summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xbitbake/bin/bitbake-worker12
-rw-r--r--bitbake/lib/bb/build.py6
-rw-r--r--bitbake/lib/bb/cache.py3
-rw-r--r--bitbake/lib/bb/cooker.py30
-rw-r--r--bitbake/lib/bb/data_smart.py4
-rw-r--r--bitbake/lib/bb/fetch2/__init__.py6
-rw-r--r--bitbake/lib/bb/fetch2/git.py25
-rw-r--r--bitbake/lib/bb/fetch2/npmsw.py4
-rw-r--r--bitbake/lib/bb/fetch2/perforce.py2
-rw-r--r--bitbake/lib/bb/fetch2/wget.py2
-rw-r--r--bitbake/lib/bb/persist_data.py5
-rw-r--r--bitbake/lib/bb/runqueue.py34
-rw-r--r--bitbake/lib/bb/server/process.py2
-rw-r--r--bitbake/lib/bb/tests/fetch.py32
-rw-r--r--bitbake/lib/bb/tests/runqueue.py2
-rw-r--r--bitbake/lib/hashserv/server.py4
-rw-r--r--bitbake/lib/toaster/tests/builds/buildtest.py2
-rw-r--r--documentation/conf.py2
-rw-r--r--documentation/poky.yaml11
-rw-r--r--documentation/ref-manual/migration-3.0.rst5
-rw-r--r--documentation/releases.rst23
-rw-r--r--meta-poky/conf/distro/poky.conf2
-rw-r--r--meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb2
-rw-r--r--meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded2
-rw-r--r--meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb2
-rw-r--r--meta/classes/cross-canadian.bbclass2
-rw-r--r--meta/classes/devupstream.bbclass2
-rw-r--r--meta/classes/externalsrc.bbclass9
-rw-r--r--meta/classes/mirrors.bbclass2
-rw-r--r--meta/classes/package.bbclass6
-rw-r--r--meta/classes/patch.bbclass7
-rw-r--r--meta/classes/reproducible_build.bbclass11
-rw-r--r--meta/classes/sstate.bbclass18
-rw-r--r--meta/classes/testimage.bbclass7
-rw-r--r--meta/classes/uninative.bbclass2
-rw-r--r--meta/conf/distro/include/default-distrovars.inc2
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc10
-rw-r--r--meta/conf/multilib.conf2
-rw-r--r--meta/lib/oe/utils.py3
-rw-r--r--meta/lib/oeqa/manual/eclipse-plugin.json6
-rw-r--r--meta/lib/oeqa/selftest/cases/bbtests.py4
-rw-r--r--meta/lib/oeqa/selftest/cases/devtool.py4
-rw-r--r--meta/lib/oeqa/selftest/cases/fetch.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/glibc.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/recipetool.py6
-rw-r--r--meta/lib/oeqa/selftest/cases/sstatetests.py2
-rw-r--r--meta/recipes-bsp/efibootmgr/efibootmgr_17.bb2
-rw-r--r--meta/recipes-bsp/efivar/efivar_37.bb2
-rw-r--r--meta/recipes-bsp/opensbi/opensbi_0.9.bb2
-rw-r--r--meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb2
-rw-r--r--meta/recipes-bsp/u-boot/u-boot-common.inc2
-rw-r--r--meta/recipes-connectivity/avahi/files/local-ping.patch1
-rw-r--r--meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch76
-rw-r--r--meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch65
-rw-r--r--meta/recipes-connectivity/bind/bind_9.16.16.bb2
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome_0.7.bb2
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch67
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils_2.0.bb1
-rw-r--r--meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb2
-rw-r--r--meta/recipes-connectivity/libuv/libuv_1.41.0.bb2
-rw-r--r--meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb2
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch49
-rw-r--r--meta/recipes-connectivity/openssh/openssh_8.5p1.bb1
-rw-r--r--meta/recipes-core/dbus-wait/dbus-wait_git.bb2
-rw-r--r--meta/recipes-core/fts/fts_1.2.7.bb2
-rw-r--r--meta/recipes-core/glibc/cross-localedef-native_2.33.bb2
-rw-r--r--meta/recipes-core/glibc/glibc-version.inc2
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch40
-rw-r--r--meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch49
-rw-r--r--meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch147
-rw-r--r--meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch116
-rw-r--r--meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch58
-rw-r--r--meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch185
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch174
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-27645.patch51
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch76
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch61
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-35942.patch44
-rw-r--r--meta/recipes-core/glibc/glibc_2.33.bb10
-rw-r--r--meta/recipes-core/ifupdown/ifupdown_0.8.36.bb2
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/initscripts/init-system-helpers_1.60.bb2
-rw-r--r--meta/recipes-core/libxcrypt/libxcrypt.inc2
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.10.bb2
-rw-r--r--meta/recipes-core/musl/libucontext_git.bb2
-rw-r--r--meta/recipes-core/musl/musl-obstack.bb2
-rw-r--r--meta/recipes-core/musl/musl-utils.bb2
-rw-r--r--meta/recipes-core/musl/musl_git.bb2
-rw-r--r--meta/recipes-core/ncurses/files/CVE-2021-39537.patch65
-rw-r--r--meta/recipes-core/ncurses/ncurses.inc2
-rw-r--r--meta/recipes-core/ncurses/ncurses_6.2.bb1
-rw-r--r--meta/recipes-core/netbase/netbase_6.2.bb2
-rw-r--r--meta/recipes-core/psplash/psplash_git.bb2
-rw-r--r--meta/recipes-core/systemd/systemd.inc2
-rw-r--r--meta/recipes-core/update-rc.d/update-rc.d_0.8.bb2
-rw-r--r--meta/recipes-core/util-linux/util-linux_2.36.2.bb2
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.36.inc2
-rw-r--r--meta/recipes-devtools/binutils/binutils/0017-CVE-2021-3530.patch102
-rw-r--r--meta/recipes-devtools/binutils/binutils/0018-CVE-2021-3530.patch64
-rw-r--r--meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb8
-rw-r--r--meta/recipes-devtools/btrfs-tools/btrfs-tools_5.10.1.bb2
-rw-r--r--meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb2
-rw-r--r--meta/recipes-devtools/distcc/distcc_3.3.5.bb2
-rw-r--r--meta/recipes-devtools/dnf/dnf_4.6.0.bb2
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs.inc2
-rw-r--r--meta/recipes-devtools/file/file_5.39.bb2
-rw-r--r--meta/recipes-devtools/gcc/gcc-10.2.inc4
-rw-r--r--meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch138
-rw-r--r--meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch40
-rw-r--r--meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch103
-rw-r--r--meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch304
-rw-r--r--meta/recipes-devtools/glide/glide_0.13.3.bb2
-rw-r--r--meta/recipes-devtools/gnu-config/gnu-config_git.bb2
-rw-r--r--meta/recipes-devtools/go/go-1.16.8.inc (renamed from meta/recipes-devtools/go/go-1.16.7.inc)4
-rw-r--r--meta/recipes-devtools/go/go-binary-native_1.16.8.bb (renamed from meta/recipes-devtools/go/go-binary-native_1.16.7.bb)4
-rw-r--r--meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb (renamed from meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-cross_1.16.8.bb (renamed from meta/recipes-devtools/go/go-cross_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-crosssdk_1.16.8.bb (renamed from meta/recipes-devtools/go/go-crosssdk_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-native_1.16.8.bb (renamed from meta/recipes-devtools/go/go-native_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-runtime_1.16.8.bb (renamed from meta/recipes-devtools/go/go-runtime_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go_1.16.8.bb (renamed from meta/recipes-devtools/go/go_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/libcomps/libcomps_0.1.15.bb2
-rw-r--r--meta/recipes-devtools/libdnf/libdnf_0.58.0.bb2
-rw-r--r--meta/recipes-devtools/librepo/librepo_1.13.0.bb2
-rw-r--r--meta/recipes-devtools/llvm/llvm_git.bb6
-rw-r--r--meta/recipes-devtools/m4/m4-1.4.18.inc1
-rw-r--r--meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch84
-rw-r--r--meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch431
-rw-r--r--meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb1
-rw-r--r--meta/recipes-devtools/mtd/mtd-utils_git.bb2
-rw-r--r--meta/recipes-devtools/ninja/ninja_1.10.2.bb2
-rw-r--r--meta/recipes-devtools/patchelf/patchelf_0.12.bb2
-rwxr-xr-xmeta/recipes-devtools/pseudo/files/build-oldlibc20
-rw-r--r--meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch57
-rw-r--r--meta/recipes-devtools/pseudo/pseudo_git.bb9
-rw-r--r--meta/recipes-devtools/python/python3/makerace.patch23
-rw-r--r--meta/recipes-devtools/python/python3_3.9.5.bb1
-rw-r--r--meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch57
-rw-r--r--meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch28
-rw-r--r--meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch62
-rw-r--r--meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch332
-rw-r--r--meta/recipes-devtools/rpm/rpm_4.16.1.3.bb9
-rw-r--r--meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch35
-rw-r--r--meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch28
-rw-r--r--meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch28
-rw-r--r--meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch67
-rw-r--r--meta/recipes-devtools/ruby/ruby_3.0.1.bb4
-rw-r--r--meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch135
-rw-r--r--meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch109
-rw-r--r--meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch330
-rw-r--r--meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch316
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb6
-rwxr-xr-xmeta/recipes-devtools/strace/strace/run-ptest9
-rw-r--r--meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb2
-rw-r--r--meta/recipes-devtools/tcf-agent/tcf-agent_git.bb2
-rw-r--r--meta/recipes-devtools/unfs3/unfs3_git.bb2
-rw-r--r--meta/recipes-extended/bzip2/bzip2_1.0.8.bb2
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch238
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb1
-rw-r--r--meta/recipes-extended/go-examples/go-helloworld_0.1.bb2
-rw-r--r--meta/recipes-extended/iputils/iputils_s20200821.bb2
-rw-r--r--meta/recipes-extended/libaio/libaio_0.3.112.bb2
-rw-r--r--meta/recipes-extended/libnsl/libnsl2_git.bb2
-rw-r--r--meta/recipes-extended/libnss-nis/libnss-nis.bb2
-rw-r--r--meta/recipes-extended/libsolv/libsolv_0.7.17.bb2
-rw-r--r--meta/recipes-extended/ltp/ltp_20210121.bb2
-rw-r--r--meta/recipes-extended/net-tools/net-tools_2.10.bb2
-rw-r--r--meta/recipes-extended/newt/libnewt_0.52.21.bb2
-rw-r--r--meta/recipes-extended/procps/procps_3.3.17.bb2
-rw-r--r--meta/recipes-extended/psmisc/psmisc_23.4.bb2
-rw-r--r--meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb2
-rw-r--r--meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb2
-rw-r--r--meta/recipes-extended/timezone/timezone.inc7
-rw-r--r--meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb2
-rw-r--r--meta/recipes-extended/zstd/zstd_1.4.9.bb2
-rw-r--r--meta/recipes-gnome/gobject-introspection/gobject-introspection_1.66.1.bb2
-rw-r--r--meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb4
-rw-r--r--meta/recipes-gnome/libhandy/libhandy_1.2.0.bb2
-rw-r--r--meta/recipes-gnome/libportal/libportal_0.3.bb2
-rw-r--r--meta/recipes-graphics/glslang/glslang_11.2.0.bb2
-rw-r--r--meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb2
-rw-r--r--meta/recipes-graphics/libfakekey/libfakekey_git.bb2
-rw-r--r--meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb2
-rw-r--r--meta/recipes-graphics/libva/libva-utils_2.10.0.bb2
-rw-r--r--meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb2
-rw-r--r--meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch52
-rw-r--r--meta/recipes-graphics/mesa/mesa.inc3
-rw-r--r--meta/recipes-graphics/mx/mx-1.0_1.4.7.bb2
-rw-r--r--meta/recipes-graphics/piglit/piglit_git.bb2
-rw-r--r--meta/recipes-graphics/spir/spirv-headers_1.5.4.bb2
-rw-r--r--meta/recipes-graphics/spir/spirv-tools_2020.7.bb2
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb2
-rw-r--r--meta/recipes-graphics/vulkan/assimp_5.0.1.bb2
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb2
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb2
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-samples_git.bb2
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb2
-rw-r--r--meta/recipes-graphics/waffle/waffle_1.6.1.bb10
-rw-r--r--meta/recipes-graphics/wayland/wayland-protocols_1.20.bb4
-rw-r--r--meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb2
-rw-r--r--meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb2
-rw-r--r--meta/recipes-graphics/xorg-font/encodings_1.0.5.bb4
-rw-r--r--meta/recipes-kernel/blktrace/blktrace_git.bb2
-rw-r--r--meta/recipes-kernel/cryptodev/cryptodev.inc2
-rw-r--r--meta/recipes-kernel/dtc/dtc.inc2
-rw-r--r--meta/recipes-kernel/kern-tools/kern-tools-native_git.bb2
-rw-r--r--meta/recipes-kernel/kmod/kmod.inc2
-rw-r--r--meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb (renamed from meta/recipes-kernel/linux-firmware/linux-firmware_20210818.bb)4
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.10.bb24
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.4.bb22
-rw-r--r--meta/recipes-kernel/powertop/powertop_2.13.bb2
-rw-r--r--meta/recipes-kernel/systemtap/systemtap_git.inc2
-rw-r--r--meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb (renamed from meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb)6
-rw-r--r--meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb4
-rw-r--r--meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb4
-rw-r--r--meta/recipes-multimedia/x264/x264_git.bb2
-rw-r--r--meta/recipes-sato/l3afpad/l3afpad_git.bb2
-rw-r--r--meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb2
-rw-r--r--meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb2
-rw-r--r--meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb2
-rw-r--r--meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb2
-rw-r--r--meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb2
-rw-r--r--meta/recipes-sato/pulseaudio-sato/pulseaudio-client-conf-sato_1.bb4
-rw-r--r--meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb2
-rw-r--r--meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb2
-rw-r--r--meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb5
-rw-r--r--meta/recipes-support/bmap-tools/bmap-tools_3.6.bb2
-rw-r--r--meta/recipes-support/boost/boost-build-native_4.3.0.bb2
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch80
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch26
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch33
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20211016.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20210119.bb)7
-rw-r--r--meta/recipes-support/dos2unix/dos2unix_7.4.2.bb2
-rw-r--r--meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb2
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.2.27.bb1
-rw-r--r--meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch24
-rw-r--r--meta/recipes-support/gpgme/gpgme_1.15.1.bb3
-rw-r--r--meta/recipes-support/iso-codes/iso-codes_4.6.0.bb4
-rw-r--r--meta/recipes-support/libgit2/libgit2_1.1.0.bb2
-rw-r--r--meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb2
-rw-r--r--meta/recipes-support/libunistring/libunistring_0.9.10.bb1
-rw-r--r--meta/recipes-support/lz4/lz4_1.9.3.bb2
-rw-r--r--meta/recipes-support/numactl/numactl_git.bb2
-rw-r--r--meta/recipes-support/p11-kit/p11-kit_0.23.22.bb2
-rw-r--r--meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb2
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/rngd.service1
-rw-r--r--meta/recipes-support/rng-tools/rng-tools_6.11.bb2
-rw-r--r--meta/recipes-support/shared-mime-info/shared-mime-info_git.bb2
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3872.patch57
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3875.patch37
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3903.patch38
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3927.patch32
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3928.patch34
-rw-r--r--meta/recipes-support/vim/vim.inc7
-rw-r--r--meta/recipes-support/xxhash/xxhash_0.8.0.bb2
-rwxr-xr-xscripts/contrib/convert-srcuri.py77
-rw-r--r--scripts/lib/recipetool/create.py3
-rw-r--r--scripts/lib/wic/help.py4
-rwxr-xr-xscripts/oe-pkgdata-browser2
263 files changed, 4554 insertions, 1196 deletions
diff --git a/bitbake/bin/bitbake-worker b/bitbake/bin/bitbake-worker
index 3ca8c18..4318ce6 100755
--- a/bitbake/bin/bitbake-worker
+++ b/bitbake/bin/bitbake-worker
@@ -16,6 +16,8 @@ import signal
import pickle
import traceback
import queue
+import shlex
+import subprocess
from multiprocessing import Lock
from threading import Thread
@@ -145,6 +147,7 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha
# a fork() or exec*() activates PSEUDO...
envbackup = {}
+ fakeroot = False
fakeenv = {}
umask = None
@@ -164,6 +167,7 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha
# We can't use the fakeroot environment in a dry run as it possibly hasn't been built
if 'fakeroot' in taskdep and taskname in taskdep['fakeroot'] and not dry_run:
+ fakeroot = True
envvars = (workerdata["fakerootenv"][fn] or "").split()
for key, value in (var.split('=') for var in envvars):
envbackup[key] = os.environ.get(key)
@@ -282,7 +286,13 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha
try:
if dry_run:
return 0
- return bb.build.exec_task(fn, taskname, the_data, cfg.profile)
+ try:
+ ret = bb.build.exec_task(fn, taskname, the_data, cfg.profile)
+ finally:
+ if fakeroot:
+ fakerootcmd = shlex.split(the_data.getVar("FAKEROOTCMD"))
+ subprocess.run(fakerootcmd + ['-S'], check=True, stdout=subprocess.PIPE)
+ return ret
except:
os._exit(1)
if not profiling:
diff --git a/bitbake/lib/bb/build.py b/bitbake/lib/bb/build.py
index ad031cc..163572b 100644
--- a/bitbake/lib/bb/build.py
+++ b/bitbake/lib/bb/build.py
@@ -298,6 +298,10 @@ def exec_func_python(func, d, runfile, cwd=None):
comp = utils.better_compile(code, func, "exec_python_func() autogenerated")
utils.better_exec(comp, {"d": d}, code, "exec_python_func() autogenerated")
finally:
+ # We want any stdout/stderr to be printed before any other log messages to make debugging
+ # more accurate. In some cases we seem to lose stdout/stderr entirely in logging tests without this.
+ sys.stdout.flush()
+ sys.stderr.flush()
bb.debug(2, "Python function %s finished" % func)
if cwd and olddir:
@@ -703,7 +707,7 @@ def _exec_task(fn, task, d, quieterr):
# logs once already so don't duplicate
if verboseStdoutLogging:
errprinted = True
- logger.error(str(exc))
+ logger.error(repr(exc))
event.fire(TaskFailed(task, fn, logfn, localdata, errprinted), localdata)
return 1
finally:
diff --git a/bitbake/lib/bb/cache.py b/bitbake/lib/bb/cache.py
index 27eb271..5f9c0a7 100644
--- a/bitbake/lib/bb/cache.py
+++ b/bitbake/lib/bb/cache.py
@@ -19,7 +19,8 @@
import os
import logging
import pickle
-from collections import defaultdict, Mapping
+from collections import defaultdict
+from collections.abc import Mapping
import bb.utils
from bb import PrefixLoggerAdapter
import re
diff --git a/bitbake/lib/bb/cooker.py b/bitbake/lib/bb/cooker.py
index 89f1fad..c946800 100644
--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -388,12 +388,22 @@ class BBCooker:
# Create a new hash server bound to a unix domain socket
if not self.hashserv:
dbfile = (self.data.getVar("PERSISTENT_DIR") or self.data.getVar("CACHE")) + "/hashserv.db"
+ upstream = self.data.getVar("BB_HASHSERVE_UPSTREAM") or None
+ if upstream:
+ import socket
+ try:
+ sock = socket.create_connection(upstream.split(":"), 5)
+ sock.close()
+ except socket.error as e:
+ bb.warn("BB_HASHSERVE_UPSTREAM is not valid, unable to connect hash equivalence server at '%s': %s"
+ % (upstream, repr(e)))
+
self.hashservaddr = "unix://%s/hashserve.sock" % self.data.getVar("TOPDIR")
self.hashserv = hashserv.create_server(
self.hashservaddr,
dbfile,
sync=False,
- upstream=self.data.getVar("BB_HASHSERVE_UPSTREAM") or None,
+ upstream=upstream,
)
self.hashserv.process = multiprocessing.Process(target=self.hashserv.serve_forever)
self.hashserv.process.start()
@@ -805,7 +815,9 @@ class BBCooker:
for dep in rq.rqdata.runtaskentries[tid].depends:
(depmc, depfn, _, deptaskfn) = bb.runqueue.split_tid_mcfn(dep)
deppn = self.recipecaches[depmc].pkg_fn[deptaskfn]
- depend_tree["tdepends"][dotname].append("%s.%s" % (deppn, bb.runqueue.taskname_from_tid(dep)))
+ if depmc:
+ depmc = "mc:" + depmc + ":"
+ depend_tree["tdepends"][dotname].append("%s%s.%s" % (depmc, deppn, bb.runqueue.taskname_from_tid(dep)))
if taskfn not in seen_fns:
seen_fns.append(taskfn)
packages = []
@@ -2204,21 +2216,33 @@ class CookerParser(object):
yield not cached, mc, infos
def parse_generator(self):
- while True:
+ empty = False
+ while self.processes or not empty:
+ for process in self.processes.copy():
+ if not process.is_alive():
+ process.join()
+ self.processes.remove(process)
+
if self.parsed >= self.toparse:
break
try:
result = self.result_queue.get(timeout=0.25)
except queue.Empty:
+ empty = True
pass
else:
+ empty = False
value = result[1]
if isinstance(value, BaseException):
raise value
else:
yield result
+ if not (self.parsed >= self.toparse):
+ raise bb.parse.ParseError("Not all recipes parsed, parser thread killed/died? Exiting.", None)
+
+
def parse_next(self):
result = []
parsed = None
diff --git a/bitbake/lib/bb/data_smart.py b/bitbake/lib/bb/data_smart.py
index 8291ca6..65857a9 100644
--- a/bitbake/lib/bb/data_smart.py
+++ b/bitbake/lib/bb/data_smart.py
@@ -17,7 +17,7 @@ BitBake build tools.
# Based on functions from the base bb module, Copyright 2003 Holger Schurig
import copy, re, sys, traceback
-from collections import MutableMapping
+from collections.abc import MutableMapping
import logging
import hashlib
import bb, bb.codeparser
@@ -403,7 +403,7 @@ class DataSmart(MutableMapping):
s = __expand_python_regexp__.sub(varparse.python_sub, s)
except SyntaxError as e:
# Likely unmatched brackets, just don't expand the expression
- if e.msg != "EOL while scanning string literal":
+ if e.msg != "EOL while scanning string literal" and not e.msg.startswith("unterminated string literal"):
raise
if s == olds:
break
diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index c8e9126..1005ec1 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -430,6 +430,7 @@ def uri_replace(ud, uri_find, uri_replace, replacements, d, mirrortarball=None):
uri_replace_decoded = list(decodeurl(uri_replace))
logger.debug2("For url %s comparing %s to %s" % (uri_decoded, uri_find_decoded, uri_replace_decoded))
result_decoded = ['', '', '', '', '', {}]
+ # 0 - type, 1 - host, 2 - path, 3 - user, 4- pswd, 5 - params
for loc, i in enumerate(uri_find_decoded):
result_decoded[loc] = uri_decoded[loc]
regexp = i
@@ -449,6 +450,9 @@ def uri_replace(ud, uri_find, uri_replace, replacements, d, mirrortarball=None):
for l in replacements:
uri_replace_decoded[loc][k] = uri_replace_decoded[loc][k].replace(l, replacements[l])
result_decoded[loc][k] = uri_replace_decoded[loc][k]
+ elif (loc == 3 or loc == 4) and uri_replace_decoded[loc]:
+ # User/password in the replacement is just a straight replacement
+ result_decoded[loc] = uri_replace_decoded[loc]
elif (re.match(regexp, uri_decoded[loc])):
if not uri_replace_decoded[loc]:
result_decoded[loc] = ""
@@ -871,7 +875,7 @@ def runfetchcmd(cmd, d, quiet=False, cleanup=None, log=None, workdir=None):
(output, errors) = bb.process.run(cmd, log=log, shell=True, stderr=subprocess.PIPE, cwd=workdir)
success = True
except bb.process.NotFoundError as e:
- error_message = "Fetch command %s" % (e.command)
+ error_message = "Fetch command %s not found" % (e.command)
except bb.process.ExecutionError as e:
if e.stdout:
output = "output:\n%s\n%s" % (e.stdout, e.stderr)
diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
index cf7424e..d17e2f0 100644
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -68,6 +68,7 @@ import subprocess
import tempfile
import bb
import bb.progress
+from contextlib import contextmanager
from bb.fetch2 import FetchMethod
from bb.fetch2 import runfetchcmd
from bb.fetch2 import logger
@@ -141,6 +142,10 @@ class Git(FetchMethod):
ud.proto = 'file'
else:
ud.proto = "git"
+ if ud.host == "github.com" and ud.proto == "git":
+ # github stopped supporting git protocol
+ # https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git
+ ud.proto = "https"
if not ud.proto in ('git', 'file', 'ssh', 'http', 'https', 'rsync'):
raise bb.fetch2.ParameterError("Invalid protocol type", ud.url)
@@ -414,6 +419,20 @@ class Git(FetchMethod):
bb.utils.remove(tmpdir, recurse=True)
def build_mirror_data(self, ud, d):
+
+ # Create as a temp file and move atomically into position to avoid races
+ @contextmanager
+ def create_atomic(filename):
+ fd, tfile = tempfile.mkstemp(dir=os.path.dirname(filename))
+ try:
+ yield tfile
+ umask = os.umask(0o666)
+ os.umask(umask)
+ os.chmod(tfile, (0o666 & ~umask))
+ os.rename(tfile, filename)
+ finally:
+ os.close(fd)
+
if ud.shallow and ud.write_shallow_tarballs:
if not os.path.exists(ud.fullshallow):
if os.path.islink(ud.fullshallow):
@@ -424,7 +443,8 @@ class Git(FetchMethod):
self.clone_shallow_local(ud, shallowclone, d)
logger.info("Creating tarball of git repository")
- runfetchcmd("tar -czf %s ." % ud.fullshallow, d, workdir=shallowclone)
+ with create_atomic(ud.fullshallow) as tfile:
+ runfetchcmd("tar -czf %s ." % tfile, d, workdir=shallowclone)
runfetchcmd("touch %s.done" % ud.fullshallow, d)
finally:
bb.utils.remove(tempdir, recurse=True)
@@ -433,7 +453,8 @@ class Git(FetchMethod):
os.unlink(ud.fullmirror)
logger.info("Creating tarball of git repository")
- runfetchcmd("tar -czf %s ." % ud.fullmirror, d, workdir=ud.clonedir)
+ with create_atomic(ud.fullmirror) as tfile:
+ runfetchcmd("tar -czf %s ." % tfile, d, workdir=ud.clonedir)
runfetchcmd("touch %s.done" % ud.fullmirror, d)
def clone_shallow_local(self, ud, dest, d):
diff --git a/bitbake/lib/bb/fetch2/npmsw.py b/bitbake/lib/bb/fetch2/npmsw.py
index 0c3511d..fdecbc6 100644
--- a/bitbake/lib/bb/fetch2/npmsw.py
+++ b/bitbake/lib/bb/fetch2/npmsw.py
@@ -29,6 +29,8 @@ from bb.fetch2.npm import npm_integrity
from bb.fetch2.npm import npm_localfile
from bb.fetch2.npm import npm_unpack
from bb.utils import is_semver
+from bb.utils import lockfile
+from bb.utils import unlockfile
def foreach_dependencies(shrinkwrap, callback=None, dev=False):
"""
@@ -187,7 +189,9 @@ class NpmShrinkWrap(FetchMethod):
proxy_ud = ud.proxy.ud[proxy_url]
proxy_d = ud.proxy.d
proxy_ud.setup_localpath(proxy_d)
+ lf = lockfile(proxy_ud.lockfile)
returns.append(handle(proxy_ud.method, proxy_ud, proxy_d))
+ unlockfile(lf)
return returns
def verify_donestamp(self, ud, d):
diff --git a/bitbake/lib/bb/fetch2/perforce.py b/bitbake/lib/bb/fetch2/perforce.py
index e2a41a4..3b6fa4b 100644
--- a/bitbake/lib/bb/fetch2/perforce.py
+++ b/bitbake/lib/bb/fetch2/perforce.py
@@ -134,7 +134,7 @@ class Perforce(FetchMethod):
ud.setup_revisions(d)
- ud.localfile = d.expand('%s_%s_%s_%s.tar.gz' % (cleanedhost, cleanedpath, cleandedmodule, ud.revision))
+ ud.localfile = d.expand('%s_%s_%s_%s.tar.gz' % (cleanedhost, cleanedpath, cleanedmodule, ud.revision))
def _buildp4command(self, ud, d, command, depot_filename=None):
"""
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py
index 784df70..7fa2a87 100644
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -322,7 +322,7 @@ class Wget(FetchMethod):
except (TypeError, ImportError, IOError, netrc.NetrcParseError):
pass
- with opener.open(r) as response:
+ with opener.open(r, timeout=30) as response:
pass
except urllib.error.URLError as e:
if try_again:
diff --git a/bitbake/lib/bb/persist_data.py b/bitbake/lib/bb/persist_data.py
index c6a209f..6f32d81 100644
--- a/bitbake/lib/bb/persist_data.py
+++ b/bitbake/lib/bb/persist_data.py
@@ -12,6 +12,7 @@ currently, providing a key/value store accessed by 'domain'.
