open quote + char + close quote */ | ||
42 | } else | ||
43 | { | ||
44 | /* | ||
45 | @@ -193,15 +205,22 @@ public char * shell_quote(char *s) | ||
46 | { | ||
47 | while (*s != '\0') | ||
48 | { | ||
49 | - if (metachar(*s)) | ||
50 | + if (!metachar(*s)) | ||
51 | { | ||
52 | - /* | ||
53 | - * Add the escape char. | ||
54 | - */ | ||
55 | + *p++ = *s++; | ||
56 | + } else if (must_quote(*s)) | ||
57 | + { | ||
58 | + /* Surround the char with quotes. */ | ||
59 | + *p++ = openquote; | ||
60 | + *p++ = *s++; | ||
61 | + *p++ = closequote; | ||
62 | + } else | ||
63 | + { | ||
64 | + /* Insert an escape char before the char. */ | ||
65 | strcpy(p, esc); | ||
66 | p += esclen; | ||
67 | + *p++ = *s++; | ||
68 | } | ||
69 | - *p++ = *s++; | ||
70 | } | ||
71 | *p = '\0'; | ||
72 | } | ||
73 | -- | ||
74 | 2.40.0 | ||
diff --git a/meta/recipes-extended/less/less_643.bb b/meta/recipes-extended/less/less_643.bb index 67834bdd58..537283bde4 100644 --- a/meta/recipes-extended/less/less_643.bb +++ b/meta/recipes-extended/less/less_643.bb | |||
@@ -27,6 +27,7 @@ DEPENDS = "ncurses" | |||
27 | 27 | ||
28 | SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ | 28 | SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ |
29 | file://run-ptest \ | 29 | file://run-ptest \ |
30 | file://CVE-2024-32487.patch \ | ||
30 | " | 31 | " |
31 | 32 | ||
32 | SRC_URI[sha256sum] = "2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8" | 33 | SRC_URI[sha256sum] = "2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8" |
diff --git a/meta/recipes-extended/libmnl/libmnl_1.0.5.bb b/meta/recipes-extended/libmnl/libmnl_1.0.5.bb index 748326c0a0..66b30d7f60 100644 --- a/meta/recipes-extended/libmnl/libmnl_1.0.5.bb +++ b/meta/recipes-extended/libmnl/libmnl_1.0.5.bb | |||
@@ -11,4 +11,6 @@ SRC_URI[sha256sum] = "274b9b919ef3152bfb3da3a13c950dd60d6e2bcd54230ffeca298d03b4 | |||
11 | 11 | ||
12 | inherit autotools pkgconfig | 12 | inherit autotools pkgconfig |
13 | 13 | ||
14 | EXTRA_OECONF += "--with-doxygen=no" | ||
15 | |||
14 | BBCLASSEXTEND = "native" | 16 | BBCLASSEXTEND = "native" |
diff --git a/meta/recipes-extended/mc/mc_4.8.31.bb b/meta/recipes-extended/mc/mc_4.8.31.bb index 69c32887a2..5f8257f71f 100644 --- a/meta/recipes-extended/mc/mc_4.8.31.bb +++ b/meta/recipes-extended/mc/mc_4.8.31.bb | |||
@@ -8,7 +8,7 @@ DEPENDS = "ncurses glib-2.0 util-linux file-replacement-native" | |||
8 | RDEPENDS:${PN} = "ncurses-terminfo-base" | 8 | RDEPENDS:${PN} = "ncurses-terminfo-base" |
9 | RRECOMMENDS:${PN} = "ncurses-terminfo" | 9 | RRECOMMENDS:${PN} = "ncurses-terminfo" |
10 | 10 | ||
11 | SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \ | 11 | SRC_URI = "http://ftp.midnight-commander.org/${BPN}-${PV}.tar.bz2 \ |
12 | file://nomandate.patch \ | 12 | file://nomandate.patch \ |
13 | " | 13 | " |
14 | SRC_URI[sha256sum] = "f42f4114ed42f6cf9995f1d896fa6c797ccb36dac57760dda8dd9f78ac462841" | 14 | SRC_URI[sha256sum] = "f42f4114ed42f6cf9995f1d896fa6c797ccb36dac57760dda8dd9f78ac462841" |
diff --git a/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch b/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch new file mode 100644 index 0000000000..23d5646235 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch | |||
@@ -0,0 +1,69 @@ | |||
1 | From 80dc2d410595b5193d32f965185710df27f3984e Mon Sep 17 00:00:00 2001 | ||
2 | From: Md Zain Hasib <hasibm@vmware.com> | ||
3 | Date: Sat, 29 Jul 2023 11:01:35 +0530 | ||
4 | Subject: [PATCH] pam_pwhistory: fix passing NULL filename argument to | ||
5 | pwhistory helper | ||
6 | |||
7 | This change fixes a bug when pwhistory_helper is invoked from | ||
8 | pam_pwhistory with an NULL filename, pwhistory_helper receives a short | ||
9 | circuited argc count of 3, ignoring the rest of the arguments passed | ||
10 | due to filename being NULL. To resolve the issue, an empty string is | ||
11 | passed in case the filename is empty, which is later changed back to | ||
12 | NULL in pwhistory_helper so that it can be passed to opasswd to read | ||
13 | the default opasswd file. | ||
14 | |||
15 | * modules/pam_pwhistory/pam_pwhistory.c (run_save_helper, | ||
16 | run_check_helper): Replace NULL filename argument with an empty string. | ||
17 | * modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string | ||
18 | filename argument with NULL. | ||
19 | |||
20 | Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)") | ||
21 | Signed-off-by: Dmitry V. Levin <ldv@strace.io> | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | [https://github.com/linux-pam/linux-pam/commit/80dc2d410595b5193d32f965185710df27f3984e] | ||
25 | |||
26 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
27 | --- | ||
28 | modules/pam_pwhistory/pam_pwhistory.c | 4 ++-- | ||
29 | modules/pam_pwhistory/pwhistory_helper.c | 2 +- | ||
30 | 2 files changed, 3 insertions(+), 3 deletions(-) | ||
31 | |||
32 | diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c | ||
33 | index 5a7fb811..98ddffce 100644 | ||
34 | --- a/modules/pam_pwhistory/pam_pwhistory.c | ||
35 | +++ b/modules/pam_pwhistory/pam_pwhistory.c | ||
36 | @@ -141,7 +141,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, | ||
37 | args[0] = (char *)PWHISTORY_HELPER; | ||
38 | args[1] = (char *)"save"; | ||
39 | args[2] = (char *)user; | ||
40 | - args[3] = (char *)filename; | ||
41 | + args[3] = (char *)((filename != NULL) ? filename : ""); | ||
42 | DIAG_POP_IGNORE_CAST_QUAL; | ||
43 | if (asprintf(&args[4], "%d", howmany) < 0 || | ||
44 | asprintf(&args[5], "%d", debug) < 0) | ||
45 | @@ -228,7 +228,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, | ||
46 | args[0] = (char *)PWHISTORY_HELPER; | ||
47 | args[1] = (char *)"check"; | ||
48 | args[2] = (char *)user; | ||
49 | - args[3] = (char *)filename; | ||
50 | + args[3] = (char *)((filename != NULL) ? filename : ""); | ||
51 | DIAG_POP_IGNORE_CAST_QUAL; | ||
52 | if (asprintf(&args[4], "%d", debug) < 0) | ||
53 | { | ||
54 | diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c | ||
55 | index 469d95fa..fb9a1e31 100644 | ||
56 | --- a/modules/pam_pwhistory/pwhistory_helper.c | ||
57 | +++ b/modules/pam_pwhistory/pwhistory_helper.c | ||
58 | @@ -108,7 +108,7 @@ main(int argc, char *argv[]) | ||
59 | |||
60 | option = argv[1]; | ||
61 | user = argv[2]; | ||
62 | - filename = argv[3]; | ||
63 | + filename = (argv[3][0] != '\0') ? argv[3] : NULL; | ||
64 | |||
65 | if (strcmp(option, "check") == 0 && argc == 5) | ||
66 | return check_history(user, filename, argv[4]); | ||
67 | -- | ||
68 | 2.25.1 | ||
69 | |||
diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-22365.patch b/meta/recipes-extended/pam/libpam/CVE-2024-22365.patch new file mode 100644 index 0000000000..e4ec862dc5 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2024-22365.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From 84f378d3b8573828e7ccc54b54b5e128aa993748 Mon Sep 17 00:00:00 2001 | ||
2 | From: Matthias Gerstner <matthias.gerstner@suse.de> | ||
3 | Date: Wed, 27 Dec 2023 14:01:59 +0100 | ||
4 | Subject: [PATCH] pam_namespace: protect_dir(): use O_DIRECTORY to prevent | ||
5 | local DoS situations | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs | ||
11 | being placed in user controlled directories, causing the PAM module to | ||
12 | block indefinitely during `openat()`. | ||
13 | |||
14 | Pass O_DIRECTORY to cause the `openat()` to fail if the path does not | ||
15 | refer to a directory. | ||
16 | |||
17 | With this the check whether the final path element is a directory | ||
18 | becomes unnecessary, drop it. | ||
19 | |||
20 | Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb] | ||
21 | CVE: CVE-2024-22365 | ||
22 | Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> | ||
23 | --- | ||
24 | modules/pam_namespace/pam_namespace.c | 18 +----------------- | ||
25 | 1 file changed, 1 insertion(+), 17 deletions(-) | ||
26 | |||
27 | diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c | ||
28 | index f34ce934..ef856443 100644 | ||
29 | --- a/modules/pam_namespace/pam_namespace.c | ||
30 | +++ b/modules/pam_namespace/pam_namespace.c | ||
31 | @@ -1194,7 +1194,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, | ||
32 | int dfd = AT_FDCWD; | ||
33 | int dfd_next; | ||
34 | int save_errno; | ||
35 | - int flags = O_RDONLY; | ||
36 | + int flags = O_RDONLY | O_DIRECTORY; | ||
37 | int rv = -1; | ||
38 | struct stat st; | ||
39 | |||
40 | @@ -1248,22 +1248,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, | ||
41 | rv = openat(dfd, dir, flags); | ||
42 | } | ||
43 | |||
44 | - if (rv != -1) { | ||
45 | - if (fstat(rv, &st) != 0) { | ||
46 | - save_errno = errno; | ||
47 | - close(rv); | ||
48 | - rv = -1; | ||
49 | - errno = save_errno; | ||
50 | - goto error; | ||
51 | - } | ||
52 | - if (!S_ISDIR(st.st_mode)) { | ||
53 | - close(rv); | ||
54 | - errno = ENOTDIR; | ||
55 | - rv = -1; | ||
56 | - goto error; | ||
57 | - } | ||
58 | - } | ||
59 | - | ||
60 | if (flags & O_NOFOLLOW) { | ||
61 | /* we are inside user-owned dir - protect */ | ||
62 | if (protect_mount(rv, p, idata) == -1) { | ||
63 | -- | ||
64 | 2.43.0 | ||
65 | |||
diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb index 2a53bb4cc5..bcaa84c9a5 100644 --- a/meta/recipes-extended/pam/libpam_1.5.3.bb +++ b/meta/recipes-extended/pam/libpam_1.5.3.bb | |||
@@ -25,6 +25,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ | |||
25 | file://run-ptest \ | 25 | file://run-ptest \ |
26 | file://pam-volatiles.conf \ | 26 | file://pam-volatiles.conf \ |
27 | file://0001-pam_namespace-include-stdint-h.patch \ | 27 | file://0001-pam_namespace-include-stdint-h.patch \ |
28 | file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \ | ||
29 | file://CVE-2024-22365.patch \ | ||
28 | " | 30 | " |
29 | 31 | ||
30 | SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" | 32 | SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-build-with-clang.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-build-with-clang.patch index 9d1e05d7f4..9ca227d68d 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-build-with-clang.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-build-with-clang.patch | |||
@@ -6,7 +6,7 @@ Subject: [PATCH] Fix build with clang | |||
6 | Fix "error: non-void function 'fix_options' should return a value". | 6 | Fix "error: non-void function 'fix_options' should return a value". |
7 | Add function prototype to tcpd.c and miscd.c. | 7 | Add function prototype to tcpd.c and miscd.c. |
8 | 8 | ||
9 | Upstream-Status: Pending | 9 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
10 | 10 | ||
11 | Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> | 11 | Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> |
12 | --- | 12 | --- |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch index 474703885d..8503177926 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Fix-implicit-function-declaration-warnings.patch | |||
@@ -5,7 +5,7 @@ Subject: [PATCH] Fix implicit-function-declaration warnings | |||
5 | 5 | ||
6 | These are seen with clang-15+ | 6 | These are seen with clang-15+ |
7 | 7 | ||
8 | Upstream-Status: Inappropriate [upstream is dead] | 8 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
10 | --- | 10 | --- |
11 | hosts_access.c | 3 +++ | 11 | hosts_access.c | 3 +++ |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Remove-fgets-extern-declaration.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Remove-fgets-extern-declaration.patch index 88c8d9cae7..f485fe3fb6 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Remove-fgets-extern-declaration.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/0001-Remove-fgets-extern-declaration.patch | |||
@@ -6,7 +6,7 @@ Subject: [PATCH] Remove fgets() extern declaration | |||
6 | These sources already include <stdio.h> which should bring the correct | 6 | These sources already include <stdio.h> which should bring the correct |
7 | declaration | 7 | declaration |
8 | 8 | ||
9 | Upstream-Status: Pending | 9 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
10 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 10 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
11 | --- | 11 | --- |
12 | hosts_access.c | 1 - | 12 | hosts_access.c | 1 - |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/00_man_quoting.diff b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/00_man_quoting.diff index 16d6719cbc..c5ba3af306 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/00_man_quoting.diff +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/00_man_quoting.diff | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | 3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 |
4 | --- tcp_wrappers_7.6.orig/hosts_access.5 1995-01-30 19:51:47.000000000 +0100 | 4 | --- tcp_wrappers_7.6.orig/hosts_access.5 1995-01-30 19:51:47.000000000 +0100 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/01_man_portability.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/01_man_portability.patch index 9a735bff6d..fea8ab9d7a 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/01_man_portability.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/01_man_portability.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 | 3 | diff -ruNp tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 |
4 | --- tcp_wrappers_7.6.orig/hosts_access.3 2005-03-09 18:30:25.000000000 +0100 | 4 | --- tcp_wrappers_7.6.orig/hosts_access.3 2005-03-09 18:30:25.000000000 +0100 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/05_wildcard_matching.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/05_wildcard_matching.patch index 9e188027fc..525cd3531b 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/05_wildcard_matching.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/05_wildcard_matching.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847 | 3 | See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17847 |
4 | 4 | ||
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/06_fix_gethostbyname.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/06_fix_gethostbyname.patch index 725f4b5957..1f3f9e24ac 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/06_fix_gethostbyname.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/06_fix_gethostbyname.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | * Mon Feb 5 2001 Preston Brown <pbrown@redhat.com> | 3 | * Mon Feb 5 2001 Preston Brown <pbrown@redhat.com> |
4 | - fix gethostbyname to work better with dot "." notation (#16949) | 4 | - fix gethostbyname to work better with dot "." notation (#16949) |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/10_usagi-ipv6.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/10_usagi-ipv6.patch index 96d47c39f4..ea45777734 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/10_usagi-ipv6.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/10_usagi-ipv6.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c | 3 | diff -ruN tcp_wrappers_7.6.orig/fix_options.c tcp_wrappers_7.6/fix_options.c |
4 | --- tcp_wrappers_7.6.orig/fix_options.c 1997-04-08 02:29:19.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/fix_options.c 1997-04-08 02:29:19.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch index 226106f4ff..77d5b42342 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_tcpd_blacklist.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | Path: news.porcupine.org!news.porcupine.org!not-for-mail | 3 | Path: news.porcupine.org!news.porcupine.org!not-for-mail |
4 | From: Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl> | 4 | From: Wietse Venema <wietse@((no)(spam)(please))wzv.win.tue.nl> |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_usagi_fix.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_usagi_fix.patch index 260e8d3138..09a1e0527e 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_usagi_fix.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/11_usagi_fix.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -uN tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c | 3 | diff -uN tcp_wrappers_7.6/hosts_access.c tcp_wrappers_7.6.new/hosts_access.c |
4 | --- tcp_wrappers_7.6/hosts_access.c Mon May 20 14:00:56 2002 | 4 | --- tcp_wrappers_7.6/hosts_access.c Mon May 20 14:00:56 2002 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/12_makefile_config.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/12_makefile_config.patch index d473fb6342..895a72e6b4 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/12_makefile_config.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/12_makefile_config.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | Index: tcp_wrappers_7.6/Makefile | 3 | Index: tcp_wrappers_7.6/Makefile |
4 | =================================================================== | 4 | =================================================================== |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/13_shlib_weaksym.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/13_shlib_weaksym.patch index bd1396bc79..9503fb3c88 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/13_shlib_weaksym.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/13_shlib_weaksym.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/Makefile tcp_wrappers_7.6/Makefile | 3 | diff -ruN tcp_wrappers_7.6.orig/Makefile tcp_wrappers_7.6/Makefile |
4 | --- tcp_wrappers_7.6.orig/Makefile 2004-05-02 15:37:59.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/Makefile 2004-05-02 15:37:59.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/14_cidr_support.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/14_cidr_support.patch index eb5685c576..b6681df8ce 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/14_cidr_support.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/14_cidr_support.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | 3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 |
4 | --- tcp_wrappers_7.6.orig/hosts_access.5 2003-08-21 03:15:36.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/hosts_access.5 2003-08-21 03:15:36.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/15_match_clarify.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/15_match_clarify.patch index 3ca6874119..0c8594cac3 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/15_match_clarify.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/15_match_clarify.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 | 3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 |
4 | --- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-25 12:17:59.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/hosts_access.5 2004-04-25 12:17:59.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/expand_remote_port.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/expand_remote_port.patch index 3087377976..0c54ba6d35 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/expand_remote_port.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/expand_remote_port.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/eval.c tcp_wrappers_7.6/eval.c | 3 | diff -ruN tcp_wrappers_7.6.orig/eval.c tcp_wrappers_7.6/eval.c |
4 | --- tcp_wrappers_7.6.orig/eval.c 1995-01-30 19:51:46.000000000 +0100 | 4 | --- tcp_wrappers_7.6.orig/eval.c 1995-01-30 19:51:46.000000000 +0100 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings.patch index 965544cc0b..0fd2ca7b2b 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | Compile warning fixes from Debian | 1 | Compile warning fixes from Debian |
2 | 2 | ||
3 | Signed-off-by: Adrian Bunk <bunk@stusta.de> | 3 | Signed-off-by: Adrian Bunk <bunk@stusta.de> |
4 | Upstream-Status: Inappropriate [upstream is dead] | 4 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
5 | 5 | ||
6 | --- a/options.c | 6 | --- a/options.c |
7 | +++ b/options.c | 7 | +++ b/options.c |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings2.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings2.patch index 27157a2e6d..d9a6909db7 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings2.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/fix_warnings2.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | Compile warning fixes from Debian | 1 | Compile warning fixes from Debian |
2 | 2 | ||
3 | Signed-off-by: Adrian Bunk <bunk@stusta.de> | 3 | Signed-off-by: Adrian Bunk <bunk@stusta.de> |
4 | Upstream-Status: Inappropriate [upstream is dead] | 4 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
5 | 5 | ||
6 | --- a/clean_exit.c | 6 | --- a/clean_exit.c |
7 | +++ b/clean_exit.c | 7 | +++ b/clean_exit.c |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/have_strerror.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/have_strerror.patch index 4cc554fc38..9b1a3c0fa1 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/have_strerror.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/have_strerror.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/percent_m.c tcp_wrappers_7.6/percent_m.c | 3 | diff -ruN tcp_wrappers_7.6.orig/percent_m.c tcp_wrappers_7.6/percent_m.c |
4 | --- tcp_wrappers_7.6.orig/percent_m.c 1994-12-28 17:42:37.000000000 +0100 | 4 | --- tcp_wrappers_7.6.orig/percent_m.c 1994-12-28 17:42:37.000000000 +0100 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/ldflags.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/ldflags.patch index 3ba214d241..79b677f456 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/ldflags.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/ldflags.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | Index: tcp_wrappers_7.6.orig/Makefile | 3 | Index: tcp_wrappers_7.6.orig/Makefile |
4 | =================================================================== | 4 | =================================================================== |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/makefile-fix-parallel.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/makefile-fix-parallel.patch index 797352579b..23762449ac 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/makefile-fix-parallel.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/makefile-fix-parallel.patch | |||
@@ -12,7 +12,7 @@ problem. | |||
12 | Also fixed: | 12 | Also fixed: |
13 | Fatal error: can't create shared/hosts_access.o: No such file or directory | 13 | Fatal error: can't create shared/hosts_access.o: No such file or directory |
14 | 14 | ||
15 | Upstream-Status: Pending | 15 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
16 | 16 | ||
17 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | 17 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> |
18 | --- | 18 | --- |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/man_fromhost.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/man_fromhost.patch index 19bd7d3c0f..30e74a1de1 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/man_fromhost.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/man_fromhost.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 | 3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.3 tcp_wrappers_7.6/hosts_access.3 |
4 | --- tcp_wrappers_7.6.orig/hosts_access.3 2004-04-25 00:10:48.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/hosts_access.3 2004-04-25 00:10:48.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/musl-decls.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/musl-decls.patch index eee640e8a8..b998675aa0 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/musl-decls.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/musl-decls.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | __BEGIN_DECLS/__END_DECLS are BSD specific and not defined in musl | 1 | __BEGIN_DECLS/__END_DECLS are BSD specific and not defined in musl |
2 | glibc and uclibc had sys/cdefs.h doing it. | 2 | glibc and uclibc had sys/cdefs.h doing it. |
3 | 3 | ||
4 | Upstream-Status: Pending | 4 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
5 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 5 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
6 | 6 | ||
7 | Index: tcp_wrappers_7.6/tcpd.h | 7 | Index: tcp_wrappers_7.6/tcpd.h |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rename_strings_variable.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rename_strings_variable.patch index 7650600ab5..f42b9d2799 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rename_strings_variable.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rename_strings_variable.patch | |||
@@ -1,6 +1,6 @@ | |||
1 | STRINGS name conflicts with variable for strings tools (e.g. i586-oe-linux-strings) | 1 | STRINGS name conflicts with variable for strings tools (e.g. i586-oe-linux-strings) |
2 | 2 | ||
3 | Upstream-Status: Pending | 3 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
4 | 4 | ||
5 | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> | 5 | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> |
6 | 6 | ||
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/restore_sigalarm.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/restore_sigalarm.patch index 5875b81b2f..a864e38129 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/restore_sigalarm.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/restore_sigalarm.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c | 3 | diff -ruN tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c |
4 | --- tcp_wrappers_7.6.orig/rfc931.c 2004-08-29 18:40:08.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/rfc931.c 2004-08-29 18:40:08.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rfc931.diff b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rfc931.diff index 723f4f136a..2d0f548f89 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rfc931.diff +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/rfc931.diff | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruNp tcp_wrappers_7.6.orig/scaffold.c tcp_wrappers_7.6/scaffold.c | 3 | diff -ruNp tcp_wrappers_7.6.orig/scaffold.c tcp_wrappers_7.6/scaffold.c |
4 | --- tcp_wrappers_7.6.orig/scaffold.c 2005-03-09 18:22:04.000000000 +0100 | 4 | --- tcp_wrappers_7.6.orig/scaffold.c 2005-03-09 18:22:04.000000000 +0100 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/safe_finger.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/safe_finger.patch index fc2afeef15..b6543fc92e 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/safe_finger.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/safe_finger.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | --- tcp-wrappers-7.6-ipv6.1.orig/safe_finger.c | 3 | --- tcp-wrappers-7.6-ipv6.1.orig/safe_finger.c |
4 | +++ tcp-wrappers-7.6-ipv6.1/safe_finger.c | 4 | +++ tcp-wrappers-7.6-ipv6.1/safe_finger.c |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/sig_fix.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/sig_fix.patch index 9d7ea042b2..843063fd7c 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/sig_fix.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/sig_fix.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | * Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29 | 3 | * Mon Feb 10 2003 Harald Hoyer <harald@redhat.de> 7.6-29 |
4 | - added security patch tcp_wrappers-7.6-sig.patch | 4 | - added security patch tcp_wrappers-7.6-sig.patch |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/siglongjmp.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/siglongjmp.patch index 76dd6340b2..d4a1146594 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/siglongjmp.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/siglongjmp.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruNp tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c | 3 | diff -ruNp tcp_wrappers_7.6.orig/rfc931.c tcp_wrappers_7.6/rfc931.c |
4 | --- tcp_wrappers_7.6.orig/rfc931.c 2004-08-29 18:42:25.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/rfc931.c 2004-08-29 18:42:25.000000000 +0200 |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/socklen_t.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/socklen_t.patch index cf4f993c1a..fb64f93f1d 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/socklen_t.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/socklen_t.patch | |||
@@ -7,7 +7,7 @@ Date: Tue Feb 12 09:53:50 2013 -0500 | |||
7 | Added support for socklen_t type to len argument passed to socket related | 7 | Added support for socklen_t type to len argument passed to socket related |
8 | calls. This fixes a bug that causes tcp wrappers to fail when using sshd. | 8 | calls. This fixes a bug that causes tcp wrappers to fail when using sshd. |
9 | 9 | ||
10 | Upstream-Status: Pending | 10 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
11 | Signed-off-by: farrah rashid <farrah.rashid@windriver.com> | 11 | Signed-off-by: farrah rashid <farrah.rashid@windriver.com> |
12 | 12 | ||
13 | diff --git a/fix_options.c b/fix_options.c | 13 | diff --git a/fix_options.c b/fix_options.c |
diff --git a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/tcpdchk_libwrapped.patch b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/tcpdchk_libwrapped.patch index be29bdcfaa..2e3b1719fd 100644 --- a/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/tcpdchk_libwrapped.patch +++ b/meta/recipes-extended/tcp-wrappers/tcp-wrappers-7.6/tcpdchk_libwrapped.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | Upstream-Status: Backport | 1 | Upstream-Status: Inactive-Upstream [current release is from 1997; no vcs anywhere] |
2 | 2 | ||
3 | diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c | 3 | diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c |
4 | --- tcp_wrappers_7.6.orig/tcpdchk.c 2003-08-21 02:50:37.000000000 +0200 | 4 | --- tcp_wrappers_7.6.orig/tcpdchk.c 2003-08-21 02:50:37.000000000 +0200 |
diff --git a/meta/recipes-extended/timezone/tzdata.bb b/meta/recipes-extended/timezone/tzdata.bb index dd1960ffa7..2099b05db8 100644 --- a/meta/recipes-extended/timezone/tzdata.bb +++ b/meta/recipes-extended/timezone/tzdata.bb | |||
@@ -20,6 +20,7 @@ do_configure[cleandirs] = "${B}" | |||
20 | B = "${WORKDIR}/build" | 20 | B = "${WORKDIR}/build" |
21 | 21 | ||
22 | do_compile() { | 22 | do_compile() { |
23 | oe_runmake -C ${S} tzdata.zi | ||
23 | for zone in ${TZONES}; do | 24 | for zone in ${TZONES}; do |
24 | ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone} | 25 | ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo -L /dev/null ${S}/${zone} |
25 | ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone} | 26 | ${STAGING_BINDIR_NATIVE}/zic -b ${ZIC_FMT} -d ${B}/zoneinfo/posix -L /dev/null ${S}/${zone} |
@@ -37,6 +38,7 @@ do_install() { | |||
37 | cp -pP "${S}/iso3166.tab" ${D}${datadir}/zoneinfo | 38 | cp -pP "${S}/iso3166.tab" ${D}${datadir}/zoneinfo |
38 | cp -pP "${S}/leapseconds" ${D}${datadir}/zoneinfo | 39 | cp -pP "${S}/leapseconds" ${D}${datadir}/zoneinfo |
39 | cp -pP "${S}/leap-seconds.list" ${D}${datadir}/zoneinfo | 40 | cp -pP "${S}/leap-seconds.list" ${D}${datadir}/zoneinfo |
41 | cp -pP "${S}/tzdata.zi" ${D}${datadir}/zoneinfo | ||
40 | 42 | ||
41 | # Install default timezone | 43 | # Install default timezone |
42 | if [ -e ${D}${datadir}/zoneinfo/${DEFAULT_TIMEZONE} ]; then | 44 | if [ -e ${D}${datadir}/zoneinfo/${DEFAULT_TIMEZONE} ]; then |
@@ -141,6 +143,7 @@ FILES:tzdata-core += " \ | |||
141 | ${sysconfdir}/timezone \ | 143 | ${sysconfdir}/timezone \ |
142 | ${datadir}/zoneinfo/leapseconds \ | 144 | ${datadir}/zoneinfo/leapseconds \ |
143 | ${datadir}/zoneinfo/leap-seconds.list \ | 145 | ${datadir}/zoneinfo/leap-seconds.list \ |
146 | ${datadir}/zoneinfo/tzdata.zi \ | ||
144 | ${datadir}/zoneinfo/Pacific/Honolulu \ | 147 | ${datadir}/zoneinfo/Pacific/Honolulu \ |
145 | ${datadir}/zoneinfo/America/Anchorage \ | 148 | ${datadir}/zoneinfo/America/Anchorage \ |
146 | ${datadir}/zoneinfo/America/Los_Angeles \ | 149 | ${datadir}/zoneinfo/America/Los_Angeles \ |
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index 27076d5d9b..c13e7a008e 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb | |||
@@ -2,7 +2,7 @@ SUMMARY = "Utilities for extracting and viewing files in .zip archives" | |||
2 | HOMEPAGE = "http://www.info-zip.org" | 2 | HOMEPAGE = "http://www.info-zip.org" |
3 | DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." | 3 | DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." |
4 | SECTION = "console/utils" | 4 | SECTION = "console/utils" |
5 | LICENSE = "BSD-3-Clause" | 5 | LICENSE = "Info-ZIP" |
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29" | 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29" |
7 | PE = "1" | 7 | PE = "1" |
8 | 8 | ||
diff --git a/meta/recipes-extended/watchdog/watchdog-config/watchdog.default b/meta/recipes-extended/watchdog/watchdog-config/watchdog.default index 647d5abca5..cee5fdc2b6 100644 --- a/meta/recipes-extended/watchdog/watchdog-config/watchdog.default +++ b/meta/recipes-extended/watchdog/watchdog-config/watchdog.default | |||
@@ -1,2 +1,3 @@ | |||
1 | # Start watchdog at boot time? 0 or 1 | 1 | # Start watchdog at boot time? 0 or 1 |
2 | run_watchdog=1 | 2 | run_watchdog=1 |
3 | watchdog_module=none | ||
diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.4.6.bb index da3b75a10b..3f82e476bf 100644 --- a/meta/recipes-extended/xz/xz_5.4.6.bb +++ b/meta/recipes-extended/xz/xz_5.4.6.bb | |||
@@ -9,10 +9,10 @@ SECTION = "base" | |||
9 | # libgnu, which appears to be used for DOS builds. So we're left with | 9 | # libgnu, which appears to be used for DOS builds. So we're left with |
10 | # GPL-2.0-or-later and PD. | 10 | # GPL-2.0-or-later and PD. |
11 | LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD" | 11 | LICENSE = "GPL-2.0-or-later & GPL-3.0-with-autoconf-exception & LGPL-2.1-or-later & PD" |
12 | LICENSE:${PN} = "GPL-2.0-or-later" | 12 | LICENSE:${PN} = "PD & GPL-2.0-or-later" |
13 | LICENSE:${PN}-dev = "GPL-2.0-or-later" | 13 | LICENSE:${PN}-dev = "PD & GPL-2.0-or-later" |
14 | LICENSE:${PN}-staticdev = "GPL-2.0-or-later" | 14 | LICENSE:${PN}-staticdev = "GPL-2.0-or-later" |
15 | LICENSE:${PN}-doc = "GPL-2.0-or-later" | 15 | LICENSE:${PN}-doc = "PD & GPL-2.0-or-later" |
16 | LICENSE:${PN}-dbg = "GPL-2.0-or-later" | 16 | LICENSE:${PN}-dbg = "GPL-2.0-or-later" |
17 | LICENSE:${PN}-locale = "GPL-2.0-or-later" | 17 | LICENSE:${PN}-locale = "GPL-2.0-or-later" |
18 | LICENSE:liblzma = "PD" | 18 | LICENSE:liblzma = "PD" |
diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index ec54206335..58144baa14 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb | |||
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.info-zip.org" | |||
3 | DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." | 3 | DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." |
4 | SECTION = "console/utils" | 4 | SECTION = "console/utils" |
5 | 5 | ||
6 | LICENSE = "BSD-3-Clause" | 6 | LICENSE = "Info-ZIP" |
7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=04d43c5d70b496c032308106e26ae17d" |
8 | 8 | ||
9 | 9 | ||
diff --git a/meta/recipes-gnome/gcr/gcr_4.2.1.bb b/meta/recipes-gnome/gcr/gcr_4.2.1.bb index 26dc1d1bc6..7ffcc1b7a0 100644 --- a/meta/recipes-gnome/gcr/gcr_4.2.1.bb +++ b/meta/recipes-gnome/gcr/gcr_4.2.1.bb | |||
@@ -5,7 +5,7 @@ GNOME desktop." | |||
5 | HOMEPAGE = "https://gitlab.gnome.org/GNOME/gcr" | 5 | HOMEPAGE = "https://gitlab.gnome.org/GNOME/gcr" |
6 | BUGTRACKER = "https://gitlab.gnome.org/GNOME/gcr/issues" | 6 | BUGTRACKER = "https://gitlab.gnome.org/GNOME/gcr/issues" |
7 | 7 | ||
8 | LICENSE = "GPL-2.0-only" | 8 | LICENSE = "LGPL-2.0-only" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605" | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605" |
10 | 10 | ||
11 | DEPENDS = "p11-kit glib-2.0 libgcrypt gnupg-native \ | 11 | DEPENDS = "p11-kit glib-2.0 libgcrypt gnupg-native \ |
diff --git a/meta/recipes-gnome/libadwaita/libadwaita_1.5.0.bb b/meta/recipes-gnome/libadwaita/libadwaita_1.5.2.bb index b0b1e4502a..078f81c677 100644 --- a/meta/recipes-gnome/libadwaita/libadwaita_1.5.0.bb +++ b/meta/recipes-gnome/libadwaita/libadwaita_1.5.2.bb | |||
@@ -3,7 +3,6 @@ HOMEPAGE = "https://gitlab.gnome.org/GNOME/libadwaita" | |||
3 | LICENSE="LGPL-2.1-or-later" | 3 | LICENSE="LGPL-2.1-or-later" |
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" | 4 | LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" |
5 | 5 | ||
6 | |||
7 | DEPENDS = " \ | 6 | DEPENDS = " \ |
8 | gtk4 \ | 7 | gtk4 \ |
9 | appstream \ | 8 | appstream \ |
@@ -11,7 +10,7 @@ DEPENDS = " \ | |||
11 | 10 | ||
12 | inherit gnomebase gobject-introspection gi-docgen vala features_check | 11 | inherit gnomebase gobject-introspection gi-docgen vala features_check |
13 | 12 | ||
14 | SRC_URI[archive.sha256sum] = "fd92287df9bb95c963654fb6e70d3e082e2bcb37b147e0e3c905567167993783" | 13 | SRC_URI[archive.sha256sum] = "c9faee005cb4912bce34f69f1af26b01a364534e12ede5d9bac44d8226d72c16" |
15 | 14 | ||
16 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" | 15 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |
17 | REQUIRED_DISTRO_FEATURES = "opengl" | 16 | REQUIRED_DISTRO_FEATURES = "opengl" |
diff --git a/meta/recipes-gnome/libportal/files/0001-meson.build-fix-build-race-when-building-GTK-vapi-fi.patch b/meta/recipes-gnome/libportal/files/0001-meson.build-fix-build-race-when-building-GTK-vapi-fi.patch new file mode 100644 index 0000000000..fb015d3632 --- /dev/null +++ b/meta/recipes-gnome/libportal/files/0001-meson.build-fix-build-race-when-building-GTK-vapi-fi.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 26f96a178f8a0afded00bdd7238728c0b6e42a6b Mon Sep 17 00:00:00 2001 | ||
2 | From: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
3 | Date: Thu, 9 May 2024 18:44:41 +0000 | ||
4 | Subject: [PATCH] meson.build: fix build race when building GTK vapi files | ||
5 | |||
6 | There's a build race when building the GTK vapi files: | ||
7 | |||
8 | FAILED: libportal/libportal-gtk4.vapi | ||
9 | error: Package `libportal' not found in specified Vala API directories or GObject-Introspection GIR directories | ||
10 | |||
11 | This can be verified by adding "sleep 10;" to the command for the | ||
12 | libportal/libportal.vapi target in the generated build.ninja file. | ||
13 | |||
14 | The GTK vapi files need to have access to the generic libportal.vapi file, | ||
15 | but there is no explicit dependency. Switch the dependency name 'libportal' | ||
16 | to the dependency object libportal_vapi so that Meson generates the | ||
17 | dependency correctly. | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
21 | --- | ||
22 | libportal/meson.build | 4 ++-- | ||
23 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
24 | |||
25 | diff --git a/libportal/meson.build b/libportal/meson.build | ||
26 | index fff7603..4e67f40 100644 | ||
27 | --- a/libportal/meson.build | ||
28 | +++ b/libportal/meson.build | ||
29 | @@ -168,7 +168,7 @@ if gtk3_dep.found() | ||
30 | if vapi | ||
31 | libportal_gtk3_vapi = gnome.generate_vapi('libportal-gtk3', | ||
32 | sources: libportal_gtk3_gir[0], | ||
33 | - packages: ['gio-2.0', 'gtk+-3.0', 'libportal'], | ||
34 | + packages: ['gio-2.0', 'gtk+-3.0', libportal_vapi], | ||
35 | gir_dirs: [meson.current_build_dir()], | ||
36 | vapi_dirs: [meson.current_build_dir()], | ||
37 | install: true, | ||
38 | @@ -227,7 +227,7 @@ if gtk4_dep.found() | ||
39 | if vapi | ||
40 | libportal_gtk4_vapi = gnome.generate_vapi('libportal-gtk4', | ||
41 | sources: libportal_gtk4_gir[0], | ||
42 | - packages: ['gio-2.0', 'gtk4', 'libportal'], | ||
43 | + packages: ['gio-2.0', 'gtk4', libportal_vapi], | ||
44 | gir_dirs: [meson.current_build_dir()], | ||
45 | vapi_dirs: [meson.current_build_dir()], | ||
46 | install: true, | ||
47 | -- | ||
48 | 2.34.1 | ||
49 | |||
diff --git a/meta/recipes-gnome/libportal/libportal_0.7.1.bb b/meta/recipes-gnome/libportal/libportal_0.7.1.bb index 22e45559c9..6ddfef76d3 100644 --- a/meta/recipes-gnome/libportal/libportal_0.7.1.bb +++ b/meta/recipes-gnome/libportal/libportal_0.7.1.bb | |||
@@ -6,7 +6,8 @@ BUGTRACKER = "https://github.com/flatpak/libportal/issues" | |||
6 | LICENSE = "LGPL-3.0-only" | 6 | LICENSE = "LGPL-3.0-only" |
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=3000208d539ec061b899bce1d9ce9404" | 7 | LIC_FILES_CHKSUM = "file://COPYING;md5=3000208d539ec061b899bce1d9ce9404" |
8 | 8 | ||
9 | SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https;branch=main" | 9 | SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https;branch=main \ |
10 | file://0001-meson.build-fix-build-race-when-building-GTK-vapi-fi.patch" | ||
10 | SRCREV = "e9ed3a50cdde321eaf42361212480a66eb94a57a" | 11 | SRCREV = "e9ed3a50cdde321eaf42361212480a66eb94a57a" |
11 | S = "${WORKDIR}/git" | 12 | S = "${WORKDIR}/git" |
12 | 13 | ||
diff --git a/meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch b/meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch new file mode 100644 index 0000000000..e56772a7e2 --- /dev/null +++ b/meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From df94cfa4a637c229fef32c349b5c2dfee2dca3fc Mon Sep 17 00:00:00 2001 | ||
2 | From: Ross Burton <ross.burton@arm.com> | ||
3 | Date: Thu, 27 Jun 2024 17:09:11 +0100 | ||
4 | Subject: [PATCH] Don't build rsvg-loader in cross builds | ||
5 | |||
6 | This binary is a non-installed test binary that isn't any use in cross builds, and | ||
7 | causes problems because it generates a gdk-pixbuf loader cache at build time using | ||
8 | a mix of host and target libraries. | ||
9 | |||
10 | As we don't install the binary, we can just not build it. | ||
11 | |||
12 | Upstream-Status: Inappropriate [upstream has moved to Meson] | ||
13 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
14 | --- | ||
15 | gdk-pixbuf-loader/Makefile.am | 2 ++ | ||
16 | 1 file changed, 2 insertions(+) | ||
17 | |||
18 | diff --git a/gdk-pixbuf-loader/Makefile.am b/gdk-pixbuf-loader/Makefile.am | ||
19 | index 44df9c6c..fb417d24 100644 | ||
20 | --- a/gdk-pixbuf-loader/Makefile.am | ||
21 | +++ b/gdk-pixbuf-loader/Makefile.am | ||
22 | @@ -30,6 +30,7 @@ if PLATFORM_WIN32 | ||
23 | libpixbufloader_svg_la_LDFLAGS += -no-undefined | ||
24 | endif | ||
25 | |||
26 | +if !CROSS_COMPILING | ||
27 | noinst_PROGRAMS = rsvg-loader | ||
28 | |||
29 | rsvg_loader_SOURCES = \ | ||
30 | @@ -52,6 +53,7 @@ EXTRA_rsvg_loader_DEPENDENCIES = libpixbufloader-svg.la gdk-pixbuf-loaders | ||
31 | |||
32 | gdk-pixbuf-loaders: Makefile | ||
33 | $(AM_V_GEN) ( $(GDK_PIXBUF_QUERYLOADERS) ./libpixbufloader-svg.la && GDK_PIXBUF_MODULEDIR=$(gdk_pixbuf_moduledir) $(GDK_PIXBUF_QUERYLOADERS)) > gdk-pixbuf.loaders 2>/dev/null | ||
34 | +endif | ||
35 | |||
36 | if CROSS_COMPILING | ||
37 | RUN_QUERY_LOADER_TEST=false | ||
38 | -- | ||
39 | 2.34.1 | ||
40 | |||
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb b/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb index 4b52d4062b..ceaf1dfc00 100644 --- a/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb +++ b/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb | |||
@@ -21,6 +21,7 @@ require ${BPN}-crates.inc | |||
21 | 21 | ||
22 | SRC_URI += " \ | 22 | SRC_URI += " \ |
23 | file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.patch \ | 23 | file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.patch \ |
24 | file://disable-rsvg-loader-test.patch \ | ||
24 | " | 25 | " |
25 | 26 | ||
26 | SRC_URI[archive.sha256sum] = "074671a3ed6fbcd67cae2a40e539107f4f097ca8a4ab1a894c05e2524ff340ef" | 27 | SRC_URI[archive.sha256sum] = "074671a3ed6fbcd67cae2a40e539107f4f097ca8a4ab1a894c05e2524ff340ef" |
diff --git a/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch b/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch index 316a57fa4a..337a999bfa 100644 --- a/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch +++ b/meta/recipes-graphics/glslang/glslang/0001-generate-glslang-pkg-config.patch | |||
@@ -5,7 +5,7 @@ Subject: [PATCH] generate glslang pkg-config | |||
5 | 5 | ||
6 | Based on https://src.fedoraproject.org/rpms/glslang/blob/main/f/0001-pkg-config-compatibility.patch | 6 | Based on https://src.fedoraproject.org/rpms/glslang/blob/main/f/0001-pkg-config-compatibility.patch |
7 | 7 | ||
8 | Upstream-Status: Pending | 8 | Upstream-Status: Inappropriate [independently developed patch submitted at https://github.com/KhronosGroup/glslang/pull/3371] |
9 | 9 | ||
10 | Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> | 10 | Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> |
11 | --- | 11 | --- |
diff --git a/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch b/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch deleted file mode 100644 index 7be7d81eeb..0000000000 --- a/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From e8ec6b1cc5e401ba719095722d8b317d755ae613 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alistair Francis <alistair@alistair23.me> | ||
3 | Date: Thu, 14 Nov 2019 13:04:49 -0800 | ||
4 | Subject: [PATCH] meson.build: check for all linux host_os combinations | ||
5 | |||
6 | Make sure that we are also looking for our host_os combinations like | ||
7 | linux-musl etc. when assuming support for DRM/KMS. | ||
8 | |||
9 | Also delete a duplicate line. | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | |||
13 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
14 | Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> | ||
15 | Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> | ||
16 | Signed-off-by: Alistair Francis <alistair@alistair23.me> | ||
17 | --- | ||
18 | meson.build | 4 ++-- | ||
19 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/meson.build b/meson.build | ||
22 | index 133fd9a..817861e 100644 | ||
23 | --- a/meson.build | ||
24 | +++ b/meson.build | ||
25 | @@ -128,7 +128,7 @@ with_any_opengl = with_opengl or with_gles1 or with_gles2 | ||
26 | # Only build shared_glapi if at least one OpenGL API is enabled | ||
27 | with_shared_glapi = with_shared_glapi and with_any_opengl | ||
28 | |||
29 | -system_has_kms_drm = ['openbsd', 'netbsd', 'freebsd', 'gnu/kfreebsd', 'dragonfly', 'linux', 'sunos', 'android', 'managarm'].contains(host_machine.system()) | ||
30 | +system_has_kms_drm = ['openbsd', 'netbsd', 'freebsd', 'gnu/kfreebsd', 'dragonfly', 'linux', 'sunos', 'android', 'managarm'].contains(host_machine.system()) or host_machine.system().startswith('linux') | ||
31 | |||
32 | gallium_drivers = get_option('gallium-drivers') | ||
33 | if gallium_drivers.contains('auto') | ||
34 | @@ -997,7 +997,7 @@ if cc.has_function('fmemopen') | ||
35 | endif | ||
36 | |||
37 | # TODO: this is very incomplete | ||