#
import collections
+import collections.abc
import contextlib
import functools
import logging
@@ -19,7 +20,7 @@ import os.path
import sqlite3
import sys
import warnings
-from collections import Mapping
+from collections.abc import Mapping
sqlversion = sqlite3.sqlite_version_info
if sqlversion[0] < 3 or (sqlversion[0] == 3 and sqlversion[1] < 3):
@@ -29,7 +30,7 @@ if sqlversion[0] < 3 or (sqlversion[0] == 3 and sqlversion[1] < 3):
logger = logging.getLogger("BitBake.PersistData")
@functools.total_ordering
-class SQLTable(collections.MutableMapping):
+class SQLTable(collections.abc.MutableMapping):
class _Decorators(object):
@staticmethod
def retry(*, reconnect=True):
diff --git a/bitbake/lib/bb/runqueue.py b/bitbake/lib/bb/runqueue.py
index 10511a0..cd10da8 100644
--- a/bitbake/lib/bb/runqueue.py
+++ b/bitbake/lib/bb/runqueue.py
@@ -926,38 +926,36 @@ class RunQueueData:
#
# Once all active tasks are marked, prune the ones we don't need.
- delcount = {}
- for tid in list(self.runtaskentries.keys()):
- if tid not in runq_build:
- delcount[tid] = self.runtaskentries[tid]
- del self.runtaskentries[tid]
-
# Handle --runall
if self.cooker.configuration.runall:
# re-run the mark_active and then drop unused tasks from new list
+ reduced_tasklist = set(self.runtaskentries.keys())
+ for tid in list(self.runtaskentries.keys()):
+ if tid not in runq_build:
+ reduced_tasklist.remove(tid)
runq_build = {}
for task in self.cooker.configuration.runall:
if not task.startswith("do_"):
task = "do_{0}".format(task)
runall_tids = set()
- for tid in list(self.runtaskentries):
+ for tid in reduced_tasklist:
wanttid = "{0}:{1}".format(fn_from_tid(tid), task)
- if wanttid in delcount:
- self.runtaskentries[wanttid] = delcount[wanttid]
if wanttid in self.runtaskentries:
runall_tids.add(wanttid)
for tid in list(runall_tids):
- mark_active(tid,1)
+ mark_active(tid, 1)
if self.cooker.configuration.force:
invalidate_task(tid, False)
- for tid in list(self.runtaskentries.keys()):
- if tid not in runq_build:
- delcount[tid] = self.runtaskentries[tid]
- del self.runtaskentries[tid]
+ delcount = set()
+ for tid in list(self.runtaskentries.keys()):
+ if tid not in runq_build:
+ delcount.add(tid)
+ del self.runtaskentries[tid]
+ if self.cooker.configuration.runall:
if len(self.runtaskentries) == 0:
bb.msg.fatal("RunQueue", "Could not find any tasks with the tasknames %s to run within the recipes of the taskgraphs of the targets %s" % (str(self.cooker.configuration.runall), str(self.targets)))
@@ -971,16 +969,16 @@ class RunQueueData:
for task in self.cooker.configuration.runonly:
if not task.startswith("do_"):
task = "do_{0}".format(task)
- runonly_tids = { k: v for k, v in self.runtaskentries.items() if taskname_from_tid(k) == task }
+ runonly_tids = [k for k in self.runtaskentries.keys() if taskname_from_tid(k) == task]
- for tid in list(runonly_tids):
- mark_active(tid,1)
+ for tid in runonly_tids:
+ mark_active(tid, 1)
if self.cooker.configuration.force:
invalidate_task(tid, False)
for tid in list(self.runtaskentries.keys()):
if tid not in runq_build:
- delcount[tid] = self.runtaskentries[tid]
+ delcount.add(tid)
del self.runtaskentries[tid]
if len(self.runtaskentries) == 0:
diff --git a/bitbake/lib/bb/server/process.py b/bitbake/lib/bb/server/process.py
index 07bb785..fcdce19 100644
--- a/bitbake/lib/bb/server/process.py
+++ b/bitbake/lib/bb/server/process.py
@@ -659,7 +659,7 @@ class BBUIEventQueue:
self.reader = ConnectionReader(readfd)
self.t = threading.Thread()
- self.t.setDaemon(True)
+ self.t.daemon = True
self.t.run = self.startCallbackHandler
self.t.start()
diff --git a/bitbake/lib/bb/tests/fetch.py b/bitbake/lib/bb/tests/fetch.py
index 53bfc2a..86eccf7 100644
--- a/bitbake/lib/bb/tests/fetch.py
+++ b/bitbake/lib/bb/tests/fetch.py
@@ -431,6 +431,10 @@ class MirrorUriTest(FetcherTest):
("git://someserver.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master", "git://someserver.org/bitbake;branch=master", "git://git.openembedded.org/bitbake;protocol=http")
: "git://git.openembedded.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master;protocol=http",
+ ("git://user1@someserver.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master", "git://someserver.org/bitbake;branch=master", "git://user2@git.openembedded.org/bitbake;protocol=http")
+ : "git://user2@git.openembedded.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master;protocol=http",
+
+
#Renaming files doesn't work
#("http://somewhere.org/somedir1/somefile_1.2.3.tar.gz", "http://somewhere.org/somedir1/somefile_1.2.3.tar.gz", "http://somewhere2.org/somedir3/somefile_2.3.4.tar.gz") : "http://somewhere2.org/somedir3/somefile_2.3.4.tar.gz"
#("file://sstate-xyz.tgz", "file://.*/.*", "file:///somewhere/1234/sstate-cache") : "file:///somewhere/1234/sstate-cache/sstate-xyz.tgz",
@@ -491,7 +495,7 @@ class GitDownloadDirectoryNamingTest(FetcherTest):
super(GitDownloadDirectoryNamingTest, self).setUp()
self.recipe_url = "git://git.openembedded.org/bitbake"
self.recipe_dir = "git.openembedded.org.bitbake"
- self.mirror_url = "git://github.com/openembedded/bitbake.git"
+ self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https"
self.mirror_dir = "github.com.openembedded.bitbake.git"
self.d.setVar('SRCREV', '82ea737a0b42a8b53e11c9cde141e9e9c0bd8c40')
@@ -539,7 +543,7 @@ class TarballNamingTest(FetcherTest):
super(TarballNamingTest, self).setUp()
self.recipe_url = "git://git.openembedded.org/bitbake"
self.recipe_tarball = "git2_git.openembedded.org.bitbake.tar.gz"
- self.mirror_url = "git://github.com/openembedded/bitbake.git"
+ self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https"
self.mirror_tarball = "git2_github.com.openembedded.bitbake.git.tar.gz"
self.d.setVar('BB_GENERATE_MIRROR_TARBALLS', '1')
@@ -573,7 +577,7 @@ class GitShallowTarballNamingTest(FetcherTest):
super(GitShallowTarballNamingTest, self).setUp()
self.recipe_url = "git://git.openembedded.org/bitbake"
self.recipe_tarball = "gitshallow_git.openembedded.org.bitbake_82ea737-1_master.tar.gz"
- self.mirror_url = "git://github.com/openembedded/bitbake.git"
+ self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https"
self.mirror_tarball = "gitshallow_github.com.openembedded.bitbake.git_82ea737-1_master.tar.gz"
self.d.setVar('BB_GIT_SHALLOW', '1')
@@ -985,7 +989,7 @@ class FetcherNetworkTest(FetcherTest):
def test_git_submodule_dbus_broker(self):
# The following external repositories have show failures in fetch and unpack operations
# We want to avoid regressions!
- url = "gitsm://github.com/bus1/dbus-broker;protocol=git;rev=fc874afa0992d0c75ec25acb43d344679f0ee7d2;branch=main"
+ url = "gitsm://github.com/bus1/dbus-broker;protocol=https;rev=fc874afa0992d0c75ec25acb43d344679f0ee7d2;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1001,7 +1005,7 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_git_submodule_CLI11(self):
- url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=bd4dc911847d0cde7a6b41dfa626a85aab213baf"
+ url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=bd4dc911847d0cde7a6b41dfa626a85aab213baf;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1016,12 +1020,12 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_git_submodule_update_CLI11(self):
""" Prevent regression on update detection not finding missing submodule, or modules without needed commits """
- url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714"
+ url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# CLI11 that pulls in a newer nlohmann-json
- url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca"
+ url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1035,7 +1039,7 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_git_submodule_aktualizr(self):
- url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=git;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44"
+ url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=https;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1055,7 +1059,7 @@ class FetcherNetworkTest(FetcherTest):
""" Prevent regression on deeply nested submodules not being checked out properly, even though they were fetched. """
# This repository also has submodules where the module (name), path and url do not align
- url = "gitsm://github.com/azure/iotedge.git;protocol=git;rev=d76e0316c6f324345d77c48a83ce836d09392699"
+ url = "gitsm://github.com/azure/iotedge.git;protocol=https;rev=d76e0316c6f324345d77c48a83ce836d09392699"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1113,7 +1117,7 @@ class SVNTest(FetcherTest):
bb.process.run("svn co %s svnfetch_co" % self.repo_url, cwd=self.tempdir)
# Github will emulate SVN. Use this to check if we're downloding...
- bb.process.run("svn propset svn:externals 'bitbake svn://vcs.pcre.org/pcre2/code' .",
+ bb.process.run("svn propset svn:externals 'bitbake https://github.com/PhilipHazel/pcre2.git' .",
cwd=os.path.join(self.tempdir, 'svnfetch_co', 'trunk'))
bb.process.run("svn commit --non-interactive -m 'Add external'",
cwd=os.path.join(self.tempdir, 'svnfetch_co', 'trunk'))
@@ -1231,7 +1235,7 @@ class FetchLatestVersionTest(FetcherTest):
test_git_uris = {
# version pattern "X.Y.Z"
- ("mx-1.0", "git://github.com/clutter-project/mx.git;branch=mx-1.4", "9b1db6b8060bd00b121a692f942404a24ae2960f", "")
+ ("mx-1.0", "git://github.com/clutter-project/mx.git;branch=mx-1.4;protocol=https", "9b1db6b8060bd00b121a692f942404a24ae2960f", "")
: "1.99.4",
# version pattern "vX.Y"
# mirror of git.infradead.org since network issues interfered with testing
@@ -1258,9 +1262,9 @@ class FetchLatestVersionTest(FetcherTest):
: "0.4.3",
("build-appliance-image", "git://git.yoctoproject.org/poky", "b37dd451a52622d5b570183a81583cc34c2ff555", "(?P<pver>(([0-9][\.|_]?)+[0-9]))")
: "11.0.0",
- ("chkconfig-alternatives-native", "git://github.com/kergoth/chkconfig;branch=sysroot", "cd437ecbd8986c894442f8fce1e0061e20f04dee", "chkconfig\-(?P<pver>((\d+[\.\-_]*)+))")
+ ("chkconfig-alternatives-native", "git://github.com/kergoth/chkconfig;branch=sysroot;protocol=https", "cd437ecbd8986c894442f8fce1e0061e20f04dee", "chkconfig\-(?P<pver>((\d+[\.\-_]*)+))")
: "1.3.59",
- ("remake", "git://github.com/rocky/remake.git", "f05508e521987c8494c92d9c2871aec46307d51d", "(?P<pver>(\d+\.(\d+\.)*\d*(\+dbg\d+(\.\d+)*)*))")
+ ("remake", "git://github.com/rocky/remake.git;protocol=https", "f05508e521987c8494c92d9c2871aec46307d51d", "(?P<pver>(\d+\.(\d+\.)*\d*(\+dbg\d+(\.\d+)*)*))")
: "3.82+dbg0.9",
}
@@ -2047,7 +2051,7 @@ class GitShallowTest(FetcherTest):
@skipIfNoNetwork()
def test_bitbake(self):
- self.git('remote add --mirror=fetch origin git://github.com/openembedded/bitbake', cwd=self.srcdir)
+ self.git('remote add --mirror=fetch origin https://github.com/openembedded/bitbake', cwd=self.srcdir)
self.git('config core.bare true', cwd=self.srcdir)
self.git('fetch', cwd=self.srcdir)
diff --git a/bitbake/lib/bb/tests/runqueue.py b/bitbake/lib/bb/tests/runqueue.py
index 3d51779..4f335b8 100644
--- a/bitbake/lib/bb/tests/runqueue.py
+++ b/bitbake/lib/bb/tests/runqueue.py
@@ -361,7 +361,7 @@ class RunQueueTests(unittest.TestCase):
def shutdown(self, tempdir):
# Wait for the hashserve socket to disappear else we'll see races with the tempdir cleanup
- while os.path.exists(tempdir + "/hashserve.sock"):
+ while (os.path.exists(tempdir + "/hashserve.sock") or os.path.exists(tempdir + "cache/hashserv.db-wal")):
time.sleep(0.5)
diff --git a/bitbake/lib/hashserv/server.py b/bitbake/lib/hashserv/server.py
index a0dc0c1..df0fa0a 100644
--- a/bitbake/lib/hashserv/server.py
+++ b/bitbake/lib/hashserv/server.py
@@ -521,7 +521,7 @@ class Server(object):
def start_tcp_server(self, host, port):
self.server = self.loop.run_until_complete(
- asyncio.start_server(self.handle_client, host, port, loop=self.loop)
+ asyncio.start_server(self.handle_client, host, port)
)
for s in self.server.sockets:
@@ -546,7 +546,7 @@ class Server(object):
# Work around path length limits in AF_UNIX
os.chdir(os.path.dirname(path))
self.server = self.loop.run_until_complete(
- asyncio.start_unix_server(self.handle_client, os.path.basename(path), loop=self.loop)
+ asyncio.start_unix_server(self.handle_client, os.path.basename(path))
)
finally:
os.chdir(cwd)
diff --git a/bitbake/lib/toaster/tests/builds/buildtest.py b/bitbake/lib/toaster/tests/builds/buildtest.py
index 872bbd3..13b51fb 100644
--- a/bitbake/lib/toaster/tests/builds/buildtest.py
+++ b/bitbake/lib/toaster/tests/builds/buildtest.py
@@ -119,7 +119,7 @@ class BuildTest(unittest.TestCase):
if os.environ.get("TOASTER_TEST_USE_SSTATE_MIRROR"):
ProjectVariable.objects.get_or_create(
name="SSTATE_MIRRORS",
- value="file://.* http://autobuilder.yoctoproject.org/pub/sstate/PATH;downloadfilename=PATH",
+ value="file://.* http://sstate.yoctoproject.org/PATH;downloadfilename=PATH",
project=project)
ProjectTarget.objects.create(project=project,
diff --git a/documentation/conf.py b/documentation/conf.py
index d1c08a9..28af37d 100644
--- a/documentation/conf.py
+++ b/documentation/conf.py
@@ -16,7 +16,7 @@ import os
import sys
import datetime
-current_version = "3.3.3"
+current_version = "3.3.4"
# String used in sidebar
version = 'Version: ' + current_version
diff --git a/documentation/poky.yaml b/documentation/poky.yaml
index 02c9bf3..30eb453 100644
--- a/documentation/poky.yaml
+++ b/documentation/poky.yaml
@@ -1,12 +1,12 @@
-DISTRO : "3.3.3"
+DISTRO : "3.3.4"
DISTRO_NAME_NO_CAP : "hardknott"
DISTRO_NAME : "Hardknott"
DISTRO_NAME_NO_CAP_MINUS_ONE : "gatesgarth"
DISTRO_NAME_NO_CAP_LTS : "gatesgarth"
-YOCTO_DOC_VERSION : "3.3.3"
+YOCTO_DOC_VERSION : "3.3.4"
YOCTO_DOC_VERSION_MINUS_ONE : "3.2.4"
-DISTRO_REL_TAG : "yocto-3.3.3"
-POKYVERSION : "25.0.3"
+DISTRO_REL_TAG : "yocto-3.3.4"
+POKYVERSION : "25.0.4"
YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"
YOCTO_DL_URL : "https://downloads.yoctoproject.org"
YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"
@@ -19,7 +19,8 @@ FEDORA_HOST_PACKAGES_ESSENTIAL : "gawk make wget tar bzip2 gzip python3 unzip pe
diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \
ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue perl-bignum socat \
python3-pexpect findutils which file cpio python python3-pip xz python3-GitPython \
- python3-jinja2 SDL-devel xterm rpcgen mesa-libGL-devel"
+ python3-jinja2 SDL-devel xterm rpcgen mesa-libGL-devel perl-FindBin perl-File-Compare \
+ perl-File-Copy perl-locale"
OPENSUSE_HOST_PACKAGES_ESSENTIAL : "python gcc gcc-c++ git chrpath make wget python-xml \
diffstat makeinfo python-curses patch socat python3 python3-curses tar python3-pip \
python3-pexpect xz which python3-Jinja2 Mesa-libEGL1 libSDL-devel xterm rpcgen Mesa-dri-devel
diff --git a/documentation/ref-manual/migration-3.0.rst b/documentation/ref-manual/migration-3.0.rst
index f3d20e2..2a475fc 100644
--- a/documentation/ref-manual/migration-3.0.rst
+++ b/documentation/ref-manual/migration-3.0.rst
@@ -184,9 +184,8 @@ The following BitBake changes have occurred.
exceptions. Remove this argument in any calls to
``bb.build.exec_func()`` in custom classes or scripts.
-- The
- :term:`bitbake:BB_SETSCENE_VERIFY_FUNCTION2`
- is no longer used. In the unlikely event that you have any references
+- The ``BB_SETSCENE_VERIFY_FUNCTION2`` variable is no longer used.
+ In the unlikely event that you have any references
to it, they should be removed.
- The ``RunQueueExecuteScenequeue`` and ``RunQueueExecuteTasks`` events
diff --git a/documentation/releases.rst b/documentation/releases.rst
index 2b17cd6..ae5ce7b 100644
--- a/documentation/releases.rst
+++ b/documentation/releases.rst
@@ -12,17 +12,7 @@
- :yocto_docs:`3.3.1 Documentation </3.3.1>`
- :yocto_docs:`3.3.2 Documentation </3.3.2>`
- :yocto_docs:`3.3.3 Documentation </3.3.3>`
-
-
-*******************************
-3.2 'gatesgarth' Release Series
-*******************************
-
-- :yocto_docs:`3.2 Documentation </3.2>`
-- :yocto_docs:`3.2.1 Documentation </3.2.1>`
-- :yocto_docs:`3.2.2 Documentation </3.2.2>`
-- :yocto_docs:`3.2.3 Documentation </3.2.3>`
-- :yocto_docs:`3.2.4 Documentation </3.2.4>`
+- :yocto_docs:`3.3.4 Documentation </3.3.4>`
****************************
3.1 'dunfell' Release Series
@@ -39,11 +29,22 @@
- :yocto_docs:`3.1.8 Documentation </3.1.8>`
- :yocto_docs:`3.1.9 Documentation </3.1.9>`
- :yocto_docs:`3.1.10 Documentation </3.1.10>`
+- :yocto_docs:`3.1.11 Documentation </3.1.11>`
==========================
Previous Release Manuals
==========================
+*******************************
+3.2 'gatesgarth' Release Series
+*******************************
+
+- :yocto_docs:`3.2 Documentation </3.2>`
+- :yocto_docs:`3.2.1 Documentation </3.2.1>`
+- :yocto_docs:`3.2.2 Documentation </3.2.2>`
+- :yocto_docs:`3.2.3 Documentation </3.2.3>`
+- :yocto_docs:`3.2.4 Documentation </3.2.4>`
+
*************************
3.0 'zeus' Release Series
*************************
diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/poky.conf
index d368561..966e66d 100644
--- a/meta-poky/conf/distro/poky.conf
+++ b/meta-poky/conf/distro/poky.conf
@@ -1,6 +1,6 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "3.3.3"
+DISTRO_VERSION = "3.3.4"
DISTRO_CODENAME = "hardknott"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
index 07b8327..8a27e3a 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
@@ -11,7 +11,7 @@ SRCREV = "1a3e1343761b30750bed70e0fd688f6d3c7b3717"
PV = "0.1+git${SRCPV}"
PR = "r2"
-SRC_URI = "git://git.yoctoproject.org/dbus-wait"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
index 32ec4b1..fbe90d6 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
@@ -10,7 +10,7 @@ DEPENDS = "dbus"
SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
PV = "0.1+git${SRCPV}"
-SRC_URI = "git://git.yoctoproject.org/dbus-wait"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
index 9429564..cc5d7ea 100644
--- a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
+++ b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
@@ -5,5 +5,5 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
INHIBIT_DEFAULT_DEPS = "1"
-SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test"
+SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master"
SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee"
diff --git a/meta/classes/cross-canadian.bbclass b/meta/classes/cross-canadian.bbclass
index f5c9f61..3fc9cac 100644
--- a/meta/classes/cross-canadian.bbclass
+++ b/meta/classes/cross-canadian.bbclass
@@ -155,7 +155,7 @@ libexecdir = "${exec_prefix}/libexec/${TARGET_ARCH}${TARGET_VENDOR}-${TARGET_OS}
FILES_${PN} = "${prefix}"
-export PKG_CONFIG_DIR = "${STAGING_DIR_HOST}${layout_libdir}/pkgconfig"
+export PKG_CONFIG_DIR = "${STAGING_DIR_HOST}${exec_prefix}/lib/pkgconfig"
export PKG_CONFIG_SYSROOT_DIR = "${STAGING_DIR_HOST}"
do_populate_sysroot[stamp-extra-info] = ""
diff --git a/meta/classes/devupstream.bbclass b/meta/classes/devupstream.bbclass
index 7780c54..97e137c 100644
--- a/meta/classes/devupstream.bbclass
+++ b/meta/classes/devupstream.bbclass
@@ -4,7 +4,7 @@
#
# Usage:
# BBCLASSEXTEND = "devupstream:target"
-# SRC_URI_class-devupstream = "git://git.example.com/example"
+# SRC_URI_class-devupstream = "git://git.example.com/example;branch=master"
# SRCREV_class-devupstream = "abcdef"
#
# If the first entry in SRC_URI is a git: URL then S is rewritten to
diff --git a/meta/classes/externalsrc.bbclass b/meta/classes/externalsrc.bbclass
index 3d6b80b..9fe9d36 100644
--- a/meta/classes/externalsrc.bbclass
+++ b/meta/classes/externalsrc.bbclass
@@ -109,6 +109,15 @@ python () {
if local_srcuri and task in fetch_tasks:
continue
bb.build.deltask(task, d)
+ if bb.data.inherits_class('reproducible_build', d) and task == 'do_unpack':
+ # The reproducible_build's create_source_date_epoch_stamp function must
+ # be run after the source is available and before the
+ # do_deploy_source_date_epoch task. In the normal case, it's attached
+ # to do_unpack as a postfuncs, but since we removed do_unpack (above)
+ # we need to move the function elsewhere. The easiest thing to do is
+ # move it into the prefuncs of the do_deploy_source_date_epoch task.
+ # This is safe, as externalsrc runs with the source already unpacked.
+ d.prependVarFlag('do_deploy_source_date_epoch', 'prefuncs', 'create_source_date_epoch_stamp ')
d.prependVarFlag('do_compile', 'prefuncs', "externalsrc_compile_prefunc ")
d.prependVarFlag('do_configure', 'prefuncs', "externalsrc_configure_prefunc ")
diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass
index 87bba41..8a2c153 100644
--- a/meta/classes/mirrors.bbclass
+++ b/meta/classes/mirrors.bbclass
@@ -62,6 +62,8 @@ ftp://.*/.* http://sources.openembedded.org/ \n \
npm://.*/?.* http://sources.openembedded.org/ \n \
${CPAN_MIRROR} http://cpan.metacpan.org/ \n \
${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \
+https?$://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \n \
+https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \
"
# Use MIRRORS to provide git repo fallbacks using the https protocol, for cases
diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index e3f0a70..5e51b89 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -2079,12 +2079,12 @@ python package_do_pkgconfig () {
for pkg in packages.split():
pkgconfig_provided[pkg] = []
pkgconfig_needed[pkg] = []
- for file in pkgfiles[pkg]:
+ for file in sorted(pkgfiles[pkg]):
m = pc_re.match(file)
if m:
pd = bb.data.init()
name = m.group(1)
- pkgconfig_provided[pkg].append(name)
+ pkgconfig_provided[pkg].append(os.path.basename(name))
if not os.access(file, os.R_OK):
continue
with open(file, 'r') as f:
@@ -2107,7 +2107,7 @@ python package_do_pkgconfig () {
pkgs_file = os.path.join(shlibswork_dir, pkg + ".pclist")
if pkgconfig_provided[pkg] != []:
with open(pkgs_file, 'w') as f:
- for p in pkgconfig_provided[pkg]:
+ for p in sorted(pkgconfig_provided[pkg]):
f.write('%s\n' % p)
# Go from least to most specific since the last one found wins
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index cd491a5..72bb1eb 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -131,6 +131,9 @@ python patch_do_patch() {
patchdir = parm["patchdir"]
if not os.path.isabs(patchdir):
patchdir = os.path.join(s, patchdir)
+ if not os.path.isdir(patchdir):
+ bb.fatal("Target directory '%s' not found, patchdir '%s' is incorrect in patch file '%s'" %
+ (patchdir, parm["patchdir"], parm['patchname']))
else:
patchdir = s
@@ -147,12 +150,12 @@ python patch_do_patch() {
patchset.Import({"file":local, "strippath": parm['striplevel']}, True)
except Exception as exc:
bb.utils.remove(process_tmpdir, True)
- bb.fatal(str(exc))
+ bb.fatal("Importing patch '%s' with striplevel '%s'\n%s" % (parm['patchname'], parm['striplevel'], str(exc)))
try:
resolver.Resolve()
except bb.BBHandledException as e:
bb.utils.remove(process_tmpdir, True)
- bb.fatal(str(e))
+ bb.fatal("Applying patch '%s' on target directory '%s'\n%s" % (parm['patchname'], patchdir, str(e)))
bb.utils.remove(process_tmpdir, True)
del os.environ['TMPDIR']
diff --git a/meta/classes/reproducible_build.bbclass b/meta/classes/reproducible_build.bbclass
index 1277764..62655c2 100644
--- a/meta/classes/reproducible_build.bbclass
+++ b/meta/classes/reproducible_build.bbclass
@@ -90,11 +90,14 @@ python create_source_date_epoch_stamp() {
}
def get_source_date_epoch_value(d):
- cached = d.getVar('__CACHED_SOURCE_DATE_EPOCH')
- if cached:
+ epochfile = d.getVar('SDE_FILE')
+ cached, efile = d.getVar('__CACHED_SOURCE_DATE_EPOCH') or (None, None)
+ if cached and efile == epochfile:
return cached
- epochfile = d.getVar('SDE_FILE')
+ if cached and epochfile != efile:
+ bb.debug(1, "Epoch file changed from %s to %s" % (efile, epochfile))
+
source_date_epoch = int(d.getVar('SOURCE_DATE_EPOCH_FALLBACK'))
try:
with open(epochfile, 'r') as f:
@@ -112,7 +115,7 @@ def get_source_date_epoch_value(d):
except FileNotFoundError:
bb.debug(1, "Cannot find %s. SOURCE_DATE_EPOCH will default to %d" % (epochfile, source_date_epoch))
- d.setVar('__CACHED_SOURCE_DATE_EPOCH', str(source_date_epoch))
+ d.setVar('__CACHED_SOURCE_DATE_EPOCH', (str(source_date_epoch), epochfile))
return str(source_date_epoch)
export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}"
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 8b4bfc2..da29225 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -20,7 +20,7 @@ def generate_sstatefn(spec, hash, taskname, siginfo, d):
components = spec.split(":")
# Fields 0,5,6 are mandatory, 1 is most useful, 2,3,4 are just for information
# 7 is for the separators
- avail = (254 - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
+ avail = (limit - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
components[2] = components[2][:avail]
components[3] = components[3][:avail]
components[4] = components[4][:avail]
@@ -800,7 +800,7 @@ sstate_task_postfunc[dirs] = "${WORKDIR}"
sstate_create_package () {
# Exit early if it already exists
if [ -e ${SSTATE_PKG} ]; then
- [ ! -w ${SSTATE_PKG} ] || touch ${SSTATE_PKG}
+ touch ${SSTATE_PKG} 2>/dev/null || true
return
fi
@@ -834,7 +834,7 @@ sstate_create_package () {
else
rm $TFILE
fi
- [ ! -w ${SSTATE_PKG} ] || touch ${SSTATE_PKG}
+ touch ${SSTATE_PKG} 2>/dev/null || true
}
python sstate_sign_package () {
@@ -863,12 +863,12 @@ python sstate_report_unihash() {
#
sstate_unpack_package () {
tar -xvzf ${SSTATE_PKG}
- # update .siginfo atime on local/NFS mirror
- [ -O ${SSTATE_PKG}.siginfo ] && [ -w ${SSTATE_PKG}.siginfo ] && [ -h ${SSTATE_PKG}.siginfo ] && touch -a ${SSTATE_PKG}.siginfo
- # Use "! -w ||" to return true for read only files
- [ ! -w ${SSTATE_PKG} ] || touch --no-dereference ${SSTATE_PKG}
- [ ! -w ${SSTATE_PKG}.sig ] || [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig
- [ ! -w ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch --no-dereference ${SSTATE_PKG}.siginfo
+ # update .siginfo atime on local/NFS mirror if it is a symbolic link
+ [ ! -h ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true
+ # update each symbolic link instead of any referenced file
+ touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true
+ [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true
+ [ ! -e ${SSTATE_PKG}.siginfo ] || touch --no-dereference ${SSTATE_PKG}.siginfo 2>/dev/null || true
}
BB_HASHCHECK_FUNCTION = "sstate_checkhashes"
diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index e613759..538ec4f 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -230,9 +230,10 @@ def testimage_main(d):
tdname = "%s.testdata.json" % image_name
try:
- td = json.load(open(tdname, "r"))
- except (FileNotFoundError) as err:
- bb.fatal('File %s Not Found. Have you built the image with INHERIT+="testimage" in the conf/local.conf?' % tdname)
+ with open(tdname, "r") as f:
+ td = json.load(f)
+ except FileNotFoundError as err:
+ bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err))
# Some variables need to be updates (mostly paths) with the
# ones of the current environment because some tests require them.
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 1e19917..3c7ccd6 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -100,7 +100,7 @@ ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \
${UNINATIVE_LOADER} \
${UNINATIVE_LOADER} \
${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/${bindir_native}/patchelf-uninative \
- ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so" % chksum)
+ ${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux${base_libdir_native}/libc*.so*" % chksum)
subprocess.check_output(cmd, shell=True)
with open(loaderchksum, "w") as f:
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index 433d4b6..0240589 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -47,5 +47,5 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}"
# The CONNECTIVITY_CHECK_URIS are used to test whether we can succesfully
# fetch from the network (and warn you if not). To disable the test set
# the variable to be empty.
-# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master
+# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master
CONNECTIVITY_CHECK_URIS ?= "https://www.example.com/"
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 740cca0..3165fc9 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,9 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.33"
+UNINATIVE_MAXGLIBCVERSION = "2.34"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.2/"
-UNINATIVE_CHECKSUM[aarch64] ?= "4f0872cdca2775b637a8a99815ca5c8dd42146abe903a24a50ee0448358c764b"
-UNINATIVE_CHECKSUM[i686] ?= "e2eeab92e67263db37d9bb6d4c58579abd1f47ff4cded3171bde572fece124b2"
-UNINATIVE_CHECKSUM[x86_64] ?= "3ee8c7d55e2d4c7ae3887cddb97219f97b94efddfeee2e24923c0cb0e8ce84c6"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.4/"
+UNINATIVE_CHECKSUM[aarch64] ?= "3013cdda8f0dc6639ce1c80f33eabce66f06b890bd5b58739a6d7a92a0bb7100"
+UNINATIVE_CHECKSUM[i686] ?= "abed500de584aad63ec237546db20cdd0c69d8870a6f8e94ac31721ace64b376"
+UNINATIVE_CHECKSUM[x86_64] ?= "126f4f7f6f21084ee140dac3eb4c536b963837826b7c38599db0b512c3377ba2"
diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf
index d231107..e9767c7 100644
--- a/meta/conf/multilib.conf
+++ b/meta/conf/multilib.conf
@@ -11,6 +11,8 @@ STAGING_DIR_TARGET = "${WORKDIR}/${MLPREFIX}recipe-sysroot"
RECIPE_SYSROOT = "${WORKDIR}/${MLPREFIX}recipe-sysroot"
RECIPE_SYSROOT_class-native = "${WORKDIR}/recipe-sysroot"
+PSEUDO_IGNORE_PATHS .= ",${WORKDIR}/${MLPREFIX}recipe-sysroot"
+
INHERIT += "multilib_global"
BBCLASSEXTEND_append = " ${MULTILIBS}"
diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py
index a84039f..2a8771d 100644
--- a/meta/lib/oe/utils.py
+++ b/meta/lib/oe/utils.py
@@ -480,7 +480,8 @@ class ThreadedWorker(Thread):
try:
func(self, *args, **kargs)
except Exception as e:
- print(e)
+ # Eat all exceptions
+ bb.mainlogger.debug("Worker task raised %s" % e, exc_info=e)
finally:
self.tasks.task_done()
diff --git a/meta/lib/oeqa/manual/eclipse-plugin.json b/meta/lib/oeqa/manual/eclipse-plugin.json
index d77d0e6..6c110d0 100644
--- a/meta/lib/oeqa/manual/eclipse-plugin.json
+++ b/meta/lib/oeqa/manual/eclipse-plugin.json
@@ -44,7 +44,7 @@
"expected_results": ""
},
"2": {
- "action": "wget autobuilder.yoctoproject.org/pub/releases//machines/qemu/qemux86/qemu (ex:core-image-sato-sdk-qemux86-date-rootfs-tar-bz2) \nsource /opt/poky/version/environment-setup-i585-poky-linux \n\nExtract qemu with runqemu-extract-sdk /home/user/file(ex.core-image-sato-sdk-qemux86.bz2) \n/home/user/qemux86-sato-sdk \n\n",
+ "action": "wget https://downloads.yoctoproject.org/releases/yocto/yocto-$VERSION/machines/qemu/qemux86/ (ex:core-image-sato-sdk-qemux86-date-rootfs-tar-bz2) \nsource /opt/poky/version/environment-setup-i585-poky-linux \n\nExtract qemu with runqemu-extract-sdk /home/user/file(ex.core-image-sato-sdk-qemux86.bz2) \n/home/user/qemux86-sato-sdk \n\n",
"expected_results": " Qemu can be lauched normally."
},
"3": {
@@ -60,7 +60,7 @@
"expected_results": ""
},
"6": {
- "action": "(d) QEMU: \nSelect this option if you will be using the QEMU emulator. Specify the Kernel matching the QEMU architecture you are using. \n wget autobuilder.yoctoproject.org/pub/releases//machines/qemu/qemux86/bzImage-qemux86.bin \n e.g: /home/$USER/yocto/adt-installer/download_image/bzImage-qemux86.bin \n\n",
+ "action": "(d) QEMU: \nSelect this option if you will be using the QEMU emulator. Specify the Kernel matching the QEMU architecture you are using. \n wget https://downloads.yoctoproject.org/releases/yocto/yocto-$VERSION/machines/qemu/qemux86/bzImage-qemux86.bin \n e.g: /home/$USER/yocto/adt-installer/download_image/bzImage-qemux86.bin \n\n",
"expected_results": ""
},
"7": {
@@ -247,7 +247,7 @@
"execution": {
"1": {
"action": "Clone eclipse-poky source. \n \n - git clone git://git.yoctoproject.org/eclipse-poky \n\n",
- "expected_results": "Eclipse plugin is successfully installed \n\nDocumentation is there. For example if you have release yocto-2.0.1 you will found on http://autobuilder.yoctoproject.org/pub/releases/yocto-2.0.1/eclipse-plugin/mars/ archive with documentation like org.yocto.doc-development-$date.zip \n \n"
+ "expected_results": "Eclipse plugin is successfully installed \n\nDocumentation is there. For example if you have release yocto-2.0.1 you will found on https://downloads.yoctoproject.org/releases/yocto/yocto-2.0.1/eclipse-plugin/mars/ archive with documentation like org.yocto.doc-development-$date.zip \n \n"
},
"2": {
"action": "Checkout correct tag. \n\n - git checkout <eclipse-version>/<yocto-version> \n\n",
diff --git a/meta/lib/oeqa/selftest/cases/bbtests.py b/meta/lib/oeqa/selftest/cases/bbtests.py
index 79390ac..b932d52 100644
--- a/meta/lib/oeqa/selftest/cases/bbtests.py
+++ b/meta/lib/oeqa/selftest/cases/bbtests.py
@@ -83,8 +83,10 @@ class BitbakeTests(OESelftestTestCase):
def test_force_task_1(self):
# test 1 from bug 5875
+ import uuid
test_recipe = 'zlib'
- test_data = "Microsoft Made No Profit From Anyone's Zunes Yo"
+ # Need to use uuid otherwise hash equivlance would change the workflow
+ test_data = "Microsoft Made No Profit From Anyone's Zunes Yo %s" % uuid.uuid1()
bb_vars = get_bb_vars(['D', 'PKGDEST', 'mandir'], test_recipe)
image_dir = bb_vars['D']
pkgsplit_dir = bb_vars['PKGDEST']
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 3385546..66e3262 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -340,7 +340,7 @@ class DevtoolAddTests(DevtoolBase):
checkvars['LIC_FILES_CHKSUM'] = 'file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263'
checkvars['S'] = '${WORKDIR}/git'
checkvars['PV'] = '0.1+git${SRCPV}'
- checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/dbus-wait;protocol=https'
+ checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/dbus-wait;protocol=https;branch=master'
checkvars['SRCREV'] = srcrev
checkvars['DEPENDS'] = set(['dbus'])
self._test_recipe_contents(recipefile, checkvars, [])
@@ -904,7 +904,7 @@ class DevtoolUpdateTests(DevtoolBase):
self._check_repo_status(os.path.dirname(recipefile), expected_status)
result = runCmd('git diff %s' % os.path.basename(recipefile), cwd=os.path.dirname(recipefile))
- addlines = ['SRCREV = ".*"', 'SRC_URI = "git://git.infradead.org/mtd-utils.git"']
+ addlines = ['SRCREV = ".*"', 'SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master"']
srcurilines = src_uri.split()
srcurilines[0] = 'SRC_URI = "' + srcurilines[0]
srcurilines.append('"')
diff --git a/meta/lib/oeqa/selftest/cases/fetch.py b/meta/lib/oeqa/selftest/cases/fetch.py
index cd15f65..d2f0c38 100644
--- a/meta/lib/oeqa/selftest/cases/fetch.py
+++ b/meta/lib/oeqa/selftest/cases/fetch.py
@@ -99,7 +99,7 @@ class Dependencies(OESelftestTestCase):
r = """
LICENSE="CLOSED"
- SRC_URI="git://example.com/repo"
+ SRC_URI="git://example.com/repo;branch=master"
"""
f = self.write_recipe(textwrap.dedent(r), tempdir)
d = tinfoil.parse_recipe_file(f)
diff --git a/meta/lib/oeqa/selftest/cases/glibc.py b/meta/lib/oeqa/selftest/cases/glibc.py
index c687f6e..cf8c928 100644
--- a/meta/lib/oeqa/selftest/cases/glibc.py
+++ b/meta/lib/oeqa/selftest/cases/glibc.py
@@ -33,7 +33,7 @@ class GlibcSelfTestBase(OESelftestTestCase, OEPTestResultTestCase):
ptestsuite = "glibc-user" if ssh is None else "glibc"
self.ptest_section(ptestsuite)
- with open(os.path.join(builddir, "tests.sum"), "r") as f:
+ with open(os.path.join(builddir, "tests.sum"), "r", errors='replace') as f:
for test, result in parse_values(f):
self.ptest_result(ptestsuite, test, result)
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py b/meta/lib/oeqa/selftest/cases/recipetool.py
index 9d56e9e..3621492 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -357,7 +357,7 @@ class RecipetoolTests(RecipetoolBase):
tempsrc = os.path.join(self.tempdir, 'srctree')
os.makedirs(tempsrc)
recipefile = os.path.join(self.tempdir, 'libmatchbox.bb')
- srcuri = 'git://git.yoctoproject.org/libmatchbox'
+ srcuri = 'git://git.yoctoproject.org/libmatchbox;branch=master'
result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri + ";rev=9f7cf8895ae2d39c465c04cc78e918c157420269", '-x', tempsrc])
self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output)
checkvars = {}
@@ -447,7 +447,7 @@ class RecipetoolTests(RecipetoolBase):
self.assertTrue(os.path.isfile(recipefile))
checkvars = {}
checkvars['LICENSE'] = set(['Apache-2.0'])
- checkvars['SRC_URI'] = 'git://github.com/mesonbuild/meson;protocol=https'
+ checkvars['SRC_URI'] = 'git://github.com/mesonbuild/meson;protocol=https;branch=master'
inherits = ['setuptools3']
self._test_recipe_contents(recipefile, checkvars, inherits)
@@ -514,7 +514,7 @@ class RecipetoolTests(RecipetoolBase):
self.assertTrue(os.path.isfile(recipefile))
checkvars = {}
checkvars['LICENSE'] = set(['GPLv2'])
- checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/matchbox-terminal;protocol=http'
+ checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/matchbox-terminal;protocol=http;branch=master'
inherits = ['pkgconfig', 'autotools']
self._test_recipe_contents(recipefile, checkvars, inherits)
diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py
index c46e8ba..e2fe38b 100644
--- a/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -39,7 +39,7 @@ class SStateTests(SStateBase):
recipefile = os.path.join(tempdir, "recipes-test", "dbus-wait-test", 'dbus-wait-test_git.bb')
os.makedirs(os.path.dirname(recipefile))
- srcuri = 'git://' + srcdir + ';protocol=file'
+ srcuri = 'git://' + srcdir + ';protocol=file;branch=master'
result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri])
self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output)
diff --git a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
index 5d6f200..e9dfa07 100644
--- a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
+++ b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
@@ -10,7 +10,7 @@ DEPENDS = "efivar popt"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
-SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https \
+SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https;branch=master \
file://0001-remove-extra-decl.patch \
file://97668ae0bce776a36ea2001dea63d376be8274ac.patch \
"
diff --git a/meta/recipes-bsp/efivar/efivar_37.bb b/meta/recipes-bsp/efivar/efivar_37.bb
index 5bf121f..fa1fe1e 100644
--- a/meta/recipes-bsp/efivar/efivar_37.bb
+++ b/meta/recipes-bsp/efivar/efivar_37.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
-SRC_URI = "git://github.com/rhinstaller/efivar.git \
+SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=master;protocol=https \
file://determinism.patch \
file://no-werror.patch"
SRCREV = "c1d6b10e1ed4ba2be07f385eae5bceb694478a10"
diff --git a/meta/recipes-bsp/opensbi/opensbi_0.9.bb b/meta/recipes-bsp/opensbi/opensbi_0.9.bb
index cb1c3f2..e01491c 100644
--- a/meta/recipes-bsp/opensbi/opensbi_0.9.bb
+++ b/meta/recipes-bsp/opensbi/opensbi_0.9.bb
@@ -9,7 +9,7 @@ require opensbi-payloads.inc
inherit autotools-brokensep deploy
SRCREV = "234ed8e427f4d92903123199f6590d144e0d9351"
-SRC_URI = "git://github.com/riscv/opensbi.git;branch=master \
+SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https \
file://0001-Makefile-Don-t-specify-mabi-or-march.patch \
"
diff --git a/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb b/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
index 613e316..8234b86 100644
--- a/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
+++ b/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
@@ -10,7 +10,7 @@ LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c"
SECTION = "libs"
-SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https"
+SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https;branch=master"
SRCREV = "824551ac77bab1d0f7ae34d7a7c77b155240e754"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc
index 993478a..17c6140 100644
--- a/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -14,7 +14,7 @@ PE = "1"
# repo during parse
SRCREV = "c4fddedc48f336eabc4ce3f74940e6aa372de18c"
-SRC_URI = "git://git.denx.de/u-boot.git \
+SRC_URI = "git://git.denx.de/u-boot.git;branch=master \
file://0001-add-valid-fdt-check.patch \
file://CVE-2021-27097-1.patch \
file://CVE-2021-27097-2.patch \
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
index 94116ad..29c192d 100644
--- a/meta/recipes-connectivity/avahi/files/local-ping.patch
+++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -1,4 +1,5 @@
CVE: CVE-2021-36217
+CVE: CVE-2021-3502
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
diff --git a/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch
new file mode 100644
index 0000000..f63c333
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-1.patch
@@ -0,0 +1,76 @@
+From 011e9418ce9bb25675de6ac8d47536efedeeb312 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Fri, 24 Sep 2021 09:35:11 +0200
+Subject: [PATCH] Disable lame-ttl cache
+
+The lame-ttl cache is implemented in ADB as per-server locked
+linked-list "indexed" with <qname,qtype>. This list has to be walked
+every time there's a new query or new record added into the lame cache.
+Determined attacker can use this to degrade performance of the resolver.
+
+Resolver testing has shown that disabling the lame cache has little
+impact on the resolver performance and it's a minimal viable defense
+against this kind of attack.
+
+CVE: CVE-2021-25219
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/8fe18c0566c41228a568157287f5a44f96d37662]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ bin/named/config.c | 2 +-
+ bin/named/server.c | 7 +++++--
+ doc/arm/reference.rst | 6 +++---
+ 3 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/bin/named/config.c b/bin/named/config.c
+index fa8473db7c..b6453b814e 100644
+--- a/bin/named/config.c
++++ b/bin/named/config.c
+@@ -151,7 +151,7 @@ options {\n\
+ fetches-per-server 0;\n\
+ fetches-per-zone 0;\n\
+ glue-cache yes;\n\
+- lame-ttl 600;\n"
++ lame-ttl 0;\n"
+ #ifdef HAVE_LMDB
+ " lmdb-mapsize 32M;\n"
+ #endif /* ifdef HAVE_LMDB */
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 638703e8c2..35ad6a0b7f 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -4806,8 +4806,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
+ result = named_config_get(maps, "lame-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ lame_ttl = cfg_obj_asduration(obj);
+- if (lame_ttl > 1800) {
+- lame_ttl = 1800;
++ if (lame_ttl > 0) {
++ cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
++ "disabling lame cache despite lame-ttl > 0 as it "
++ "may cause performance issues");
++ lame_ttl = 0;
+ }
+ dns_resolver_setlamettl(view->resolver, lame_ttl);
+
+diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
+index 3bc4439745..fea854f3d1 100644
+--- a/doc/arm/reference.rst
++++ b/doc/arm/reference.rst
+@@ -3358,9 +3358,9 @@ Tuning
+ ^^^^^^
+
+ ``lame-ttl``
+- This sets the number of seconds to cache a lame server indication. 0
+- disables caching. (This is **NOT** recommended.) The default is
+- ``600`` (10 minutes) and the maximum value is ``1800`` (30 minutes).
++ This is always set to 0. More information is available in the
++ `security advisory for CVE-2021-25219
++ <https://kb.isc.org/docs/cve-2021-25219>`_.
+
+ ``servfail-ttl``
+ This sets the number of seconds to cache a SERVFAIL response due to DNSSEC
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch
new file mode 100644
index 0000000..1217f7f
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.16/CVE-2021-25219-2.patch
@@ -0,0 +1,65 @@
+From 117cf776a7add27ac6d236b4062258da0d068486 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Mon, 15 Nov 2021 16:26:52 +0800
+Subject: [PATCH] Enable lame response detection even with disabled lame cache
+
+Previously, when lame cache would be disabled by setting lame-ttl to 0,
+it would also disable lame answer detection. In this commit, we enable
+the lame response detection even when the lame cache is disabled. This
+enables stopping answer processing early rather than going through the
+whole answer processing flow.
+
+CVE: CVE-2021-25219
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/dns/resolver.c | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 50fadc0..9291bd4 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -10217,25 +10217,26 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) {
+ */
+ static isc_result_t
+ rctx_lameserver(respctx_t *rctx) {
+- isc_result_t result;
++ isc_result_t result = ISC_R_SUCCESS;
+ fetchctx_t *fctx = rctx->fctx;
+ resquery_t *query = rctx->query;
+
+- if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) ||
+- !is_lame(fctx, query->rmessage))
+- {
++ if (ISFORWARDER(query->addrinfo) || !is_lame(fctx, query->rmessage)) {
+ return (ISC_R_SUCCESS);
+ }
+
+ inc_stats(fctx->res, dns_resstatscounter_lame);
+ log_lame(fctx, query->addrinfo);
+- result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
+- fctx->type, rctx->now + fctx->res->lame_ttl);
+- if (result != ISC_R_SUCCESS) {
+- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+- DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+- "could not mark server as lame: %s",
+- isc_result_totext(result));
++ if (fctx->res->lame_ttl != 0) {
++ result = dns_adb_marklame(fctx->adb, query->addrinfo,
++ &fctx->name, fctx->type,
++ rctx->now + fctx->res->lame_ttl);
++ if (result != ISC_R_SUCCESS) {
++ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
++ DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
++ "could not mark server as lame: %s",
++ isc_result_totext(result));
++ }
+ }
+ rctx->broken_server = DNS_R_LAME;
+ rctx->next_server = true;
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/bind/bind_9.16.16.bb b/meta/recipes-connectivity/bind/bind_9.16.16.bb
index b152598..4bfdeca 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.16.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.16.bb
@@ -18,6 +18,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
+ file://CVE-2021-25219-1.patch \
+ file://CVE-2021-25219-2.patch \
"
SRC_URI[sha256sum] = "6c913902adf878e7dc5e229cea94faefc9d40f44775a30213edd08860f761d7b"
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index af986c4..e4eeb3c 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
# 0.7 tag
SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
-SRC_URI = "git://github.com/connectivity/connman-gnome.git \
+SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \
file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
file://null_check_for_ipv4_config.patch \
file://images/ \
diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch
new file mode 100644
index 0000000..f05c696
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch
@@ -0,0 +1,67 @@
+From 98ccabf68e5b3f0a177bd1925581753d10041448 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Wed, 1 Sep 2021 09:09:50 +0200
+Subject: [PATCH] ftp: check that PASV/LSPV addresses match.