38 | -if ['linux', 'cygwin', 'gnu', 'freebsd', 'gnu/kfreebsd', 'haiku', 'android', 'managarm'].contains(host_machine.system()) | ||
39 | +if ['linux', 'cygwin', 'gnu', 'freebsd', 'gnu/kfreebsd', 'haiku', 'android', 'managarm'].contains(host_machine.system()) or host_machine.system().startswith('linux') | ||
40 | pre_args += '-D_GNU_SOURCE' | ||
41 | elif host_machine.system() == 'sunos' | ||
42 | pre_args += '-D__EXTENSIONS__' | ||
diff --git a/meta/recipes-graphics/mesa/mesa-gl_24.0.5.bb b/meta/recipes-graphics/mesa/mesa-gl_24.0.7.bb index ca160f1bfc..ca160f1bfc 100644 --- a/meta/recipes-graphics/mesa/mesa-gl_24.0.5.bb +++ b/meta/recipes-graphics/mesa/mesa-gl_24.0.7.bb | |||
diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index 77e9c80fcb..9157fe9c3f 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc | |||
@@ -15,14 +15,13 @@ LIC_FILES_CHKSUM = "file://docs/license.rst;md5=63779ec98d78d823a9dc533a0735ef10 | |||
15 | PE = "2" | 15 | PE = "2" |
16 | 16 | ||
17 | SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ | 17 | SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ |
18 | file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \ | ||
19 | file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ | 18 | file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ |
20 | file://0001-drisw-fix-build-without-dri3.patch \ | 19 | file://0001-drisw-fix-build-without-dri3.patch \ |
21 | file://0002-glxext-don-t-try-zink-if-not-enabled-in-mesa.patch \ | 20 | file://0002-glxext-don-t-try-zink-if-not-enabled-in-mesa.patch \ |
22 | file://0001-Revert-meson-do-not-pull-in-clc-for-clover.patch \ | 21 | file://0001-Revert-meson-do-not-pull-in-clc-for-clover.patch \ |
23 | " | 22 | " |
24 | 23 | ||
25 | SRC_URI[sha256sum] = "38cc245ca8faa3c69da6d2687f8906377001f63365348a62cc6f7fafb1e8c018" | 24 | SRC_URI[sha256sum] = "7454425f1ed4a6f1b5b107e1672b30c88b22ea0efea000ae2c7d96db93f6c26a" |
26 | 25 | ||
27 | UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" | 26 | UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)" |
28 | 27 | ||
@@ -91,7 +90,7 @@ PACKAGECONFIG = " \ | |||
91 | ${@bb.utils.contains('DISTRO_FEATURES', 'vulkan', 'zink', '', d)} \ | 90 | ${@bb.utils.contains('DISTRO_FEATURES', 'vulkan', 'zink', '', d)} \ |
92 | " | 91 | " |
93 | 92 | ||
94 | PACKAGECONFIG:append:class-native = "gallium-llvm r600" | 93 | PACKAGECONFIG:append:class-native = " gallium-llvm r600" |
95 | 94 | ||
96 | # "gbm" requires "opengl" | 95 | # "gbm" requires "opengl" |
97 | PACKAGECONFIG[gbm] = "-Dgbm=enabled,-Dgbm=disabled" | 96 | PACKAGECONFIG[gbm] = "-Dgbm=enabled,-Dgbm=disabled" |
diff --git a/meta/recipes-graphics/mesa/mesa_24.0.5.bb b/meta/recipes-graphics/mesa/mesa_24.0.7.bb index 96e8aa38d6..96e8aa38d6 100644 --- a/meta/recipes-graphics/mesa/mesa_24.0.5.bb +++ b/meta/recipes-graphics/mesa/mesa_24.0.7.bb | |||
diff --git a/meta/recipes-graphics/vulkan/vulkan-samples/0001-zstd.c-replace-FORCE_INLINE_TEMPLATE-with-inline.patch b/meta/recipes-graphics/vulkan/vulkan-samples/0001-zstd.c-replace-FORCE_INLINE_TEMPLATE-with-inline.patch new file mode 100644 index 0000000000..22538d4119 --- /dev/null +++ b/meta/recipes-graphics/vulkan/vulkan-samples/0001-zstd.c-replace-FORCE_INLINE_TEMPLATE-with-inline.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From a7bfe82a311c713b12bb83b8488574ad5c784f89 Mon Sep 17 00:00:00 2001 | ||
2 | From: Changqing Li <changqing.li@windriver.com> | ||
3 | Date: Tue, 9 Jul 2024 04:29:11 +0000 | ||
4 | Subject: [PATCH] zstd.c: replace FORCE_INLINE_TEMPLATE with inline | ||
5 | |||
6 | Refer [1], always-inline is not suggested to be used if you have indirect | ||
7 | +calls. so replace FORCE_INLINE_TEMPLATE with inline to fix error: | ||
8 | In function 'ZSTD_compressBlock_lazy_generic', | ||
9 | inlined from 'ZSTD_compressBlock_greedy' at TOPDIR/tmp-glibc/work/core2-32-wrs-linux/vulkan-samples/git/git/third_party/ktx/lib/basisu/zstd/zstd.c:21914:12: | ||
10 | TOPDIR/tmp-glibc/work/core2-32-wrs-linux/vulkan-samples/git/git/third_party/ktx/lib/basisu/zstd/zstd.c:21551:30: error: inlining failed in call to 'always_inline' 'ZSTD_HcFindBestMatch_selectMLS': function not considered for inlining | ||
11 | | FORCE_INLINE_TEMPLATE size_t ZSTD_HcFindBestMatch_selectMLS ( | ||
12 | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
13 | TOPDIR/tmp-glibc/work/core2-32-wrs-linux/vulkan-samples/git/git/third_party/ktx/lib/basisu/zstd/zstd.c:21736:32: note: called from here | ||
14 | | size_t const ml2 = searchMax(ms, ip, iend, &offsetFound); | ||
15 | |||
16 | Upstream-Status: Inappropriate [ Latest upstream ktx don't have this part code ] | ||
17 | |||
18 | Has report this issue to upstream Vulkan-Samples, refer [2] | ||
19 | |||
20 | [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107931 | ||
21 | [2] https://github.com/KhronosGroup/Vulkan-Samples/issues/1089 | ||
22 | |||
23 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
24 | --- | ||
25 | lib/basisu/zstd/zstd.c | 4 ++-- | ||
26 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
27 | |||
28 | diff --git a/lib/basisu/zstd/zstd.c b/lib/basisu/zstd/zstd.c | ||
29 | index eaf13738..423f149e 100644 | ||
30 | --- a/lib/basisu/zstd/zstd.c | ||
31 | +++ b/lib/basisu/zstd/zstd.c | ||
32 | @@ -21548,7 +21548,7 @@ size_t ZSTD_HcFindBestMatch_generic ( | ||
33 | } | ||
34 | |||
35 | |||
36 | -FORCE_INLINE_TEMPLATE size_t ZSTD_HcFindBestMatch_selectMLS ( | ||
37 | +static inline size_t ZSTD_HcFindBestMatch_selectMLS ( | ||
38 | ZSTD_matchState_t* ms, | ||
39 | const BYTE* ip, const BYTE* const iLimit, | ||
40 | size_t* offsetPtr) | ||
41 | @@ -21596,7 +21596,7 @@ static size_t ZSTD_HcFindBestMatch_dedicatedDictSearch_selectMLS ( | ||
42 | } | ||
43 | |||
44 | |||
45 | -FORCE_INLINE_TEMPLATE size_t ZSTD_HcFindBestMatch_extDict_selectMLS ( | ||
46 | +static inline size_t ZSTD_HcFindBestMatch_extDict_selectMLS ( | ||
47 | ZSTD_matchState_t* ms, | ||
48 | const BYTE* ip, const BYTE* const iLimit, | ||
49 | size_t* offsetPtr) | ||
50 | -- | ||
51 | 2.44.0 | ||
52 | |||
diff --git a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb index d60c0f3190..4e688e44a7 100644 --- a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb +++ b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb | |||
@@ -10,6 +10,7 @@ SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=main;protoc | |||
10 | file://0001-Do-not-use-LFS64-functions-on-linux-musl.patch;patchdir=third_party/spdlog \ | 10 | file://0001-Do-not-use-LFS64-functions-on-linux-musl.patch;patchdir=third_party/spdlog \ |
11 | file://0001-Deprecate-u8string_view.patch;patchdir=third_party/spdlog \ | 11 | file://0001-Deprecate-u8string_view.patch;patchdir=third_party/spdlog \ |
12 | file://32bit.patch \ | 12 | file://32bit.patch \ |
13 | file://0001-zstd.c-replace-FORCE_INLINE_TEMPLATE-with-inline.patch;patchdir=third_party/ktx \ | ||
13 | " | 14 | " |
14 | 15 | ||
15 | UPSTREAM_CHECK_COMMITS = "1" | 16 | UPSTREAM_CHECK_COMMITS = "1" |
diff --git a/meta/recipes-graphics/wayland/weston-init.bb b/meta/recipes-graphics/wayland/weston-init.bb index 024e400665..34b7eb78d2 100644 --- a/meta/recipes-graphics/wayland/weston-init.bb +++ b/meta/recipes-graphics/wayland/weston-init.bb | |||
@@ -83,7 +83,7 @@ USERADD_PACKAGES = "${PN}" | |||
83 | # | 83 | # |
84 | require ${THISDIR}/required-distro-features.inc | 84 | require ${THISDIR}/required-distro-features.inc |
85 | 85 | ||
86 | RDEPENDS:${PN} = "weston kbd" | 86 | RDEPENDS:${PN} = "weston kbd ${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'weston-xwayland', '', d)}" |
87 | 87 | ||
88 | INITSCRIPT_NAME = "weston" | 88 | INITSCRIPT_NAME = "weston" |
89 | INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ." | 89 | INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ." |
diff --git a/meta/recipes-graphics/wayland/weston/0001-libweston-tools-Include-libgen.h-for-basename-signat.patch b/meta/recipes-graphics/wayland/weston/0001-libweston-tools-Include-libgen.h-for-basename-signat.patch index 1d281fa832..fbec9f9d4e 100644 --- a/meta/recipes-graphics/wayland/weston/0001-libweston-tools-Include-libgen.h-for-basename-signat.patch +++ b/meta/recipes-graphics/wayland/weston/0001-libweston-tools-Include-libgen.h-for-basename-signat.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 2b53236ac637dfa7fb0f438f7391a73f6ef92a06 Mon Sep 17 00:00:00 2001 | 1 | From e050830898ea37d30ef1c5339cb1665bdb92dcdc Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
3 | Date: Thu, 14 Dec 2023 09:13:54 -0800 | 3 | Date: Thu, 14 Dec 2023 09:13:54 -0800 |
4 | Subject: [PATCH] libweston,tools: Include libgen.h for basename signature | 4 | Subject: [PATCH] libweston,tools: Include libgen.h for basename signature |
@@ -20,7 +20,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> | |||
20 | 2 files changed, 2 insertions(+) | 20 | 2 files changed, 2 insertions(+) |
21 | 21 | ||
22 | diff --git a/libweston/backend-drm/libbacklight.c b/libweston/backend-drm/libbacklight.c | 22 | diff --git a/libweston/backend-drm/libbacklight.c b/libweston/backend-drm/libbacklight.c |
23 | index ca7f2d68..74690fa7 100644 | 23 | index ca7f2d6..74690fa 100644 |
24 | --- a/libweston/backend-drm/libbacklight.c | 24 | --- a/libweston/backend-drm/libbacklight.c |
25 | +++ b/libweston/backend-drm/libbacklight.c | 25 | +++ b/libweston/backend-drm/libbacklight.c |
26 | @@ -41,6 +41,7 @@ | 26 | @@ -41,6 +41,7 @@ |
@@ -30,19 +30,16 @@ index ca7f2d68..74690fa7 100644 | |||
30 | +#include <libgen.h> | 30 | +#include <libgen.h> |
31 | #include <string.h> | 31 | #include <string.h> |
32 | #include <errno.h> | 32 | #include <errno.h> |
33 | 33 | ||
34 | diff --git a/tools/zunitc/src/zunitc_impl.c b/tools/zunitc/src/zunitc_impl.c | 34 | diff --git a/tools/zunitc/src/zunitc_impl.c b/tools/zunitc/src/zunitc_impl.c |
35 | index 18f03015..9b460fa0 100644 | 35 | index 18f0301..9b460fa 100644 |
36 | --- a/tools/zunitc/src/zunitc_impl.c | 36 | --- a/tools/zunitc/src/zunitc_impl.c |
37 | +++ b/tools/zunitc/src/zunitc_impl.c | 37 | +++ b/tools/zunitc/src/zunitc_impl.c |
38 | @@ -27,6 +27,7 @@ | 38 | @@ -27,6 +27,7 @@ |
39 | 39 | ||
40 | #include <errno.h> | 40 | #include <errno.h> |
41 | #include <fcntl.h> | 41 | #include <fcntl.h> |
42 | +#include <libgen.h> | 42 | +#include <libgen.h> |
43 | #include <stdarg.h> | 43 | #include <stdarg.h> |
44 | #include <stdbool.h> | 44 | #include <stdbool.h> |
45 | #include <stdio.h> | 45 | #include <stdio.h> |
46 | -- | ||
47 | 2.43.0 | ||
48 | |||
diff --git a/meta/recipes-graphics/wayland/weston_13.0.0.bb b/meta/recipes-graphics/wayland/weston_13.0.1.bb index b728bd0ef3..dd9517a4dd 100644 --- a/meta/recipes-graphics/wayland/weston_13.0.0.bb +++ b/meta/recipes-graphics/wayland/weston_13.0.1.bb | |||
@@ -14,7 +14,7 @@ SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downlo | |||
14 | file://systemd-notify.weston-start \ | 14 | file://systemd-notify.weston-start \ |
15 | " | 15 | " |
16 | 16 | ||
17 | SRC_URI[sha256sum] = "52ff1d4aa2394a2e416c85a338b627ce97fa71d43eb762fd4aaf145d36fc795a" | 17 | SRC_URI[sha256sum] = "ea1566ab4f5ffce7e9fd4f7a1fca5b30caae4d50023bf459213994094e02b29a" |
18 | 18 | ||
19 | UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/wayland/weston/-/tags" | 19 | UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/wayland/weston/-/tags" |
20 | UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)" | 20 | UPSTREAM_CHECK_REGEX = "weston-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)" |
diff --git a/meta/recipes-graphics/xorg-lib/pixman/0001-pixman-combine-float.c-fix-inlining-failed-in-call-t.patch b/meta/recipes-graphics/xorg-lib/pixman/0001-pixman-combine-float.c-fix-inlining-failed-in-call-t.patch new file mode 100644 index 0000000000..5c79754e50 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/pixman/0001-pixman-combine-float.c-fix-inlining-failed-in-call-t.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From 1e32984ccd58da1a66ca918d170a6b1829ef9df2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Changqing Li <changqing.li@windriver.com> | ||
3 | Date: Tue, 16 Jul 2024 15:31:16 +0800 | ||
4 | Subject: [PATCH] pixman-combine-float.c: fix inlining failed in call to | ||
5 | always_inline | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | Refer [1], always-inline is not suggested to be used if you have indirect | ||
11 | calls. so replace force_inline with inline to fix error: | ||
12 | In function ‘combine_inner’, | ||
13 | inlined from ‘combine_soft_light_ca_float’ at ../pixman/pixman-combine-float.c:655:511: | ||
14 | ../pixman/pixman-combine-float.c:655:211: error: inlining failed in call to ‘always_inline’ ‘combine_soft_light_c’: function not considered for inlining | ||
15 | |||
16 | [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115679 | ||
17 | |||
18 | Upstream-Status: Submitted [https://www.mail-archive.com/pixman@lists.freedesktop.org/msg04812.html] | ||
19 | |||
20 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
21 | --- | ||
22 | pixman/pixman-combine-float.c | 6 +++--- | ||
23 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
24 | |||
25 | diff --git a/pixman/pixman-combine-float.c b/pixman/pixman-combine-float.c | ||
26 | index f5145bc..f65eb5f 100644 | ||
27 | --- a/pixman/pixman-combine-float.c | ||
28 | +++ b/pixman/pixman-combine-float.c | ||
29 | @@ -261,7 +261,7 @@ get_factor (combine_factor_t factor, float sa, float da) | ||
30 | } | ||
31 | |||
32 | #define MAKE_PD_COMBINERS(name, a, b) \ | ||
33 | - static float force_inline \ | ||
34 | + static float inline \ | ||
35 | pd_combine_ ## name (float sa, float s, float da, float d) \ | ||
36 | { \ | ||
37 | const float fa = get_factor (a, sa, da); \ | ||
38 | @@ -360,13 +360,13 @@ MAKE_PD_COMBINERS (conjoint_xor, ONE_MINUS_DA_OVER_SA, ONE_MINUS_SA_OVER_DA) | ||
39 | */ | ||
40 | |||
41 | #define MAKE_SEPARABLE_PDF_COMBINERS(name) \ | ||
42 | - static force_inline float \ | ||
43 | + static inline float \ | ||
44 | combine_ ## name ## _a (float sa, float s, float da, float d) \ | ||
45 | { \ | ||
46 | return da + sa - da * sa; \ | ||
47 | } \ | ||
48 | \ | ||
49 | - static force_inline float \ | ||
50 | + static inline float \ | ||
51 | combine_ ## name ## _c (float sa, float s, float da, float d) \ | ||
52 | { \ | ||
53 | float f = (1 - sa) * d + (1 - da) * s; \ | ||
54 | -- | ||
55 | 2.25.1 | ||
56 | |||
diff --git a/meta/recipes-graphics/xorg-lib/pixman_0.42.2.bb b/meta/recipes-graphics/xorg-lib/pixman_0.42.2.bb index 23ae0cbb27..3c55c1705a 100644 --- a/meta/recipes-graphics/xorg-lib/pixman_0.42.2.bb +++ b/meta/recipes-graphics/xorg-lib/pixman_0.42.2.bb | |||
@@ -9,6 +9,7 @@ DEPENDS = "zlib" | |||
9 | 9 | ||
10 | SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \ | 10 | SRC_URI = "https://www.cairographics.org/releases/${BP}.tar.gz \ |
11 | file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \ | 11 | file://0001-ARM-qemu-related-workarounds-in-cpu-features-detecti.patch \ |
12 | file://0001-pixman-combine-float.c-fix-inlining-failed-in-call-t.patch \ | ||
12 | " | 13 | " |
13 | SRC_URI[sha256sum] = "ea1480efada2fd948bc75366f7c349e1c96d3297d09a3fe62626e38e234a625e" | 14 | SRC_URI[sha256sum] = "ea1480efada2fd948bc75366f7c349e1c96d3297d09a3fe62626e38e234a625e" |
14 | 15 | ||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 22f7d9a8ad..e2754426cf 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | |||
@@ -176,4 +176,4 @@ python populate_packages:prepend() { | |||
176 | d.appendVar("RPROVIDES:" + pn, " " + get_abi("video")) | 176 | d.appendVar("RPROVIDES:" + pn, " " + get_abi("video")) |
177 | } | 177 | } |
178 | 178 | ||
179 | CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', '', 'not-applicable-config: specific to Xvfb', d)}" | 179 | CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', 'unpatched', 'not-applicable-config: specific to Xvfb', d)}" |
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch index 11d5546537..e9cbc9b4da 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From ce3b8a230a3805c9b557c1f106795675bd034860 Mon Sep 17 00:00:00 2001 | 1 | From cedc797e1a0850039a25b7e387b342e54fffcc97 Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
3 | Date: Mon, 17 Aug 2020 10:50:51 -0700 | 3 | Date: Mon, 17 Aug 2020 10:50:51 -0700 |
4 | Subject: [PATCH] Avoid duplicate definitions of IOPortBase | 4 | Subject: [PATCH] Avoid duplicate definitions of IOPortBase |
@@ -10,7 +10,6 @@ compiler.h:528: multiple definition of `IOPortBase'; | |||
10 | 10 | ||
11 | Upstream-Status: Pending | 11 | Upstream-Status: Pending |
12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
13 | |||
14 | --- | 13 | --- |
15 | hw/xfree86/os-support/linux/lnx_video.c | 1 + | 14 | hw/xfree86/os-support/linux/lnx_video.c | 1 + |
16 | 1 file changed, 1 insertion(+) | 15 | 1 file changed, 1 insertion(+) |
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch index d05eec5bb9..d1516c2f52 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From d77cdc5e1eee26821ab98c947abea53fb7b18fe5 Mon Sep 17 00:00:00 2001 | 1 | From ad8967de36e6e2a185b71ce1d701448cda4ef3e2 Mon Sep 17 00:00:00 2001 |
2 | From: California Sullivan <california.l.sullivan@intel.com> | 2 | From: California Sullivan <california.l.sullivan@intel.com> |
3 | Date: Fri, 16 Mar 2018 17:23:11 -0700 | 3 | Date: Fri, 16 Mar 2018 17:23:11 -0700 |
4 | Subject: [PATCH] xf86pciBus.c: use Intel ddx only for pre-gen4 hardware | 4 | Subject: [PATCH] xf86pciBus.c: use Intel ddx only for pre-gen4 hardware |
@@ -20,10 +20,10 @@ Signed-off-by: California Sullivan <california.l.sullivan@intel.com> | |||
20 | 1 file changed, 17 insertions(+), 1 deletion(-) | 20 | 1 file changed, 17 insertions(+), 1 deletion(-) |
21 | 21 | ||
22 | diff --git a/hw/xfree86/common/xf86pciBus.c b/hw/xfree86/common/xf86pciBus.c | 22 | diff --git a/hw/xfree86/common/xf86pciBus.c b/hw/xfree86/common/xf86pciBus.c |
23 | index e61ae0cd4..d70c99197 100644 | 23 | index aeeed8b..db705bf 100644 |
24 | --- a/hw/xfree86/common/xf86pciBus.c | 24 | --- a/hw/xfree86/common/xf86pciBus.c |
25 | +++ b/hw/xfree86/common/xf86pciBus.c | 25 | +++ b/hw/xfree86/common/xf86pciBus.c |
26 | @@ -1173,7 +1173,23 @@ xf86VideoPtrToDriverList(struct pci_device *dev, | 26 | @@ -1174,7 +1174,23 @@ xf86VideoPtrToDriverList(struct pci_device *dev, XF86MatchedDrivers *md) |
27 | case 0x0bef: | 27 | case 0x0bef: |
28 | /* Use fbdev/vesa driver on Oaktrail, Medfield, CDV */ | 28 | /* Use fbdev/vesa driver on Oaktrail, Medfield, CDV */ |
29 | break; | 29 | break; |
@@ -48,6 +48,3 @@ index e61ae0cd4..d70c99197 100644 | |||
48 | driverList[0] = "intel"; | 48 | driverList[0] = "intel"; |
49 | break; | 49 | break; |
50 | } | 50 | } |
51 | -- | ||
52 | 2.14.3 | ||
53 | |||
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.13.bb index 570e08d5ae..1f18c22fa8 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.13.bb | |||
@@ -3,7 +3,7 @@ require xserver-xorg.inc | |||
3 | SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ | 3 | SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \ |
4 | file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ | 4 | file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \ |
5 | " | 5 | " |
6 | SRC_URI[sha256sum] = "1e016e2be1b5ccdd65eac3ea08e54bd13ce8f4f6c3fb32ad6fdac4e71729a90f" | 6 | SRC_URI[sha256sum] = "b45a02d5943f72236a360d3cc97e75134aa4f63039ff88c04686b508a3dc740c" |
7 | 7 | ||
8 | # These extensions are now integrated into the server, so declare the migration | 8 | # These extensions are now integrated into the server, so declare the migration |
9 | # path for in-place upgrades. | 9 | # path for in-place upgrades. |
diff --git a/meta/recipes-kernel/kexec/kexec-tools/0003-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch b/meta/recipes-kernel/kexec/kexec-tools/0003-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch index e874a8b4f1..489b109285 100644 --- a/meta/recipes-kernel/kexec/kexec-tools/0003-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch +++ b/meta/recipes-kernel/kexec/kexec-tools/0003-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch | |||
@@ -8,7 +8,7 @@ is used by MMU, the "SECTION_SIZE" is defined with | |||
8 | (1 << 21), but 'add_buffer_phys_virt()' hardcode this | 8 | (1 << 21), but 'add_buffer_phys_virt()' hardcode this |
9 | to (1 << 20). | 9 | to (1 << 20). |
10 | 10 | ||
11 | Upstream-Status: Pending | 11 | Upstream-Status: Submitted [via email to horms@kernel.org,http://lists.infradead.org/pipermail/kexec/2024-April/029903.html] |
12 | 12 | ||
13 | Suggested-By:fredrik.markstrom@gmail.com | 13 | Suggested-By:fredrik.markstrom@gmail.com |
14 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | 14 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> |
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb index ff79bb9b33..5819d9287c 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb | |||
@@ -322,7 +322,7 @@ PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \ | |||
322 | ${PN}-cnm-license ${PN}-cnm \ | 322 | ${PN}-cnm-license ${PN}-cnm \ |
323 | ${PN}-atheros-license ${PN}-ar5523 ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ | 323 | ${PN}-atheros-license ${PN}-ar5523 ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \ |
324 | ${PN}-carl9170 \ | 324 | ${PN}-carl9170 \ |
325 | ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \ | 325 | ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-ath12k ${PN}-qca \ |
326 | \ | 326 | \ |
327 | ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \ | 327 | ${PN}-imx-sdma-license ${PN}-imx-sdma-imx6q ${PN}-imx-sdma-imx7d \ |
328 | \ | 328 | \ |
@@ -487,6 +487,11 @@ FILES:${PN}-ath11k = " \ | |||
487 | ${nonarch_base_libdir}/firmware/ath11k \ | 487 | ${nonarch_base_libdir}/firmware/ath11k \ |
488 | " | 488 | " |
489 | 489 | ||
490 | FILES:${PN}-ath12k = " \ | ||
491 | ${nonarch_base_libdir}/firmware/ath12k \ | ||
492 | " | ||
493 | RDEPENDS:${PN} += "${PN}-ath12k" | ||
494 | |||
490 | FILES:${PN}-qca = " \ | 495 | FILES:${PN}-qca = " \ |
491 | ${nonarch_base_libdir}/firmware/qca \ | 496 | ${nonarch_base_libdir}/firmware/qca \ |
492 | " | 497 | " |
@@ -494,6 +499,7 @@ FILES:${PN}-qca = " \ | |||
494 | RDEPENDS:${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license" | 499 | RDEPENDS:${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license" |
495 | RDEPENDS:${PN}-ath10k += "${PN}-ath10k-license" | 500 | RDEPENDS:${PN}-ath10k += "${PN}-ath10k-license" |
496 | RDEPENDS:${PN}-ath11k += "${PN}-ath10k-license" | 501 | RDEPENDS:${PN}-ath11k += "${PN}-ath10k-license" |
502 | RDEPENDS:${PN}-ath12k += "${PN}-ath10k-license" | ||
497 | RDEPENDS:${PN}-qca += "${PN}-ath10k-license" | 503 | RDEPENDS:${PN}-qca += "${PN}-ath10k-license" |
498 | 504 | ||
499 | # For ralink | 505 | # For ralink |
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index 9f1f03ac53..32a0701edf 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc | |||
@@ -1,14 +1,14 @@ | |||
1 | 1 | ||
2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. | 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. |
3 | # Generated at 2024-05-02 12:41:43.351358+00:00 for version 6.6.29 | 3 | # Generated at 2024-06-06 20:41:33.044442+00:00 for version 6.6.32 |
4 | 4 | ||
5 | python check_kernel_cve_status_version() { | 5 | #python check_kernel_cve_status_version() { |