+
+* NEWS: Mention change.
+* ftp/ftp.c (initconn): Validate returned addresses.
+
+CVE: CVE-2021-40491
+
+Upstream-Status: Backport
+[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ ftp/ftp.c | 21 +++++++++++++++++++++
+ 1 files changed, 21 insertions(+)
+
+diff --git a/ftp/ftp.c b/ftp/ftp.c
+index d21dbdd..7513539 100644
+--- a/ftp/ftp.c
++++ b/ftp/ftp.c
+@@ -1365,6 +1365,13 @@ initconn (void)
+ uint32_t *pu32 = (uint32_t *) &data_addr_sa4->sin_addr.s_addr;
+ pu32[0] = htonl ( (h[0] << 24) | (h[1] << 16) | (h[2] << 8) | h[3]);
+ }
++ if (data_addr_sa4->sin_addr.s_addr
++ != ((struct sockaddr_in *) &hisctladdr)->sin_addr.s_addr)
++ {
++ printf ("Passive mode address mismatch.\n");
++ (void) command ("ABOR"); /* Cancel any open connection. */
++ goto bad;
++ }
+ } /* LPSV IPv4 */
+ else /* IPv6 */
+ {
+@@ -1395,6 +1402,13 @@ initconn (void)
+ pu32[2] = htonl ( (h[8] << 24) | (h[9] << 16) | (h[10] << 8) | h[11]);
+ pu32[3] = htonl ( (h[12] << 24) | (h[13] << 16) | (h[14] << 8) | h[15]);
+ }
++ if (data_addr_sa6->sin6_addr.s6_addr
++ != ((struct sockaddr_in6 *) &hisctladdr)->sin6_addr.s6_addr)
++ {
++ printf ("Passive mode address mismatch.\n");
++ (void) command ("ABOR"); /* Cancel any open connection. */
++ goto bad;
++ }
+ } /* LPSV IPv6 */
+ }
+ else /* !EPSV && !LPSV */
+@@ -1415,6 +1429,13 @@ initconn (void)
+ | ((a2 & 0xff) << 8) | (a3 & 0xff) );
+ data_addr_sa4->sin_port =
+ htons (((p0 & 0xff) << 8) | (p1 & 0xff));
++ if (data_addr_sa4->sin_addr.s_addr
++ != ((struct sockaddr_in *) &hisctladdr)->sin_addr.s_addr)
++ {
++ printf ("Passive mode address mismatch.\n");
++ (void) command ("ABOR"); /* Cancel any open connection. */
++ goto bad;
++ }
+ } /* PASV */
+ else
+ {
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.0.bb b/meta/recipes-connectivity/inetutils/inetutils_2.0.bb
index a4d05b0..d299bc3 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.0.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.0.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
file://tftpd.xinetd.inetutils \
file://inetutils-1.9-PATH_PROCNET_DEV.patch \
file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+ file://CVE-2021-40491.patch \
"
SRC_URI[md5sum] = "5e1018502cd131ed8e42339f6b5c98aa"
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
index 9a83898..5213b28 100644
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
DEPENDS = "avahi"
-SRC_URI = "git://github.com/lathiat/nss-mdns \
+SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \
"
SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae"
diff --git a/meta/recipes-connectivity/libuv/libuv_1.41.0.bb b/meta/recipes-connectivity/libuv/libuv_1.41.0.bb
index 4987331..e15d338 100644
--- a/meta/recipes-connectivity/libuv/libuv_1.41.0.bb
+++ b/meta/recipes-connectivity/libuv/libuv_1.41.0.bb
@@ -6,7 +6,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
SRCREV = "1dff88e5161cba5c59276d2070d2e304e4dcb242"
-SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
+SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index f170cf4..b4cbc1a 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -8,7 +8,7 @@ SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a"
PV = "20201225"
PE = "1"
-SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master"
S = "${WORKDIR}/git"
inherit autotools
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
new file mode 100644
index 0000000..9ca7c2f
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
@@ -0,0 +1,49 @@
+From 1f0707e8e78ef290fd0f229df3fcd2236f29db89 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 28 Oct 2021 11:11:05 +0800
+Subject: [PATCH] upstream: need initgroups() before setresgid(); reported by
+ anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+CVE: CVE-2021-41617
+Upstream-Status: [Backport]
+https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ misc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/misc.c b/misc.c
+index d988ce3..33eca1c 100644
+--- a/misc.c
++++ b/misc.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_PATHS_H
+ # include <paths.h>
+ #include <pwd.h>
++#include <grp.h>
+ #endif
+ #ifdef SSH_TUN_OPENBSD
+ #include <net/if.h>
+@@ -2629,6 +2630,13 @@ subprocess(const char *tag, const char *command,
+ }
+ closefrom(STDERR_FILENO + 1);
+
++ if (geteuid() == 0 &&
++ initgroups(pw->pw_name, pw->pw_gid) == -1) {
++ error("%s: initgroups(%s, %u): %s", tag,
++ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++ _exit(1);
++ }
++
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+ error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+ strerror(errno));
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.5p1.bb b/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
index c6de519..9a5f37b 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.5p1.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+ file://CVE-2021-41617.patch \
"
SRC_URI[sha256sum] = "f52f3f41d429aa9918e38cf200af225ccdd8e66f052da572870c89737646ec25"
diff --git a/meta/recipes-core/dbus-wait/dbus-wait_git.bb b/meta/recipes-core/dbus-wait/dbus-wait_git.bb
index 677768d..b39f752 100644
--- a/meta/recipes-core/dbus-wait/dbus-wait_git.bb
+++ b/meta/recipes-core/dbus-wait/dbus-wait_git.bb
@@ -11,7 +11,7 @@ SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
PV = "0.1+git${SRCPV}"
PR = "r2"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
UPSTREAM_CHECK_COMMITS = "1"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/fts/fts_1.2.7.bb b/meta/recipes-core/fts/fts_1.2.7.bb
index ea820cb..d3b0f31 100644
--- a/meta/recipes-core/fts/fts_1.2.7.bb
+++ b/meta/recipes-core/fts/fts_1.2.7.bb
@@ -10,7 +10,7 @@ SECTION = "libs"
SRCREV = "0bde52df588e8969879a2cae51c3a4774ec62472"
-SRC_URI = "git://github.com/pullmoll/musl-fts.git"
+SRC_URI = "git://github.com/pullmoll/musl-fts.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.33.bb b/meta/recipes-core/glibc/cross-localedef-native_2.33.bb
index ec59c6b..22d3f96 100644
--- a/meta/recipes-core/glibc/cross-localedef-native_2.33.bb
+++ b/meta/recipes-core/glibc/cross-localedef-native_2.33.bb
@@ -20,7 +20,7 @@ inherit native
FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:${FILE_DIRNAME}/glibc:"
SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
- git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef \
+ git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef;protocol=https \
\
file://0001-localedef-Add-hardlink-resolver-from-util-linux.patch \
file://0002-localedef-fix-ups-hardlink-to-make-it-compile.patch \
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 3a95173..4d69187 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.33/master"
PV = "2.33"
-SRCREV_glibc ?= "9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3"
+SRCREV_glibc ?= "6090cf1330faf2deb17285758f327cb23b89ebf1"
SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch
deleted file mode 100644
index 8a52ac9..0000000
--- a/meta/recipes-core/glibc/glibc/0001-CVE-2021-38604.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <npv1310@gmail.com>
-Date: Mon, 9 Aug 2021 20:17:34 +0530
-Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213)
-
-Helper thread frees copied attribute on NOTIFY_REMOVED message
-received from the OS kernel. Unfortunately, it fails to check whether
-copied attribute actually exists (data.attr != NULL). This worked
-earlier because free() checks passed pointer before actually
-attempting to release corresponding memory. But
-__pthread_attr_destroy assumes pointer is not NULL.
-
-So passing NULL pointer to __pthread_attr_destroy will result in
-segmentation fault. This scenario is possible if
-notification->sigev_notify_attributes == NULL (which means default
-thread attributes should be used).
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8]
-CVE: CVE-2021-38604
-
-Signed-off-by: Nikita Popov <npv1310@gmail.com>
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
----
- sysdeps/unix/sysv/linux/mq_notify.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index 6f46d29d1d..1714e1cc5f 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -132,7 +132,7 @@ helper_thread (void *arg)
- to wait until it is done with it. */
- (void) __pthread_barrier_wait (&notify_barrier);
- }
-- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
-+ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL)
- {
- /* The only state we keep is the copy of the thread attributes. */
- pthread_attr_destroy (data.attr);
diff --git a/meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch b/meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch
deleted file mode 100644
index 39fde5b..0000000
--- a/meta/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c4ad832276f4dadfa40904109b26a521468f66bc Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Thu, 4 Feb 2021 15:00:20 +0100
-Subject: [PATCH] nptl: Remove private futex optimization [BZ #27304]
-
-It is effectively used, unexcept for pthread_cond_destroy, where we do
-not want it; see bug 27304. The internal locks do not support a
-process-shared mode.
-
-This fixes commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl:
-Move pthread_cond_destroy implementation into libc").
-
-Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-
-Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27304]
-Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
----
- sysdeps/nptl/lowlevellock-futex.h | 14 +-------------
- 1 file changed, 1 insertion(+), 13 deletions(-)
-
-diff --git a/sysdeps/nptl/lowlevellock-futex.h b/sysdeps/nptl/lowlevellock-futex.h
-index ecb729da6b..ca96397a4a 100644
---- a/sysdeps/nptl/lowlevellock-futex.h
-+++ b/sysdeps/nptl/lowlevellock-futex.h
-@@ -50,20 +50,8 @@
- #define LLL_SHARED FUTEX_PRIVATE_FLAG
-
- #ifndef __ASSEMBLER__
--
--# if IS_IN (libc) || IS_IN (rtld)
--/* In libc.so or ld.so all futexes are private. */
--# define __lll_private_flag(fl, private) \
-- ({ \
-- /* Prevent warnings in callers of this macro. */ \
-- int __lll_private_flag_priv __attribute__ ((unused)); \
-- __lll_private_flag_priv = (private); \
-- ((fl) | FUTEX_PRIVATE_FLAG); \
-- })
--# else
--# define __lll_private_flag(fl, private) \
-+# define __lll_private_flag(fl, private) \
- (((fl) | FUTEX_PRIVATE_FLAG) ^ (private))
--# endif
-
- # define lll_futex_syscall(nargs, futexp, op, ...) \
- ({ \
---
-2.27.0
-
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch
deleted file mode 100644
index b654cdf..0000000
--- a/meta/recipes-core/glibc/glibc/0002-CVE-2021-38604.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From 4cc79c217744743077bf7a0ec5e0a4318f1e6641 Mon Sep 17 00:00:00 2001
-From: Nikita Popov <npv1310@gmail.com>
-Date: Thu, 12 Aug 2021 16:09:50 +0530
-Subject: [PATCH] librt: add test (bug 28213)
-
-This test implements following logic:
-1) Create POSIX message queue.
- Register a notification with mq_notify (using NULL attributes).
- Then immediately unregister the notification with mq_notify.
- Helper thread in a vulnerable version of glibc
- should cause NULL pointer dereference after these steps.
-2) Once again, register the same notification.
- Try to send a dummy message.
- Test is considered successfulif the dummy message
- is successfully received by the callback function.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641]
-CVE: CVE-2021-38604
-
-Signed-off-by: Nikita Popov <npv1310@gmail.com>
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
----
- rt/Makefile | 1 +
- rt/tst-bz28213.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 102 insertions(+)
- create mode 100644 rt/tst-bz28213.c
-
-diff --git a/rt/Makefile b/rt/Makefile
-index 7b374f2073..c87d95793a 100644
---- a/rt/Makefile
-+++ b/rt/Makefile
-@@ -44,6 +44,7 @@ tests := tst-shm tst-timer tst-timer2 \
- tst-aio7 tst-aio8 tst-aio9 tst-aio10 \
- tst-mqueue1 tst-mqueue2 tst-mqueue3 tst-mqueue4 \
- tst-mqueue5 tst-mqueue6 tst-mqueue7 tst-mqueue8 tst-mqueue9 \
-+ tst-bz28213 \
- tst-timer3 tst-timer4 tst-timer5 \
- tst-cpuclock2 tst-cputimer1 tst-cputimer2 tst-cputimer3 \
- tst-shm-cancel
-diff --git a/rt/tst-bz28213.c b/rt/tst-bz28213.c
-new file mode 100644
-index 0000000000..0c096b5a0a
---- /dev/null
-+++ b/rt/tst-bz28213.c
-@@ -0,0 +1,101 @@
-+/* Bug 28213: test for NULL pointer dereference in mq_notify.
-+ Copyright (C) The GNU Toolchain Authors.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <https://www.gnu.org/licenses/>. */
-+
-+#include <errno.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+#include <mqueue.h>
-+#include <signal.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <support/check.h>
-+
-+static mqd_t m = -1;
-+static const char msg[] = "hello";
-+
-+static void
-+check_bz28213_cb (union sigval sv)
-+{
-+ char buf[sizeof (msg)];
-+
-+ (void) sv;
-+
-+ TEST_VERIFY_EXIT ((size_t) mq_receive (m, buf, sizeof (buf), NULL)
-+ == sizeof (buf));
-+ TEST_VERIFY_EXIT (memcmp (buf, msg, sizeof (buf)) == 0);
-+
-+ exit (0);
-+}
-+
-+static void
-+check_bz28213 (void)
-+{
-+ struct sigevent sev;
-+
-+ memset (&sev, '\0', sizeof (sev));
-+ sev.sigev_notify = SIGEV_THREAD;
-+ sev.sigev_notify_function = check_bz28213_cb;
-+
-+ /* Step 1: Register & unregister notifier.
-+ Helper thread should receive NOTIFY_REMOVED notification.
-+ In a vulnerable version of glibc, NULL pointer dereference follows. */
-+ TEST_VERIFY_EXIT (mq_notify (m, &sev) == 0);
-+ TEST_VERIFY_EXIT (mq_notify (m, NULL) == 0);
-+
-+ /* Step 2: Once again, register notification.
-+ Try to send one message.
-+ Test is considered successful, if the callback does exit (0). */
-+ TEST_VERIFY_EXIT (mq_notify (m, &sev) == 0);
-+ TEST_VERIFY_EXIT (mq_send (m, msg, sizeof (msg), 1) == 0);
-+
-+ /* Wait... */
-+ pause ();
-+}
-+
-+static int
-+do_test (void)
-+{
-+ static const char m_name[] = "/bz28213_queue";
-+ struct mq_attr m_attr;
-+
-+ memset (&m_attr, '\0', sizeof (m_attr));
-+ m_attr.mq_maxmsg = 1;
-+ m_attr.mq_msgsize = sizeof (msg);
-+
-+ m = mq_open (m_name,
-+ O_RDWR | O_CREAT | O_EXCL,
-+ 0600,
-+ &m_attr);
-+
-+ if (m < 0)
-+ {
-+ if (errno == ENOSYS)
-+ FAIL_UNSUPPORTED ("POSIX message queues are not implemented\n");
-+ FAIL_EXIT1 ("Failed to create POSIX message queue: %m\n");
-+ }
-+
-+ TEST_VERIFY_EXIT (mq_unlink (m_name) == 0);
-+
-+ check_bz28213 ();
-+
-+ return 0;
-+}
-+
-+#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch b/meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch
deleted file mode 100644
index 3cb60b2..0000000
--- a/meta/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From b1971f6f1331d738d1d6b376b4741668a7546125 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Tue, 2 Feb 2021 13:45:58 -0800
-Subject: [PATCH] x86: Require full ISA support for x86-64 level marker [BZ #27318]
-
-Since -march=sandybridge enables ISAs in x86-64 ISA level v3, the v3
-marker is set on libc.so. We couldn't set the needed ISA marker to v2
-since this libc won't run on all v2 machines. Technically, the v3 marker
-is correct. But the resulting libc.so won't run on Sandy Brigde, which
-is a v2 machine, even when libc is compiled with -march=sandybridge:
-
-$ ./elf/ld.so ./libc.so
-./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3
-
-Instead, we require full ISA support for x86-64 level marker and disable
-x86-64 level marker for -march=sandybridge which enables ISAs between v2
-and v3.
-
-Upstream-Status: Submitted [https://sourceware.org/pipermail/libc-alpha/2021-February/122297.html]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-
- sysdeps/x86/configure | 7 ++++++-
- sysdeps/x86/configure.ac | 2 +-
- sysdeps/x86/isa-level.c | 21 ++++++++++++++++++++-
- 3 files changed, 27 insertions(+), 3 deletions(-)
-
-diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure
-index 5e32dc62b3..5b20646843 100644
---- a/sysdeps/x86/configure
-+++ b/sysdeps/x86/configure
-@@ -133,7 +133,12 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest c
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
-- if test "$count" = 1; then
-+ if test "$count" = 1 && { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c'
-+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-+ test $ac_status = 0; }; }; then
- libc_cv_include_x86_isa_level=yes
- fi
- fi
-diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac
-index f94088f377..54ecd33d2c 100644
---- a/sysdeps/x86/configure.ac
-+++ b/sysdeps/x86/configure.ac
-@@ -100,7 +100,7 @@ EOF
- libc_cv_include_x86_isa_level=no
- if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then
- count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
-- if test "$count" = 1; then
-+ if test "$count" = 1 && AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c); then
- libc_cv_include_x86_isa_level=yes
- fi
- fi
-diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c
-index aaf524cb56..7f83449061 100644
---- a/sysdeps/x86/isa-level.c
-+++ b/sysdeps/x86/isa-level.c
-@@ -25,12 +25,17 @@
- License along with the GNU C Library; if not, see
- <https://www.gnu.org/licenses/>. */
-
--#include <elf.h>
-+#ifdef _LIBC
-+# include <elf.h>
-+#endif
-
- /* ELF program property for x86 ISA level. */
- #ifdef INCLUDE_X86_ISA_LEVEL
- # if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \
- || defined __MMX__ || defined __SSE__ || defined __SSE2__
-+# if !defined __SSE__ || !defined __SSE2__
-+# error "Missing ISAs for x86-64 ISA level baseline"
-+# endif
- # define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE
- # else
- # define ISA_BASELINE 0
-@@ -40,6 +45,11 @@
- || (defined __x86_64__ && defined __LAHF_SAHF__) \
- || defined __POPCNT__ || defined __SSE3__ \
- || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__
-+# if !defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \
-+ || !defined __POPCNT__ || !defined __SSE3__ \
-+ || !defined __SSSE3__ || !defined __SSE4_1__ || !defined __SSE4_2__
-+# error "Missing ISAs for x86-64 ISA level v2"
-+# endif
- # define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2
- # else
- # define ISA_V2 0
-@@ -48,6 +58,10 @@
- # if defined __AVX__ || defined __AVX2__ || defined __F16C__ \
- || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \
- || defined __XSAVE__
-+# if !defined __AVX__ || !defined __AVX2__ || !defined __F16C__ \
-+ || !defined __FMA__ || !defined __LZCNT__
-+# error "Missing ISAs for x86-64 ISA level v3"
-+# endif
- # define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3
- # else
- # define ISA_V3 0
-@@ -55,6 +69,11 @@
-
- # if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \
- || defined __AVX512DQ__ || defined __AVX512VL__
-+# if !defined __AVX512F__ || !defined __AVX512BW__ \
-+ || !defined __AVX512CD__ || !defined __AVX512DQ__ \
-+ || !defined __AVX512VL__
-+# error "Missing ISAs for x86-64 ISA level v4"
-+# endif
- # define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4
- # else
- # define ISA_V4 0
diff --git a/meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch b/meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch
deleted file mode 100644
index e904b28..0000000
--- a/meta/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 044e603b698093cf48f6e6229e0b66acf05227e4 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 19 Feb 2021 13:29:00 +0100
-Subject: [PATCH] string: Work around GCC PR 98512 in rawmemchr
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=044e603b698093cf48f6e6229e0b66acf05227e4]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- string/rawmemchr.c | 26 +++++++++++++++-----------
- 1 file changed, 15 insertions(+), 11 deletions(-)
-
-diff --git a/string/rawmemchr.c b/string/rawmemchr.c
-index 59bbeeaa42..b8523118e5 100644
---- a/string/rawmemchr.c
-+++ b/string/rawmemchr.c
-@@ -22,24 +22,28 @@
- # define RAWMEMCHR __rawmemchr
- #endif
-
--/* Find the first occurrence of C in S. */
--void *
--RAWMEMCHR (const void *s, int c)
--{
-- DIAG_PUSH_NEEDS_COMMENT;
-+/* The pragmata should be nested inside RAWMEMCHR below, but that
-+ triggers GCC PR 98512. */
-+DIAG_PUSH_NEEDS_COMMENT;
- #if __GNUC_PREREQ (7, 0)
-- /* GCC 8 warns about the size passed to memchr being larger than
-- PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */
-- DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
-+/* GCC 8 warns about the size passed to memchr being larger than
-+ PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */
-+DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
- #endif
- #if __GNUC_PREREQ (11, 0)
-- /* Likewise GCC 11, with a different warning option. */
-- DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
-+/* Likewise GCC 11, with a different warning option. */
-+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
- #endif
-+
-+/* Find the first occurrence of C in S. */
-+void *
-+RAWMEMCHR (const void *s, int c)
-+{
- if (c != '\0')
- return memchr (s, c, (size_t)-1);
-- DIAG_POP_NEEDS_COMMENT;
- return (char *)s + strlen (s);
- }
- libc_hidden_def (__rawmemchr)
- weak_alias (__rawmemchr, rawmemchr)
-+
-+DIAG_POP_NEEDS_COMMENT;
---
-2.30.1
-
diff --git a/meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch b/meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch
deleted file mode 100644
index 3a004e2..0000000
--- a/meta/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From 750b00a1ddae220403fd892a6fd4e0791ffd154a Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Fri, 18 Sep 2020 07:55:14 -0700
-Subject: [PATCH] x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444]
-
- x86: Move x86 processor cache info to cpu_features
-
-missed _SC_LEVEL1_ICACHE_LINESIZE.
-
-1. Add level1_icache_linesize to struct cpu_features.
-2. Initialize level1_icache_linesize by calling handle_intel,
-handle_zhaoxin and handle_amd with _SC_LEVEL1_ICACHE_LINESIZE.
-3. Return level1_icache_linesize for _SC_LEVEL1_ICACHE_LINESIZE.
-
-Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27444]
-Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
----
- sysdeps/x86/Makefile | 8 +++
- sysdeps/x86/cacheinfo.c | 3 +
- sysdeps/x86/dl-cacheinfo.h | 6 ++
- sysdeps/x86/include/cpu-features.h | 2 +
- .../x86/tst-sysconf-cache-linesize-static.c | 1 +
- sysdeps/x86/tst-sysconf-cache-linesize.c | 57 +++++++++++++++++++
- 6 files changed, 77 insertions(+)
- create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize-static.c
- create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize.c
-
-diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
-index dd82674342..d231263051 100644
---- a/sysdeps/x86/Makefile
-+++ b/sysdeps/x86/Makefile
-@@ -208,3 +208,11 @@ $(objpfx)check-cet.out: $(..)sysdeps/x86/check-cet.awk \
- generated += check-cet.out
- endif
- endif
-+
-+ifeq ($(subdir),posix)
-+tests += \
-+ tst-sysconf-cache-linesize \
-+ tst-sysconf-cache-linesize-static
-+tests-static += \
-+ tst-sysconf-cache-linesize-static
-+endif
-diff --git a/sysdeps/x86/cacheinfo.c b/sysdeps/x86/cacheinfo.c
-index 7b8df45e3b..5ea4723ca6 100644
---- a/sysdeps/x86/cacheinfo.c
-+++ b/sysdeps/x86/cacheinfo.c
-@@ -32,6 +32,9 @@ __cache_sysconf (int name)
- case _SC_LEVEL1_ICACHE_SIZE:
- return cpu_features->level1_icache_size;
-
-+ case _SC_LEVEL1_ICACHE_LINESIZE:
-+ return cpu_features->level1_icache_linesize;
-+
- case _SC_LEVEL1_DCACHE_SIZE:
- return cpu_features->level1_dcache_size;
-
-diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h
-index a31fa0783a..7cd00b92f1 100644
---- a/sysdeps/x86/dl-cacheinfo.h
-+++ b/sysdeps/x86/dl-cacheinfo.h
-@@ -707,6 +707,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
- long int core;
- unsigned int threads = 0;
- unsigned long int level1_icache_size = -1;
-+ unsigned long int level1_icache_linesize = -1;
- unsigned long int level1_dcache_size = -1;
- unsigned long int level1_dcache_assoc = -1;
- unsigned long int level1_dcache_linesize = -1;
-@@ -726,6 +727,8 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
-
- level1_icache_size
- = handle_intel (_SC_LEVEL1_ICACHE_SIZE, cpu_features);
-+ level1_icache_linesize
-+ = handle_intel (_SC_LEVEL1_ICACHE_LINESIZE, cpu_features);
- level1_dcache_size = data;
- level1_dcache_assoc
- = handle_intel (_SC_LEVEL1_DCACHE_ASSOC, cpu_features);
-@@ -753,6 +756,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
- shared = handle_zhaoxin (_SC_LEVEL3_CACHE_SIZE);
-
- level1_icache_size = handle_zhaoxin (_SC_LEVEL1_ICACHE_SIZE);
-+ level1_icache_linesize = handle_zhaoxin (_SC_LEVEL1_ICACHE_LINESIZE);
- level1_dcache_size = data;
- level1_dcache_assoc = handle_zhaoxin (_SC_LEVEL1_DCACHE_ASSOC);
- level1_dcache_linesize = handle_zhaoxin (_SC_LEVEL1_DCACHE_LINESIZE);
-@@ -772,6 +776,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
- shared = handle_amd (_SC_LEVEL3_CACHE_SIZE);
-
- level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE);
-+ level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE);
- level1_dcache_size = data;
- level1_dcache_assoc = handle_amd (_SC_LEVEL1_DCACHE_ASSOC);
- level1_dcache_linesize = handle_amd (_SC_LEVEL1_DCACHE_LINESIZE);
-@@ -833,6 +838,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
- }
-
- cpu_features->level1_icache_size = level1_icache_size;
-+ cpu_features->level1_icache_linesize = level1_icache_linesize;
- cpu_features->level1_dcache_size = level1_dcache_size;
- cpu_features->level1_dcache_assoc = level1_dcache_assoc;
- cpu_features->level1_dcache_linesize = level1_dcache_linesize;
-diff --git a/sysdeps/x86/include/cpu-features.h b/sysdeps/x86/include/cpu-features.h
-index 624736b40e..39a3f4f311 100644
---- a/sysdeps/x86/include/cpu-features.h
-+++ b/sysdeps/x86/include/cpu-features.h
-@@ -874,6 +874,8 @@ struct cpu_features
- unsigned long int rep_stosb_threshold;
- /* _SC_LEVEL1_ICACHE_SIZE. */
- unsigned long int level1_icache_size;
-+ /* _SC_LEVEL1_ICACHE_LINESIZE. */
-+ unsigned long int level1_icache_linesize;
- /* _SC_LEVEL1_DCACHE_SIZE. */
- unsigned long int level1_dcache_size;
- /* _SC_LEVEL1_DCACHE_ASSOC. */
-diff --git a/sysdeps/x86/tst-sysconf-cache-linesize-static.c b/sysdeps/x86/tst-sysconf-cache-linesize-static.c
-new file mode 100644
-index 0000000000..152ae68821
---- /dev/null
-+++ b/sysdeps/x86/tst-sysconf-cache-linesize-static.c
-@@ -0,0 +1 @@
-+#include "tst-sysconf-cache-linesize.c"
-diff --git a/sysdeps/x86/tst-sysconf-cache-linesize.c b/sysdeps/x86/tst-sysconf-cache-linesize.c
-new file mode 100644
-index 0000000000..642dbde5d2
---- /dev/null
-+++ b/sysdeps/x86/tst-sysconf-cache-linesize.c
-@@ -0,0 +1,57 @@
-+/* Test system cache line sizes.
-+ Copyright (C) 2021 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <https://www.gnu.org/licenses/>. */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <array_length.h>
-+
-+static struct
-+{
-+ const char *name;
-+ int _SC_val;
-+} sc_options[] =
-+ {
-+#define N(name) { "_SC_"#name, _SC_##name }
-+ N (LEVEL1_ICACHE_LINESIZE),
-+ N (LEVEL1_DCACHE_LINESIZE),
-+ N (LEVEL2_CACHE_LINESIZE)
-+ };
-+
-+static int
-+do_test (void)
-+{
-+ int result = EXIT_SUCCESS;
-+
-+ for (int i = 0; i < array_length (sc_options); ++i)
-+ {
-+ long int scret = sysconf (sc_options[i]._SC_val);
-+ if (scret < 0)
-+ {
-+ printf ("sysconf (%s) returned < 0 (%ld)\n",
-+ sc_options[i].name, scret);
-+ result = EXIT_FAILURE;
-+ }
-+ else
-+ printf ("sysconf (%s): %ld\n", sc_options[i].name, scret);
-+ }
-+
-+ return result;
-+}
-+
-+#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch b/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch
new file mode 100644
index 0000000..2f08a90
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-27318-revert.patch
@@ -0,0 +1,174 @@
+Since the full ISA set used in an ELF binary is unknown to compiler,
+an x86-64 ISA level marker indicates the minimum, not maximum, ISA set
+required to run such an ELF binary. We never guarantee a library with
+an x86-64 ISA level v3 marker doesn't contain other ISAs beyond x86-64
+ISA level v3, like AVX VNNI. We check the x86-64 ISA level marker for
+the minimum ISA set. Since -march=sandybridge enables only some ISAs
+in x86-64 ISA level v3, we should set the needed ISA marker to v2.
+Otherwise, libc is compiled with -march=sandybridge will fail to run on
+Sandy Bridge:
+
+$ ./elf/ld.so ./libc.so
+./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3
+
+Set the minimum, instead of maximum, x86-64 ISA level marker should have
+no impact on the b-hwcaps directory assignment logic in ldconfig nor
+ld.so.
+
+(cherry picked from commit 339bf918ea4830fb35614632e96f3aab3237adce)
+---
+ config.h.in | 6 ++++++
+ sysdeps/x86/configure | 28 ++++++++++++++++++++++++++++
+ sysdeps/x86/configure.ac | 16 ++++++++++++++++
+ sysdeps/x86/isa-level.c | 25 ++++++++++++++-----------
+ 4 files changed, 64 insertions(+), 11 deletions(-)
+
+diff --git a/config.h.in b/config.h.in
+--- a/config.h.in 2021-10-16 03:28:49.447573081 -0700
++++ b/config.h.in 2021-10-16 03:29:38.626741181 -0700
+@@ -275,4 +275,10 @@
+ /* Define if x86 ISA level should be included in shared libraries. */
+ #undef INCLUDE_X86_ISA_LEVEL
+
++/* Define if -msahf is enabled by default on x86. */
++#undef HAVE_X86_LAHF_SAHF
++
++/* Define if -mmovbe is enabled by default on x86. */
++#undef HAVE_X86_MOVBE
++
+ #endif
+diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure
+--- a/sysdeps/x86/configure 2021-10-16 03:28:49.587570713 -0700
++++ b/sysdeps/x86/configure 2021-10-16 03:29:39.330729277 -0700
+@@ -126,6 +126,8 @@ cat > conftest2.S <<EOF
+ 4:
+ EOF
+ libc_cv_include_x86_isa_level=no
++libc_cv_have_x86_lahf_sahf=no
++libc_cv_have_x86_movbe=no
+ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+@@ -135,6 +137,24 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS
+ count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
+ if test "$count" = 1; then
+ libc_cv_include_x86_isa_level=yes
++ cat > conftest.c <<EOF
++EOF
++ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c'
++ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++ test $ac_status = 0; }; } | grep -q "\-msahf"; then
++ libc_cv_have_x86_lahf_sahf=yes
++ fi
++ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c'
++ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++ test $ac_status = 0; }; } | grep -q "\-mmovbe"; then
++ libc_cv_have_x86_movbe=yes
++ fi
+ fi
+ fi
+ rm -f conftest*
+@@ -145,5 +165,13 @@ if test $libc_cv_include_x86_isa_level =
+ $as_echo "#define INCLUDE_X86_ISA_LEVEL 1" >>confdefs.h
+
+ fi
++if test $libc_cv_have_x86_lahf_sahf = yes; then
++ $as_echo "#define HAVE_X86_LAHF_SAHF 1" >>confdefs.h
++
++fi
++if test $libc_cv_have_x86_movbe = yes; then
++ $as_echo "#define HAVE_X86_MOVBE 1" >>confdefs.h
++
++fi
+ config_vars="$config_vars
+ enable-x86-isa-level = $libc_cv_include_x86_isa_level"
+diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac
+--- a/sysdeps/x86/configure.ac 2021-10-16 03:28:49.587570713 -0700
++++ b/sysdeps/x86/configure.ac 2021-10-16 03:29:40.038717306 -0700
+@@ -98,14 +98,30 @@ cat > conftest2.S <<EOF
+ 4:
+ EOF
+ libc_cv_include_x86_isa_level=no
++libc_cv_have_x86_lahf_sahf=no
++libc_cv_have_x86_movbe=no
+ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then
+ count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
+ if test "$count" = 1; then
+ libc_cv_include_x86_isa_level=yes
++ cat > conftest.c <<EOF
++EOF
++ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-msahf"; then
++ libc_cv_have_x86_lahf_sahf=yes
++ fi
++ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -fverbose-asm -S -o - conftest.c) | grep -q "\-mmovbe"; then
++ libc_cv_have_x86_movbe=yes
++ fi
+ fi
+ fi
+ rm -f conftest*])
+ if test $libc_cv_include_x86_isa_level = yes; then
+ AC_DEFINE(INCLUDE_X86_ISA_LEVEL)
+ fi
++if test $libc_cv_have_x86_lahf_sahf = yes; then
++ AC_DEFINE(HAVE_X86_LAHF_SAHF)
++fi
++if test $libc_cv_have_x86_movbe = yes; then
++ AC_DEFINE(HAVE_X86_MOVBE)
++fi
+ LIBC_CONFIG_VAR([enable-x86-isa-level], [$libc_cv_include_x86_isa_level])
+diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c
+--- a/sysdeps/x86/isa-level.c 2021-10-16 03:28:49.587570713 -0700
++++ b/sysdeps/x86/isa-level.c 2021-10-16 03:29:40.766704997 -0700
+@@ -29,32 +29,35 @@
+
+ /* ELF program property for x86 ISA level. */
+ #ifdef INCLUDE_X86_ISA_LEVEL
+-# if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \
+- || defined __MMX__ || defined __SSE__ || defined __SSE2__
++# if defined __SSE__ && defined __SSE2__
++/* NB: ISAs, excluding MMX, in x86-64 ISA level baseline are used. */
+ # define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE
+ # else
+ # define ISA_BASELINE 0
+ # endif
+
+-# if defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \
+- || (defined __x86_64__ && defined __LAHF_SAHF__) \
+- || defined __POPCNT__ || defined __SSE3__ \
+- || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__
++# if ISA_BASELINE && defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \
++ && defined HAVE_X86_LAHF_SAHF && defined __POPCNT__ \
++ && defined __SSE3__ && defined __SSSE3__ && defined __SSE4_1__ \
++ && defined __SSE4_2__
++/* NB: ISAs in x86-64 ISA level v2 are used. */
+ # define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2
+ # else
+ # define ISA_V2 0
+ # endif
+
+-# if defined __AVX__ || defined __AVX2__ || defined __F16C__ \
+- || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \
+- || defined __XSAVE__
++# if ISA_V2 && defined __AVX__ && defined __AVX2__ && defined __F16C__ \
++ && defined __FMA__ && defined __LZCNT__ && defined HAVE_X86_MOVBE
++/* NB: ISAs in x86-64 ISA level v3 are used. */
+ # define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3
+ # else
+ # define ISA_V3 0
+ # endif
+
+-# if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \
+- || defined __AVX512DQ__ || defined __AVX512VL__
++# if ISA_V3 && defined __AVX512F__ && defined __AVX512BW__ \
++ && defined __AVX512CD__ && defined __AVX512DQ__ \
++ && defined __AVX512VL__
++/* NB: ISAs in x86-64 ISA level v4 are used. */
+ # define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4
+ # else
+ # define ISA_V4 0
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch b/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch
deleted file mode 100644
index 26c5c0d..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From dca565886b5e8bd7966e15f0ca42ee5cff686673 Mon Sep 17 00:00:00 2001
-From: DJ Delorie <dj@redhat.com>
-Date: Thu, 25 Feb 2021 16:08:21 -0500
-Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462]
-
-In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
-was fixed, but this led to an occasional double-free. This patch
-tracks the "live" allocation better.
-
-Tested manually by a third party.
-
-Related: RHBZ 1927877
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673]
-
-CVE: CVE-2021-27645
-
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
----
- nscd/netgroupcache.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
-index dba6ceec1b..ad2daddafd 100644
---- a/nscd/netgroupcache.c
-+++ b/nscd/netgroupcache.c
-@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
- : NULL);
- ndomain = (ndomain ? newbuf + ndomaindiff
- : NULL);
-- buffer = newbuf;
-+ *tofreep = buffer = newbuf;
- }
-
- nhost = memcpy (buffer + bufused,
-@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
- else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
- {
- buflen *= 2;
-- buffer = xrealloc (buffer, buflen);
-+ *tofreep = buffer = xrealloc (buffer, buflen);
- }
- else if (status == NSS_STATUS_RETURN
- || status == NSS_STATUS_NOTFOUND
---
-2.27.0
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch b/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch
deleted file mode 100644
index 21f07ac..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 709674ec86c3c6da4f0995897f6b0205c16d049d Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@linux-m68k.org>
-Date: Thu, 27 May 2021 12:49:47 +0200
-Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896)
-
-Make a deep copy of the pthread attribute object to remove a potential
-use-after-free issue.
-
-Upstream-Status: Backport
-[https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb]
-
-CVE:
-CVE-2021-33574
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
----
- NEWS | 4 ++++
- sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
- 2 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 71f5d20324..017d656433 100644
---- a/NEWS
-+++ b/NEWS
-@@ -118,6 +118,10 @@ Security related changes:
- CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
- invoked with EUC-KR input containing invalid multibyte input sequences.
-
-+ CVE-2021-33574: The mq_notify function has a potential use-after-free
-+ issue when using a notification type of SIGEV_THREAD and a thread
-+ attribute with a non-default affinity mask.
-+
- The following bugs are resolved with this release:
-
- [10635] libc: realpath portability patches
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index cc575a0cdd..f7ddfe5a6c 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -133,8 +133,11 @@ helper_thread (void *arg)
- (void) __pthread_barrier_wait (&notify_barrier);
- }
- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
-- /* The only state we keep is the copy of the thread attributes. */
-- free (data.attr);
-+ {
-+ /* The only state we keep is the copy of the thread attributes. */
-+ pthread_attr_destroy (data.attr);
-+ free (data.attr);
-+ }
- }
- return NULL;
- }
-@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- if (data.attr == NULL)
- return -1;
-
-- memcpy (data.attr, notification->sigev_notify_attributes,
-- sizeof (pthread_attr_t));
-+ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
- }
-
- /* Construct the new request. */
-@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
-
- /* If it failed, free the allocated memory. */
- if (__glibc_unlikely (retval != 0))
-- free (data.attr);
-+ {
-+ pthread_attr_destroy (data.attr);
-+ free (data.attr);
-+ }
-
- return retval;
- }
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch b/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch
deleted file mode 100644
index befccd7..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Tue, 1 Jun 2021 17:51:41 +0200
-Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
-
-__pthread_attr_copy can fail and does not initialize the attribute
-structure in that case.
-
-If __pthread_attr_copy is never called and there is no allocated
-attribute, pthread_attr_destroy should not be called, otherwise
-there is a null pointer dereference in rt/tst-mqueue6.
-
-Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
-("Use __pthread_attr_copy in mq_notify (bug 27896)").
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-
-Upstream-Status: Backport
-[https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091]
-
-CVE:
-CVE-2021-33574
-
-Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
----
- sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
-index f7ddfe5a6c..6f46d29d1d 100644
---- a/sysdeps/unix/sysv/linux/mq_notify.c
-+++ b/sysdeps/unix/sysv/linux/mq_notify.c
-@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- if (data.attr == NULL)
- return -1;
-
-- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
-+ int ret = __pthread_attr_copy (data.attr,
-+ notification->sigev_notify_attributes);
-+ if (ret != 0)
-+ {
-+ free (data.attr);
-+ __set_errno (ret);
-+ return -1;
-+ }
- }
-
- /* Construct the new request. */
-@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
- int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
-
- /* If it failed, free the allocated memory. */
-- if (__glibc_unlikely (retval != 0))
-+ if (retval != 0 && data.attr != NULL)
- {
- pthread_attr_destroy (data.attr);
- free (data.attr);
---
-2.27.0
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
deleted file mode 100644
index 5cae1bc..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@linux-m68k.org>
-Date: Fri, 25 Jun 2021 15:02:47 +0200
-Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
- 28011)
-
-Use strtoul instead of atoi so that overflow can be detected.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
-CVE: CVE-2021-35942
-Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
----
- posix/wordexp-test.c | 1 +
- posix/wordexp.c | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
-index f93a546d7e..9df02dbbb3 100644
---- a/posix/wordexp-test.c
-+++ b/posix/wordexp-test.c
-@@ -183,6 +183,7 @@ struct test_case_struct
- { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
- { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
- { 0, NULL, "", 0, 0, { NULL, }, IFS },
-+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
-
- /* Flags not already covered (testit() has special handling for these) */
- { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
-diff --git a/posix/wordexp.c b/posix/wordexp.c
-index bcbe96e48d..1f3b09f721 100644
---- a/posix/wordexp.c
-+++ b/posix/wordexp.c
-@@ -1399,7 +1399,7 @@ envsubst:
- /* Is it a numeric parameter? */
- else if (isdigit (env[0]))
- {
-- int n = atoi (env);
-+ unsigned long n = strtoul (env, NULL, 10);
-
- if (n >= __libc_argc)
- /* Substitute NULL. */
---
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index 57a60cb..ad5e2b8 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -56,16 +56,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \
file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
- file://0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch \
- file://0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch \
- file://0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch \
- file://CVE-2021-27645.patch \
- file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
- file://CVE-2021-33574_1.patch \
- file://CVE-2021-33574_2.patch \
- file://CVE-2021-35942.patch \
- file://0001-CVE-2021-38604.patch \
- file://0002-CVE-2021-38604.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb
index 0daf50a..afc3196 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb
@@ -7,7 +7,7 @@ the file /etc/network/interfaces."
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \
+SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=master \
file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \
file://99_network \
file://0001-Define-FNM_EXTMATCH-for-musl.patch \
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index a1342249..455fe82 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx"
inherit core-image setuptools3
-SRCREV ?= "45fb2254f6961377ae0ad0c5c00735459fdcb182"
+SRCREV ?= "ec3ac9d883d53ebbf3c6b9a80694df69c9e9ccc7"
SRC_URI = "git://git.yoctoproject.org/poky;branch=hardknott \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/initscripts/init-system-helpers_1.60.bb b/meta/recipes-core/initscripts/init-system-helpers_1.60.bb
index 33977e6..98f45e1 100644
--- a/meta/recipes-core/initscripts/init-system-helpers_1.60.bb
+++ b/meta/recipes-core/initscripts/init-system-helpers_1.60.bb
@@ -17,7 +17,7 @@ LICENSE = "BSD-3-Clause & GPLv2"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=ee2b1830fcfead84d07bc060ec43e072"
SRCREV = "dbd9197569c0935029acd5c9b02b84c68fd937ee"
-SRC_URI = "git://salsa.debian.org/debian/init-system-helpers.git;protocol=https"
+SRC_URI = "git://salsa.debian.org/debian/init-system-helpers.git;protocol=https;branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index b5ca863..8008ba2 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=bd5d9777dfe7076c4f2928f12fed226a \
inherit autotools pkgconfig
-SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH} \
+SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https \
file://0001-configure.ac-do-not-use-compute-symver-floor.patch \
"
SRCREV = "94d84f92ca123d851586016c4678eb1f21c19029"
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index ce4f9a3..cabf911 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -47,7 +47,7 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
inherit autotools pkgconfig binconfig-disabled ptest
-inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)}
RDEPENDS_${PN}-ptest += "make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
diff --git a/meta/recipes-core/musl/libucontext_git.bb b/meta/recipes-core/musl/libucontext_git.bb
index 11affeb..87946b7 100644
--- a/meta/recipes-core/musl/libucontext_git.bb
+++ b/meta/recipes-core/musl/libucontext_git.bb
@@ -10,7 +10,7 @@ DEPENDS = ""
PV = "0.10+${SRCPV}"
SRCREV = "19fa1bbfc26efb92147b5e85cc0ca02a0e837561"
-SRC_URI = "git://github.com/kaniini/libucontext \
+SRC_URI = "git://github.com/kaniini/libucontext;branch=master;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/musl/musl-obstack.bb b/meta/recipes-core/musl/musl-obstack.bb
index 3003935..74de48c 100644
--- a/meta/recipes-core/musl/musl-obstack.bb
+++ b/meta/recipes-core/musl/musl-obstack.bb
@@ -10,7 +10,7 @@ SECTION = "libs"
PV = "1.1"
SRCREV = "d2ad66b0df44a4b784956f7f7f2717131ddc05f4"
-SRC_URI = "git://github.com/pullmoll/musl-obstack"
+SRC_URI = "git://github.com/pullmoll/musl-obstack;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-core/musl/musl-utils.bb b/meta/recipes-core/musl/musl-utils.bb
index dd0ce33..c305094 100644
--- a/meta/recipes-core/musl/musl-utils.bb
+++ b/meta/recipes-core/musl/musl-utils.bb
@@ -11,7 +11,7 @@ SECTION = "utils"
PV = "20170421"
SRCREV = "fb5630138ccabbbc14a19d372096a04e42573c7d"
-SRC_URI = "git://github.com/boltlinux/musl-utils"
+SRC_URI = "git://github.com/boltlinux/musl-utils;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index e6f9e24..a241a2f 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -12,7 +12,7 @@ PV = "${BASEVER}+git${SRCPV}"
# mirror is at git://github.com/kraj/musl.git
-SRC_URI = "git://git.musl-libc.org/musl \
+SRC_URI = "git://git.musl-libc.org/musl;branch=master \
file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \
"
diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000..d63bf57
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+ + correct configure version-check/warnng for g++ to allow for 10.x
+ + re-enable "bel" in konsole-base (report by Nia Huang)
+ + add linux-s entry (patch by Alexandre Montaron).
+ + drop long-obsolete convert_configure.pl
+ + add test/test_parm.c, for checking tparm changes.
+ + improve parameter-checking for tparm, adding function _nc_tiparm() to
+ handle the most-used case, which accepts only numeric parameters
+ (report/testcase by "puppet-meteor").
+ + use a more conservative estimate of the buffer-size in lib_tparm.c's
+ save_text() and save_number(), in case the sprintf() function
+ passes-through unexpected characters from a format specifier
+ (report/testcase by "puppet-meteor").
+ + add a check for end-of-string in cvtchar to handle a malformed
+ string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c | 11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ }
+ break;
+ case '^':
++ len = 2;
+ c = UChar(*++sp);
+- if (c == '?')
++ if (c == '?') {
+ c = 127;
+- else
++ } else if (c == '\0') {
++ len = 1;
++ } else {
+ c &= 0x1f;
+- len = 2;
++ }
+ break;
+ default:
+ c = UChar(*sp);
+--
+2.17.1
+
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
index ef59bc3..9c74d2e 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \
inherit autotools binconfig-disabled multilib_header pkgconfig
# Upstream has useful patches at times at ftp://invisible-island.net/ncurses/
-SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https"
+SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https;branch=master"
EXTRA_AUTORECONF = "-I m4"
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396..598c51b 100644
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
SRC_URI += "file://0001-tic-hang.patch \
file://0002-configure-reproducible.patch \
file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+ file://CVE-2021-39537.patch \
"
# commit id corresponds to the revision in package version
SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"
diff --git a/meta/recipes-core/netbase/netbase_6.2.bb b/meta/recipes-core/netbase/netbase_6.2.bb
index c016d32..ad7e9be 100644
--- a/meta/recipes-core/netbase/netbase_6.2.bb
+++ b/meta/recipes-core/netbase/netbase_6.2.bb
@@ -6,7 +6,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=3dd6192d306f582dee7687da3d8748ab"
PE = "1"
-SRC_URI = "git://salsa.debian.org/md/netbase.git;protocol=https"
+SRC_URI = "git://salsa.debian.org/md/netbase.git;protocol=https;branch=master"
SRCREV = "1c892c96a078ef28ec1a94681b3a0da7a3d545f7"
inherit allarch
diff --git a/meta/recipes-core/psplash/psplash_git.bb b/meta/recipes-core/psplash/psplash_git.bb
index 59e1e3f..e123647 100644
--- a/meta/recipes-core/psplash/psplash_git.bb
+++ b/meta/recipes-core/psplash/psplash_git.bb
@@ -10,7 +10,7 @@ SRCREV = "0a902f7cd875ccf018456451be369f05fa55f962"
PV = "0.1+git${SRCPV}"
PR = "r15"
-SRC_URI = "git://git.yoctoproject.org/${BPN} \
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \
file://psplash-init \
file://psplash-start.service \
file://psplash-systemd.service \
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 7d3b306..b11ab11 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -16,6 +16,6 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
SRCREV = "17472dca0160cbe7b807ca648475fd70d0d62fe5"
SRCBRANCH = "v247-stable"
-SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}"
+SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
index da71667..daee5c2 100644
--- a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
+++ b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f535425934bb5001f2037d9"
-SRC_URI = "git://git.yoctoproject.org/update-rc.d"
+SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master"
SRCREV = "8636cf478d426b568c1be11dbd9346f67e03adac"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-core/util-linux/util-linux_2.36.2.bb b/meta/recipes-core/util-linux/util-linux_2.36.2.bb
index c79cf78..82cc8a3 100644
--- a/meta/recipes-core/util-linux/util-linux_2.36.2.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.36.2.bb
@@ -73,7 +73,7 @@ EXTRA_OECONF = "\
\
--disable-bfs --disable-chfn-chsh --disable-login \
--disable-makeinstall-chown --disable-minix --disable-newgrp \
- --disable-use-tty-group --disable-vipw \
+ --disable-use-tty-group --disable-vipw --disable-raw \
\
--without-udev \
\
diff --git a/meta/recipes-devtools/binutils/binutils-2.36.inc b/meta/recipes-devtools/binutils/binutils-2.36.inc
index 9d770db..7d0824e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.36.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.36.inc
@@ -44,5 +44,7 @@ SRC_URI = "\
file://0001-CVE-2021-20197.patch \
file://0002-CVE-2021-20197.patch \
file://0003-CVE-2021-20197.patch \
+ file://0017-CVE-2021-3530.patch \
+ file://0018-CVE-2021-3530.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0017-CVE-2021-3530.patch b/meta/recipes-devtools/binutils/binutils/0017-CVE-2021-3530.patch
new file mode 100644
index 0000000..fa10a6c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-CVE-2021-3530.patch
@@ -0,0 +1,102 @@
+From 25162c795b1a2becf936bb3581d86a307ea491eb Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jul 2021 16:51:56 +0100
+Subject: [PATCH] Fix a stack exhaustion problem in the Rust demangling code in
+ the libiberty library.