6 | this_version = "6.6.29" | 6 | # this_version = "6.6.29" |
7 | kernel_version = d.getVar("LINUX_VERSION") | 7 | # kernel_version = d.getVar("LINUX_VERSION") |
8 | if kernel_version != this_version: | 8 | # if kernel_version != this_version: |
9 | bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) | 9 | # bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) |
10 | } | 10 | #} |
11 | do_cve_check[prefuncs] += "check_kernel_cve_status_version" | 11 | #do_cve_check[prefuncs] += "check_kernel_cve_status_version" |
12 | 12 | ||
13 | CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed from version 2.6.12rc2" | 13 | CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed from version 2.6.12rc2" |
14 | 14 | ||
diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index fafab475f3..7724967151 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb | |||
@@ -134,6 +134,7 @@ do_install() { | |||
134 | rm -f $kerneldir/build/include/generated/.vdso-offsets.h.cmd | 134 | rm -f $kerneldir/build/include/generated/.vdso-offsets.h.cmd |
135 | rm -f $kerneldir/build/include/generated/.compat_vdso-offsets.h.cmd | 135 | rm -f $kerneldir/build/include/generated/.compat_vdso-offsets.h.cmd |
136 | rm -f $kerneldir/build/include/generated/.vdso32-offsets.h.cmd | 136 | rm -f $kerneldir/build/include/generated/.vdso32-offsets.h.cmd |
137 | rm -f $kerneldir/build/include/generated/.vdso64-offsets.h.cmd | ||
137 | ) | 138 | ) |
138 | 139 | ||
139 | # now grab the chunks from the source tree that we need | 140 | # now grab the chunks from the source tree that we need |
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index f8d47a9dba..2c8725f27a 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb | |||
@@ -14,13 +14,13 @@ python () { | |||
14 | raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") | 14 | raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") |
15 | } | 15 | } |
16 | 16 | ||
17 | SRCREV_machine ?= "59b2635b04e2ef8162e52f82e848b81073cea708" | 17 | SRCREV_machine ?= "f1958988835e4b36462e9a7762001b695989288c" |
18 | SRCREV_meta ?= "66bebb6789d02e775d4c93d7ca4bf79c2ead4b28" | 18 | SRCREV_meta ?= "c82d4e5d08201d0259c29a4d15ce1e72fc63c65f" |
19 | 19 | ||
20 | SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ | 20 | SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ |
21 | git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" | 21 | git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" |
22 | 22 | ||
23 | LINUX_VERSION ?= "6.6.32" | 23 | LINUX_VERSION ?= "6.6.50" |
24 | 24 | ||
25 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" | 25 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" |
26 | 26 | ||
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 7378a37521..ce20fbc07d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb | |||
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc | |||
8 | # CVE exclusions | 8 | # CVE exclusions |
9 | include recipes-kernel/linux/cve-exclusion_6.6.inc | 9 | include recipes-kernel/linux/cve-exclusion_6.6.inc |
10 | 10 | ||
11 | LINUX_VERSION ?= "6.6.32" | 11 | LINUX_VERSION ?= "6.6.50" |
12 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" | 12 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" |
13 | 13 | ||
14 | DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" | 14 | DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" |
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" | |||
17 | KMETA = "kernel-meta" | 17 | KMETA = "kernel-meta" |
18 | KCONF_BSP_AUDIT_LEVEL = "2" | 18 | KCONF_BSP_AUDIT_LEVEL = "2" |
19 | 19 | ||
20 | SRCREV_machine ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 20 | SRCREV_machine ?= "10604010520101e717ca658ada47b394a46e1539" |
21 | SRCREV_meta ?= "66bebb6789d02e775d4c93d7ca4bf79c2ead4b28" | 21 | SRCREV_meta ?= "c82d4e5d08201d0259c29a4d15ce1e72fc63c65f" |
22 | 22 | ||
23 | PV = "${LINUX_VERSION}+git" | 23 | PV = "${LINUX_VERSION}+git" |
24 | 24 | ||
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index b64ac78fd1..b871b30157 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb | |||
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" | |||
18 | KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" | 18 | KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" |
19 | KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" | 19 | KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" |
20 | 20 | ||
21 | SRCREV_machine:qemuarm ?= "6e4ec0ec5052e3a107ec7e5977ea9282d3642ea7" | 21 | SRCREV_machine:qemuarm ?= "36f604ad9d400626d19666688399af0d0ae93e53" |
22 | SRCREV_machine:qemuarm64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 22 | SRCREV_machine:qemuarm64 ?= "10604010520101e717ca658ada47b394a46e1539" |
23 | SRCREV_machine:qemuloongarch64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 23 | SRCREV_machine:qemuloongarch64 ?= "10604010520101e717ca658ada47b394a46e1539" |
24 | SRCREV_machine:qemumips ?= "cab976b23497344b74b7e4cbcb5df732f8630150" | 24 | SRCREV_machine:qemumips ?= "8ca27eda30aa6ceb72b61c784ebb057de07201ae" |
25 | SRCREV_machine:qemuppc ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 25 | SRCREV_machine:qemuppc ?= "10604010520101e717ca658ada47b394a46e1539" |
26 | SRCREV_machine:qemuriscv64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 26 | SRCREV_machine:qemuriscv64 ?= "10604010520101e717ca658ada47b394a46e1539" |
27 | SRCREV_machine:qemuriscv32 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 27 | SRCREV_machine:qemuriscv32 ?= "10604010520101e717ca658ada47b394a46e1539" |
28 | SRCREV_machine:qemux86 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 28 | SRCREV_machine:qemux86 ?= "10604010520101e717ca658ada47b394a46e1539" |
29 | SRCREV_machine:qemux86-64 ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 29 | SRCREV_machine:qemux86-64 ?= "10604010520101e717ca658ada47b394a46e1539" |
30 | SRCREV_machine:qemumips64 ?= "aa0c0197b3a0628992e959708a2ad015603e93ad" | 30 | SRCREV_machine:qemumips64 ?= "72b65c64c2fd2b4d252b4a93642acc268ca2f006" |
31 | SRCREV_machine ?= "9576b5b9f8e3c78e6c315f475def18e5c29e475a" | 31 | SRCREV_machine ?= "10604010520101e717ca658ada47b394a46e1539" |
32 | SRCREV_meta ?= "66bebb6789d02e775d4c93d7ca4bf79c2ead4b28" | 32 | SRCREV_meta ?= "c82d4e5d08201d0259c29a4d15ce1e72fc63c65f" |
33 | 33 | ||
34 | # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll | 34 | # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll |
35 | # get the <version>/base branch, which is pure upstream -stable, and the same | 35 | # get the <version>/base branch, which is pure upstream -stable, and the same |
36 | # meta SRCREV as the linux-yocto-standard builds. Select your version using the | 36 | # meta SRCREV as the linux-yocto-standard builds. Select your version using the |
37 | # normal PREFERRED_VERSION settings. | 37 | # normal PREFERRED_VERSION settings. |
38 | BBCLASSEXTEND = "devupstream:target" | 38 | BBCLASSEXTEND = "devupstream:target" |
39 | SRCREV_machine:class-devupstream ?= "91de249b6804473d49984030836381c3b9b3cfb0" | 39 | SRCREV_machine:class-devupstream ?= "ad07a29023cebd40848fce81e6732d671ede5fe6" |
40 | PN:class-devupstream = "linux-yocto-upstream" | 40 | PN:class-devupstream = "linux-yocto-upstream" |
41 | KBRANCH:class-devupstream = "v6.6/base" | 41 | KBRANCH:class-devupstream = "v6.6/base" |
42 | 42 | ||
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA | |||
44 | git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" | 44 | git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" |
45 | 45 | ||
46 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" | 46 | LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" |
47 | LINUX_VERSION ?= "6.6.32" | 47 | LINUX_VERSION ?= "6.6.50" |
48 | 48 | ||
49 | PV = "${LINUX_VERSION}+git" | 49 | PV = "${LINUX_VERSION}+git" |
50 | 50 | ||
@@ -64,6 +64,8 @@ KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc" | |||
64 | KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}" | 64 | KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}" |
65 | KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc features/nf_tables/nft_test.scc", "", d)}" | 65 | KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc features/nf_tables/nft_test.scc", "", d)}" |
66 | KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc features/gpio/sim.scc", "", d)}" | 66 | KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc features/gpio/sim.scc", "", d)}" |
67 | # libteam ptests from meta-oe needs it | ||
68 | KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/net/team/team.scc", "", d)}" | ||
67 | KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc" | 69 | KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc" |
68 | KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc" | 70 | KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc" |
69 | KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc" | 71 | KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc" |
diff --git a/meta/recipes-kernel/systemtap/systemtap/0001-elaborate.cxx-gcc-version-compatibility-hack-redux.patch b/meta/recipes-kernel/systemtap/systemtap/0001-elaborate.cxx-gcc-version-compatibility-hack-redux.patch new file mode 100644 index 0000000000..0c2888400d --- /dev/null +++ b/meta/recipes-kernel/systemtap/systemtap/0001-elaborate.cxx-gcc-version-compatibility-hack-redux.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From 91caf37e4dfe862f9b68447b1597c0d0f31523c3 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Frank Ch. Eigler" <fche@redhat.com> | ||
3 | Date: Tue, 7 May 2024 15:04:04 -0400 | ||
4 | Subject: [PATCH] elaborate.cxx: gcc version compatibility hack redux | ||
5 | |||
6 | Note __GNUC__ >= 14 for this diagnostic. | ||
7 | |||
8 | Upstream-Status: Backport [https://sourceware.org/git/?p=systemtap.git;a=commit;h=91caf37e4dfe862f9b68447b1597c0d0f31523c3] | ||
9 | Signed-off-by: Victor Kamensky <victor.kamensky7@gmail.com> | ||
10 | --- | ||
11 | elaborate.cxx | 2 ++ | ||
12 | 1 file changed, 2 insertions(+) | ||
13 | |||
14 | diff --git a/elaborate.cxx b/elaborate.cxx | ||
15 | index 88505559b..c08023f1d 100644 | ||
16 | --- a/elaborate.cxx | ||
17 | +++ b/elaborate.cxx | ||
18 | @@ -2656,9 +2656,11 @@ symresolution_info::symresolution_info (systemtap_session& s, bool omniscient_un | ||
19 | session (s), unmangled_p(omniscient_unmangled), current_function (0), current_probe (0) | ||
20 | { | ||
21 | #pragma GCC diagnostic push | ||
22 | + #if __GNUC__ >= 14 | ||
23 | // c10s early snapshot GCC complains about this construct, which is | ||
24 | // made safe via our dtor usage | ||
25 | #pragma GCC diagnostic ignored "-Wdangling-pointer" | ||
26 | + #endif | ||
27 | saved_session_symbol_resolver = s.symbol_resolver; | ||
28 | s.symbol_resolver = this; // save resolver for early PR25841 function resolution | ||
29 | #pragma GCC diagnostic pop | ||
30 | -- | ||
31 | 2.45.2 | ||
32 | |||
diff --git a/meta/recipes-kernel/systemtap/systemtap/0001-elaborate.cxx-gcc-version-compatibility-hack.patch b/meta/recipes-kernel/systemtap/systemtap/0001-elaborate.cxx-gcc-version-compatibility-hack.patch new file mode 100644 index 0000000000..7cdcc93f14 --- /dev/null +++ b/meta/recipes-kernel/systemtap/systemtap/0001-elaborate.cxx-gcc-version-compatibility-hack.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From d11241bdd05bc4c745c8aef53a2725331e1a93b4 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Frank Ch. Eigler" <fche@redhat.com> | ||
3 | Date: Tue, 7 May 2024 14:25:12 -0400 | ||
4 | Subject: [PATCH] elaborate.cxx: gcc version compatibility hack | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Suppress -Wdangling-pointer for a construct that appears valid, but | ||
10 | one particular GCC snapshot version complains about. | ||
11 | |||
12 | In constructor ‘symresolution_info::symresolution_info(systemtap_session&, bool)’, | ||
13 | inlined from ‘int semantic_pass_symbols(systemtap_session&)’ at ../systemtap/elaborate.cxx:1872:28: | ||
14 | ../systemtap/elaborate.cxx:2659:21: error: storing the address of local variable ‘sym’ in ‘*s.systemtap_session::symbol_resolver’ [-Werror=dangling-pointer=] | ||
15 | 2659 | s.symbol_resolver = this; // save resolver for early PR25841 function resolution | ||
16 | | ~~~~~~~~~~~~~~~~~~^~~~~~ | ||
17 | ../systemtap/elaborate.cxx: In function ‘int semantic_pass_symbols(systemtap_session&)’: | ||
18 | ../systemtap/elaborate.cxx:1872:22: note: ‘sym’ declared here | ||
19 | 1872 | symresolution_info sym (s); | ||
20 | | ^~~ | ||
21 | ../systemtap/elaborate.cxx:1870:43: note: ‘s’ declared here | ||
22 | 1870 | semantic_pass_symbols (systemtap_session& s) | ||
23 | | ~~~~~~~~~~~~~~~~~~~^ | ||
24 | cc1plus: all warnings being treated as errors | ||
25 | |||
26 | Upstream-Status: Backport [https://sourceware.org/git/?p=systemtap.git;a=commit;h=d11241bdd05bc4c745c8aef53a2725331e1a93b4] | ||
27 | Signed-off-by: Victor Kamensky <victor.kamensky7@gmail.com> | ||
28 | --- | ||
29 | elaborate.cxx | 5 +++++ | ||
30 | 1 file changed, 5 insertions(+) | ||
31 | |||
32 | diff --git a/elaborate.cxx b/elaborate.cxx | ||
33 | index 8bf9e6c06..88505559b 100644 | ||
34 | --- a/elaborate.cxx | ||
35 | +++ b/elaborate.cxx | ||
36 | @@ -2655,8 +2655,13 @@ semantic_pass (systemtap_session& s) | ||
37 | symresolution_info::symresolution_info (systemtap_session& s, bool omniscient_unmangled): | ||
38 | session (s), unmangled_p(omniscient_unmangled), current_function (0), current_probe (0) | ||
39 | { | ||
40 | + #pragma GCC diagnostic push | ||
41 | + // c10s early snapshot GCC complains about this construct, which is | ||
42 | + // made safe via our dtor usage | ||
43 | + #pragma GCC diagnostic ignored "-Wdangling-pointer" | ||
44 | saved_session_symbol_resolver = s.symbol_resolver; | ||
45 | s.symbol_resolver = this; // save resolver for early PR25841 function resolution | ||
46 | + #pragma GCC diagnostic pop | ||
47 | } | ||
48 | |||
49 | |||
50 | -- | ||
51 | 2.45.2 | ||
52 | |||
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.inc b/meta/recipes-kernel/systemtap/systemtap_git.inc index c574bcb2ba..7cbc0fcbb4 100644 --- a/meta/recipes-kernel/systemtap/systemtap_git.inc +++ b/meta/recipes-kernel/systemtap/systemtap_git.inc | |||
@@ -12,6 +12,8 @@ SRC_URI = "git://sourceware.org/git/systemtap.git;branch=master;protocol=https \ | |||
12 | file://0001-configure.ac-fix-broken-libdebuginfod-library-auto-d.patch \ | 12 | file://0001-configure.ac-fix-broken-libdebuginfod-library-auto-d.patch \ |
13 | file://0001-bpf-translate.cxx-fix-build-against-upcoming-gcc-14-.patch \ | 13 | file://0001-bpf-translate.cxx-fix-build-against-upcoming-gcc-14-.patch \ |
14 | file://0001-staprun-fix-build-against-upcoming-gcc-14-Werror-cal.patch \ | 14 | file://0001-staprun-fix-build-against-upcoming-gcc-14-Werror-cal.patch \ |
15 | file://0001-elaborate.cxx-gcc-version-compatibility-hack.patch \ | ||
16 | file://0001-elaborate.cxx-gcc-version-compatibility-hack-redux.patch \ | ||
15 | " | 17 | " |
16 | 18 | ||
17 | COMPATIBLE_HOST = '(x86_64|i.86|powerpc|arm|aarch64|microblazeel|mips|riscv64).*-linux' | 19 | COMPATIBLE_HOST = '(x86_64|i.86|powerpc|arm|aarch64|microblazeel|mips|riscv64).*-linux' |
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb index 8fde236ab4..daf5e6dfcd 100644 --- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb +++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb | |||
@@ -5,7 +5,7 @@ LICENSE = "ISC" | |||
5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" | 5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c" |
6 | 6 | ||
7 | SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" | 7 | SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz" |
8 | SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55" | 8 | SRC_URI[sha256sum] = "9832a14e1be24abff7be30dee3c9a1afb5fdfcf475a0d91aafef039f8d85f5eb" |
9 | 9 | ||
10 | inherit bin_package allarch | 10 | inherit bin_package allarch |
11 | 11 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch new file mode 100644 index 0000000000..bc78a46d03 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch | |||
@@ -0,0 +1,107 @@ | |||
1 | From 737ede405b11a37fdd61d19cf25df296a0cb0b75 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cosmin Stejerean <cosmin@cosmin.at> | ||
3 | Date: Wed, 6 Dec 2023 18:39:32 +0800 | ||
4 | Subject: [PATCH] avfilter/bwdif: account for chroma sub-sampling in min size | ||
5 | calculation | ||
6 | |||
7 | The current logic for detecting frames that are too small for the | ||
8 | algorithm does not account for chroma sub-sampling, and so a sample | ||
9 | where the luma plane is large enough, but the chroma planes are not | ||
10 | will not be rejected. In that event, a heap overflow will occur. | ||
11 | |||
12 | This change adjusts the logic to consider the chroma planes and makes | ||
13 | the change to all three bwdif implementations. | ||
14 | |||
15 | Fixes #10688 | ||
16 | |||
17 | Signed-off-by: Cosmin Stejerean <cosmin@cosmin.at> | ||
18 | Reviewed-by: Thomas Mundt <tmundt75@gmail.com> | ||
19 | Signed-off-by: Philip Langdale <philipl@overt.org> | ||
20 | |||
21 | CVE: CVE-2023-49502 | ||
22 | |||
23 | Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37f] | ||
24 | |||
25 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
26 | --- | ||
27 | libavfilter/vf_bwdif.c | 9 +++++---- | ||
28 | libavfilter/vf_bwdif_cuda.c | 11 ++++++----- | ||
29 | libavfilter/vf_bwdif_vulkan.c | 11 +++++------ | ||
30 | 3 files changed, 16 insertions(+), 15 deletions(-) | ||
31 | |||
32 | diff --git a/libavfilter/vf_bwdif.c b/libavfilter/vf_bwdif.c | ||
33 | index 137cd5e..353cd0b 100644 | ||
34 | --- a/libavfilter/vf_bwdif.c | ||
35 | +++ b/libavfilter/vf_bwdif.c | ||
36 | @@ -191,13 +191,14 @@ static int config_props(AVFilterLink *link) | ||
37 | return ret; | ||
38 | } | ||
39 | |||
40 | - if (link->w < 3 || link->h < 4) { | ||
41 | - av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or 4 lines is not supported\n"); | ||
42 | + yadif->csp = av_pix_fmt_desc_get(link->format); | ||
43 | + yadif->filter = filter; | ||
44 | + | ||
45 | + if (AV_CEIL_RSHIFT(link->w, yadif->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, yadif->csp->log2_chroma_h) < 4) { | ||
46 | + av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or 4 lines is not supported\n"); | ||
47 | return AVERROR(EINVAL); | ||
48 | } | ||
49 | |||
50 | - yadif->csp = av_pix_fmt_desc_get(link->format); | ||
51 | - yadif->filter = filter; | ||
52 | ff_bwdif_init_filter_line(&s->dsp, yadif->csp->comp[0].depth); | ||
53 | |||
54 | return 0; | ||
55 | diff --git a/libavfilter/vf_bwdif_cuda.c b/libavfilter/vf_bwdif_cuda.c | ||
56 | index a5ecfba..418f15f 100644 | ||
57 | --- a/libavfilter/vf_bwdif_cuda.c | ||
58 | +++ b/libavfilter/vf_bwdif_cuda.c | ||
59 | @@ -296,15 +296,16 @@ static int config_output(AVFilterLink *link) | ||
60 | link->frame_rate = av_mul_q(ctx->inputs[0]->frame_rate, | ||
61 | (AVRational){2, 1}); | ||
62 | |||
63 | - if (link->w < 3 || link->h < 3) { | ||
64 | - av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or lines is not supported\n"); | ||
65 | - ret = AVERROR(EINVAL); | ||
66 | - goto exit; | ||
67 | - } | ||
68 | |||
69 | y->csp = av_pix_fmt_desc_get(output_frames->sw_format); | ||
70 | y->filter = filter; | ||
71 | |||
72 | + if (AV_CEIL_RSHIFT(link->w, y->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, y->csp->log2_chroma_h) < 3) { | ||
73 | + av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or lines is not supported\n"); | ||
74 | + ret = AVERROR(EINVAL); | ||
75 | + goto exit; | ||
76 | + } | ||
77 | + | ||
78 | ret = CHECK_CU(cu->cuCtxPushCurrent(s->hwctx->cuda_ctx)); | ||
79 | if (ret < 0) | ||
80 | goto exit; | ||
81 | diff --git a/libavfilter/vf_bwdif_vulkan.c b/libavfilter/vf_bwdif_vulkan.c | ||
82 | index 690a89c..c51df9a 100644 | ||
83 | --- a/libavfilter/vf_bwdif_vulkan.c | ||
84 | +++ b/libavfilter/vf_bwdif_vulkan.c | ||
85 | @@ -362,15 +362,14 @@ static int bwdif_vulkan_config_output(AVFilterLink *outlink) | ||
86 | outlink->frame_rate = av_mul_q(avctx->inputs[0]->frame_rate, | ||
87 | (AVRational){2, 1}); | ||
88 | |||
89 | - if (outlink->w < 4 || outlink->h < 4) { | ||
90 | - av_log(avctx, AV_LOG_ERROR, "Video of less than 4 columns or lines is not " | ||
91 | - "supported\n"); | ||
92 | - return AVERROR(EINVAL); | ||
93 | - } | ||
94 | - | ||
95 | y->csp = av_pix_fmt_desc_get(vkctx->frames->sw_format); | ||
96 | y->filter = bwdif_vulkan_filter_frame; | ||
97 | |||
98 | + if (AV_CEIL_RSHIFT(outlink->w, y->csp->log2_chroma_w) < 4 || AV_CEIL_RSHIFT(outlink->h, y->csp->log2_chroma_h) < 4) { | ||
99 | + av_log(avctx, AV_LOG_ERROR, "Video with planes less than 4 columns or lines is not supported\n"); | ||
100 | + return AVERROR(EINVAL); | ||
101 | + } | ||
102 | + | ||
103 | return init_filter(avctx); | ||
104 | } | ||
105 | |||
106 | -- | ||
107 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch new file mode 100644 index 0000000000..4b8935628f --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul B Mahol <onemda@gmail.com> | ||
3 | Date: Mon, 27 Nov 2023 12:08:20 +0100 | ||
4 | Subject: [PATCH] avfilter/vf_colorcorrect: fix memory leaks | ||
5 | |||
6 | CVE: CVE-2023-50008 | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b] | ||
9 | |||
10 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
11 | --- | ||
12 | libavfilter/vf_colorcorrect.c | 2 ++ | ||
13 | 1 file changed, 2 insertions(+) | ||
14 | |||
15 | diff --git a/libavfilter/vf_colorcorrect.c b/libavfilter/vf_colorcorrect.c | ||
16 | index 1c4dea5..6bdec2c 100644 | ||
17 | --- a/libavfilter/vf_colorcorrect.c | ||
18 | +++ b/libavfilter/vf_colorcorrect.c | ||
19 | @@ -497,6 +497,8 @@ static av_cold void uninit(AVFilterContext *ctx) | ||
20 | ColorCorrectContext *s = ctx->priv; | ||
21 | |||
22 | av_freep(&s->analyzeret); | ||
23 | + av_freep(&s->uhistogram); | ||
24 | + av_freep(&s->vhistogram); | ||
25 | } | ||
26 | |||
27 | static const AVFilterPad colorcorrect_inputs[] = { | ||
28 | -- | ||
29 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch new file mode 100644 index 0000000000..f8e7e1283b --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From edeeb35cecb5bc0d433b14dd0e544ae826b7ece5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Zhao Zhili <zhilizhao@tencent.com> | ||
3 | Date: Tue, 20 Feb 2024 20:08:55 +0800 | ||
4 | Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant | ||
5 | |||
6 | Fix heap use after free when vulkan_frames_init failed. | ||
7 | |||
8 | Signed-off-by: Zhao Zhili <zhilizhao@tencent.com> | ||
9 | |||
10 | CVE: CVE-2024-31578 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83] | ||
13 | |||
14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
15 | --- | ||
16 | libavutil/hwcontext.c | 8 ++------ | ||
17 | 1 file changed, 2 insertions(+), 6 deletions(-) | ||
18 | |||
19 | diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c | ||
20 | index 3650d46..0ef3479 100644 | ||
21 | --- a/libavutil/hwcontext.c | ||
22 | +++ b/libavutil/hwcontext.c | ||
23 | @@ -363,7 +363,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref) | ||
24 | if (ctx->internal->hw_type->frames_init) { | ||
25 | ret = ctx->internal->hw_type->frames_init(ctx); | ||
26 | if (ret < 0) | ||