+
+ PR 99935
+ * rust-demangle.c: Add recursion limit.
+
+CVE: CVE-2021-3530
+Upstream-Status: Backport[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=25162c795b1a2becf936bb3581d86a307ea491eb]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libiberty/ChangeLog | 5 +++++
+ libiberty/rust-demangle.c | 31 +++++++++++++++++++++++++------
+ 2 files changed, 30 insertions(+), 6 deletions(-)
+
+diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
+index bc1b35b97c4..8e39fd28eba 100644
+--- a/libiberty/ChangeLog
++++ b/libiberty/ChangeLog
+@@ -1,3 +1,8 @@
++2021-07-15 Nick Clifton <nickc@redhat.com>
++
++ PR 99935
++ * rust-demangle.c: Add recursion limit.
++
+ 2021-01-04 Martin Liska <mliska@suse.cz>
+
+ * strverscmp.c: Convert to utf8 from iso8859.
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+index 449941b56dc..df09b7b8fdd 100644
+--- a/libiberty/rust-demangle.c
++++ b/libiberty/rust-demangle.c
+@@ -74,6 +74,12 @@ struct rust_demangler
+ /* Rust mangling version, with legacy mangling being -1. */
+ int version;
+
++ /* Recursion depth. */
++ uint recursion;
++ /* Maximum number of times demangle_path may be called recursively. */
++#define RUST_MAX_RECURSION_COUNT 1024
++#define RUST_NO_RECURSION_LIMIT ((uint) -1)
++
+ uint64_t bound_lifetime_depth;
+ };
+
+@@ -671,6 +677,15 @@ demangle_path (struct rust_demangler *rd
+ if (rdm->errored)
+ return;
+
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ {
++ ++ rdm->recursion;
++ if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++ /* FIXME: There ought to be a way to report
++ that the recursion limit has been reached. */
++ goto fail_return;
++ }
++
+ switch (tag = next (rdm))
+ {
+ case 'C':
+@@ -688,10 +703,7 @@ demangle_path (struct rust_demangler *rd
+ case 'N':
+ ns = next (rdm);
+ if (!ISLOWER (ns) && !ISUPPER (ns))
+- {
+- rdm->errored = 1;
+- return;
+- }
++ goto fail_return;
+
+ demangle_path (rdm, in_value);
+
+@@ -776,9 +788,15 @@ demangle_path (struct rust_demangler *rd
+ }
+ break;
+ default:
+- rdm->errored = 1;
+- return;
++ goto fail_return;
+ }
++ goto pass_return;
++
++ fail_return:
++ rdm->errored = 1;
++ pass_return:
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ -- rdm->recursion;
+ }
+
+ static void
+@@ -1317,6 +1335,7 @@ rust_demangle_callback (const char *mang
+ rdm.skipping_printing = 0;
+ rdm.verbose = (options & DMGL_VERBOSE) != 0;
+ rdm.version = 0;
++ rdm.recursion = (options & DMGL_NO_RECURSE_LIMIT) ? RUST_NO_RECURSION_LIMIT : 0;
+ rdm.bound_lifetime_depth = 0;
+
+ /* Rust symbols always start with _R (v0) or _ZN (legacy). */
diff --git a/meta/recipes-devtools/binutils/binutils/0018-CVE-2021-3530.patch b/meta/recipes-devtools/binutils/binutils/0018-CVE-2021-3530.patch
new file mode 100644
index 0000000..e569a6b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0018-CVE-2021-3530.patch
@@ -0,0 +1,64 @@
+From 999566402e3d7c69032bbf47e28b44fc0926fe62 Mon Sep 17 00:00:00 2001
+From: Christopher Wellons <wellons@nullprogram.com>
+Date: Sun, 18 Jul 2021 16:57:19 -0400
+Subject: [PATCH] Change "uint" to "unsigned"
+
+This fixes a defect introduced in 25162c795. The "uint" type has not
+been explicitly defined here on mingw, causing compilation to fail.
+
+On linux we have this in /usr/include/sys/types.h
+
+/* Old compatibility names for C types. */
+typedef unsigned long int ulong;
+typedef unsigned short int ushort;
+typedef unsigned int uint;
+
+So it's easy to see how such bugs can creep in.
+
+ * rust-demangle.c (struct rust_demangler): Change type of
+ "recursion" to unsigned.
+ (RUST_NO_RECURSION_LIMIT): Similarly in cast.
+
+CVE: CVE-2021-3530
+Upstream-Status: Backport[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=999566402e3]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libiberty/ChangeLog | 6 ++++++
+ libiberty/rust-demangle.c | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
+index 8e39fd28eba..3f749455f05 100644
+--- a/libiberty/ChangeLog
++++ b/libiberty/ChangeLog
+@@ -1,3 +1,9 @@
++2021-07-19 Christopher Wellons <wellons@nullprogram.com>
++
++ * rust-demangle.c (struct rust_demangler): Change type of
++ "recursion" to unsigned.
++ (RUST_NO_RECURSION_LIMIT): Similarly in cast.
++
+ 2021-07-15 Nick Clifton <nickc@redhat.com>
+
+ PR 99935
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+index df09b7b8fdd..ac1eb8eb02c 100644
+--- a/libiberty/rust-demangle.c
++++ b/libiberty/rust-demangle.c
+@@ -75,10 +75,10 @@ struct rust_demangler
+ int version;
+
+ /* Recursion depth. */
+- uint recursion;
++ unsigned recursion;
+ /* Maximum number of times demangle_path may be called recursively. */
+ #define RUST_MAX_RECURSION_COUNT 1024
+-#define RUST_NO_RECURSION_LIMIT ((uint) -1)
++#define RUST_NO_RECURSION_LIMIT ((unsigned) -1)
+
+ uint64_t bound_lifetime_depth;
+ };
+--
+2.27.0
+
diff --git a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index f6a77b4..02a286c 100644
--- a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -90,7 +90,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=44ac4678311254db62edf8fd39cb8124"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)"
-SRC_URI = "git://github.com/xrmx/bootchart.git \
+SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \
file://bootchartd_stop.sh \
file://0001-collector-Allocate-space-on-heap-for-chunks.patch \
file://0001-bootchart2-support-usrmerge.patch \
@@ -99,6 +99,10 @@ SRC_URI = "git://github.com/xrmx/bootchart.git \
S = "${WORKDIR}/git"
SRCREV = "868a2afab9da34f32c007d773b77253c93104636"
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
+
inherit systemd update-rc.d python3native update-alternatives
ALTERNATIVE_${PN} = "bootchartd"
@@ -131,7 +135,7 @@ do_install () {
export PKGLIBDIR="${base_libdir}/bootchart"
export SYSTEMD_UNIT_DIR="${systemd_unitdir}/system"
- oe_runmake install
+ oe_runmake install NO_PYTHON_COMPILE=1
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/bootchartd_stop.sh ${D}${sysconfdir}/init.d
diff --git a/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.10.1.bb b/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.10.1.bb
index fca010d..7f51c79 100644
--- a/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.10.1.bb
+++ b/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.10.1.bb
@@ -15,7 +15,7 @@ DEPENDS_append_class-target = " udev"
RDEPENDS_${PN} = "libgcc"
SRCREV = "f2ffce38b9c1477a7350bfe165f0e34b9bde40f5"
-SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git \
+SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master \
file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \
"
diff --git a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb
index 7480aff..29f3866 100644
--- a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb
+++ b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/rpm-software-management/createrepo_c/wiki"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/rpm-software-management/createrepo_c \
+SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
diff --git a/meta/recipes-devtools/distcc/distcc_3.3.5.bb b/meta/recipes-devtools/distcc/distcc_3.3.5.bb
index 5c26441..defea99 100644
--- a/meta/recipes-devtools/distcc/distcc_3.3.5.bb
+++ b/meta/recipes-devtools/distcc/distcc_3.3.5.bb
@@ -15,7 +15,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt"
RRECOMMENDS_${PN}-server = "avahi-daemon"
-SRC_URI = "git://github.com/distcc/distcc.git \
+SRC_URI = "git://github.com/distcc/distcc.git;branch=master;protocol=https \
file://default \
file://distcc \
file://distcc.service \
diff --git a/meta/recipes-devtools/dnf/dnf_4.6.0.bb b/meta/recipes-devtools/dnf/dnf_4.6.0.bb
index 6651e64..f2cb6db 100644
--- a/meta/recipes-devtools/dnf/dnf_4.6.0.bb
+++ b/meta/recipes-devtools/dnf/dnf_4.6.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://PACKAGE-LICENSING;md5=4a0548e303dbc77f067335b4d688e745 \
"
-SRC_URI = "git://github.com/rpm-software-management/dnf.git \
+SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protocol=https \
file://0001-Corretly-install-tmpfiles.d-configuration.patch \
file://0001-Do-not-hardcode-etc-and-systemd-unit-directories.patch \
file://0005-Do-not-prepend-installroot-to-logdir.patch \
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
index 2f113c5..fb02b20 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
@@ -19,7 +19,7 @@ LIC_FILES_CHKSUM = "file://NOTICE;md5=d50be0580c0b0a7fbc7a4830bbe6c12b \
SECTION = "base"
DEPENDS = "util-linux attr autoconf-archive"
-SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git"
+SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git;branch=master"
S = "${WORKDIR}/git"
inherit autotools gettext texinfo pkgconfig multilib_header update-alternatives ptest
diff --git a/meta/recipes-devtools/file/file_5.39.bb b/meta/recipes-devtools/file/file_5.39.bb
index c0c7253..234440e 100644
--- a/meta/recipes-devtools/file/file_5.39.bb
+++ b/meta/recipes-devtools/file/file_5.39.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
DEPENDS = "file-replacement-native"
DEPENDS_class-native = "bzip2-replacement-native"
-SRC_URI = "git://github.com/file/file.git \
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
file://0001-src-compress.c-correct-header-define-for-xz-lzma.patch \
file://0001-Fix-close_on_exec-multithreaded-decompression-issue.patch"
diff --git a/meta/recipes-devtools/gcc/gcc-10.2.inc b/meta/recipes-devtools/gcc/gcc-10.2.inc
index c0cd8b3..248e002 100644
--- a/meta/recipes-devtools/gcc/gcc-10.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-10.2.inc
@@ -70,6 +70,10 @@ SRC_URI = "\
file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \
file://0001-aarch64-Fix-up-__aarch64_cas16_acq_rel-fallback.patch \
file://0001-libatomic-libgomp-libitc-Fix-bootstrap-PR70454.patch \
+ file://0001-CVE-2021-35465.patch \
+ file://0002-CVE-2021-35465.patch \
+ file://0003-CVE-2021-35465.patch \
+ file://0004-CVE-2021-35465.patch \
"
SRC_URI[sha256sum] = "b8dd4368bb9c7f0b98188317ee0254dd8cc99d1e3a18d0ff146c855fe16c1d8c"
diff --git a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
new file mode 100644
index 0000000..b9bca49
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
@@ -0,0 +1,138 @@
+From 3929bca9ca95de9d35e82ae8828b188029e3eb70 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 11 Jun 2021 16:02:05 +0100
+Subject: [PATCH] arm: Add command-line option for enabling CVE-2021-35465
+ mitigation [PR102035]
+
+Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it
+automatically for cortex-m33, cortex-m35p and cortex-m55.
+
+gcc:
+ PR target/102035
+ * config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option.
+ * doc/invoke.texi (Arm Options): Document it.
+ * config/arm/arm-cpus.in (quirk_vlldm): New feature bit.
+ (ALL_QUIRKS): Add quirk_vlldm.
+ (cortex-m33): Add quirk_vlldm.
+ (cortex-m35p, cortex-m55): Likewise.
+ * config/arm/arm.c (arm_option_override): Enable fix_vlldm if
+ targetting an affected CPU and not explicitly controlled on
+ the command line.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/config/arm/arm-cpus.in | 9 +++++++--
+ gcc/config/arm/arm.c | 9 +++++++++
+ gcc/config/arm/arm.opt | 4 ++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ 4 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
+--- a/gcc/config/arm/arm.c 2020-07-22 23:35:17.344384552 -0700
++++ b/gcc/config/arm/arm.c 2021-11-11 20:16:19.761241867 -0800
+@@ -3595,6 +3595,15 @@ arm_option_override (void)
+ fix_cm3_ldrd = 0;
+ }
+
++ /* Enable fix_vlldm by default if required. */
++ if (fix_vlldm == 2)
++ {
++ if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm))
++ fix_vlldm = 1;
++ else
++ fix_vlldm = 0;
++ }
++
+ /* Hot/Cold partitioning is not currently supported, since we can't
+ handle literal pool placement in that case. */
+ if (flag_reorder_blocks_and_partition)
+diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
+--- a/gcc/config/arm/arm-cpus.in 2020-07-22 23:35:17.340384509 -0700
++++ b/gcc/config/arm/arm-cpus.in 2021-11-11 20:17:01.364573561 -0800
+@@ -190,6 +190,9 @@ define feature quirk_armv6kz
+ # Cortex-M3 LDRD quirk.
+ define feature quirk_cm3_ldrd
+
++# v8-m/v8.1-m VLLDM errata.
++define feature quirk_vlldm
++
+ # Don't use .cpu assembly directive
+ define feature quirk_no_asmcpu
+
+@@ -314,7 +317,7 @@ define fgroup DOTPROD NEON dotprod
+ # architectures.
+ # xscale isn't really a 'quirk', but it isn't an architecture either and we
+ # need to ignore it for matching purposes.
+-define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu
++define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu
+
+ # Architecture entries
+ # format:
+@@ -1492,6 +1495,7 @@ begin cpu cortex-m33
+ architecture armv8-m.main+dsp+fp
+ option nofp remove ALL_FP
+ option nodsp remove armv7em
++ isa quirk_vlldm
+ costs v7m
+ end cpu cortex-m33
+
+@@ -1501,6 +1505,7 @@ begin cpu cortex-m35p
+ architecture armv8-m.main+dsp+fp
+ option nofp remove ALL_FP
+ option nodsp remove armv7em
++ isa quirk_vlldm
+ costs v7m
+ end cpu cortex-m35p
+
+@@ -1508,7 +1513,7 @@ begin cpu cortex-m55
+ cname cortexm55
+ tune flags LDSCHED
+ architecture armv8.1-m.main+mve.fp+fp.dp
+- isa quirk_no_asmcpu
++ isa quirk_no_asmcpu quirk_vlldm
+ costs v7m
+ vendor 41
+ end cpu cortex-m55
+diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
+--- a/gcc/config/arm/arm.opt 2020-07-22 23:35:17.344384552 -0700
++++ b/gcc/config/arm/arm.opt 2021-11-11 20:16:19.761241867 -0800
+@@ -271,6 +271,10 @@ Target Report Var(fix_cm3_ldrd) Init(2)
+ Avoid overlapping destination and address registers on LDRD instructions
+ that may trigger Cortex-M3 errata.
+
++mfix-cmse-cve-2021-35465
++Target Var(fix_vlldm) Init(2)
++Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465).
++
+ munaligned-access
+ Target Report Var(unaligned_access) Init(2) Save
+ Enable unaligned word and halfword accesses to packed data.
+diff -upr a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi 2021-11-11 19:30:56.264523105 -0800
++++ b/gcc/doc/invoke.texi 2021-11-11 20:16:19.769241739 -0800
+@@ -773,6 +773,7 @@ Objective-C and Objective-C++ Dialects}.
+ -mverbose-cost-dump @gol
+ -mpure-code @gol
+ -mcmse @gol
++-mfix-cmse-cve-2021-35465 @gol
+ -mfdpic}
+
+ @emph{AVR Options}
+@@ -21233,6 +21234,14 @@ Use multiply and add/subtract instructio
+
+ Do not use multiply and add/subtract instructions.
+
++@item -mfix-cmse-cve-2021-35465
++@opindex mfix-cmse-cve-2021-35465
++Mitigate against a potential security issue with the @code{VLLDM} instruction
++in some M-profile devices when using CMSE (CVE-2021-365465). This option is
++enabled by default when the option @option{-mcpu=} is used with
++@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option
++@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation.
++
+ @item -mfdpic
+ @opindex mfdpic
+
diff --git a/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
new file mode 100644
index 0000000..38d02dc
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
@@ -0,0 +1,40 @@
+From 574e7950bd6b34e9e2cacce18c802b45505d1d0a Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 18 Jun 2021 17:16:25 +0100
+Subject: [PATCH] arm: add erratum mitigation to __gnu_cmse_nonsecure_call
+ [PR102035]
+
+Add the recommended erratum mitigation sequence to
+__gnu_cmse_nonsecure_call for use on Armv8-m.main devices. Since this
+is in the library code we cannot know in advance whether the core we
+are running on will be affected by this, so always enable it.
+
+libgcc:
+ PR target/102035
+ * config/arm/cmse_nonsecure_call.S (__gnu_cmse_nonsecure_call):
+ Add vlldm erratum work-around.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libgcc/config/arm/cmse_nonsecure_call.S | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libgcc/config/arm/cmse_nonsecure_call.S b/libgcc/config/arm/cmse_nonsecure_call.S
+index 00830ade98e..c8e0fbbe665 100644
+--- a/libgcc/config/arm/cmse_nonsecure_call.S
++++ b/libgcc/config/arm/cmse_nonsecure_call.S
+@@ -102,6 +102,11 @@ blxns r4
+ #ifdef __ARM_PCS_VFP
+ vpop.f64 {d8-d15}
+ #else
++/* VLLDM erratum mitigation sequence. */
++mrs r5, control
++tst r5, #8 /* CONTROL_S.SFPA */
++it ne
++.inst.w 0xeeb00a40 /* vmovne s0, s0 */
+ vlldm sp /* Lazy restore of d0-d16 and FPSCR. */
+ add sp, sp, #0x88 /* Free space used to save floating point registers. */
+ #endif /* __ARM_PCS_VFP */
diff --git a/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
new file mode 100644
index 0000000..d87be19
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
@@ -0,0 +1,103 @@
+From 30461cf8dba3d3adb15a125e4da48800eb2b9b8f Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 18 Jun 2021 17:18:37 +0100
+Subject: [PATCH] arm: fix vlldm erratum for Armv8.1-m [PR102035]
+
+For Armv8.1-m we generate code that emits VLLDM directly and do not
+rely on support code in the library, so emit the mitigation directly
+as well, when required. In this case, we can use the compiler options
+to determine when to apply the fix and when it is safe to omit it.
+
+gcc:
+ PR target/102035
+ * config/arm/arm.md (attribute arch): Add fix_vlldm.
+ (arch_enabled): Use it.
+ * config/arm/vfp.md (lazy_store_multiple_insn): Add alternative to
+ use when erratum mitigation is needed.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/config/arm/arm.md | 11 +++++++++--
+ gcc/config/arm/vfp.md | 10 +++++++---
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff -upr a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md
+--- a/gcc/config/arm/arm.md 2020-07-22 23:35:17.344384552 -0700
++++ b/gcc/config/arm/arm.md 2021-11-11 20:33:58.431543947 -0800
+@@ -132,9 +132,12 @@
+ ; TARGET_32BIT, "t1" or "t2" to specify a specific Thumb mode. "v6"
+ ; for ARM or Thumb-2 with arm_arch6, and nov6 for ARM without
+ ; arm_arch6. "v6t2" for Thumb-2 with arm_arch6 and "v8mb" for ARMv8-M
+-; Baseline. This attribute is used to compute attribute "enabled",
++; Baseline. "fix_vlldm" is for fixing the v8-m/v8.1-m VLLDM erratum.
++; This attribute is used to compute attribute "enabled",
+ ; use type "any" to enable an alternative in all cases.
+-(define_attr "arch" "any,a,t,32,t1,t2,v6,nov6,v6t2,v8mb,iwmmxt,iwmmxt2,armv6_or_vfpv3,neon,mve"
++(define_attr "arch" "any, a, t, 32, t1, t2, v6,nov6, v6t2, \
++ v8mb, fix_vlldm, iwmmxt, iwmmxt2, armv6_or_vfpv3, \
++ neon, mve"
+ (const_string "any"))
+
+ (define_attr "arch_enabled" "no,yes"
+@@ -177,6 +180,10 @@
+ (match_test "TARGET_THUMB1 && arm_arch8"))
+ (const_string "yes")
+
++ (and (eq_attr "arch" "fix_vlldm")
++ (match_test "fix_vlldm"))
++ (const_string "yes")
++
+ (and (eq_attr "arch" "iwmmxt2")
+ (match_test "TARGET_REALLY_IWMMXT2"))
+ (const_string "yes")
+diff -upr a/gcc/config/arm/vfp.md b/gcc/config/arm/vfp.md
+--- a/gcc/config/arm/vfp.md 2020-07-22 23:35:17.356384684 -0700
++++ b/gcc/config/arm/vfp.md 2021-11-11 20:33:58.431543947 -0800
+@@ -1703,12 +1703,15 @@
+ (set_attr "type" "mov_reg")]
+ )
+
++;; Both this and the next instruction are treated by GCC in the same
++;; way as a blockage pattern. That's perhaps stronger than it needs
++;; to be, but we do not want accesses to the VFP register bank to be
++;; moved across either instruction.
++
+ (define_insn "lazy_store_multiple_insn"
+- [(set (match_operand:SI 0 "s_register_operand" "+&rk")
+- (post_dec:SI (match_dup 0)))
+- (unspec_volatile [(const_int 0)
+- (mem:SI (post_dec:SI (match_dup 0)))]
+- VUNSPEC_VLSTM)]
++ [(unspec_volatile
++ [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk"))]
++ VUNSPEC_VLSTM)]
+ "use_cmse && reload_completed"
+ "vlstm%?\\t%0"
+ [(set_attr "predicable" "yes")
+@@ -1716,14 +1719,16 @@
+ )
+
+ (define_insn "lazy_load_multiple_insn"
+- [(set (match_operand:SI 0 "s_register_operand" "+&rk")
+- (post_inc:SI (match_dup 0)))
+- (unspec_volatile:SI [(const_int 0)
+- (mem:SI (match_dup 0))]
+- VUNSPEC_VLLDM)]
++ [(unspec_volatile
++ [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk,rk"))]
++ VUNSPEC_VLLDM)]
+ "use_cmse && reload_completed"
+- "vlldm%?\\t%0"
+- [(set_attr "predicable" "yes")
++ "@
++ vscclrm\\t{vpr}\;vlldm\\t%0
++ vlldm\\t%0"
++ [(set_attr "arch" "fix_vlldm,*")
++ (set_attr "predicable" "no")
++ (set_attr "length" "8,4")
+ (set_attr "type" "load_4")]
+ )
+
diff --git a/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
new file mode 100644
index 0000000..9f7a38e
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
@@ -0,0 +1,304 @@
+From 809330ab8450261e05919b472783bf15e4b000f7 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Tue, 6 Jul 2021 15:10:18 +0100
+Subject: [PATCH] arm: Add tests for VLLDM mitigation [PR102035]
+
+New tests for the erratum mitigation.
+
+gcc/testsuite:
+ PR target/102035
+ * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c: New test.
+ * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c: Likewise.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ .../arm/cmse/mainline/8_1m/soft/cmse-13a.c | 31 +++++++++++++++++++
+ .../arm/cmse/mainline/8_1m/soft/cmse-7a.c | 28 +++++++++++++++++
+ .../arm/cmse/mainline/8_1m/soft/cmse-8a.c | 30 ++++++++++++++++++
+ .../cmse/mainline/8_1m/softfp-sp/cmse-7a.c | 27 ++++++++++++++++
+ .../cmse/mainline/8_1m/softfp-sp/cmse-8a.c | 29 +++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-13a.c | 30 ++++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-7a.c | 27 ++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-8a.c | 29 +++++++++++++++++
+ 8 files changed, 231 insertions(+)
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c
+
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,31 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-13.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,28 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,30 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,30 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-13.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,27 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c 2021-11-11 20:38:44.290766017 -0800
+@@ -0,0 +1,29 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,27 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c 2021-11-11 20:38:44.286766084 -0800
+@@ -0,0 +1,29 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
diff --git a/meta/recipes-devtools/glide/glide_0.13.3.bb b/meta/recipes-devtools/glide/glide_0.13.3.bb
index 6eb87df..1a5c760 100644
--- a/meta/recipes-devtools/glide/glide_0.13.3.bb
+++ b/meta/recipes-devtools/glide/glide_0.13.3.bb
@@ -5,7 +5,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=54905cf894f8cc416a92f4fc350c35b2"
GO_IMPORT = "github.com/Masterminds/glide"
-SRC_URI = "git://${GO_IMPORT}"
+SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https"
SRCREV = "8ed5b9292379d86c39592a7e6a58eb9c903877cf"
inherit go
diff --git a/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/meta/recipes-devtools/gnu-config/gnu-config_git.bb
index c41177c..ecbd60e 100644
--- a/meta/recipes-devtools/gnu-config/gnu-config_git.bb
+++ b/meta/recipes-devtools/gnu-config/gnu-config_git.bb
@@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1"
SRCREV = "6faca61810d335c7837f320733fe8e15a1431fc2"
PV = "20210125+git${SRCPV}"
-SRC_URI = "git://git.savannah.gnu.org/config.git \
+SRC_URI = "git://git.savannah.gnu.org/config.git;branch=master \
file://gnu-configize.in"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.8.inc
index 9eca1ca..acc2300 100644
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.8.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.16"
-PV = "1.16.7"
+PV = "1.16.8"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -18,7 +18,7 @@ SRC_URI += "\
file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \
"
-SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+SRC_URI[main.sha256sum] = "8f2a8c24b793375b3243df82fdb0c8387486dcc8a892ca1c991aa99ace086b98"
# Upstream don't believe it is a signifiant real world issue and will only
# fix in 1.17 onwards where we can drop this.
diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.7.bb b/meta/recipes-devtools/go/go-binary-native_1.16.8.bb
index cb54c28..9262220 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.16.8.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
PROVIDES = "go-native"
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "7fe7a73f55ba3e2285da36f8b085e5c0159e9564ef5f63ee0ed6b818ade8ef04"
-SRC_URI[go_linux_arm64.sha256sum] = "63d6b53ecbd2b05c1f0e9903c92042663f2f68afdbb67f4d0d12700156869bac"
+SRC_URI[go_linux_amd64.sha256sum] = "f32501aeb8b7b723bc7215f6c373abb6981bbc7e1c7b44e9f07317e1a300dce2"
+SRC_URI[go_linux_arm64.sha256sum] = "430dbe185417204f6788913197ab3b189b6deae9c9b524f262858e53dab239c2"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb
index 7ac9449..7ac9449 100644
--- a/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.16.8.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.16.7.bb b/meta/recipes-devtools/go/go-cross_1.16.8.bb
index 80b5a03..80b5a03 100644
--- a/meta/recipes-devtools/go/go-cross_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-cross_1.16.8.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb
index 1857c8a..1857c8a 100644
--- a/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-crosssdk_1.16.8.bb
diff --git a/meta/recipes-devtools/go/go-native_1.16.7.bb b/meta/recipes-devtools/go/go-native_1.16.8.bb
index f14892c..f14892c 100644
--- a/meta/recipes-devtools/go/go-native_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-native_1.16.8.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.16.7.bb b/meta/recipes-devtools/go/go-runtime_1.16.8.bb
index 63464a1..63464a1 100644
--- a/meta/recipes-devtools/go/go-runtime_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-runtime_1.16.8.bb
diff --git a/meta/recipes-devtools/go/go_1.16.7.bb b/meta/recipes-devtools/go/go_1.16.8.bb
index 4e9e0eb..4e9e0eb 100644
--- a/meta/recipes-devtools/go/go_1.16.7.bb
+++ b/meta/recipes-devtools/go/go_1.16.8.bb
diff --git a/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb b/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb
index 58d2dee..d9e712f 100644
--- a/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb
+++ b/meta/recipes-devtools/libcomps/libcomps_0.1.15.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "Libcomps is alternative for yum.comps library. It's written in pu
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/rpm-software-management/libcomps.git \
+SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \
file://0001-Add-crc32.c-to-sources-list.patch \
file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
diff --git a/meta/recipes-devtools/libdnf/libdnf_0.58.0.bb b/meta/recipes-devtools/libdnf/libdnf_0.58.0.bb
index dbe68d5..30b96bd 100644
--- a/meta/recipes-devtools/libdnf/libdnf_0.58.0.bb
+++ b/meta/recipes-devtools/libdnf/libdnf_0.58.0.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "This library provides a high level package-manager. It's core lib
LICENSE = "LGPLv2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master \
+SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;protocol=https \
file://0001-FindGtkDoc.cmake-drop-the-requirement-for-GTKDOC_SCA.patch \
file://0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch \
file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \
diff --git a/meta/recipes-devtools/librepo/librepo_1.13.0.bb b/meta/recipes-devtools/librepo/librepo_1.13.0.bb
index 0a68e0a..3f5919d 100644
--- a/meta/recipes-devtools/librepo/librepo_1.13.0.bb
+++ b/meta/recipes-devtools/librepo/librepo_1.13.0.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "${SUMMARY}"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/rpm-software-management/librepo.git \
+SRC_URI = "git://github.com/rpm-software-management/librepo.git;branch=master;protocol=https \
file://0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch \
file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \
"
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index db66943..58cdaaa 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -30,13 +30,17 @@ LLVM_DIR = "llvm${LLVM_RELEASE}"
BRANCH = "release/${MAJOR_VERSION}.x"
SRCREV = "1fdec59bffc11ae37eb51a1b9869f0696bfd5312"
-SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH} \
+SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2 \
file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
file://0001-nfc-Fix-missing-include.patch;striplevel=2 \
"
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
+
UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
S = "${WORKDIR}/git/llvm"
diff --git a/meta/recipes-devtools/m4/m4-1.4.18.inc b/meta/recipes-devtools/m4/m4-1.4.18.inc
index a9b63c1..6475b02 100644
--- a/meta/recipes-devtools/m4/m4-1.4.18.inc
+++ b/meta/recipes-devtools/m4/m4-1.4.18.inc
@@ -9,6 +9,7 @@ inherit autotools texinfo ptest
SRC_URI = "${GNU_MIRROR}/m4/m4-${PV}.tar.gz \
file://ac_config_links.patch \
file://m4-1.4.18-glibc-change-work-around.patch \
+ file://0001-c-stack-stop-using-SIGSTKSZ.patch \
"
SRC_URI_append_class-target = " file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://run-ptest \
diff --git a/meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch b/meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch
new file mode 100644
index 0000000..883b8a2
--- /dev/null
+++ b/meta/recipes-devtools/m4/m4/0001-c-stack-stop-using-SIGSTKSZ.patch
@@ -0,0 +1,84 @@
+From 69238f15129f35eb4756ad8e2004e0d7907cb175 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 30 Apr 2021 17:40:36 -0700
+Subject: [PATCH] c-stack: stop using SIGSTKSZ
+
+This patch is required with glibc 2.34+
+based on gnulib [1]
+
+[1] https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=f9e2b20a12a230efa30f1d479563ae07d276a94b
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ lib/c-stack.c | 22 +++++++++++++---------
+ 1 file changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/lib/c-stack.c b/lib/c-stack.c
+index 5353c08..863f764 100644
+--- a/lib/c-stack.c
++++ b/lib/c-stack.c
+@@ -51,13 +51,14 @@
+ typedef struct sigaltstack stack_t;
+ #endif
+ #ifndef SIGSTKSZ
+-# define SIGSTKSZ 16384
+-#elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384
++#define get_sigstksz() (16384)
++#elif HAVE_LIBSIGSEGV
+ /* libsigsegv 2.6 through 2.8 have a bug where some architectures use
+ more than the Linux default of an 8k alternate stack when deciding
+ if a fault was caused by stack overflow. */
+-# undef SIGSTKSZ
+-# define SIGSTKSZ 16384
++#define get_sigstksz() ((SIGSTKSZ) < 16384 ? 16384 : (SIGSTKSZ))
++#else
++#define get_sigstksz() ((SIGSTKSZ))
+ #endif
+
+ #include <stdlib.h>
+@@ -131,7 +132,8 @@ die (int signo)
+ /* Storage for the alternate signal stack. */
+ static union
+ {
+- char buffer[SIGSTKSZ];
++ /* allocate buffer with size from get_sigstksz() */
++ char *buffer;
+
+ /* These other members are for proper alignment. There's no
+ standard way to guarantee stack alignment, but this seems enough
+@@ -203,10 +205,11 @@ c_stack_action (void (*action) (int))
+ program_error_message = _("program error");
+ stack_overflow_message = _("stack overflow");
+
++ alternate_signal_stack.buffer = malloc(get_sigstksz());
+ /* Always install the overflow handler. */
+ if (stackoverflow_install_handler (overflow_handler,
+ alternate_signal_stack.buffer,
+- sizeof alternate_signal_stack.buffer))
++ get_sigstksz()))
+ {
+ errno = ENOTSUP;
+ return -1;
+@@ -279,14 +282,15 @@ c_stack_action (void (*action) (int))
+ stack_t st;
+ struct sigaction act;
+ st.ss_flags = 0;
++ alternate_signal_stack.buffer = malloc(get_sigstksz());
+ # if SIGALTSTACK_SS_REVERSED
+ /* Irix mistakenly treats ss_sp as the upper bound, rather than
+ lower bound, of the alternate stack. */
+- st.ss_sp = alternate_signal_stack.buffer + SIGSTKSZ - sizeof (void *);
+- st.ss_size = sizeof alternate_signal_stack.buffer - sizeof (void *);
++ st.ss_sp = alternate_signal_stack.buffer + get_sigstksz() - sizeof (void *);
++ st.ss_size = get_sigstksz() - sizeof (void *);
+ # else
+ st.ss_sp = alternate_signal_stack.buffer;
+- st.ss_size = sizeof alternate_signal_stack.buffer;
++ st.ss_size = get_sigstksz();
+ # endif
+ r = sigaltstack (&st, NULL);
+ if (r != 0)
+--
+2.31.1
+
diff --git a/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch b/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch
new file mode 100644
index 0000000..f96cc7d
--- /dev/null
+++ b/meta/recipes-devtools/mklibs/files/remove-deprecated-exception-specification-cpp17.patch
@@ -0,0 +1,431 @@
+From 597c7a8333df84a87cc48fb8477b603ffbf372a6 Mon Sep 17 00:00:00 2001
+From: Andrej Valek <andrej.valek@siemens.com>
+Date: Mon, 23 Aug 2021 12:45:11 +0200
+Subject: [PATCH] feat(cpp17): remove deprecated exception specifications for
+ C++ 17
+
+Upstream-Status: Submitted [https://salsa.debian.org/installer-team/mklibs/-/merge_requests/2]
+
+based on: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html
+
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+---
+ src/mklibs-readelf/elf.cpp | 48 ++++++++++++++++++++---------------------
+ src/mklibs-readelf/elf.hpp | 18 ++++++++--------
+ src/mklibs-readelf/elf_data.hpp | 36 +++++++++++++++----------------
+ 3 files changed, 51 insertions(+), 51 deletions(-)
+
+diff --git a/src/mklibs-readelf/elf.cpp b/src/mklibs-readelf/elf.cpp
+index 0e4c0f3..2e6d0f6 100644
+--- a/src/mklibs-readelf/elf.cpp
++++ b/src/mklibs-readelf/elf.cpp
+@@ -36,7 +36,7 @@ file::~file () throw ()
+ delete *it;
+ }
+
+-file *file::open (const char *filename) throw (std::bad_alloc, std::runtime_error)
++file *file::open (const char *filename) throw ()
+ {
+ struct stat buf;
+ int fd;
+@@ -72,7 +72,7 @@ file *file::open (const char *filename) throw (std::bad_alloc, std::runtime_erro
+ }
+
+ template<typename _class>
+-file *file::open_class(uint8_t *mem, size_t len) throw (std::bad_alloc, std::runtime_error)
++file *file::open_class(uint8_t *mem, size_t len) throw ()
+ {
+ switch (mem[EI_DATA])
+ {
+@@ -86,7 +86,7 @@ file *file::open_class(uint8_t *mem, size_t len) throw (std::bad_alloc, std::run
+ }
+
+ template <typename _class, typename _data>
+-file_data<_class, _data>::file_data(uint8_t *mem, size_t len) throw (std::bad_alloc, std::runtime_error)
++file_data<_class, _data>::file_data(uint8_t *mem, size_t len) throw ()
+ : file(mem, len)
+ {
+ if (mem[EI_CLASS] != _class::id)
+@@ -190,7 +190,7 @@ section_data<_class, _data>::section_data(Shdr *shdr, uint8_t *mem) throw ()
+ }
+
+ template <typename _class, typename _data>
+-void section_data<_class, _data>::update(const file &file) throw (std::bad_alloc)
++void section_data<_class, _data>::update(const file &file) throw ()
+ {
+ const section_type<section_type_STRTAB> &section =
+ dynamic_cast<const section_type<section_type_STRTAB> &>(file.get_section(file.get_shstrndx()));
+@@ -204,7 +204,7 @@ section_type<section_type_DYNAMIC>::~section_type() throw ()
+ }
+
+ template <typename _class, typename _data>
+-section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc)
++section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, uint8_t *mem) throw ()
+ : section_data<_class, _data>(header, mem)
+ {
+ if (this->type != SHT_DYNAMIC)
+@@ -221,7 +221,7 @@ section_real<_class, _data, section_type_DYNAMIC>::section_real(Shdr *header, ui
+ }
+
+ template <typename _class, typename _data>
+-void section_real<_class, _data, section_type_DYNAMIC>::update(const file &file) throw (std::bad_alloc)
++void section_real<_class, _data, section_type_DYNAMIC>::update(const file &file) throw ()
+ {
+ section_data<_class, _data>::update(file);
+
+@@ -243,7 +243,7 @@ section_type<section_type_DYNSYM>::~section_type() throw ()
+ }
+
+ template <typename _class, typename _data>
+-section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc)
++section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uint8_t *mem) throw ()
+ : section_data<_class, _data>(header, mem)
+ {
+ if (this->type != SHT_DYNSYM)
+@@ -260,7 +260,7 @@ section_real<_class, _data, section_type_DYNSYM>::section_real(Shdr *header, uin
+ }
+
+ template <typename _class, typename _data>
+-void section_real<_class, _data, section_type_DYNSYM>::update(const file &file) throw (std::bad_alloc)
++void section_real<_class, _data, section_type_DYNSYM>::update(const file &file) throw ()
+ {
+ section_data<_class, _data>::update (file);
+
+@@ -285,7 +285,7 @@ const version_definition *section_type<section_type_GNU_VERDEF>::get_version_def
+ }
+
+ template <typename _class, typename _data>
+-section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc)
++section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header, uint8_t *mem) throw ()
+ : section_data<_class, _data>(header, mem)
+ {
+ if (this->type != SHT_GNU_verdef)
+@@ -307,7 +307,7 @@ section_real<_class, _data, section_type_GNU_VERDEF>::section_real(Shdr *header,
+ }
+
+ template <typename _class, typename _data>
+-void section_real<_class, _data, section_type_GNU_VERDEF>::update(const file &file) throw (std::bad_alloc)
++void section_real<_class, _data, section_type_GNU_VERDEF>::update(const file &file) throw ()
+ {
+ section_data<_class, _data>::update(file);
+
+@@ -333,7 +333,7 @@ const version_requirement_entry *section_type<section_type_GNU_VERNEED>::get_ver
+
+ template <typename _class, typename _data>
+ section_real<_class, _data, section_type_GNU_VERNEED>::
+-section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc)
++section_real(Shdr *header, uint8_t *mem) throw ()
+ : section_data<_class, _data> (header, mem)
+ {
+ if (this->type != SHT_GNU_verneed)
+@@ -355,7 +355,7 @@ section_real(Shdr *header, uint8_t *mem) throw (std::bad_alloc)
+ }
+
+ template <typename _class, typename _data>
+-void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &file) throw (std::bad_alloc)
++void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &file) throw ()
+ {
+ section_data<_class, _data>::update(file);
+
+@@ -372,7 +372,7 @@ void section_real<_class, _data, section_type_GNU_VERNEED>::update(const file &f
+
+ template <typename _class, typename _data>
+ section_real<_class, _data, section_type_GNU_VERSYM>::
+-section_real (Shdr *header, uint8_t *mem) throw (std::bad_alloc)
++section_real (Shdr *header, uint8_t *mem) throw ()
+ : section_data<_class, _data> (header, mem)
+ {
+ if (this->type != SHT_GNU_versym)
+@@ -399,7 +399,7 @@ segment_data<_class, _data>::segment_data (Phdr *phdr, uint8_t *mem) throw ()
+ }
+
+ template <typename _class, typename _data>
+-segment_real<_class, _data, segment_type_INTERP>::segment_real (Phdr *header, uint8_t *mem) throw (std::bad_alloc)
++segment_real<_class, _data, segment_type_INTERP>::segment_real (Phdr *header, uint8_t *mem) throw ()
+ : segment_data<_class, _data> (header, mem)
+ {
+ if (this->type != PT_INTERP)
+@@ -429,13 +429,13 @@ dynamic_data<_class, _data>::dynamic_data (Dyn *dyn) throw ()
+ }
+
+ template <typename _class, typename _data>
+-void dynamic_data<_class, _data>::update_string(const section_type<section_type_STRTAB> &section) throw (std::bad_alloc)
++void dynamic_data<_class, _data>::update_string(const section_type<section_type_STRTAB> &section) throw ()
+ {
+ if (is_string)
+ val_string = section.get_string(val);
+ }
+
+-std::string symbol::get_version () const throw (std::bad_alloc)
++std::string symbol::get_version () const throw ()
+ {
+ if (verneed)
+ return verneed->get_name();
+@@ -445,7 +445,7 @@ std::string symbol::get_version () const throw (std::bad_alloc)
+ return "Base";
+ }
+
+-std::string symbol::get_version_file () const throw (std::bad_alloc)
++std::string symbol::get_version_file () const throw ()
+ {
+ if (verneed)
+ return verneed->get_file();
+@@ -453,7 +453,7 @@ std::string symbol::get_version_file () const throw (std::bad_alloc)
+ return "None";
+ }
+
+-std::string symbol::get_name_version () const throw (std::bad_alloc)
++std::string symbol::get_name_version () const throw ()
+ {
+ std::string ver;
+
+@@ -478,13 +478,13 @@ symbol_data<_class, _data>::symbol_data (Sym *sym) throw ()
+ }
+
+ template <typename _class, typename _data>
+-void symbol_data<_class, _data>::update_string(const section_type<section_type_STRTAB> &section) throw (std::bad_alloc)
++void symbol_data<_class, _data>::update_string(const section_type<section_type_STRTAB> &section) throw ()
+ {
+ name_string = section.get_string(name);
+ }
+
+ template <typename _class, typename _data>
+-void symbol_data<_class, _data>::update_version(const file &file, uint16_t index) throw (std::bad_alloc)
++void symbol_data<_class, _data>::update_version(const file &file, uint16_t index) throw ()
+ {
+ if (!file.get_section_GNU_VERSYM())
+ return;
+@@ -531,13 +531,13 @@ version_definition_data<_class, _data>::version_definition_data (Verdef *verdef)
+ }
+
+ template <typename _class, typename _data>
+-void version_definition_data<_class, _data>::update_string(const section_type<section_type_STRTAB> &section) throw (std::bad_alloc)
++void version_definition_data<_class, _data>::update_string(const section_type<section_type_STRTAB> &section) throw ()
+ {
+ for (std::vector<uint32_t>::iterator it = names.begin(); it != names.end(); ++it)
+ names_string.push_back(section.get_string(*it));
+ }
+
+-version_requirement::version_requirement() throw (std::bad_alloc)
++version_requirement::version_requirement() throw ()
+ : file_string("None")
+ { }
+
+@@ -561,7 +561,7 @@ version_requirement_data<_class, _data>::version_requirement_data (Verneed *vern
+
+ template <typename _class, typename _data>
+ void version_requirement_data<_class, _data>::
+-update_string(const section_type<section_type_STRTAB> &section) throw (std::bad_alloc)
++update_string(const section_type<section_type_STRTAB> &section) throw ()
+ {
+ file_string = section.get_string(file);
+
+@@ -596,7 +596,7 @@ version_requirement_entry_data(Vernaux *vna, const version_requirement &verneed)
+
+ template <typename _class, typename _data>
+ void version_requirement_entry_data<_class, _data>::
+-update_string(const section_type<section_type_STRTAB> &section) throw (std::bad_alloc)
++update_string(const section_type<section_type_STRTAB> &section) throw ()
+ {
+ name_string = section.get_string(name);
+ }
+diff --git a/src/mklibs-readelf/elf.hpp b/src/mklibs-readelf/elf.hpp
+index 70e61cd..afb0c9e 100644
+--- a/src/mklibs-readelf/elf.hpp
++++ b/src/mklibs-readelf/elf.hpp
+@@ -49,7 +49,7 @@ namespace Elf
+ const uint16_t get_shstrndx() const throw () { return shstrndx; }
+
+ const std::vector<section *> get_sections() const throw () { return sections; };
+- const section &get_section(unsigned int i) const throw (std::out_of_range) { return *sections.at(i); };
++ const section &get_section(unsigned int i) const throw () { return *sections.at(i); };
+ const section_type<section_type_DYNAMIC> *get_section_DYNAMIC() const throw () { return section_DYNAMIC; };
+ const section_type<section_type_DYNSYM> *get_section_DYNSYM() const throw () { return section_DYNSYM; };
+ const section_type<section_type_GNU_VERDEF> *get_section_GNU_VERDEF() const throw () { return section_GNU_VERDEF; };
+@@ -59,13 +59,13 @@ namespace Elf
+ const std::vector<segment *> get_segments() const throw () { return segments; };
+ const segment_type<segment_type_INTERP> *get_segment_INTERP() const throw () { return segment_INTERP; };
+
+- static file *open(const char *filename) throw (std::bad_alloc, std::runtime_error);
++ static file *open(const char *filename) throw ();
+
+ protected:
+- file(uint8_t *mem, size_t len) throw (std::bad_alloc) : mem(mem), len(len) { }
++ file(uint8_t *mem, size_t len) throw () : mem(mem), len(len) { }
+
+ template<typename _class>
+- static file *open_class(uint8_t *, size_t) throw (std::bad_alloc, std::runtime_error);
++ static file *open_class(uint8_t *, size_t) throw ();
+
+ uint16_t type;
+ uint16_t machine;
+@@ -128,7 +128,7 @@ namespace Elf
+ class section_type<section_type_STRTAB> : public virtual section
+ {
+ public:
+- std::string get_string(uint32_t offset) const throw (std::bad_alloc)
++ std::string get_string(uint32_t offset) const throw ()
+ {
+ return std::string(reinterpret_cast<const char *> (mem + offset));
+ }
+@@ -263,10 +263,10 @@ namespace Elf
+ uint8_t get_bind () const throw () { return bind; }
+ uint8_t get_type () const throw () { return type; }
+ const std::string &get_name_string() const throw () { return name_string; }
+- std::string get_version() const throw (std::bad_alloc);
+- std::string get_version_file() const throw (std::bad_alloc);
++ std::string get_version() const throw ();
++ std::string get_version_file() const throw ();
+ uint16_t get_version_data() const throw () { return versym; }
+- std::string get_name_version() const throw (std::bad_alloc);
++ std::string get_name_version() const throw ();
+
+ protected:
+ uint32_t name;
+@@ -305,7 +305,7 @@ namespace Elf
+ class version_requirement
+ {
+ public:
+- version_requirement() throw (std::bad_alloc);
++ version_requirement() throw ();
+ virtual ~version_requirement () throw () { }
+
+ const std::string &get_file() const throw () { return file_string; }
+diff --git a/src/mklibs-readelf/elf_data.hpp b/src/mklibs-readelf/elf_data.hpp
+index 05effee..3871982 100644
+--- a/src/mklibs-readelf/elf_data.hpp
++++ b/src/mklibs-readelf/elf_data.hpp
+@@ -94,7 +94,7 @@ namespace Elf
+ class file_data : public file
+ {
+ public:
+- file_data(uint8_t *, size_t len) throw (std::bad_alloc, std::runtime_error);
++ file_data(uint8_t *, size_t len) throw ();
+
+ const uint8_t get_class() const throw () { return _class::id; }
+ const uint8_t get_data() const throw () { return _data::id; }
+@@ -109,7 +109,7 @@ namespace Elf
+ public:
+ section_data(Shdr *, uint8_t *) throw ();
+
+- virtual void update(const file &) throw (std::bad_alloc);
++ virtual void update(const file &) throw ();
+ };
+
+ template <typename _class, typename _data, typename _type>
+@@ -133,9 +133,9 @@ namespace Elf
+ typedef typename _elfdef<_class>::Shdr Shdr;
+
+ public:
+- section_real(Shdr *, uint8_t *) throw (std::bad_alloc);
++ section_real(Shdr *, uint8_t *) throw ();
+
+- void update(const file &) throw (std::bad_alloc);
++ void update(const file &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -147,9 +147,9 @@ namespace Elf
+ typedef typename _elfdef<_class>::Shdr Shdr;
+
+ public:
+- section_real(Shdr *, uint8_t *) throw (std::bad_alloc);
++ section_real(Shdr *, uint8_t *) throw ();
+
+- void update(const file &) throw (std::bad_alloc);
++ void update(const file &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -161,9 +161,9 @@ namespace Elf
+ typedef typename _elfdef<_class>::Shdr Shdr;
+
+ public:
+- section_real(Shdr *, uint8_t *) throw (std::bad_alloc);
++ section_real(Shdr *, uint8_t *) throw ();
+
+- void update(const file &) throw (std::bad_alloc);
++ void update(const file &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -175,9 +175,9 @@ namespace Elf
+ typedef typename _elfdef<_class>::Shdr Shdr;
+
+ public:
+- section_real(Shdr *, uint8_t *) throw (std::bad_alloc);
++ section_real(Shdr *, uint8_t *) throw ();
+
+- void update(const file &) throw (std::bad_alloc);
++ void update(const file &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -189,7 +189,7 @@ namespace Elf
+ typedef typename _elfdef<_class>::Shdr Shdr;
+
+ public:
+- section_real(Shdr *, uint8_t *) throw (std::bad_alloc);
++ section_real(Shdr *, uint8_t *) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -220,7 +220,7 @@ namespace Elf
+ typedef typename _elfdef<_class>::Phdr Phdr;
+
+ public:
+- segment_real (Phdr *, uint8_t *) throw (std::bad_alloc);
++ segment_real (Phdr *, uint8_t *) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -232,7 +232,7 @@ namespace Elf
+ public:
+ dynamic_data (Dyn *) throw ();
+
+- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc);
++ void update_string(const section_type<section_type_STRTAB> &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -244,8 +244,8 @@ namespace Elf
+ public:
+ symbol_data (Sym *) throw ();
+
+- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc);
+- virtual void update_version (const file &, uint16_t) throw (std::bad_alloc);
++ void update_string(const section_type<section_type_STRTAB> &) throw ();
++ virtual void update_version (const file &, uint16_t) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -257,7 +257,7 @@ namespace Elf
+
+ version_definition_data (Verdef *) throw ();
+
+- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc);
++ void update_string(const section_type<section_type_STRTAB> &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -269,7 +269,7 @@ namespace Elf
+
+ version_requirement_data (Verneed *) throw ();
+
+- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc);
++ void update_string(const section_type<section_type_STRTAB> &) throw ();
+ };
+
+ template <typename _class, typename _data>
+@@ -280,7 +280,7 @@ namespace Elf
+
+ version_requirement_entry_data (Vernaux *, const version_requirement &) throw ();
+
+- void update_string(const section_type<section_type_STRTAB> &) throw (std::bad_alloc);
++ void update_string(const section_type<section_type_STRTAB> &) throw ();
+ };
+ }
+
+--
+2.11.0
+
diff --git a/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb b/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb
index 1784af1..07142e5 100644
--- a/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb
+++ b/meta/recipes-devtools/mklibs/mklibs-native_0.1.44.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://snapshot.debian.org/archive/debian/20180828T214102Z/pool/main/
file://avoid-failure-on-symbol-provided-by-application.patch \
file://show-GNU-unique-symbols-as-provided-symbols.patch \
file://fix_cross_compile.patch \
+ file://remove-deprecated-exception-specification-cpp17.patch \
"
SRC_URI[md5sum] = "6b6eeb9b4016c6a7317acc28c89e32cc"
diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 105a68d..de7bdcd 100644
--- a/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -14,7 +14,7 @@ RDEPENDS_mtd-utils-tests += "bash"
PV = "2.1.2"
SRCREV = "7b986779342021bda87c04da3bf729718736d8ab"
-SRC_URI = "git://git.infradead.org/mtd-utils.git \
+SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \
file://add-exclusion-to-mkfs-jffs2-git-2.patch \
"
diff --git a/meta/recipes-devtools/ninja/ninja_1.10.2.bb b/meta/recipes-devtools/ninja/ninja_1.10.2.bb
index 2a39b2d..7932858 100644
--- a/meta/recipes-devtools/ninja/ninja_1.10.2.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.10.2.bb
@@ -8,7 +8,7 @@ DEPENDS = "re2c-native ninja-native"
SRCREV = "e72d1d581c945c158ed68d9bc48911063022a2c6"
-SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release"
+SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/patchelf/patchelf_0.12.bb b/meta/recipes-devtools/patchelf/patchelf_0.12.bb
index 7c97ea0..390a811 100644
--- a/meta/recipes-devtools/patchelf/patchelf_0.12.bb
+++ b/meta/recipes-devtools/patchelf/patchelf_0.12.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/NixOS/patchelf"
LICENSE = "GPLv3"
-SRC_URI = "git://github.com/NixOS/patchelf;protocol=https \
+SRC_URI = "git://github.com/NixOS/patchelf;protocol=https;branch=master \
file://handle-read-only-files.patch \
file://6edec83653ce1b5fc201ff6db93b966394766814.patch \
file://alignmentfix.patch \
diff --git a/meta/recipes-devtools/pseudo/files/build-oldlibc b/meta/recipes-devtools/pseudo/files/build-oldlibc
new file mode 100755
index 0000000..85c438d
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/build-oldlibc
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Script to re-generate pseudo-prebuilt-2.33.tar.xz
+#
+# Copyright (C) 2021 Richard Purdie
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+for i in x86_64 aarch64 i686; do
+ if [ ! -e $i-nativesdk-libc.tar.xz ]; then
+ wget http://downloads.yoctoproject.org/releases/uninative/3.2/$i-nativesdk-libc.tar.xz
+ fi
+ tar -xf $i-nativesdk-libc.tar.xz --wildcards \*/lib/libpthread\* \*/lib/libdl\*
+ cd $i-linux/lib
+ ln -s libdl.so.2 libdl.so
+ ln -s libpthread.so.0 libpthread.so
+ cd ../..