27 | - goto fail; | ||
28 | + return ret; | ||
29 | } | ||
30 | |||
31 | if (ctx->internal->pool_internal && !ctx->pool) | ||
32 | @@ -373,14 +373,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref) | ||
33 | if (ctx->initial_pool_size > 0) { | ||
34 | ret = hwframe_pool_prealloc(ref); | ||
35 | if (ret < 0) | ||
36 | - goto fail; | ||
37 | + return ret; | ||
38 | } | ||
39 | |||
40 | return 0; | ||
41 | -fail: | ||
42 | - if (ctx->internal->hw_type->frames_uninit) | ||
43 | - ctx->internal->hw_type->frames_uninit(ctx); | ||
44 | - return ret; | ||
45 | } | ||
46 | |||
47 | int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref, | ||
48 | -- | ||
49 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch new file mode 100644 index 0000000000..2ade3ab6b1 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 1d1a05b393ece9fa3df825bfef3724b7370aefdc Mon Sep 17 00:00:00 2001 | ||
2 | From: Zhao Zhili <zhilizhao@tencent.com> | ||
3 | Date: Fri, 29 Dec 2023 05:56:43 +0800 | ||
4 | Subject: [PATCH] avfilter/vf_codecview: fix heap buffer overflow | ||
5 | |||
6 | And improve the performance by a little bit. | ||
7 | |||
8 | Signed-off-by: Zhao Zhili <zhilizhao@tencent.com> | ||
9 | |||
10 | CVE: CVE-2024-31582 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2] | ||
13 | |||
14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
15 | --- | ||
16 | libavfilter/vf_codecview.c | 3 --- | ||
17 | 1 file changed, 3 deletions(-) | ||
18 | |||
19 | diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c | ||
20 | index 55d9c8c..f65ccbd 100644 | ||
21 | --- a/libavfilter/vf_codecview.c | ||
22 | +++ b/libavfilter/vf_codecview.c | ||
23 | @@ -216,9 +216,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, ptr | ||
24 | buf[sx + w - 1] = color; | ||
25 | buf += stride; | ||
26 | } | ||
27 | - | ||
28 | - for (int x = sx; x < sx + w; x++) | ||
29 | - buf[x] = color; | ||
30 | } | ||
31 | |||
32 | static int filter_frame(AVFilterLink *inlink, AVFrame *frame) | ||
33 | -- | ||
34 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch new file mode 100644 index 0000000000..0f30c9ecf5 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Mon, 8 Apr 2024 18:38:42 +0200 | ||
4 | Subject: [PATCH] avcodec/mpegvideo_enc: Fix 1 line and one column images | ||
5 | |||
6 | Fixes: Ticket10952 | ||
7 | Fixes: poc21ffmpeg | ||
8 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
9 | |||
10 | CVE: CVE-2024-32230 | ||
11 | |||
12 | Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1] | ||
13 | |||
14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
15 | --- | ||
16 | libavcodec/mpegvideo_enc.c | 4 ++-- | ||
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c | ||
20 | index e460ca4..fb4aaa2 100644 | ||
21 | --- a/libavcodec/mpegvideo_enc.c | ||
22 | +++ b/libavcodec/mpegvideo_enc.c | ||
23 | @@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg) | ||
24 | int dst_stride = i ? s->uvlinesize : s->linesize; | ||
25 | int h_shift = i ? s->chroma_x_shift : 0; | ||
26 | int v_shift = i ? s->chroma_y_shift : 0; | ||
27 | - int w = s->width >> h_shift; | ||
28 | - int h = s->height >> v_shift; | ||
29 | + int w = AV_CEIL_RSHIFT(s->width , h_shift); | ||
30 | + int h = AV_CEIL_RSHIFT(s->height, v_shift); | ||
31 | const uint8_t *src = pic_arg->data[i]; | ||
32 | uint8_t *dst = pic->f->data[i]; | ||
33 | int vpad = 16; | ||
34 | -- | ||
35 | 2.40.0 | ||
36 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index dea1f54580..13051f4e36 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb | |||
@@ -27,6 +27,11 @@ SRC_URI = " \ | |||
27 | file://av1_ordering_info.patch \ | 27 | file://av1_ordering_info.patch \ |
28 | file://vulkan_av1_stable_API.patch \ | 28 | file://vulkan_av1_stable_API.patch \ |
29 | file://vulkan_fix_gcc14.patch \ | 29 | file://vulkan_fix_gcc14.patch \ |
30 | file://CVE-2023-49502.patch \ | ||
31 | file://CVE-2024-31578.patch \ | ||
32 | file://CVE-2024-31582.patch \ | ||
33 | file://CVE-2023-50008.patch \ | ||
34 | file://CVE-2024-32230.patch \ | ||
30 | " | 35 | " |
31 | 36 | ||
32 | SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" | 37 | SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968" |
diff --git a/meta/recipes-multimedia/flac/flac_1.4.3.bb b/meta/recipes-multimedia/flac/flac_1.4.3.bb index d4e463cda5..87b67bee1f 100644 --- a/meta/recipes-multimedia/flac/flac_1.4.3.bb +++ b/meta/recipes-multimedia/flac/flac_1.4.3.bb | |||
@@ -34,3 +34,10 @@ PACKAGES += "libflac libflac++" | |||
34 | FILES:${PN} = "${bindir}/*" | 34 | FILES:${PN} = "${bindir}/*" |
35 | FILES:libflac = "${libdir}/libFLAC.so.*" | 35 | FILES:libflac = "${libdir}/libFLAC.so.*" |
36 | FILES:libflac++ = "${libdir}/libFLAC++.so.*" | 36 | FILES:libflac++ = "${libdir}/libFLAC++.so.*" |
37 | |||
38 | do_install:append() { | ||
39 | # make the links in documentation relative to avoid buildpaths reproducibility problem | ||
40 | sed -i "s#${S}/include#${includedir}#g" ${D}${docdir}/flac/FLAC.tag ${D}${docdir}/flac/api/*.html | ||
41 | # there is also one root path without trailing slash | ||
42 | sed -i "s#${S}#/#g" ${D}${docdir}/flac/api/*.html | ||
43 | } | ||
diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb index 2be406192f..c30341d1f0 100644 --- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.12.bb | |||
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} | |||
12 | file://0001-connect-has-a-different-signature-on-musl.patch \ | 12 | file://0001-connect-has-a-different-signature-on-musl.patch \ |
13 | " | 13 | " |
14 | 14 | ||
15 | SRC_URI[sha256sum] = "07766425ecb5bf857ab5ad3962321c55cd89f9386b720843f9df71c0a455eb9b" | 15 | SRC_URI[sha256sum] = "015ff62789dab423edafe979b019c7de4c849a2b7e74912b20b74a70e5b68f72" |
16 | 16 | ||
17 | DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" | 17 | DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" |
18 | RRECOMMENDS:${PN} = "git" | 18 | RRECOMMENDS:${PN} = "git" |
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb index f3287efa96..bd9ae2464e 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.12.bb | |||
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \ | |||
12 | " | 12 | " |
13 | 13 | ||
14 | SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" | 14 | SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" |
15 | SRC_URI[sha256sum] = "6b13dcc9332ef27a7c1e7005c0196883874f91622f8aa6e52f218b05b15d2bf5" | 15 | SRC_URI[sha256sum] = "3b60d4cac2fbcd085a93e9389ca23e0443bee1ca75574d31d4f12bb1bbecab48" |
16 | 16 | ||
17 | S = "${WORKDIR}/gst-libav-${PV}" | 17 | S = "${WORKDIR}/gst-libav-${PV}" |
18 | 18 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb index 97348fb398..4db16ed10b 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.12.bb | |||
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ | |||
10 | 10 | ||
11 | SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" | 11 | SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" |
12 | 12 | ||
13 | SRC_URI[sha256sum] = "18dfdf5f6b773d67e62a315c6cf6247da320b83603a5819493f53c69ed2eeef6" | 13 | SRC_URI[sha256sum] = "6b0685b92ac735032d7987d1028afaeab0a98ab726e0c51e5b9bfc8f2da7c8b1" |
14 | 14 | ||
15 | S = "${WORKDIR}/gst-omx-${PV}" | 15 | S = "${WORKDIR}/gst-omx-${PV}" |
16 | 16 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb index 523ee7a5ae..01c95ac85f 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb | |||
@@ -10,7 +10,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad | |||
10 | file://0002-avoid-including-sys-poll.h-directly.patch \ | 10 | file://0002-avoid-including-sys-poll.h-directly.patch \ |
11 | file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ | 11 | file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ |
12 | " | 12 | " |
13 | SRC_URI[sha256sum] = "808d3b33fc4c71aeb2561c364a87c2e8a3e2343319a83244c8391be4b09499c8" | 13 | SRC_URI[sha256sum] = "388b4c4412f42e36a38b17cc34119bc11879bd4d9fbd4ff6d03b2c7fc6b4d494" |
14 | 14 | ||
15 | S = "${WORKDIR}/gst-plugins-bad-${PV}" | 15 | S = "${WORKDIR}/gst-plugins-bad-${PV}" |
16 | 16 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 7aa10eb646..5905c2d5b1 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb | |||
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba | |||
11 | file://0003-viv-fb-Make-sure-config.h-is-included.patch \ | 11 | file://0003-viv-fb-Make-sure-config.h-is-included.patch \ |
12 | file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ | 12 | file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ |
13 | " | 13 | " |
14 | SRC_URI[sha256sum] = "65eaf72296cc5edc985695a4d80affc931e64a79f4879d05615854f7a2cf5bd1" | 14 | SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" |
15 | 15 | ||
16 | S = "${WORKDIR}/gst-plugins-base-${PV}" | 16 | S = "${WORKDIR}/gst-plugins-base-${PV}" |
17 | 17 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 85143aa1b9..8099d70791 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb | |||
@@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go | |||
8 | file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ | 8 | file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ |
9 | file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" | 9 | file://0001-v4l2-Define-ioctl_req_t-for-posix-linux-case.patch" |
10 | 10 | ||
11 | SRC_URI[sha256sum] = "6ddd032381827d31820540735f0004b429436b0bdac19aaeab44fa22faad52e2" | 11 | SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" |
12 | 12 | ||
13 | S = "${WORKDIR}/gst-plugins-good-${PV}" | 13 | S = "${WORKDIR}/gst-plugins-good-${PV}" |
14 | 14 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb index 61f46fbf7e..714ee178d8 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.22.12.bb | |||
@@ -15,7 +15,7 @@ SRC_URI = " \ | |||
15 | https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ | 15 | https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ |
16 | " | 16 | " |
17 | 17 | ||
18 | SRC_URI[sha256sum] = "7758b7decfd20c00cae5700822bcbbf03f98c723e33e17634db2e07ca1da60bf" | 18 | SRC_URI[sha256sum] = "d59a1aaf8dd2cc416dc5b5c0b7aecd02b1811bf1229aa724e6c2a503d3799083" |
19 | 19 | ||
20 | S = "${WORKDIR}/gst-plugins-ugly-${PV}" | 20 | S = "${WORKDIR}/gst-plugins-ugly-${PV}" |
21 | 21 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb index 0fbb03f757..2eee5aee5e 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.22.12.bb | |||
@@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later" | |||
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" | 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" |
9 | 9 | ||
10 | SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" | 10 | SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" |
11 | SRC_URI[sha256sum] = "f7a5450d93fd81bf46060dca7f4a048d095b6717961fec211731a11a994c99a7" | 11 | SRC_URI[sha256sum] = "d98d3226efea20d5c440a28988a20319a953f7c594895df2bba4538633108e9f" |
12 | 12 | ||
13 | DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" | 13 | DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" |
14 | RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" | 14 | RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" |
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb index 554ed9ec8f..c89c22f334 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb | |||
@@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" | |||
10 | 10 | ||
11 | SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" | 11 | SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" |
12 | 12 | ||
13 | SRC_URI[sha256sum] = "ec49d474750a6ff6729c85b448abc607fb6840b21717ad7abc967e2adbf07a24" | 13 | SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451" |
14 | 14 | ||
15 | S = "${WORKDIR}/${PNREAL}-${PV}" | 15 | S = "${WORKDIR}/${PNREAL}-${PV}" |
16 | 16 | ||
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb index 87eb8484a1..ef75ed64b3 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.22.12.bb | |||
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" | |||
11 | 11 | ||
12 | SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" | 12 | SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" |
13 | 13 | ||
14 | SRC_URI[sha256sum] = "6eae1360658302b9b512fa46b4d06f5b818dfce5f2f43d7d710ca8142719d8ad" | 14 | SRC_URI[sha256sum] = "013ad729b2fe4fccda559bddc626bcb14230cfb90a2271049f8466bfec5d80df" |
15 | 15 | ||
16 | S = "${WORKDIR}/${REALPN}-${PV}" | 16 | S = "${WORKDIR}/${REALPN}-${PV}" |
17 | DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" | 17 | DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" |
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest index 7d0312005f..7fee5a3d09 100755 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest | |||
@@ -1,11 +1,13 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | 2 | ||
3 | # Multiply all timeouts by ten so they're more likely to work | 3 | # Multiply all timeouts by five so they're more likely to work |
4 | # on a loaded system. | 4 | # on a loaded system. The default timeout is 20s so this makes it |
5 | # one minute. | ||
5 | export CK_TIMEOUT_MULTIPLIER=5 | 6 | export CK_TIMEOUT_MULTIPLIER=5 |
6 | 7 | ||
7 | # Skip some tests that we know are problematic | 8 | # Skip some tests that we know are problematic |
8 | export GST_CHECKS_IGNORE="" | 9 | export GST_CHECKS_IGNORE="" |
10 | |||
9 | # gstnetclientclock.c:test_functioning is very sensitive to load | 11 | # gstnetclientclock.c:test_functioning is very sensitive to load |
10 | GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_functioning" | 12 | GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_functioning" |
11 | 13 | ||
@@ -13,4 +15,12 @@ GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_functioning" | |||
13 | # https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410 | 15 | # https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/410 |
14 | GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_infinite_seek_50_src_live" | 16 | GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_infinite_seek_50_src_live" |
15 | 17 | ||
18 | # Known unreliable tests as per subprojects/gst-devtools/validate/launcher/testsuites/check.py: | ||
19 | GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,parser_pull_short_read" | ||
20 | |||
21 | # These tests are fragile | ||
22 | # https://bugzilla.yoctoproject.org/show_bug.cgi?id=14884 | ||
23 | # https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3524 | ||
24 | GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,parser_convert_duration,parser_pull_frame_growth,parser_reverse_playback" | ||
25 | |||
16 | gnome-desktop-testing-runner gstreamer | 26 | gnome-desktop-testing-runner gstreamer |
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb index 8965497d01..f4acb0977b 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.11.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb | |||
@@ -22,7 +22,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x | |||
22 | file://0003-tests-use-a-dictionaries-for-environment.patch \ | 22 | file://0003-tests-use-a-dictionaries-for-environment.patch \ |
23 | file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \ | 23 | file://0004-tests-add-helper-script-to-run-the-installed_tests.patch \ |
24 | " | 24 | " |
25 | SRC_URI[sha256sum] = "3d16259e9dab8b002c57ce208a09b350d8282f5b0197306c0cdba9a0d0799744" | 25 | SRC_URI[sha256sum] = "ac352f3d02caa67f3b169daa9aa78b04dea0fc08a727de73cb28d89bd54c6f61" |
26 | 26 | ||
27 | PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ | 27 | PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ |
28 | check \ | 28 | check \ |
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb index cadbe957db..673133bb4a 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb | |||
@@ -10,7 +10,7 @@ DEPENDS = "zlib" | |||
10 | 10 | ||
11 | LIBV = "16" | 11 | LIBV = "16" |
12 | 12 | ||
13 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${BP}.tar.xz" | 13 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz" |
14 | SRC_URI[sha256sum] = "c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450" | 14 | SRC_URI[sha256sum] = "c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450" |
15 | 15 | ||
16 | MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/" | 16 | MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/" |
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch new file mode 100644 index 0000000000..785244bdea --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From 8ee0e7d2bdcc1a5a5a3241904b243964ab947b7b Mon Sep 17 00:00:00 2001 | ||
2 | From: Su_Laus <sulau@freenet.de> | ||
3 | Date: Fri, 1 Dec 2023 20:12:25 +0100 | ||
4 | Subject: [PATCH] Check return value of _TIFFCreateAnonField(). | ||
5 | |||
6 | Fixes #624 | ||
7 | |||
8 | Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e] | ||
9 | CVE: CVE-2024-7006 | ||
10 | Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> | ||
11 | --- | ||
12 | libtiff/tif_dirinfo.c | 2 +- | ||
13 | libtiff/tif_dirread.c | 16 ++++++---------- | ||
14 | 2 files changed, 7 insertions(+), 11 deletions(-) | ||
15 | |||
16 | diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c | ||
17 | index 0e705e8..4cfdaad 100644 | ||
18 | --- a/libtiff/tif_dirinfo.c | ||
19 | +++ b/libtiff/tif_dirinfo.c | ||
20 | @@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag, | ||
21 | if (fld == NULL) | ||
22 | { | ||
23 | fld = _TIFFCreateAnonField(tif, tag, dt); | ||
24 | - if (!_TIFFMergeFields(tif, fld, 1)) | ||
25 | + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) | ||
26 | return NULL; | ||
27 | } | ||
28 | |||
29 | diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c | ||
30 | index 58a4276..738df9f 100644 | ||
31 | --- a/libtiff/tif_dirread.c | ||
32 | +++ b/libtiff/tif_dirread.c | ||
33 | @@ -4275,11 +4275,9 @@ int TIFFReadDirectory(TIFF *tif) | ||
34 | dp->tdir_tag, dp->tdir_tag); | ||
35 | /* the following knowingly leaks the | ||
36 | anonymous field structure */ | ||
37 | - if (!_TIFFMergeFields( | ||
38 | - tif, | ||
39 | - _TIFFCreateAnonField(tif, dp->tdir_tag, | ||
40 | - (TIFFDataType)dp->tdir_type), | ||
41 | - 1)) | ||
42 | + const TIFFField *fld = _TIFFCreateAnonField( | ||
43 | + tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); | ||
44 | + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) | ||
45 | { | ||
46 | TIFFWarningExtR( | ||
47 | tif, module, | ||
48 | @@ -5153,11 +5151,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff, | ||
49 | "Unknown field with tag %" PRIu16 " (0x%" PRIx16 | ||
50 | ") encountered", | ||
51 | dp->tdir_tag, dp->tdir_tag); | ||
52 | - if (!_TIFFMergeFields( | ||
53 | - tif, | ||
54 | - _TIFFCreateAnonField(tif, dp->tdir_tag, | ||
55 | - (TIFFDataType)dp->tdir_type), | ||
56 | - 1)) | ||
57 | + const TIFFField *fld = _TIFFCreateAnonField( | ||
58 | + tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); | ||
59 | + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) | ||
60 | { | ||
61 | TIFFWarningExtR(tif, module, | ||
62 | "Registering anonymous field with tag %" PRIu16 | ||
63 | -- | ||
64 | 2.44.1 | ||
65 | |||
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb index d42ea6a6e5..6bf7010ba2 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | |||
@@ -3,7 +3,7 @@ DESCRIPTION = "Library provides support for the Tag Image File Format \ | |||
3 | (TIFF), a widely used format for storing image data. This library \ | 3 | (TIFF), a widely used format for storing image data. This library \ |
4 | provide means to easily access and create TIFF image files." | 4 | provide means to easily access and create TIFF image files." |
5 | HOMEPAGE = "http://www.libtiff.org/" | 5 | HOMEPAGE = "http://www.libtiff.org/" |
6 | LICENSE = "BSD-2-Clause" | 6 | LICENSE = "libtiff" |
7 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" | 7 | LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" |
8 | 8 | ||
9 | CVE_PRODUCT = "libtiff" | 9 | CVE_PRODUCT = "libtiff" |
@@ -16,6 +16,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ | |||
16 | file://CVE-2023-52355-0001.patch \ | 16 | file://CVE-2023-52355-0001.patch \ |
17 | file://CVE-2023-52355-0002.patch \ | 17 | file://CVE-2023-52355-0002.patch \ |
18 | file://CVE-2023-52356.patch \ | 18 | file://CVE-2023-52356.patch \ |
19 | file://CVE-2024-7006.patch \ | ||
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a" | 22 | SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a" |
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch b/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch index b06029b98b..d4fac605b6 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch +++ b/meta/recipes-multimedia/libvorbis/libvorbis/0001-configure-Check-for-clang.patch | |||
@@ -5,9 +5,9 @@ Subject: [PATCH] configure: Check for clang | |||
5 | 5 | ||
6 | Disable gcc specific options if using clang | 6 | Disable gcc specific options if using clang |
7 | 7 | ||
8 | Upstream-Status: Inactive-Upstream [https://gitlab.xiph.org/xiph/vorbis,https://github.com/xiph/vorbis] | ||
8 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
9 | --- | 10 | --- |
10 | Upstream-Status: Pending | ||
11 | 11 | ||
12 | configure.ac | 19 +++++++++++++++++-- | 12 | configure.ac | 19 +++++++++++++++++-- |
13 | 1 file changed, 17 insertions(+), 2 deletions(-) | 13 | 1 file changed, 17 insertions(+), 2 deletions(-) |
diff --git a/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb b/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb index 54c79b4097..6c172b4ec7 100644 --- a/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb +++ b/meta/recipes-multimedia/pulseaudio/pulseaudio_17.0.bb | |||
@@ -1,6 +1,6 @@ | |||
1 | require pulseaudio.inc | 1 | require pulseaudio.inc |
2 | 2 | ||
3 | SRC_URI = "http://freedesktop.org/software/pulseaudio/releases/${BP}.tar.xz \ | 3 | SRC_URI = "http://www.freedesktop.org/software/pulseaudio/releases/${BP}.tar.xz \ |
4 | file://0001-client-conf-Add-allow-autospawn-for-root.patch \ | 4 | file://0001-client-conf-Add-allow-autospawn-for-root.patch \ |
5 | file://0002-do-not-display-CLFAGS-to-improve-reproducibility-bui.patch \ | 5 | file://0002-do-not-display-CLFAGS-to-improve-reproducibility-bui.patch \ |
6 | file://volatiles.04_pulse \ | 6 | file://volatiles.04_pulse \ |
diff --git a/meta/recipes-rt/rt-tests/files/rt_bmark.py b/meta/recipes-rt/rt-tests/files/rt_bmark.py index 2a4eed412f..5d22623656 100755 --- a/meta/recipes-rt/rt-tests/files/rt_bmark.py +++ b/meta/recipes-rt/rt-tests/files/rt_bmark.py | |||
@@ -284,7 +284,7 @@ def run_cyclictest_once(): | |||
284 | avg_cnt = 0 | 284 | avg_cnt = 0 |
285 | 285 | ||
286 | for line in res.splitlines(): | 286 | for line in res.splitlines(): |
287 | m = rex.search(line) | 287 | m = rex.search(line.decode('utf-8')) |
288 | if m is not None: | 288 | if m is not None: |
289 | minlist.append(int(m.group(2))) | 289 | minlist.append(int(m.group(2))) |
290 | maxlist.append(int(m.group(4))) | 290 | maxlist.append(int(m.group(4))) |
diff --git a/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb b/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb index 0c5ed5e55e..fc913c86b3 100644 --- a/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb +++ b/meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb | |||
@@ -27,6 +27,8 @@ inherit autotools pkgconfig features_check mime-xdg | |||
27 | REQUIRED_DISTRO_FEATURES = "x11" | 27 | REQUIRED_DISTRO_FEATURES = "x11" |
28 | 28 | ||
29 | EXTRA_OECONF = "--with-gtk=3" | 29 | EXTRA_OECONF = "--with-gtk=3" |
30 | # GCC 14 finds extra incompatible pointer type warnings which are treated as errors | ||
31 | CFLAGS += "-Wno-error=incompatible-pointer-types" | ||
30 | 32 | ||
31 | do_install:append () { | 33 | do_install:append () { |
32 | install -d ${D}/${datadir} | 34 | install -d ${D}/${datadir} |
diff --git a/meta/recipes-sato/settings-daemon/files/addsoundkeys.patch b/meta/recipes-sato/settings-daemon/files/addsoundkeys.patch deleted file mode 100644 index baf06d6b84..0000000000 --- a/meta/recipes-sato/settings-daemon/files/addsoundkeys.patch +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Index: settings-daemon/settings-daemon.c | ||
4 | =================================================================== | ||
5 | --- settings-daemon.orig/settings-daemon.c 2009-05-22 14:57:05.000000000 +0100 | ||
6 | +++ settings-daemon/settings-daemon.c 2009-05-22 14:58:22.000000000 +0100 | ||
7 | @@ -187,6 +187,10 @@ | ||
8 | GCONF_VALUE_STRING, translate_string_string }, | ||
9 | { "/desktop/poky/interface/gtk_color_scheme", "Gtk/ColorScheme", | ||
10 | GCONF_VALUE_STRING, translate_string_string }, | ||
11 | + { "/desktop/gnome/sound/theme_name", "Net/SoundThemeName", | ||
12 | + GCONF_VALUE_STRING, translate_string_string }, | ||
13 | + { "/desktop/gnome/sound/event_sounds", "Net/EnableEventSounds" , | ||
14 | + GCONF_VALUE_BOOL, translate_bool_int }, | ||
15 | }; | ||
16 | |||
17 | static const TranslationEntry* | ||
18 | Index: settings-daemon/settings-daemon.schemas | ||
19 | =================================================================== | ||
20 | --- settings-daemon.orig/settings-daemon.schemas 2009-05-22 15:49:17.000000000 +0100 | ||
21 | +++ settings-daemon/settings-daemon.schemas 2009-05-22 15:51:31.000000000 +0100 | ||
22 | @@ -196,6 +196,27 @@ | ||
23 | </locale> | ||
24 | </schema> | ||
25 | |||
26 | + <schema> | ||
27 | + <key>/schemas/desktop/gnome/sound/theme_name</key> | ||
28 | + <applyto>/desktop/gnome/sound/theme_name</applyto> | ||
29 | + <owner>gnome</owner> | ||
30 | + <type>string</type> | ||
31 | + <default>freedesktop</default> | ||
32 | + <locale name="C"> | ||
33 | + <short>Sound Theme Name</short> | ||
34 | + </locale> | ||
35 | + </schema> | ||
36 | + | ||
37 | + <schema> | ||
38 | + <key>/schemas/desktop/gnome/sound/event_sounds</key> | ||
39 | + <applyto>/desktop/gnome/sound/event_sounds</applyto> | ||
40 | + <owner>gnome</owner> | ||
41 | + <type>bool</type> | ||
42 | + <default>true</default> | ||
43 | + <locale name="C"> | ||
44 | + <short>Enable Sound Events</short> | ||
45 | + </locale> | ||
46 | + </schema> | ||
47 | |||
48 | </schemalist> | ||
49 | </gconfschemafile> | ||
diff --git a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb index 4bdbefcb75..d38cd4e2dd 100644 --- a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb +++ b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb | |||
@@ -7,10 +7,10 @@ LIC_FILES_CHKSUM = "file://xsettings-manager.h;endline=22;md5=7cfac9d2d4dc3694cc | |||
7 | DEPENDS = "gconf glib-2.0 gtk+3" | 7 | DEPENDS = "gconf glib-2.0 gtk+3" |
8 | SECTION = "x11" | 8 | SECTION = "x11" |
9 | 9 | ||
10 | # SRCREV tagged 0.0.2 | 10 | PV .= "+git" |
11 | SRCREV = "b2e5da502f8c5ff75e9e6da771372ef8e40fd9a2" | 11 | # SRCREV tagged 0.0.2 + one patch |
12 | SRCREV = "df669c6579a6ac7e1ef56be66617f35ae7d33d68" | ||
12 | SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;branch=master;protocol=https \ | 13 | SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;branch=master;protocol=https \ |
13 | file://addsoundkeys.patch \ | ||
14 | file://70settings-daemon.sh \ | 14 | file://70settings-daemon.sh \ |
15 | " | 15 | " |
16 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" | 16 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))" |
@@ -19,7 +19,7 @@ S = "${WORKDIR}/git" | |||
19 | 19 | ||
20 | inherit autotools pkgconfig gconf features_check | 20 | inherit autotools pkgconfig gconf features_check |
21 | 21 | ||
22 | FILES:${PN} = "${bindir}/* ${sysconfdir}" | 22 | FILES:${PN} = "${bindir}/* ${sysconfdir}" |
23 | 23 | ||
24 | # Requires gdk-x11-2.0 which is provided by gtk when x11 in DISTRO_FEATURES | 24 | # Requires gdk-x11-2.0 which is provided by gtk when x11 in DISTRO_FEATURES |
25 | REQUIRED_DISTRO_FEATURES = "x11" | 25 | REQUIRED_DISTRO_FEATURES = "x11" |
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch new file mode 100644 index 0000000000..6ffe0a9454 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From dbd1a59b239b3902e717fdeb063883dbb0b06ee9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Adrian Perez de Castro <aperez@igalia.com> | ||
3 | Date: Sun, 26 May 2024 14:24:35 -0700 | ||
4 | Subject: [PATCH 1/2] Remove ARM-specific declarations in FELighting.h unneeded | ||
5 | after 272873@main | ||
6 | |||
7 | Unreviewed build fix. | ||
8 | |||
9 | * Source/WebCore/platform/graphics/filters/FELighting.h: Remove unneeded | ||
10 | declarations for the getPowerCoefficients() and platformApplyNeon() | ||
11 | functions, which are now defined elsewhere; and were causing a build | ||
12 | failure due to usage of the protected LightingData type. | ||
13 | |||
14 | Canonical link: https://commits.webkit.org/279334@main | ||
15 | |||
16 | Backport this patch for fixing following compile error: | ||
17 | webkitgtk-2.44.1/Source/WebCore/platform/graphics/filters/FELighting.h:73:41: error: 'LightingData' does not name a type | ||
18 | 73 | inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&); | ||
19 | |||
20 | Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/36d1b5d7c0ef9a733ee8055b1f35b1d24435d538] | ||
21 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
22 | --- | ||
23 | Source/WebCore/platform/graphics/filters/FELighting.h | 5 ----- | ||
24 | 1 file changed, 5 deletions(-) | ||
25 | |||
26 | diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h | ||
27 | index 4efab920..dcd80b6f 100644 | ||
28 | --- a/Source/WebCore/platform/graphics/filters/FELighting.h | ||
29 | +++ b/Source/WebCore/platform/graphics/filters/FELighting.h | ||
30 | @@ -68,11 +68,6 @@ protected: | ||
31 | |||
32 | std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override; | ||
33 | |||
34 | -#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE) | ||
35 | - static int getPowerCoefficients(float exponent); | ||
36 | - inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&); | ||
37 | -#endif | ||
38 | - | ||
39 | Color m_lightingColor; | ||
40 | float m_surfaceScale; | ||
41 | float m_diffuseConstant; | ||
42 | -- | ||
43 | 2.25.1 | ||
44 | |||
diff --git a/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch b/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch new file mode 100644 index 0000000000..a0c7b6bd57 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From 88fa4b49a10ecfb74c36c678c1e2b76136357153 Mon Sep 17 00:00:00 2001 | ||
2 | From: Changqing Li <changqing.li@windriver.com> | ||
3 | Date: Fri, 12 Jul 2024 10:16:05 +0800 | ||
4 | Subject: [PATCH 2/2] More dynamicDowncast<> adoption in platform code | ||
5 | |||
6 | Backport part of commit [90d13e7 More dynamicDowncast<> adoption in | ||
7 | platform code] to fix following compile error for ARM_NEON: | ||
8 | webkitgtk-2.44.1/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp:545:37: error: 'LS_POINT' was not declared in this scope; did you mean 'WebCore::LightType::LS_POINT'? | ||
9 | 545 | if (data.lightSource->type() == LS_POINT) { | ||
10 | | ^~~~~~~~ | ||
11 | | WebCore::LightType::LS_POINT | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/90d13e77ab2192b7efa8e763eeb8b08dbbb6d5c3] | ||
14 | |||
15 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
16 | --- | ||
17 | .../filters/FELightingNeonParallelApplier.cpp | 22 +++++++++---------- | ||
18 | 1 file changed, 10 insertions(+), 12 deletions(-) | ||
19 | |||
20 | diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp | ||
21 | index 04d855fa..dccc003d 100644 | ||
22 | --- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp | ||
23 | +++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp | ||
24 | @@ -542,19 +542,17 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da | ||
25 | floatArguments.colorBlue = color.blue; | ||
26 | floatArguments.padding4 = 0; | ||
27 | |||
28 | - if (data.lightSource->type() == LS_POINT) { | ||
29 | + if (auto* pointLightSource = dynamicDowncast<PointLightSource>(*data.lightSource)) { | ||
30 | neonData.flags |= FLAG_POINT_LIGHT; | ||
31 | - auto& pointLightSource = downcast<PointLightSource>(*data.lightSource); | ||
32 | - floatArguments.lightX = pointLightSource.position().x(); | ||
33 | - floatArguments.lightY = pointLightSource.position().y(); | ||
34 | - floatArguments.lightZ = pointLightSource.position().z(); | ||
35 | + floatArguments.lightX = pointLightSource->position().x(); | ||
36 | + floatArguments.lightY = pointLightSource->position().y(); | ||
37 | + floatArguments.lightZ = pointLightSource->position().z(); | ||
38 | floatArguments.padding2 = 0; | ||
39 | - } else if (data.lightSource->type() == LS_SPOT) { | ||
40 | + } else if (auto* spotLightSource = dynamicDowncast<SpotLightSource>(*data.lightSource)) { | ||
41 | neonData.flags |= FLAG_SPOT_LIGHT; | ||
42 | - auto& spotLightSource = downcast<SpotLightSource>(*data.lightSource); | ||
43 | - floatArguments.lightX = spotLightSource.position().x(); | ||
44 | - floatArguments.lightY = spotLightSource.position().y(); | ||
45 | - floatArguments.lightZ = spotLightSource.position().z(); | ||
46 | + floatArguments.lightX = spotLightSource->position().x(); | ||
47 | + floatArguments.lightY = spotLightSource->position().y(); | ||
48 | + floatArguments.lightZ = spotLightSource->position().z(); | ||
49 | floatArguments.padding2 = 0; | ||
50 | |||
51 | floatArguments.directionX = paintingData.directionVector.x(); | ||
52 | @@ -565,8 +563,8 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da | ||
53 | floatArguments.coneCutOffLimit = paintingData.coneCutOffLimit; | ||
54 | floatArguments.coneFullLight = paintingData.coneFullLight; | ||
55 | floatArguments.coneCutOffRange = paintingData.coneCutOffLimit - paintingData.coneFullLight; | ||
56 | - neonData.coneExponent = getPowerCoefficients(spotLightSource.specularExponent()); | ||
57 | - if (spotLightSource.specularExponent() == 1) | ||
58 | + neonData.coneExponent = getPowerCoefficients(spotLightSource->specularExponent()); | ||
59 | + if (spotLightSource->specularExponent() == 1) | ||
60 | neonData.flags |= FLAG_CONE_EXPONENT_IS_1; | ||
61 | } else { | ||
62 | ASSERT(data.lightSource->type() == LS_DISTANT); | ||
63 | -- | ||
64 | 2.25.1 | ||
65 | |||
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb b/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb index 29e12bb8c5..c4a3c464c1 100644 --- a/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb +++ b/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb | |||
@@ -16,6 +16,8 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ | |||
16 | file://no-musttail-arm.patch \ | 16 | file://no-musttail-arm.patch \ |
17 | file://t6-not-declared.patch \ | 17 | file://t6-not-declared.patch \ |
18 | file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \ | 18 | file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \ |
19 | file://0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch \ | ||
20 | file://0002-More-dynamicDowncast-adoption-in-platform-code.patch \ | ||
19 | " | 21 | " |
20 | SRC_URI[sha256sum] = "425b1459b0f04d0600c78d1abb5e7edfa3c060a420f8b231e9a6a2d5d29c5561" | 22 | SRC_URI[sha256sum] = "425b1459b0f04d0600c78d1abb5e7edfa3c060a420f8b231e9a6a2d5d29c5561" |
21 | 23 | ||
@@ -114,18 +116,6 @@ EXTRA_OECMAKE:append:armv4 = " -DENABLE_JIT=OFF " | |||
114 | EXTRA_OECMAKE:append:armv5 = " -DENABLE_JIT=OFF " | 116 | EXTRA_OECMAKE:append:armv5 = " -DENABLE_JIT=OFF " |
115 | EXTRA_OECMAKE:append:armv6 = " -DENABLE_JIT=OFF " | 117 | EXTRA_OECMAKE:append:armv6 = " -DENABLE_JIT=OFF " |
116 | 118 | ||
117 | # And for armv7* don't enable it for softfp, because after: | ||
118 | # https://github.com/WebKit/WebKit/commit/a2ec4ef1997d6fafa6ffc607bffb54e76168a918 | ||
119 | # https://bugs.webkit.org/show_bug.cgi?id=242172 | ||
120 | # softfp armv7* fails because WEBASSEMBLY is left enabled by default and JIT gets | ||
121 | # explicitly disabled causing: | ||
122 | # http://errors.yoctoproject.org/Errors/Details/734587/ | ||
123 | # PR was sent upstream, but the end result is the same both JIT and WEBASSEMBLY disabled | ||
124 | # https://github.com/WebKit/WebKit/pull/17447 | ||
125 | EXTRA_OECMAKE:append:armv7a = " -DENABLE_JIT=${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'ON', 'OFF', d)}" | ||
126 | EXTRA_OECMAKE:append:armv7r = " -DENABLE_JIT=${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'ON', 'OFF', d)}" | ||
127 | EXTRA_OECMAKE:append:armv7ve = " -DENABLE_JIT=${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'ON', 'OFF', d)}" | ||
128 | |||
129 | EXTRA_OECMAKE:append:mipsarch = " -DUSE_LD_GOLD=OFF " | 119 | EXTRA_OECMAKE:append:mipsarch = " -DUSE_LD_GOLD=OFF " |
130 | EXTRA_OECMAKE:append:powerpc = " -DUSE_LD_GOLD=OFF " | 120 | EXTRA_OECMAKE:append:powerpc = " -DUSE_LD_GOLD=OFF " |
131 | 121 | ||
diff --git a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch index a78b16284f..3480deaa4d 100644 --- a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch +++ b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch | |||
@@ -34,7 +34,7 @@ index 3663220..dce9789 100644 | |||
34 | -#ifdef HAVE_SYS_MMAN_H | 34 | -#ifdef HAVE_SYS_MMAN_H |
35 | -#include <sys/mman.h> | 35 | -#include <sys/mman.h> |
36 | -#endif | 36 | -#endif |
37 | - int main() | 37 | - int main(int argc, const char *argv[]) |
38 | - { | 38 | - { |
39 | - int fd; | 39 | - int fd; |
40 | - void *m; | 40 | - void *m; |
diff --git a/meta/recipes-support/apr/apr/0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch b/meta/recipes-support/apr/apr/0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch deleted file mode 100644 index 8760b0140c..0000000000 --- a/meta/recipes-support/apr/apr/0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | From c6afc4a4a766478cb6aa6b43a50051881b6318d7 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@googlemail.com> | ||
3 | Date: Fri, 3 Mar 2017 22:24:17 +0100 | ||
4 | Subject: [PATCH 7/7] explicitly link libapr against phtread to make gold happy | ||
5 | on test | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_mutexattr_init' | ||
11 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_mutexattr_settype' | ||
12 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_mutexattr_destroy' | ||
13 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_mutex_trylock' | ||
14 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_attr_setstacksize' | ||
15 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_create' | ||
16 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_join' | ||
17 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_detach' | ||
18 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_sigmask' | ||
19 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_once' | ||
20 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_key_create' | ||
21 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_getspecific' | ||
22 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_key_delete' | ||
23 | | ../.libs/libapr-1.so: error: undefined reference to 'pthread_setspecific' | ||
24 | | collect2: error: ld returned 1 exit status | ||
25 | | Makefile:114: recipe for target 'globalmutexchild' failed | ||
26 | | make[1]: *** [globalmutexchild] Error 1 | ||
27 | | make[1]: Leaving directory '/home/superandy/tmp/oe-core-glibc/work/cortexa7t2hf-neon-vfpv4-angstrom-linux-gnueabi/apr/1.5.2-r0/apr-1.5.2/test' | ||
28 | |||
29 | Upstream-Status: Pending | ||
30 | |||
31 | Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> | ||
32 | --- | ||
33 | configure.in | 1 + | ||
34 | 1 file changed, 1 insertion(+) | ||
35 | |||
36 | diff --git a/configure.in b/configure.in | ||
37 | index a227e72..cbc0f90 100644 | ||
38 | --- a/configure.in | ||
39 | +++ b/configure.in | ||
40 | @@ -784,6 +784,7 @@ else | ||
41 | APR_PTHREADS_CHECK_RESTORE ] ) | ||
42 | fi | ||
43 | if test "$pthreadh" = "1"; then | ||
44 | + APR_ADDTO(LIBS,[-lpthread]) | ||
45 | APR_CHECK_PTHREAD_GETSPECIFIC_TWO_ARGS | ||
46 | APR_CHECK_PTHREAD_ATTR_GETDETACHSTATE_ONE_ARG | ||
47 | APR_CHECK_PTHREAD_RECURSIVE_MUTEX | ||
48 | -- | ||
49 | 1.8.3.1 | ||
50 | |||
diff --git a/meta/recipes-support/apr/apr_1.7.4.bb b/meta/recipes-support/apr/apr_1.7.5.bb index d322629b66..78796476e2 100644 --- a/meta/recipes-support/apr/apr_1.7.4.bb +++ b/meta/recipes-support/apr/apr_1.7.5.bb | |||
@@ -18,7 +18,6 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ | |||
18 | file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \ | 18 | file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \ |
19 | file://0004-Fix-packet-discards-HTTP-redirect.patch \ | 19 | file://0004-Fix-packet-discards-HTTP-redirect.patch \ |
20 | file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \ | 20 | file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \ |
21 | file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ | ||
22 | file://libtoolize_check.patch \ | 21 | file://libtoolize_check.patch \ |
23 | file://0001-Add-option-to-disable-timed-dependant-tests.patch \ | 22 | file://0001-Add-option-to-disable-timed-dependant-tests.patch \ |
24 | file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ | 23 | file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \ |
@@ -26,7 +25,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ | |||
26 | file://0001-dso-Check-for-NULL-handle-in-apr_dso_sym.patch \ | 25 | file://0001-dso-Check-for-NULL-handle-in-apr_dso_sym.patch \ |
27 | " | 26 | " |
28 | 27 | ||
29 | SRC_URI[sha256sum] = "fc648de983f3a2a6c9e78dea1f180639bd2fad6c06d556d4367a701fe5c35577" | 28 | SRC_URI[sha256sum] = "cd0f5d52b9ab1704c72160c5ee3ed5d3d4ca2df4a7f8ab564e3cb352b67232f2" |
30 | 29 | ||
31 | inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script | 30 | inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script |
32 | 31 | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2024-6197.patch b/meta/recipes-support/curl/curl/CVE-2024-6197.patch new file mode 100644 index 0000000000..0622e70dc8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-6197.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | From 3a537a4db9e65e545ec45b1b5d5575ee09a2569d Mon Sep 17 00:00:00 2001 | ||
2 | From: z2_ <88509734+z2-2z@users.noreply.github.com> | ||
3 | Date: Fri, 28 Jun 2024 14:45:47 +0200 | ||
4 | Subject: [PATCH] x509asn1: remove superfluous free() | ||
5 | |||
6 | CVE: CVE-2024-6197 | ||
7 | Upstream-Status: Backport [https://github.com/curl/curl/commit/3a537a4db9e65e545ec45b1b5d5575ee09a2569d.patch] | ||
8 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
9 | --- | ||
10 | lib/vtls/x509asn1.c | 1 - | ||
11 | 1 file changed, 1 deletion(-) | ||
12 | |||
13 | diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c | ||
14 | index f71ab0b90a5931..1bc4243ddae343 100644 | ||
15 | --- a/lib/vtls/x509asn1.c | ||
16 | +++ b/lib/vtls/x509asn1.c | ||
17 | @@ -393,7 +393,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) | ||
18 | if(wc >= 0x00000800) { | ||
19 | if(wc >= 0x00010000) { | ||
20 | if(wc >= 0x00200000) { | ||
21 | - free(buf); | ||
22 | /* Invalid char. size for target encoding. */ | ||
23 | return CURLE_WEIRD_SERVER_REPLY; | ||
24 | } | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch b/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch new file mode 100644 index 0000000000..7101fcfe35 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 30 Jul 2024 10:05:17 +0200 | ||
4 | Subject: [PATCH] x509asn1: clean up GTime2str | ||
5 | |||
6 | Co-authored-by: Stefan Eissing | ||
7 | Reported-by: Dov Murik | ||
8 | |||
9 | Closes #14307 | ||
10 | |||
11 | CVE: CVE-2024-7264 | ||
12 | Upstream-Status: Backport [https://github.com/curl/curl/commit/3c914bc680155b32178f1f15ca8d47c7f4640afe.patch] | ||
13 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
14 | --- | ||
15 | lib/vtls/x509asn1.c | 23 ++++++++++++++--------- | ||
16 | 1 file changed, 14 insertions(+), 9 deletions(-) | ||
17 | |||
18 | diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c | ||
19 | index 1bc4243ddae343..e3a9fe4232a4ea 100644 | ||
20 | --- a/lib/vtls/x509asn1.c | ||
21 | +++ b/lib/vtls/x509asn1.c | ||
22 | @@ -488,7 +488,7 @@ static CURLcode GTime2str(struct dynbuf *store, | ||
23 | /* Convert an ASN.1 Generalized time to a printable string. | ||
24 | Return the dynamically allocated string, or NULL if an error occurs. */ | ||
25 | |||
26 | - for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++) | ||
27 | + for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++) | ||
28 | ; | ||
29 | |||
30 | /* Get seconds digits. */ | ||
31 | @@ -507,17 +507,22 @@ static CURLcode GTime2str(struct dynbuf *store, | ||
32 | return CURLE_BAD_FUNCTION_ARGUMENT; | ||
33 | } | ||
34 | |||
35 | - /* Scan for timezone, measure fractional seconds. */ | ||
36 | + /* timezone follows optional fractional seconds. */ | ||
37 | tzp = fracp; | ||
38 | - fracl = 0; | ||
39 | + fracl = 0; /* no fractional seconds detected so far */ | ||
40 | if(fracp < end && (*fracp == '.' || *fracp == ',')) { | ||
41 | - fracp++; | ||
42 | - do | ||
43 | + /* Have fractional seconds, e.g. "[.,]\d+". How many? */ | ||
44 | + tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ | ||
45 | + while(tzp < end && ISDIGIT(*tzp)) | ||
46 | tzp++; | ||
47 | - while(tzp < end && *tzp >= '0' && *tzp <= '9'); | ||
48 | - /* Strip leading zeroes in fractional seconds. */ | ||
49 | - for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--) | ||
50 | - ; | ||
51 | + if(tzp == fracp) /* never looped, no digit after [.,] */ | ||
52 | + return CURLE_BAD_FUNCTION_ARGUMENT; | ||
53 | + fracl = tzp - fracp - 1; /* number of fractional sec digits */ | ||
54 | + DEBUGASSERT(fracl > 0); | ||
55 | + /* Strip trailing zeroes in fractional seconds. | ||
56 | + * May reduce fracl to 0 if only '0's are present. */ | ||
57 | + while(fracl && fracp[fracl - 1] == '0') | ||
58 | + fracl--; | ||
59 | } | ||
60 | |||
61 | /* Process timezone. */ | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch b/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch new file mode 100644 index 0000000000..ab24911712 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch | |||
@@ -0,0 +1,316 @@ | |||
1 | From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001 | ||
2 | From: Stefan Eissing <stefan@eissing.org> | ||
3 | Date: Tue, 30 Jul 2024 16:40:48 +0200 | ||
4 | Subject: [PATCH] x509asn1: unittests and fixes for gtime2str | ||
5 | |||
6 | Fix issues in GTime2str() and add unit test cases to verify correct | ||
7 | behaviour. | ||
8 | |||
9 | Follow-up to 3c914bc6801 | ||
10 | |||
11 | Closes #14316 | ||
12 | |||
13 | CVE: CVE-2024-7264 | ||
14 | Upstream-Status: Backport [https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519.patch] | ||