+done
+tar -cJf pseudo-prebuilt-2.33.tar.xz *-linux \ No newline at end of file
diff --git a/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch b/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch
new file mode 100644
index 0000000..c453b5f
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch
@@ -0,0 +1,57 @@
+If we link against a newer glibc 2.34 and then try and our LD_PRELOAD is run against a
+binary on a host with an older libc, we see symbol errors since in glibc 2.34, pthread
+and dl are merged into libc itself.
+
+We need to use the older form of linking so use glibc binaries from an older release
+to force this. We only use minimal symbols from these anyway.
+
+pthread_atfork is problematic, particularly on arm so use the internal glibc routine
+it maps too. This was always present in the main libc from 2.3.2 onwards.
+
+Yes this is horrible. Better solutions welcome.
+
+There is more info in the bug: [YOCTO #14521]
+
+Upstream-Status: Inappropriate [this patch is native and nativesdk]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Tweak library search order, make prebuilt lib ahead of recipe lib
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ Makefile.in | 2 +-
+ pseudo_wrappers.c | 5 ++++-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -120,7 +120,7 @@ $(PSEUDODB): pseudodb.o $(SHOBJS) $(DBOBJS) pseudo_ipc.o | $(BIN)
+ libpseudo: $(LIBPSEUDO)
+
+ $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_ipc.o $(SHOBJS) | $(LIB)
+- $(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
++ $(CC) $(CFLAGS) -Lprebuilt/$(shell uname -m)-linux/lib/ $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
+ pseudo_client.o pseudo_ipc.o \
+ $(WRAPOBJS) $(SHOBJS) $(LDFLAGS) $(CLIENT_LDFLAGS)
+
+diff --git a/pseudo_wrappers.c b/pseudo_wrappers.c
+--- a/pseudo_wrappers.c
++++ b/pseudo_wrappers.c
+@@ -100,10 +100,13 @@ static void libpseudo_atfork_child(void)
+ pseudo_mutex_holder = 0;
+ }
+
++extern void *__dso_handle;
++extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
++
+ static void
+ _libpseudo_init(void) {
+ if (!_libpseudo_initted)
+- pthread_atfork(NULL, NULL, libpseudo_atfork_child);
++ __register_atfork (NULL, NULL, libpseudo_atfork_child, &__dso_handle == NULL ? NULL : __dso_handle);
+
+ pseudo_getlock();
+ pseudo_antimagic();
+--
+2.27.0
+
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 0ba460f..1a5d230 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -5,8 +5,15 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \
file://fallback-passwd \
file://fallback-group \
"
+SRC_URI:append:class-native = " \
+ http://downloads.yoctoproject.org/mirror/sources/pseudo-prebuilt-2.33.tar.xz;subdir=git/prebuilt;name=prebuilt \
+ file://older-glibc-symbols.patch"
+SRC_URI:append:class-nativesdk = " \
+ http://downloads.yoctoproject.org/mirror/sources/pseudo-prebuilt-2.33.tar.xz;subdir=git/prebuilt;name=prebuilt \
+ file://older-glibc-symbols.patch"
+SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "b988b0a6b8afd8d459bc9a2528e834f63a3d59b2"
+SRCREV = "d34f2f6cedccf8488730001bcbde6bb7499f8814"
S = "${WORKDIR}/git"
PV = "1.9.0+git${SRCPV}"
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
new file mode 100644
index 0000000..96744cb
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -0,0 +1,23 @@
+libainstall installs python-config.py but the .pyc cache files are generated
+by the libinstall target. This means some builds may not generate the pyc files
+for python-config.py depending on the order things happen in. This means builds
+are not always reproducible.
+
+Add a dependency to avoid the race.
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: Python-3.9.6/Makefile.pre.in
+===================================================================
+--- Python-3.9.6.orig/Makefile.pre.in
++++ Python-3.9.6/Makefile.pre.in
+@@ -1486,7 +1486,7 @@ LIBSUBDIRS= tkinter tkinter/test tkinter
+ venv venv/scripts venv/scripts/common venv/scripts/posix \
+ curses pydoc_data \
+ zoneinfo
+-libinstall: build_all $(srcdir)/Modules/xxmodule.c
++libinstall: build_all $(srcdir)/Modules/xxmodule.c libainstall
+ @for i in $(SCRIPTDIR) $(LIBDEST); \
+ do \
+ if test ! -d $(DESTDIR)$$i; then \
diff --git a/meta/recipes-devtools/python/python3_3.9.5.bb b/meta/recipes-devtools/python/python3_3.9.5.bb
index 82177f4..2b05bd5 100644
--- a/meta/recipes-devtools/python/python3_3.9.5.bb
+++ b/meta/recipes-devtools/python/python3_3.9.5.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
file://0001-Lib-sysconfig.py-use-libdir-values-from-configuratio.patch \
file://0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch \
+ file://makerace.patch \
"
SRC_URI_append_class-native = " \
diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
new file mode 100644
index 0000000..b374583
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
@@ -0,0 +1,57 @@
+From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 30 Sep 2021 09:56:20 +0300
+Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function
+
+No functional changes, just to reduce code duplication and needed by
+the following commits.
+
+CVE: CVE-2021-3521
+Upstream-Staus: Backport[https://github.com/rpm-software-management/rpm/commit/9f03f42e2]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ rpmio/rpmpgp.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index d0688ebe9a..e472b5320f 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype)
+ return algo;
+ }
+
++static pgpDigParams pgpDigParamsNew(uint8_t tag)
++{
++ pgpDigParams digp = xcalloc(1, sizeof(*digp));
++ digp->tag = tag;
++ return digp;
++}
++
+ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ pgpDigParams * ret)
+ {
+@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ if (pkttype && pkt.tag != pkttype) {
+ break;
+ } else {
+- digp = xcalloc(1, sizeof(*digp));
+- digp->tag = pkt.tag;
++ digp = pgpDigParamsNew(pkt.tag);
+ }
+ }
+
+@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
+ digps = xrealloc(digps, alloced * sizeof(*digps));
+ }
+
+- digps[count] = xcalloc(1, sizeof(**digps));
+- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY;
++ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY);
+ /* Copy UID from main key to subkey */
+ digps[count]->userid = xstrdup(mainkey->userid);
+
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch
new file mode 100644
index 0000000..79b1682
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch
@@ -0,0 +1,28 @@
+From 2d351c666f09cc1b9e368422653fb42ac8b86249 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 31 Aug 2021 10:37:05 +0200
+Subject: [PATCH] build/pack.c: do not insert payloadflags into .rpm metadata
+
+The flags look like '19T56' where 19 is the compression level
+(deterministic), and 56 is the amount of threads (varies from one
+host to the next and breaks reproducibility for .rpm).
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ build/pack.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/build/pack.c b/build/pack.c
+index 932cb213e..b45d0726f 100644
+--- a/build/pack.c
++++ b/build/pack.c
+@@ -328,7 +328,7 @@ static char *getIOFlags(Package pkg)
+ headerPutString(pkg->header, RPMTAG_PAYLOADCOMPRESSOR, compr);
+ buf = xstrdup(rpmio_flags);
+ buf[s - rpmio_flags] = '\0';
+- headerPutString(pkg->header, RPMTAG_PAYLOADFLAGS, buf+1);
++ headerPutString(pkg->header, RPMTAG_PAYLOADFLAGS, "");
+ free(buf);
+ }
+ exit:
diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
new file mode 100644
index 0000000..a8ff98f
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
@@ -0,0 +1,62 @@
+From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 30 Sep 2021 09:51:10 +0300
+Subject: [PATCH 2/3] Process MPI's from all kinds of signatures
+
+No immediate effect but needed by the following commits.
+
+CVE: CVE-2021-3521
+Upstream-Status: Backport[https://github.com/rpm-software-management/rpm/commit/b5e8bc74b]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ rpmio/rpmpgp.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index e472b5320f..57d411d1e0 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -515,7 +515,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg)
+ return NULL;
+ }
+
+-static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
++static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo,
+ const uint8_t *p, const uint8_t *h, size_t hlen,
+ pgpDigParams sigp)
+ {
+@@ -528,10 +528,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
+ int mpil = pgpMpiLen(p);
+ if (p + mpil > pend)
+ break;
+- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) {
+- if (sigalg->setmpi(sigalg, i, p))
+- break;
+- }
++ if (sigalg->setmpi(sigalg, i, p))
++ break;
+ p += mpil;
+ }
+
+@@ -604,7 +602,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ }
+
+ p = ((uint8_t *)v) + sizeof(*v);
+- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp);
++ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
+ } break;
+ case 4:
+ { pgpPktSigV4 v = (pgpPktSigV4)h;
+@@ -662,7 +660,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
+ if (p > (h + hlen))
+ return 1;
+
+- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp);
++ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
+ } break;
+ default:
+ rpmlog(RPMLOG_WARNING, _("Unsupported version of key: V%d\n"), version);
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
new file mode 100644
index 0000000..d39ea7d
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
@@ -0,0 +1,332 @@
+From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 30 Sep 2021 09:59:30 +0300
+Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP
+ public keys
+
+All subkeys must be followed by a binding signature by the primary key
+as per the OpenPGP RFC, enforce the presence and validity in the parser.
+
+The implementation is as kludgey as they come to work around our
+simple-minded parser structure without touching API, to maximise
+backportability. Store all the raw packets internally as we decode them
+to be able to access previous elements at will, needed to validate ordering
+and access the actual data. Add testcases for manipulated keys whose
+import previously would succeed.
+
+Depends on the two previous commits:
+7b399fcb8f52566e6f3b4327197a85facd08db91 and
+236b802a4aa48711823a191d1b7f753c82a89ec5
+
+Fixes CVE-2021-3521.
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9]
+CVE:CVE-2021-3521
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ rpmio/rpmpgp.c | 100 ++++++++++++++++--
+ tests/Makefile.am | 3 +
+ tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++
+ .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++
+ tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++
+ tests/rpmsigdig.at | 28 +++++
+ 6 files changed, 211 insertions(+), 7 deletions(-)
+ create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc
+ create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc
+ create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 57d411d1e0..b12410d671 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1046,35 +1046,121 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag)
+ return digp;
+ }
+
++static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag)
++{
++ int rc = -1;
++ if (pkt->tag == exptag) {
++ uint8_t head[] = {
++ 0x99,
++ (pkt->blen >> 8),
++ (pkt->blen ),
++ };
++
++ rpmDigestUpdate(hash, head, 3);
++ rpmDigestUpdate(hash, pkt->body, pkt->blen);
++ rc = 0;
++ }
++ return rc;
++}
++
++static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig,
++ const struct pgpPkt *all, int i)
++{
++ int rc = -1;
++ DIGEST_CTX hash = NULL;
++
++ switch (selfsig->sigtype) {
++ case PGPSIGTYPE_SUBKEY_BINDING:
++ hash = rpmDigestInit(selfsig->hash_algo, 0);
++ if (hash) {
++ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY);
++ if (!rc)
++ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY);
++ }
++ break;
++ default:
++ /* ignore types we can't handle */
++ rc = 0;
++ break;
++ }
++
++ if (hash && rc == 0)
++ rc = pgpVerifySignature(key, selfsig, hash);
++
++ rpmDigestFinal(hash, NULL, NULL, 0);
++
++ return rc;
++}
++
+ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ pgpDigParams * ret)
+ {
+ const uint8_t *p = pkts;
+ const uint8_t *pend = pkts + pktlen;
+ pgpDigParams digp = NULL;
+- struct pgpPkt pkt;
++ pgpDigParams selfsig = NULL;
++ int i = 0;
++ int alloced = 16; /* plenty for normal cases */
++ struct pgpPkt *all = xmalloc(alloced * sizeof(*all));
+ int rc = -1; /* assume failure */
++ int expect = 0;
++ int prevtag = 0;
+
+ while (p < pend) {
+- if (decodePkt(p, (pend - p), &pkt))
++ struct pgpPkt *pkt = &all[i];
++ if (decodePkt(p, (pend - p), pkt))
+ break;
+
+ if (digp == NULL) {
+- if (pkttype && pkt.tag != pkttype) {
++ if (pkttype && pkt->tag != pkttype) {
+ break;
+ } else {
+- digp = pgpDigParamsNew(pkt.tag);
++ digp = pgpDigParamsNew(pkt->tag);
+ }
+ }
+
+- if (pgpPrtPkt(&pkt, digp))
++ if (expect) {
++ if (pkt->tag != expect)
++ break;
++ selfsig = pgpDigParamsNew(pkt->tag);
++ }
++
++ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp))
+ break;
+
+- p += (pkt.body - pkt.head) + pkt.blen;
++ if (selfsig) {
++ /* subkeys must be followed by binding signature */
++ if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
++ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
++ break;
++ }
++
++ int xx = pgpVerifySelf(digp, selfsig, all, i);
++
++ selfsig = pgpDigParamsFree(selfsig);
++ if (xx)
++ break;
++ expect = 0;
++ }
++
++ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY)
++ expect = PGPTAG_SIGNATURE;
++ prevtag = pkt->tag;
++
++ i++;
++ p += (pkt->body - pkt->head) + pkt->blen;
++ if (pkttype == PGPTAG_SIGNATURE)
++ break;
++
++ if (alloced <= i) {
++ alloced *= 2;
++ all = xrealloc(all, alloced * sizeof(*all));
++ }
+ }
+
+- rc = (digp && (p == pend)) ? 0 : -1;
++ rc = (digp && (p == pend) && expect == 0) ? 0 : -1;
+
++ free(all);
+ if (ret && rc == 0) {
+ *ret = digp;
+ } else {
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index f742a9e1d2..328234278a 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec
+ EXTRA_DIST += data/SPECS/hello-cd.spec
+ EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub
+ EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret
++EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc
++EXTRA_DIST += data/keys/CVE-2021-3521-nosubsig.asc
++EXTRA_DIST += data/keys/CVE-2021-3521-nosubsig-last.asc
+ EXTRA_DIST += data/macros.testfile
+ EXTRA_DIST += data/macros.debug
+ EXTRA_DIST += data/SOURCES/foo.c
+diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc
+new file mode 100644
+index 0000000000..aea00f9d7a
+--- /dev/null
++++ b/tests/data/keys/CVE-2021-3521-badbind.asc
+@@ -0,0 +1,25 @@
++-----BEGIN PGP PUBLIC KEY BLOCK-----
++Version: rpm-4.17.90 (NSS-3)
++
++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
+++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE=
++=WCfs
++-----END PGP PUBLIC KEY BLOCK-----
++
+diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc
+new file mode 100644
+index 0000000000..aea00f9d7a
+--- /dev/null
++++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc
+@@ -0,0 +1,25 @@
++-----BEGIN PGP PUBLIC KEY BLOCK-----
++Version: rpm-4.17.90 (NSS-3)
++
++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
+++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE=
++=WCfs
++-----END PGP PUBLIC KEY BLOCK-----
++
+diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc
+new file mode 100644
+index 0000000000..3a2e7417f8
+--- /dev/null
++++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc
+@@ -0,0 +1,37 @@
++-----BEGIN PGP PUBLIC KEY BLOCK-----
++Version: rpm-4.17.90 (NSS-3)
++
++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
+++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4
++VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En
++uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ
++8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF
++v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/
++qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB
++Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j
++mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos
++3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ
++zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX
++Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ
++gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ
++E4XX4jtDmdZPreZALsiB
++=rRop
++-----END PGP PUBLIC KEY BLOCK-----
++
+diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
+index e1a3ab062a..705fc58705 100644
+--- a/tests/rpmsigdig.at
++++ b/tests/rpmsigdig.at
+@@ -240,6 +240,34 @@ gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918
+ [])
+ AT_CLEANUP
+
++AT_SETUP([rpmkeys --import invalid keys])
++AT_KEYWORDS([rpmkeys import])
++RPMDB_INIT
++
++AT_CHECK([
++runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc
++],
++[1],
++[],
++[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.]
++)
++AT_CHECK([
++runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc
++],
++[1],
++[],
++[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.]
++)
++
++AT_CHECK([
++runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc
++],
++[1],
++[],
++[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.]
++)
++AT_CLEANUP
++
+ # ------------------------------
+ # Test pre-built package verification
+ AT_SETUP([rpmkeys -K <signed> 1])
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index 7c03b41..5a34795 100644
--- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -24,7 +24,7 @@ HOMEPAGE = "http://www.rpm.org"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f"
-SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x \
+SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x;protocol=https \
file://environment.d-rpm.sh \
file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \
file://0001-Do-not-read-config-files-from-HOME.patch \
@@ -40,6 +40,10 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x \
file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \
file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \
file://0001-tools-Add-error.h-for-non-glibc-case.patch \
+ file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \
+ file://0001-CVE-2021-3521.patch \
+ file://0002-CVE-2021-3521.patch \
+ file://0003-CVE-2021-3521.patch \
"
PE = "1"
@@ -58,7 +62,8 @@ AUTOTOOLS_AUXDIR = "${S}/build-aux"
# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe
EXTRA_AUTORECONF_append = " --exclude=gnu-configize"
-EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=libgcrypt"
+# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages
+EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=libgcrypt --with-vendor=pc"
EXTRA_OECONF_append_libc-musl = " --disable-nls --disable-openmp"
# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs
diff --git a/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch b/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch
new file mode 100644
index 0000000..f92f0e1
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/0003-rdoc-build-reproducible-documentation.patch
@@ -0,0 +1,35 @@
+From: Christian Hofstaedtler <zeha@debian.org>
+Date: Tue, 10 Oct 2017 15:04:34 -0300
+Subject: rdoc: build reproducible documentation
+
+- provide a fixed timestamp to the gzip compression
+
+Upstream-Status: Backport [debian]
+
+Signed-off-by: Antonio Terceiro <terceiro@debian.org>
+Signed-off-by: Christian Hofstaedtler <zeha@debian.org>
+---
+ lib/rdoc/generator/json_index.rb | 4 ++--
+ lib/rdoc/rdoc.rb | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/lib/rdoc/generator/json_index.rb
++++ b/lib/rdoc/generator/json_index.rb
+@@ -178,7 +178,7 @@
+ debug_msg "Writing gzipped search index to %s" % outfile
+
+ Zlib::GzipWriter.open(outfile) do |gz|
+- gz.mtime = File.mtime(search_index_file)
++ gz.mtime = -1
+ gz.orig_name = search_index_file.basename.to_s
+ gz.write search_index
+ gz.close
+@@ -196,7 +196,7 @@
+ debug_msg "Writing gzipped file to %s" % outfile
+
+ Zlib::GzipWriter.open(outfile) do |gz|
+- gz.mtime = File.mtime(dest)
++ gz.mtime = -1
+ gz.orig_name = dest.basename.to_s
+ gz.write data
+ gz.close
diff --git a/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch b/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch
new file mode 100644
index 0000000..e0aca0d
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch
@@ -0,0 +1,28 @@
+From: Reiner Herrmann <reiner@reiner-h.de>
+Date: Tue, 10 Oct 2017 15:06:13 -0300
+Subject: lib/mkmf.rb: sort list of object files in generated Makefile
+
+Without sorting the list explicitly, its order is indeterministic,
+because readdir() is also not deterministic.
+When the list of object files varies between builds, they are linked
+in a different order, which results in an unreproducible build.
+
+Upstream-Status: Backport [debian]
+
+Signed-off-by: Antonio Terceiro <terceiro@debian.org>
+Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
+---
+ lib/mkmf.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/mkmf.rb
++++ b/lib/mkmf.rb
+@@ -2315,7 +2315,7 @@
+ LIBS = #{$LIBRUBYARG} #{$libs} #{$LIBS}
+ ORIG_SRCS = #{orig_srcs.collect(&File.method(:basename)).join(' ')}
+ SRCS = $(ORIG_SRCS) #{(srcs - orig_srcs).collect(&File.method(:basename)).join(' ')}
+-OBJS = #{$objs.join(" ")}
++OBJS = #{$objs.sort.join(" ")}
+ HDRS = #{hdrs.map{|h| '$(srcdir)/' + File.basename(h)}.join(' ')}
+ LOCAL_HDRS = #{$headers.join(' ')}
+ TARGET = #{target}
diff --git a/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch b/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
new file mode 100644
index 0000000..b7faa58
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
@@ -0,0 +1,28 @@
+From: Christian Hofstaedtler <zeha@debian.org>
+Date: Tue, 10 Oct 2017 15:07:11 -0300
+Subject: Mark Gemspec-reproducible change fixing #784225, too
+
+I think the UTC date change will fix the Multi-Arch not-same file issue,
+too.
+
+Upstream-Status: Backport [debian]
+
+Signed-off-by: Antonio Terceiro <terceiro@debian.org>
+Signed-off-by: Christian Hofstaedtler <zeha@debian.org>
+---
+ lib/rubygems/specification.rb | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/lib/rubygems/specification.rb
++++ b/lib/rubygems/specification.rb
+@@ -1695,7 +1695,9 @@
+ raise(Gem::InvalidSpecificationException,
+ "invalid date format in specification: #{date.inspect}")
+ end
+- when Time, DateLike then
++ when Time then
++ Time.utc(date.utc.year, date.utc.month, date.utc.day)
++ when DateLike then
+ Time.utc(date.year, date.month, date.day)
+ else
+ TODAY
diff --git a/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch b/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch
new file mode 100644
index 0000000..504893b
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/0006-Make-gemspecs-reproducible.patch
@@ -0,0 +1,67 @@
+From: Lucas Kanashiro <kanashiro@debian.org>
+Date: Fri, 1 Nov 2019 15:25:17 -0300
+Subject: Make gemspecs reproducible
+
+Without an explicit date, they will get the current date and make the
+build unreproducible
+
+Upstream-Status: Backport [debian]
+
+---
+ ext/bigdecimal/bigdecimal.gemspec | 1 +
+ ext/fiddle/fiddle.gemspec | 1 +
+ ext/io/console/io-console.gemspec | 2 +-
+ lib/ipaddr.gemspec | 1 +
+ lib/rdoc/rdoc.gemspec | 1 +
+ 5 files changed, 5 insertions(+), 1 deletion(-)
+
+--- a/ext/bigdecimal/bigdecimal.gemspec
++++ b/ext/bigdecimal/bigdecimal.gemspec
+@@ -6,6 +6,7 @@
+ s.name = "bigdecimal"
+ s.version = bigdecimal_version
+ s.authors = ["Kenta Murata", "Zachary Scott", "Shigeo Kobayashi"]
++ s.date = RUBY_RELEASE_DATE
+ s.email = ["mrkn@mrkn.jp"]
+
+ s.summary = "Arbitrary-precision decimal floating-point number library."
+--- a/ext/fiddle/fiddle.gemspec
++++ b/ext/fiddle/fiddle.gemspec
+@@ -8,6 +8,7 @@
+ Gem::Specification.new do |spec|
+ spec.name = "fiddle"
+ spec.version = version_module::Fiddle::VERSION
++ spec.date = RUBY_RELEASE_DATE
+ spec.authors = ["Aaron Patterson", "SHIBATA Hiroshi"]
+ spec.email = ["aaron@tenderlovemaking.com", "hsbt@ruby-lang.org"]
+
+--- a/ext/io/console/io-console.gemspec
++++ b/ext/io/console/io-console.gemspec
+@@ -4,6 +4,7 @@
+ Gem::Specification.new do |s|
+ s.name = "io-console"
+ s.version = _VERSION
++ s.date = RUBY_RELEASE_DATE
+ s.summary = "Console interface"
+ s.email = "nobu@ruby-lang.org"
+ s.description = "add console capabilities to IO instances."
+--- a/lib/ipaddr.gemspec
++++ b