15 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
16 | --- | ||
17 | lib/vtls/x509asn1.c | 32 +++++++--- | ||
18 | lib/vtls/x509asn1.h | 11 ++++ | ||
19 | tests/data/Makefile.inc | 2 +- | ||
20 | tests/data/test1656 | 22 +++++++ | ||
21 | tests/unit/Makefile.inc | 4 +- | ||
22 | tests/unit/unit1656.c | 133 ++++++++++++++++++++++++++++++++++++++++ | ||
23 | 6 files changed, 194 insertions(+), 10 deletions(-) | ||
24 | create mode 100644 tests/data/test1656 | ||
25 | create mode 100644 tests/unit/unit1656.c | ||
26 | |||
27 | diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c | ||
28 | index e3a9fe4232a4ea..7f04af3b9778c5 100644 | ||
29 | --- a/lib/vtls/x509asn1.c | ||
30 | +++ b/lib/vtls/x509asn1.c | ||
31 | @@ -512,12 +512,13 @@ static CURLcode GTime2str(struct dynbuf *store, | ||
32 | fracl = 0; /* no fractional seconds detected so far */ | ||
33 | if(fracp < end && (*fracp == '.' || *fracp == ',')) { | ||
34 | /* Have fractional seconds, e.g. "[.,]\d+". How many? */ | ||
35 | - tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ | ||
36 | + fracp++; /* should be a digit char or BAD ARGUMENT */ | ||
37 | + tzp = fracp; | ||
38 | while(tzp < end && ISDIGIT(*tzp)) | ||
39 | tzp++; | ||
40 | if(tzp == fracp) /* never looped, no digit after [.,] */ | ||
41 | return CURLE_BAD_FUNCTION_ARGUMENT; | ||
42 | - fracl = tzp - fracp - 1; /* number of fractional sec digits */ | ||
43 | + fracl = tzp - fracp; /* number of fractional sec digits */ | ||
44 | DEBUGASSERT(fracl > 0); | ||
45 | /* Strip trailing zeroes in fractional seconds. | ||
46 | * May reduce fracl to 0 if only '0's are present. */ | ||
47 | @@ -526,18 +527,24 @@ static CURLcode GTime2str(struct dynbuf *store, | ||
48 | } | ||
49 | |||
50 | /* Process timezone. */ | ||
51 | - if(tzp >= end) | ||
52 | - ; /* Nothing to do. */ | ||
53 | + if(tzp >= end) { | ||
54 | + tzp = ""; | ||
55 | + tzl = 0; | ||
56 | + } | ||
57 | else if(*tzp == 'Z') { | ||
58 | - tzp = " GMT"; | ||
59 | - end = tzp + 4; | ||
60 | + sep = " "; | ||
61 | + tzp = "GMT"; | ||
62 | + tzl = 3; | ||
63 | + } | ||
64 | + else if((*tzp == '+') || (*tzp == '-')) { | ||
65 | + sep = " UTC"; | ||
66 | + tzl = end - tzp; | ||
67 | } | ||
68 | else { | ||
69 | sep = " "; | ||
70 | - tzp++; | ||
71 | + tzl = end - tzp; | ||
72 | } | ||
73 | |||
74 | - tzl = end - tzp; | ||
75 | return Curl_dyn_addf(store, | ||
76 | "%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", | ||
77 | beg, beg + 4, beg + 6, | ||
78 | @@ -546,6 +553,15 @@ static CURLcode GTime2str(struct dynbuf *store, | ||
79 | sep, (int)tzl, tzp); | ||
80 | } | ||
81 | |||
82 | +#ifdef UNITTESTS | ||
83 | +/* used by unit1656.c */ | ||
84 | +CURLcode Curl_x509_GTime2str(struct dynbuf *store, | ||
85 | + const char *beg, const char *end) | ||
86 | +{ | ||
87 | + return GTime2str(store, beg, end); | ||
88 | +} | ||
89 | +#endif | ||
90 | + | ||
91 | /* | ||
92 | * Convert an ASN.1 UTC time to a printable string. | ||
93 | * | ||
94 | diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h | ||
95 | index 5844460467ccef..5b48596c75910a 100644 | ||
96 | --- a/lib/vtls/x509asn1.h | ||
97 | +++ b/lib/vtls/x509asn1.h | ||
98 | @@ -76,5 +76,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, | ||
99 | const char *beg, const char *end); | ||
100 | CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data, | ||
101 | const char *beg, const char *end); | ||
102 | + | ||
103 | +#ifdef UNITTESTS | ||
104 | +#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ | ||
105 | + defined(USE_MBEDTLS) | ||
106 | + | ||
107 | +/* used by unit1656.c */ | ||
108 | +CURLcode Curl_x509_GTime2str(struct dynbuf *store, | ||
109 | + const char *beg, const char *end); | ||
110 | +#endif | ||
111 | +#endif | ||
112 | + | ||
113 | #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */ | ||
114 | #endif /* HEADER_CURL_X509ASN1_H */ | ||
115 | diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc | ||
116 | index d0e20df4b900c8..792cb16eef20ad 100644 | ||
117 | --- a/tests/data/Makefile.inc | ||
118 | +++ b/tests/data/Makefile.inc | ||
119 | @@ -210,7 +210,7 @@ test1620 test1621 \ | ||
120 | \ | ||
121 | test1630 test1631 test1632 test1633 test1634 test1635 \ | ||
122 | \ | ||
123 | -test1650 test1651 test1652 test1653 test1654 test1655 \ | ||
124 | +test1650 test1651 test1652 test1653 test1654 test1655 test1656 \ | ||
125 | test1660 test1661 test1662 \ | ||
126 | \ | ||
127 | test1670 test1671 \ | ||
128 | diff --git a/tests/data/test1656 b/tests/data/test1656 | ||
129 | new file mode 100644 | ||
130 | index 00000000000000..2fab21be63d7e3 | ||
131 | --- /dev/null | ||
132 | +++ b/tests/data/test1656 | ||
133 | @@ -0,0 +1,22 @@ | ||
134 | +<testcase> | ||
135 | +<info> | ||
136 | +<keywords> | ||
137 | +unittest | ||
138 | +Curl_x509_GTime2str | ||
139 | +</keywords> | ||
140 | +</info> | ||
141 | + | ||
142 | +# | ||
143 | +# Client-side | ||
144 | +<client> | ||
145 | +<server> | ||
146 | +none | ||
147 | +</server> | ||
148 | +<features> | ||
149 | +unittest | ||
150 | +</features> | ||
151 | +<name> | ||
152 | +Curl_x509_GTime2str unit tests | ||
153 | +</name> | ||
154 | +</client> | ||
155 | +</testcase> | ||
156 | diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc | ||
157 | index c402f803509c8a..5b23c2559280f0 100644 | ||
158 | --- a/tests/unit/Makefile.inc | ||
159 | +++ b/tests/unit/Makefile.inc | ||
160 | @@ -36,7 +36,7 @@ UNITPROGS = unit1300 unit1302 unit1303 unit1304 unit1305 unit1307 \ | ||
161 | unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \ | ||
162 | unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 unit1615 \ | ||
163 | unit1620 unit1621 \ | ||
164 | - unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \ | ||
165 | + unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \ | ||
166 | unit1660 unit1661 \ | ||
167 | unit2600 unit2601 unit2602 unit2603 \ | ||
168 | unit3200 | ||
169 | @@ -119,6 +119,8 @@ unit1654_SOURCES = unit1654.c $(UNITFILES) | ||
170 | |||
171 | unit1655_SOURCES = unit1655.c $(UNITFILES) | ||
172 | |||
173 | +unit1656_SOURCES = unit1656.c $(UNITFILES) | ||
174 | + | ||
175 | unit1660_SOURCES = unit1660.c $(UNITFILES) | ||
176 | |||
177 | unit1661_SOURCES = unit1661.c $(UNITFILES) | ||
178 | diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c | ||
179 | new file mode 100644 | ||
180 | index 00000000000000..644e72fc7d6577 | ||
181 | --- /dev/null | ||
182 | +++ b/tests/unit/unit1656.c | ||
183 | @@ -0,0 +1,133 @@ | ||
184 | +/*************************************************************************** | ||
185 | + * _ _ ____ _ | ||
186 | + * Project ___| | | | _ \| | | ||
187 | + * / __| | | | |_) | | | ||
188 | + * | (__| |_| | _ <| |___ | ||
189 | + * \___|\___/|_| \_\_____| | ||
190 | + * | ||
191 | + * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | ||
192 | + * | ||
193 | + * This software is licensed as described in the file COPYING, which | ||
194 | + * you should have received as part of this distribution. The terms | ||
195 | + * are also available at https://curl.se/docs/copyright.html. | ||
196 | + * | ||
197 | + * You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
198 | + * copies of the Software, and permit persons to whom the Software is | ||
199 | + * furnished to do so, under the terms of the COPYING file. | ||
200 | + * | ||
201 | + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
202 | + * KIND, either express or implied. | ||
203 | + * | ||
204 | + * SPDX-License-Identifier: curl | ||
205 | + * | ||
206 | + ***************************************************************************/ | ||
207 | +#include "curlcheck.h" | ||
208 | + | ||
209 | +#include "vtls/x509asn1.h" | ||
210 | + | ||
211 | +static CURLcode unit_setup(void) | ||
212 | +{ | ||
213 | + return CURLE_OK; | ||
214 | +} | ||
215 | + | ||
216 | +static void unit_stop(void) | ||
217 | +{ | ||
218 | + | ||
219 | +} | ||
220 | + | ||
221 | +#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ | ||
222 | + defined(USE_MBEDTLS) | ||
223 | + | ||
224 | +#ifndef ARRAYSIZE | ||
225 | +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) | ||
226 | +#endif | ||
227 | + | ||
228 | +struct test_spec { | ||
229 | + const char *input; | ||
230 | + const char *exp_output; | ||
231 | + CURLcode exp_result; | ||
232 | +}; | ||
233 | + | ||
234 | +static struct test_spec test_specs[] = { | ||
235 | + { "190321134340", "1903-21-13 43:40:00", CURLE_OK }, | ||
236 | + { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, | ||
237 | + { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, | ||
238 | + { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, | ||
239 | + { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, | ||
240 | + { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, | ||
241 | + { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT }, | ||
242 | + { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK }, | ||
243 | + { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK }, | ||
244 | + { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK }, | ||
245 | + { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK }, | ||
246 | + { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK }, | ||
247 | + { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK }, | ||
248 | + { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK }, | ||
249 | + { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK }, | ||
250 | + { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK }, | ||
251 | + { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK }, | ||
252 | + { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK }, | ||
253 | + { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK }, | ||
254 | + { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK }, | ||
255 | + { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK }, | ||
256 | + { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK }, | ||
257 | + { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK }, | ||
258 | + { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK }, | ||
259 | + { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK }, | ||
260 | + { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK }, | ||
261 | +}; | ||
262 | + | ||
263 | +static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf) | ||
264 | +{ | ||
265 | + CURLcode result; | ||
266 | + const char *in = spec->input; | ||
267 | + | ||
268 | + Curl_dyn_reset(dbuf); | ||
269 | + result = Curl_x509_GTime2str(dbuf, in, in + strlen(in)); | ||
270 | + if(result != spec->exp_result) { | ||
271 | + fprintf(stderr, "test %zu: expect result %d, got %d\n", | ||
272 | + i, spec->exp_result, result); | ||
273 | + return FALSE; | ||
274 | + } | ||
275 | + else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) { | ||
276 | + fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n", | ||
277 | + i, in, spec->exp_output, Curl_dyn_ptr(dbuf)); | ||
278 | + return FALSE; | ||
279 | + } | ||
280 | + | ||
281 | + return TRUE; | ||
282 | +} | ||
283 | + | ||
284 | +UNITTEST_START | ||
285 | +{ | ||
286 | + size_t i; | ||
287 | + struct dynbuf dbuf; | ||
288 | + bool all_ok = TRUE; | ||
289 | + | ||
290 | + Curl_dyn_init(&dbuf, 32*1024); | ||
291 | + | ||
292 | + if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { | ||
293 | + fprintf(stderr, "curl_global_init() failed\n"); | ||
294 | + return TEST_ERR_MAJOR_BAD; | ||
295 | + } | ||
296 | + | ||
297 | + for(i = 0; i < ARRAYSIZE(test_specs); ++i) { | ||
298 | + if(!do_test(&test_specs[i], i, &dbuf)) | ||
299 | + all_ok = FALSE; | ||
300 | + } | ||
301 | + fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails"); | ||
302 | + | ||
303 | + Curl_dyn_free(&dbuf); | ||
304 | + curl_global_cleanup(); | ||
305 | +} | ||
306 | +UNITTEST_STOP | ||
307 | + | ||
308 | +#else | ||
309 | + | ||
310 | +UNITTEST_START | ||
311 | +{ | ||
312 | + puts("not tested since Curl_x509_GTime2str() is not built-in"); | ||
313 | +} | ||
314 | +UNITTEST_STOP | ||
315 | + | ||
316 | +#endif | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2024-8096.patch b/meta/recipes-support/curl/curl/CVE-2024-8096.patch new file mode 100644 index 0000000000..a26a6253c9 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-8096.patch | |||
@@ -0,0 +1,207 @@ | |||
1 | From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 20 Aug 2024 16:14:39 +0200 | ||
4 | Subject: [PATCH] gtls: fix OCSP stapling management | ||
5 | |||
6 | Reported-by: Hiroki Kurosawa | ||
7 | Closes #14642 | ||
8 | |||
9 | Upstream-Status: Backport [https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f] | ||
10 | CVE: CVE-2024-8096 | ||
11 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
12 | --- | ||
13 | lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------ | ||
14 | 1 file changed, 73 insertions(+), 73 deletions(-) | ||
15 | |||
16 | diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c | ||
17 | index 6eaa6a8..7dd7df8 100644 | ||
18 | --- a/lib/vtls/gtls.c | ||
19 | +++ b/lib/vtls/gtls.c | ||
20 | @@ -538,6 +538,13 @@ CURLcode gtls_client_init(struct Curl_easy *data, | ||
21 | init_flags |= GNUTLS_NO_TICKETS; | ||
22 | #endif | ||
23 | |||
24 | +#if defined(GNUTLS_NO_STATUS_REQUEST) | ||
25 | + if(!config->verifystatus) | ||
26 | + /* Disable the "status_request" TLS extension, enabled by default since | ||
27 | + GnuTLS 3.8.0. */ | ||
28 | + init_flags |= GNUTLS_NO_STATUS_REQUEST; | ||
29 | +#endif | ||
30 | + | ||
31 | rc = gnutls_init(>ls->session, init_flags); | ||
32 | if(rc != GNUTLS_E_SUCCESS) { | ||
33 | failf(data, "gnutls_init() failed: %d", rc); | ||
34 | @@ -923,104 +930,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, | ||
35 | infof(data, " server certificate verification SKIPPED"); | ||
36 | |||
37 | if(config->verifystatus) { | ||
38 | - if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { | ||
39 | - gnutls_datum_t status_request; | ||
40 | - gnutls_ocsp_resp_t ocsp_resp; | ||
41 | + gnutls_datum_t status_request; | ||
42 | + gnutls_ocsp_resp_t ocsp_resp; | ||
43 | + gnutls_ocsp_cert_status_t status; | ||
44 | + gnutls_x509_crl_reason_t reason; | ||
45 | |||
46 | - gnutls_ocsp_cert_status_t status; | ||
47 | - gnutls_x509_crl_reason_t reason; | ||
48 | + rc = gnutls_ocsp_status_request_get(session, &status_request); | ||
49 | |||
50 | - rc = gnutls_ocsp_status_request_get(session, &status_request); | ||
51 | + if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { | ||
52 | + failf(data, "No OCSP response received"); | ||
53 | + return CURLE_SSL_INVALIDCERTSTATUS; | ||
54 | + } | ||
55 | |||
56 | - infof(data, " server certificate status verification FAILED"); | ||
57 | + if(rc < 0) { | ||
58 | + failf(data, "Invalid OCSP response received"); | ||
59 | + return CURLE_SSL_INVALIDCERTSTATUS; | ||
60 | + } | ||
61 | |||
62 | - if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { | ||
63 | - failf(data, "No OCSP response received"); | ||
64 | - return CURLE_SSL_INVALIDCERTSTATUS; | ||
65 | - } | ||
66 | + gnutls_ocsp_resp_init(&ocsp_resp); | ||
67 | |||
68 | - if(rc < 0) { | ||
69 | - failf(data, "Invalid OCSP response received"); | ||
70 | - return CURLE_SSL_INVALIDCERTSTATUS; | ||
71 | - } | ||
72 | + rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); | ||
73 | + if(rc < 0) { | ||
74 | + failf(data, "Invalid OCSP response received"); | ||
75 | + return CURLE_SSL_INVALIDCERTSTATUS; | ||
76 | + } | ||
77 | |||
78 | - gnutls_ocsp_resp_init(&ocsp_resp); | ||
79 | + (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, | ||
80 | + &status, NULL, NULL, NULL, &reason); | ||
81 | |||
82 | - rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); | ||
83 | - if(rc < 0) { | ||
84 | - failf(data, "Invalid OCSP response received"); | ||
85 | - return CURLE_SSL_INVALIDCERTSTATUS; | ||
86 | - } | ||
87 | + switch(status) { | ||
88 | + case GNUTLS_OCSP_CERT_GOOD: | ||
89 | + break; | ||
90 | |||
91 | - (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, | ||
92 | - &status, NULL, NULL, NULL, &reason); | ||
93 | + case GNUTLS_OCSP_CERT_REVOKED: { | ||
94 | + const char *crl_reason; | ||
95 | |||
96 | - switch(status) { | ||
97 | - case GNUTLS_OCSP_CERT_GOOD: | ||
98 | + switch(reason) { | ||
99 | + default: | ||
100 | + case GNUTLS_X509_CRLREASON_UNSPECIFIED: | ||
101 | + crl_reason = "unspecified reason"; | ||
102 | break; | ||
103 | |||
104 | - case GNUTLS_OCSP_CERT_REVOKED: { | ||
105 | - const char *crl_reason; | ||
106 | - | ||
107 | - switch(reason) { | ||
108 | - default: | ||
109 | - case GNUTLS_X509_CRLREASON_UNSPECIFIED: | ||
110 | - crl_reason = "unspecified reason"; | ||
111 | - break; | ||
112 | - | ||
113 | - case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: | ||
114 | - crl_reason = "private key compromised"; | ||
115 | - break; | ||
116 | - | ||
117 | - case GNUTLS_X509_CRLREASON_CACOMPROMISE: | ||
118 | - crl_reason = "CA compromised"; | ||
119 | - break; | ||
120 | - | ||
121 | - case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: | ||
122 | - crl_reason = "affiliation has changed"; | ||
123 | - break; | ||
124 | + case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: | ||
125 | + crl_reason = "private key compromised"; | ||
126 | + break; | ||
127 | |||
128 | - case GNUTLS_X509_CRLREASON_SUPERSEDED: | ||
129 | - crl_reason = "certificate superseded"; | ||
130 | - break; | ||
131 | + case GNUTLS_X509_CRLREASON_CACOMPROMISE: | ||
132 | + crl_reason = "CA compromised"; | ||
133 | + break; | ||
134 | |||
135 | - case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: | ||
136 | - crl_reason = "operation has ceased"; | ||
137 | - break; | ||
138 | + case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: | ||
139 | + crl_reason = "affiliation has changed"; | ||
140 | + break; | ||
141 | |||
142 | - case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: | ||
143 | - crl_reason = "certificate is on hold"; | ||
144 | - break; | ||
145 | + case GNUTLS_X509_CRLREASON_SUPERSEDED: | ||
146 | + crl_reason = "certificate superseded"; | ||
147 | + break; | ||
148 | |||
149 | - case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: | ||
150 | - crl_reason = "will be removed from delta CRL"; | ||
151 | - break; | ||
152 | + case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: | ||
153 | + crl_reason = "operation has ceased"; | ||
154 | + break; | ||
155 | |||
156 | - case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: | ||
157 | - crl_reason = "privilege withdrawn"; | ||
158 | - break; | ||
159 | + case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: | ||
160 | + crl_reason = "certificate is on hold"; | ||
161 | + break; | ||
162 | |||
163 | - case GNUTLS_X509_CRLREASON_AACOMPROMISE: | ||
164 | - crl_reason = "AA compromised"; | ||
165 | - break; | ||
166 | - } | ||
167 | + case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: | ||
168 | + crl_reason = "will be removed from delta CRL"; | ||
169 | + break; | ||
170 | |||
171 | - failf(data, "Server certificate was revoked: %s", crl_reason); | ||
172 | + case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: | ||
173 | + crl_reason = "privilege withdrawn"; | ||
174 | break; | ||
175 | - } | ||
176 | |||
177 | - default: | ||
178 | - case GNUTLS_OCSP_CERT_UNKNOWN: | ||
179 | - failf(data, "Server certificate status is unknown"); | ||
180 | + case GNUTLS_X509_CRLREASON_AACOMPROMISE: | ||
181 | + crl_reason = "AA compromised"; | ||
182 | break; | ||
183 | } | ||
184 | |||
185 | - gnutls_ocsp_resp_deinit(ocsp_resp); | ||
186 | + failf(data, "Server certificate was revoked: %s", crl_reason); | ||
187 | + break; | ||
188 | + } | ||
189 | + | ||
190 | + default: | ||
191 | + case GNUTLS_OCSP_CERT_UNKNOWN: | ||
192 | + failf(data, "Server certificate status is unknown"); | ||
193 | + break; | ||
194 | + } | ||
195 | |||
196 | + gnutls_ocsp_resp_deinit(ocsp_resp); | ||
197 | + if(status != GNUTLS_OCSP_CERT_GOOD) | ||
198 | return CURLE_SSL_INVALIDCERTSTATUS; | ||
199 | - } | ||
200 | - else | ||
201 | - infof(data, " server certificate status verification OK"); | ||
202 | } | ||
203 | else | ||
204 | infof(data, " server certificate status verification SKIPPED"); | ||
205 | -- | ||
206 | 2.25.1 | ||
207 | |||
diff --git a/meta/recipes-support/curl/curl/run-ptest b/meta/recipes-support/curl/curl/run-ptest index 3d25f3d90b..579b3f4587 100644 --- a/meta/recipes-support/curl/curl/run-ptest +++ b/meta/recipes-support/curl/curl/run-ptest | |||
@@ -7,5 +7,7 @@ cd tests | |||
7 | # Use automake-style output | 7 | # Use automake-style output |
8 | # Run four tests in parallel | 8 | # Run four tests in parallel |
9 | # Print log output on failure | 9 | # Print log output on failure |
10 | |||
10 | # Don't run the flaky or timing dependent tests | 11 | # Don't run the flaky or timing dependent tests |
11 | ./runtests.pl -a -n -am -j4 -p !flaky !timing-dependent | 12 | # Until https://github.com/curl/curl/issues/13350 is resolved, don't run FTP tests |
13 | ./runtests.pl -a -n -am -j4 -p !flaky !timing-dependent !FTP | ||
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index c74416d7e9..d094604ea1 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb | |||
@@ -15,11 +15,16 @@ SRC_URI = " \ | |||
15 | file://run-ptest \ | 15 | file://run-ptest \ |
16 | file://disable-tests \ | 16 | file://disable-tests \ |
17 | file://no-test-timeout.patch \ | 17 | file://no-test-timeout.patch \ |
18 | file://CVE-2024-6197.patch \ | ||
19 | file://CVE-2024-7264-1.patch \ | ||
20 | file://CVE-2024-7264-2.patch \ | ||
21 | file://CVE-2024-8096.patch \ | ||
18 | " | 22 | " |
19 | SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd" | 23 | SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd" |
20 | 24 | ||
21 | # Curl has used many names over the years... | 25 | # Curl has used many names over the years... |
22 | CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" | 26 | CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" |
27 | CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" | ||
23 | 28 | ||
24 | inherit autotools pkgconfig binconfig multilib_header ptest | 29 | inherit autotools pkgconfig binconfig multilib_header ptest |
25 | 30 | ||
@@ -27,8 +32,8 @@ inherit autotools pkgconfig binconfig multilib_header ptest | |||
27 | RANDOM ?= "/dev/urandom" | 32 | RANDOM ?= "/dev/urandom" |
28 | 33 | ||
29 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib" | 34 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib" |
30 | PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" | 35 | PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib aws basic-auth bearer-auth digest-auth negotiate-auth" |
31 | PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" | 36 | PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib aws basic-auth bearer-auth digest-auth negotiate-auth" |
32 | 37 | ||
33 | # 'ares' and 'threaded-resolver' are mutually exclusive | 38 | # 'ares' and 'threaded-resolver' are mutually exclusive |
34 | PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" | 39 | PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" |
@@ -120,6 +125,7 @@ do_install_ptest() { | |||
120 | 125 | ||
121 | RDEPENDS:${PN}-ptest += " \ | 126 | RDEPENDS:${PN}-ptest += " \ |
122 | bash \ | 127 | bash \ |
128 | locale-base-en-us \ | ||
123 | perl-module-b \ | 129 | perl-module-b \ |
124 | perl-module-base \ | 130 | perl-module-base \ |
125 | perl-module-cwd \ | 131 | perl-module-cwd \ |
@@ -135,7 +141,6 @@ RDEPENDS:${PN}-ptest += " \ | |||
135 | perl-module-storable \ | 141 | perl-module-storable \ |
136 | perl-module-time-hires \ | 142 | perl-module-time-hires \ |
137 | " | 143 | " |
138 | RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us" | ||
139 | 144 | ||
140 | PACKAGES =+ "lib${BPN}" | 145 | PACKAGES =+ "lib${BPN}" |
141 | 146 | ||
diff --git a/meta/recipes-support/fribidi/fribidi_1.0.13.bb b/meta/recipes-support/fribidi/fribidi_1.0.14.bb index 5d0476a375..51752096de 100644 --- a/meta/recipes-support/fribidi/fribidi_1.0.13.bb +++ b/meta/recipes-support/fribidi/fribidi_1.0.14.bb | |||
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" | |||
11 | 11 | ||
12 | SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.xz \ | 12 | SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.xz \ |
13 | " | 13 | " |
14 | SRC_URI[sha256sum] = "7fa16c80c81bd622f7b198d31356da139cc318a63fc7761217af4130903f54a2" | 14 | SRC_URI[sha256sum] = "76ae204a7027652ac3981b9fa5817c083ba23114340284c58e756b259cd2259a" |
15 | 15 | ||
16 | inherit meson lib_package pkgconfig github-releases | 16 | inherit meson lib_package pkgconfig github-releases |
17 | 17 | ||
diff --git a/meta/recipes-support/gpgme/gpgme_1.23.2.bb b/meta/recipes-support/gpgme/gpgme_1.23.2.bb index d8807b3af2..55f164e4a9 100644 --- a/meta/recipes-support/gpgme/gpgme_1.23.2.bb +++ b/meta/recipes-support/gpgme/gpgme_1.23.2.bb | |||
@@ -3,11 +3,18 @@ DESCRIPTION = "GnuPG Made Easy (GPGME) is a library designed to make access to G | |||
3 | HOMEPAGE = "http://www.gnupg.org/gpgme.html" | 3 | HOMEPAGE = "http://www.gnupg.org/gpgme.html" |
4 | BUGTRACKER = "https://bugs.g10code.com/gnupg/index" | 4 | BUGTRACKER = "https://bugs.g10code.com/gnupg/index" |
5 | 5 | ||
6 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" | 6 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & GPL-3.0-or-later" |
7 | LICENSE:${PN} = "GPL-2.0-or-later & LGPL-2.1-or-later" | ||
8 | LICENSE:${PN}-cpp = "GPL-2.0-or-later & LGPL-2.1-or-later" | ||
9 | LICENSE:${PN}-tool = "GPL-3.0-or-later" | ||
10 | LICENSE:python3-gpg = "GPL-2.0-or-later & LGPL-2.1-or-later" | ||
11 | |||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ | 12 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ |
8 | file://COPYING.LESSER;md5=bbb461211a33b134d42ed5ee802b37ff \ | 13 | file://COPYING.LESSER;md5=bbb461211a33b134d42ed5ee802b37ff \ |
9 | file://src/gpgme.h.in;endline=23;md5=2f0bf06d1c7dcb28532a9d0f94a7ca1d \ | 14 | file://src/gpgme.h.in;endline=23;md5=2f0bf06d1c7dcb28532a9d0f94a7ca1d \ |
10 | file://src/engine.h;endline=22;md5=4b6d8ba313d9b564cc4d4cfb1640af9d" | 15 | file://src/engine.h;endline=22;md5=4b6d8ba313d9b564cc4d4cfb1640af9d \ |
16 | file://src/gpgme-tool.c;endline=21;md5=66c5381e0e05475792e24982d15e7ce8 \ | ||
17 | " | ||
11 | 18 | ||
12 | UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" | 19 | UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" |
13 | SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \ | 20 | SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \ |
@@ -33,6 +40,8 @@ RDEPENDS:${PN}-cpp += "libstdc++" | |||
33 | 40 | ||
34 | RDEPENDS:python3-gpg += "python3-unixadmin" | 41 | RDEPENDS:python3-gpg += "python3-unixadmin" |
35 | 42 | ||
43 | RRECOMMENDS:${PN} += "${PN}-tool" | ||
44 | |||
36 | BINCONFIG = "${bindir}/gpgme-config" | 45 | BINCONFIG = "${bindir}/gpgme-config" |
37 | 46 | ||
38 | # Default in configure.ac: "cl cpp python qt" | 47 | # Default in configure.ac: "cl cpp python qt" |
@@ -61,9 +70,10 @@ export PKG_CONFIG='pkg-config' | |||
61 | 70 | ||
62 | BBCLASSEXTEND = "native nativesdk" | 71 | BBCLASSEXTEND = "native nativesdk" |
63 | 72 | ||
64 | PACKAGES =+ "${PN}-cpp python3-gpg" | 73 | PACKAGES =+ "${PN}-cpp ${PN}-tool python3-gpg" |
65 | 74 | ||
66 | FILES:${PN}-cpp = "${libdir}/libgpgmepp.so.*" | 75 | FILES:${PN}-cpp = "${libdir}/libgpgmepp.so.*" |
76 | FILES:${PN}-tool = "${bindir}/gpgme-tool" | ||
67 | FILES:python3-gpg = "${PYTHON_SITEPACKAGES_DIR}/*" | 77 | FILES:python3-gpg = "${PYTHON_SITEPACKAGES_DIR}/*" |
68 | FILES:${PN}-dev += "${datadir}/common-lisp/source/gpgme/*" | 78 | FILES:${PN}-dev += "${datadir}/common-lisp/source/gpgme/*" |
69 | 79 | ||
diff --git a/meta/recipes-support/libcap-ng/files/0001-Fix-python-path-when-invoking-py-compile-54.patch b/meta/recipes-support/libcap-ng/files/0001-Fix-python-path-when-invoking-py-compile-54.patch new file mode 100644 index 0000000000..a0452ad53d --- /dev/null +++ b/meta/recipes-support/libcap-ng/files/0001-Fix-python-path-when-invoking-py-compile-54.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 1fe7c1cfeea00ba4eb903fbb39b74361594d4835 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jan Palus <jpalus@fastmail.com> | ||
3 | Date: Wed, 10 Apr 2024 21:30:51 +0200 | ||
4 | Subject: [PATCH] Fix python path when invoking py-compile (#54) | ||
5 | |||
6 | 48eebb2 replaced custom PYTHON3 variable with PYTHON by using standard | ||
7 | AM_PATH_PYTHON macro. Makefile however still referred to old one. | ||
8 | There's no need to set PYTHON explicitly anymore so drop it. | ||
9 | |||
10 | Fixes #53 | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | [https://github.com/stevegrubb/libcap-ng/commit/1fe7c1cfeea00ba4eb903fbb39b74361594d4835] | ||
14 | |||
15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
16 | --- | ||
17 | bindings/python3/Makefile.am | 1 - | ||
18 | 1 file changed, 1 deletion(-) | ||
19 | |||
20 | diff --git a/bindings/python3/Makefile.am b/bindings/python3/Makefile.am | ||
21 | index 70a1dd8..6072fc2 100644 | ||
22 | --- a/bindings/python3/Makefile.am | ||
23 | +++ b/bindings/python3/Makefile.am | ||
24 | @@ -27,7 +27,6 @@ AM_CPPFLAGS = -I. -I$(top_builddir) $(PYTHON3_INCLUDES) | ||
25 | LIBS = ${top_builddir}/src/libcap-ng.la | ||
26 | SWIG_FLAGS = -python | ||
27 | SWIG_INCLUDES = ${AM_CPPFLAGS} | ||
28 | -PYTHON = $(PYTHON3) | ||
29 | pyexec_PYTHON = capng.py | ||
30 | pyexec_LTLIBRARIES = _capng.la | ||
31 | pyexec_SOLIBRARIES = _capng.so | ||
32 | -- | ||
33 | 2.25.1 | ||
34 | |||
diff --git a/meta/recipes-support/libcap-ng/files/fix-issues-with-swig-4-2.patch b/meta/recipes-support/libcap-ng/files/fix-issues-with-swig-4-2.patch deleted file mode 100644 index fb424fe725..0000000000 --- a/meta/recipes-support/libcap-ng/files/fix-issues-with-swig-4-2.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | From 355eada2d20886287cffc16e304087dd6f66ae37 Mon Sep 17 00:00:00 2001 | ||
2 | From: Steve Grubb <ausearch.1@gmail.com> | ||
3 | Date: Thu, 4 Jan 2024 15:06:29 -0500 | ||
4 | Subject: [PATCH] Remove python global exception handler since its deprecated | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/stevegrubb/libcap-ng/commit/30453b6553948cd05c438f9f509013e3bb84f25b] | ||
7 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
8 | --- | ||
9 | bindings/src/capng_swig.i | 7 ------- | ||
10 | 1 file changed, 7 deletions(-) | ||
11 | |||
12 | diff --git a/bindings/src/capng_swig.i b/bindings/src/capng_swig.i | ||
13 | index fcdaf18..fa85e13 100644 | ||
14 | --- a/bindings/src/capng_swig.i | ||
15 | +++ b/bindings/src/capng_swig.i | ||
16 | @@ -30,13 +30,6 @@ | ||
17 | |||
18 | %varargs(16, signed capability = 0) capng_updatev; | ||
19 | |||
20 | -%except(python) { | ||
21 | - $action | ||
22 | - if (result < 0) { | ||
23 | - PyErr_SetFromErrno(PyExc_OSError); | ||
24 | - return NULL; | ||
25 | - } | ||
26 | -} | ||
27 | #endif | ||
28 | |||
29 | %define __signed__ | ||
30 | -- | ||
31 | 2.43.2 | ||
32 | |||
diff --git a/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.4.bb b/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.5.bb index 4790134ae9..ffde03963f 100644 --- a/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.4.bb +++ b/meta/recipes-support/libcap-ng/libcap-ng-python_0.8.5.bb | |||
@@ -9,8 +9,6 @@ inherit lib_package autotools python3targetconfig | |||
9 | # drop setuptools when version > 0.8.3 is released; it's needed only for distutils | 9 | # drop setuptools when version > 0.8.3 is released; it's needed only for distutils |
10 | DEPENDS += "libcap-ng python3 swig-native python3-setuptools-native" | 10 | DEPENDS += "libcap-ng python3 swig-native python3-setuptools-native" |
11 | 11 | ||
12 | S = "${WORKDIR}/libcap-ng-${PV}" | ||
13 | |||
14 | EXTRA_OECONF += "--with-python3" | 12 | EXTRA_OECONF += "--with-python3" |
15 | 13 | ||
16 | do_install:append() { | 14 | do_install:append() { |
diff --git a/meta/recipes-support/libcap-ng/libcap-ng.inc b/meta/recipes-support/libcap-ng/libcap-ng.inc index 845b7c2f0a..e4be030834 100644 --- a/meta/recipes-support/libcap-ng/libcap-ng.inc +++ b/meta/recipes-support/libcap-ng/libcap-ng.inc | |||
@@ -7,11 +7,15 @@ LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" | |||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ | 7 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ |
8 | file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" | 8 | file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" |
9 | 9 | ||
10 | SRC_URI = "https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \ | 10 | SRC_URI = "git://github.com/stevegrubb/libcap-ng.git;protocol=https;branch=master \ |
11 | file://fix-issues-with-swig-4-2.patch \ | 11 | file://0001-Fix-python-path-when-invoking-py-compile-54.patch \ |
12 | " | 12 | " |
13 | SRCREV = "f5d39702622208b3ada064d7b2eaeaf1454c9bd3" | ||
14 | S = "${WORKDIR}/git" | ||
13 | 15 | ||
14 | SRC_URI[sha256sum] = "68581d3b38e7553cb6f6ddf7813b1fc99e52856f21421f7b477ce5abd2605a8a" | 16 | do_configure:prepend() { |
17 | touch ${S}/NEWS | ||
18 | } | ||
15 | 19 | ||
16 | EXTRA_OECONF:append:class-target = " --with-capability_header=${STAGING_INCDIR}/linux/capability.h" | 20 | EXTRA_OECONF:append:class-target = " --with-capability_header=${STAGING_INCDIR}/linux/capability.h" |
17 | EXTRA_OECONF:append:class-nativesdk = " --with-capability_header=${STAGING_INCDIR}/linux/capability.h" | 21 | EXTRA_OECONF:append:class-nativesdk = " --with-capability_header=${STAGING_INCDIR}/linux/capability.h" |
diff --git a/meta/recipes-support/libcap-ng/libcap-ng_0.8.4.bb b/meta/recipes-support/libcap-ng/libcap-ng_0.8.5.bb index 3dbe3e2ffd..3dbe3e2ffd 100644 --- a/meta/recipes-support/libcap-ng/libcap-ng_0.8.4.bb +++ b/meta/recipes-support/libcap-ng/libcap-ng_0.8.5.bb | |||
diff --git a/meta/recipes-support/libnl/libnl_3.9.0.bb b/meta/recipes-support/libnl/libnl_3.9.0.bb index db9d93e8cb..b2825374cf 100644 --- a/meta/recipes-support/libnl/libnl_3.9.0.bb +++ b/meta/recipes-support/libnl/libnl_3.9.0.bb | |||
@@ -4,7 +4,7 @@ APIs to netlink protocol based Linux kernel interfaces. libnl is the core \ | |||
4 | library implementing the fundamentals required to use the netlink protocol \ | 4 | library implementing the fundamentals required to use the netlink protocol \ |
5 | such as socket handling, message construction and parsing, and sending \ | 5 | such as socket handling, message construction and parsing, and sending \ |
6 | and receiving of data." | 6 | and receiving of data." |
7 | HOMEPAGE = "http://www.infradead.org/~tgr/libnl/" | 7 | HOMEPAGE = "https://github.com/thom311/libnl" |
8 | SECTION = "libs/network" | 8 | SECTION = "libs/network" |
9 | 9 | ||
10 | PE = "1" | 10 | PE = "1" |
diff --git a/meta/recipes-support/libyaml/libyaml_0.2.5.bb b/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 4cb5717ece..aa7fc5e914 100644 --- a/meta/recipes-support/libyaml/libyaml_0.2.5.bb +++ b/meta/recipes-support/libyaml/libyaml_0.2.5.bb | |||
@@ -18,4 +18,8 @@ inherit autotools | |||
18 | DISABLE_STATIC:class-nativesdk = "" | 18 | DISABLE_STATIC:class-nativesdk = "" |
19 | DISABLE_STATIC:class-native = "" | 19 | DISABLE_STATIC:class-native = "" |
20 | 20 | ||
21 | CVE_STATUS[CVE-2024-35325] = "upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303" | ||
22 | CVE_STATUS[CVE-2024-35326] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302" | ||
23 | CVE_STATUS[CVE-2024-35328] = "upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302" | ||
24 | |||
21 | BBCLASSEXTEND = "native nativesdk" | 25 | BBCLASSEXTEND = "native nativesdk" |
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb index f0aa3ff93f..5b66e3badf 100644 --- a/meta/recipes-support/rng-tools/rng-tools_6.16.bb +++ b/meta/recipes-support/rng-tools/rng-tools_6.16.bb | |||
@@ -67,3 +67,7 @@ do_install:append() { | |||
67 | ${D}${systemd_system_unitdir}/rng-tools.service | 67 | ${D}${systemd_system_unitdir}/rng-tools.service |
68 | fi | 68 | fi |
69 | } | 69 | } |
70 | |||
71 | # libargp detection fails | ||
72 | # http://errors.yoctoproject.org/Errors/Details/766951/ | ||
73 | CFLAGS += "-Wno-error=incompatible-pointer-types" | ||
diff --git a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch deleted file mode 100644 index 5284ba45b6..0000000000 --- a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From 38de4bccdb8a861ffdd447f12fdab19d6d852c02 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chong Lu <Chong.Lu@windriver.com> | ||
3 | Date: Tue, 26 Jun 2018 17:34:15 +0800 | ||
4 | Subject: [PATCH] vim: add knob whether elf.h are checked | ||
5 | |||
6 | Previously, it still was checked when there was no elf library in sysroots directory. | ||
7 | Add knob to decide whether elf.h are checked or not. | ||
8 | |||
9 | Upstream-Status: Pending | ||
10 | |||
11 | Signed-off-by: Chong Lu <Chong.Lu@windriver.com> | ||
12 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
13 | --- | ||
14 | src/configure.ac | 7 +++++++ | ||
15 | 1 file changed, 7 insertions(+) | ||
16 | |||
17 | Index: git/src/configure.ac | ||
18 | =================================================================== | ||
19 | --- git.orig/src/configure.ac | ||
20 | +++ git/src/configure.ac | ||
21 | @@ -3264,11 +3264,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [in | ||
22 | AC_MSG_RESULT(no)) | ||
23 | |||
24 | dnl Checks for header files. | ||
25 | +AC_MSG_CHECKING(whether or not to look for elf.h) | ||
26 | +AC_ARG_ENABLE(elf-check, | ||
27 | + [ --enable-elf-check If elfutils, check for elf.h [default=no]], | ||
28 | + , enable_elf_check="no") | ||
29 | +AC_MSG_RESULT($enable_elf_check) | ||
30 | +if test "x$enable_elf_check" != "xno"; then | ||
31 | AC_CHECK_HEADER(elf.h, HAS_ELF=1) | ||
32 | dnl AC_CHECK_HEADER(dwarf.h, SVR4=1) | ||
33 | if test "$HAS_ELF" = 1; then | ||
34 | AC_CHECK_LIB(elf, main) | ||
35 | fi | ||
36 | +fi | ||
37 | |||
38 | AC_HEADER_DIRENT | ||
39 | |||
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 071deed338..11daa900d2 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc | |||
@@ -14,13 +14,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d1a651ab770b45d41c0f8cb5a8ca930e" | |||
14 | 14 | ||
15 | SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ | 15 | SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ |
16 | file://disable_acl_header_check.patch \ | 16 | file://disable_acl_header_check.patch \ |
17 | file://vim-add-knob-whether-elf.h-are-checked.patch \ | ||
18 | file://0001-src-Makefile-improve-reproducibility.patch \ | 17 | file://0001-src-Makefile-improve-reproducibility.patch \ |
19 | file://no-path-adjust.patch \ | 18 | file://no-path-adjust.patch \ |
20 | " | 19 | " |
21 | 20 | ||
22 | PV .= ".0114" | 21 | PV .= ".0698" |
23 | SRCREV = "fcaed6a70faf73bff3e5405ada556d726024f866" | 22 | SRCREV = "d56c451e1c05310562c5282352d7bb287c16323c" |
24 | 23 | ||
25 | # Do not consider .z in x.y.z, as that is updated with every commit | 24 | # Do not consider .z in x.y.z, as that is updated with every commit |
26 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" | 25 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0" |
diff --git a/meta/recipes-support/vte/vte/CVE-2024-37535-01.patch b/meta/recipes-support/vte/vte/CVE-2024-37535-01.patch new file mode 100644 index 0000000000..d18a3380af --- /dev/null +++ b/meta/recipes-support/vte/vte/CVE-2024-37535-01.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From 036bc3ddcbb56f05c6ca76712a53b89dee1369e2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Christian Persch <chpe@src.gnome.org> | ||
3 | Date: Sun, 2 Jun 2024 19:19:35 +0200 | ||
4 | Subject: [PATCH] emulation: Restrict resize request to sane numbers | ||
5 | |||
6 | Fixes: https://gitlab.gnome.org/GNOME/vte/-/issues/2786 | ||
7 | (cherry picked from commit fd5511f24b7269195a7083f409244e9787c705dc) | ||
8 | |||
9 | |||
10 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2] | ||
11 | CVE: CVE-2024-37535 | ||
12 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
13 | --- | ||
14 | src/vteseq.cc | 20 ++++++++++++-------- | ||
15 | 1 file changed, 12 insertions(+), 8 deletions(-) | ||
16 | |||
17 | diff --git a/src/vteseq.cc b/src/vteseq.cc | ||
18 | index 8d1c2e1..1c73dad 100644 | ||
19 | --- a/src/vteseq.cc | ||
20 | +++ b/src/vteseq.cc | ||
21 | @@ -208,9 +208,18 @@ Terminal::emit_bell() | ||
22 | /* Emit a "resize-window" signal. (Grid size.) */ | ||
23 | void | ||
24 | Terminal::emit_resize_window(guint columns, | ||
25 | - guint rows) | ||
26 | -{ | ||
27 | - _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n"); | ||
28 | + guint rows) | ||
29 | +{ | ||
30 | + // Ignore resizes with excessive number of rows or columns, | ||
31 | + // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786 | ||
32 | + if (columns < VTE_MIN_GRID_WIDTH || | ||
33 | + columns > 511 || | ||
34 | + rows < VTE_MIN_GRID_HEIGHT || | ||
35 | + rows > 511) | ||
36 | + return; | ||
37 | + | ||
38 | + _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n", | ||
39 | + columns, rows); | ||
40 | g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows); | ||
41 | } | ||
42 | |||
43 | @@ -4457,8 +4466,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq) | ||
44 | else if (param < 24) | ||
45 | return; | ||
46 | |||
47 | - _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param); | ||
48 | - | ||
49 | emit_resize_window(m_column_count, param); | ||
50 | } | ||
51 | |||
52 | @@ -8917,9 +8924,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq) | ||
53 | seq.collect(1, {&height, &width}); | ||
54 | |||
55 | if (width != -1 && height != -1) { | ||
56 | - _vte_debug_print(VTE_DEBUG_EMULATION, | ||
57 | - "Resizing window to %d columns, %d rows.\n", | ||
58 | - width, height); | ||
59 | emit_resize_window(width, height); | ||
60 | } | ||
61 | break; | ||
62 | -- | ||
63 | 2.25.1 | ||
64 | |||
diff --git a/meta/recipes-support/vte/vte/CVE-2024-37535-02.patch b/meta/recipes-support/vte/vte/CVE-2024-37535-02.patch new file mode 100644 index 0000000000..032e00fb5c --- /dev/null +++ b/meta/recipes-support/vte/vte/CVE-2024-37535-02.patch | |||
@@ -0,0 +1,85 @@ | |||
1 | rom c313849c2e5133802e21b13fa0b141b360171d39 Mon Sep 17 00:00:00 2001 | ||
2 | From: Christian Persch <chpe@src.gnome.org> | ||
3 | Date: Sun, 2 Jun 2024 19:19:35 +0200 | ||
4 | Subject: [PATCH] widget: Add safety limit to widget size requests | ||
5 | |||
6 | https://gitlab.gnome.org/GNOME/vte/-/issues/2786 | ||
7 | (cherry picked from commit 1803ba866053a3d7840892b9d31fe2944a183eda) | ||
8 | |||
9 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39] | ||
10 | CVE: CVE-2024-37535 | ||
11 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
12 | --- | ||
13 | src/vtegtk.cc | 35 +++++++++++++++++++++++++++++++++++ | ||
14 | 1 file changed, 35 insertions(+) | ||
15 | |||
16 | diff --git a/src/vtegtk.cc b/src/vtegtk.cc | ||
17 | index 0f4641d..060d27e 100644 | ||
18 | --- a/src/vtegtk.cc | ||
19 | +++ b/src/vtegtk.cc | ||
20 | @@ -91,6 +91,38 @@ | ||
21 | template<typename T> | ||
22 | constexpr bool check_enum_value(T value) noexcept; | ||
23 | |||
24 | +static inline void | ||
25 | +sanitise_widget_size_request(int* minimum, | ||
26 | + int* natural) noexcept | ||
27 | +{ | ||
28 | + // Overly large size requests will make gtk happily allocate | ||
29 | + // a window size over the window system's limits (see | ||
30 | + // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786), | ||
31 | + // leading to aborting the whole process. | ||
32 | + // The toolkit should be in a better position to know about | ||
33 | + // these limits and not exceed them (which here is certainly | ||
34 | + // possible since our minimum sizes are very small), let's | ||
35 | + // limit the widget's size request to some large value | ||
36 | + // that hopefully is within the absolute limits of | ||
37 | + // the window system (assumed here to be int16 range, | ||
38 | + // and leaving some space for the widgets that contain | ||
39 | + // the terminal). | ||
40 | + auto const limit = (1 << 15) - (1 << 12); | ||
41 | + | ||
42 | + if (*minimum > limit || *natural > limit) { | ||
43 | + static auto warned = false; | ||
44 | + | ||
45 | + if (!warned) { | ||
46 | + g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n", | ||
47 | + *minimum, *natural); | ||
48 | + warned = true; | ||
49 | + } | ||
50 | + } | ||
51 | + | ||
52 | + *minimum = std::min(*minimum, limit); | ||
53 | + *natural = std::clamp(*natural, *minimum, limit); | ||
54 | +} | ||
55 | + | ||
56 | struct _VteTerminalClassPrivate { | ||
57 | GtkStyleProvider *style_provider; | ||
58 | }; | ||
59 | @@ -497,6 +529,7 @@ try | ||
60 | { | ||
61 | VteTerminal *terminal = VTE_TERMINAL(widget); | ||
62 | WIDGET(terminal)->get_preferred_width(minimum_width, natural_width); | ||
63 | + sanitise_widget_size_request(minimum_width, natural_width); | ||
64 | } | ||
65 | catch (...) | ||
66 | { | ||
67 | @@ -511,6 +544,7 @@ try | ||
68 | { | ||
69 | VteTerminal *terminal = VTE_TERMINAL(widget); | ||
70 | WIDGET(terminal)->get_preferred_height(minimum_height, natural_height); | ||
71 | + sanitise_widget_size_request(minimum_height, natural_height); | ||
72 | } | ||
73 | catch (...) | ||
74 | { | ||
75 | @@ -748,6 +782,7 @@ try | ||
76 | WIDGET(terminal)->measure(orientation, for_size, | ||
77 | minimum, natural, | ||
78 | minimum_baseline, natural_baseline); | ||
79 | + sanitise_widget_size_request(minimum, natural); | ||
80 | } | ||
81 | catch (...) | ||
82 | { | ||
83 | -- | ||
84 | 2.25.1 | ||
85 | |||
diff --git a/meta/recipes-support/vte/vte_0.74.2.bb b/meta/recipes-support/vte/vte_0.74.2.bb index d8eafde2fb..af9ff1bb1d 100644 --- a/meta/recipes-support/vte/vte_0.74.2.bb +++ b/meta/recipes-support/vte/vte_0.74.2.bb | |||
@@ -18,7 +18,10 @@ GIDOCGEN_MESON_OPTION = "docs" | |||
18 | 18 | ||
19 | inherit gnomebase gi-docgen features_check upstream-version-is-even gobject-introspection systemd vala | 19 | inherit gnomebase gi-docgen features_check upstream-version-is-even gobject-introspection systemd vala |
20 | 20 | ||
21 | SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch" | 21 | SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ |
22 | file://CVE-2024-37535-01.patch \ | ||
23 | file://CVE-2024-37535-02.patch \ | ||
24 | " | ||
22 | SRC_URI[archive.sha256sum] = "a535fb2a98fea8a2449cd1a02cccf5190131dddff52e715afdace3feb536eae7" | 25 | SRC_URI[archive.sha256sum] = "a535fb2a98fea8a2449cd1a02cccf5190131dddff52e715afdace3feb536eae7" |
23 | 26 | ||
24 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" | 27 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |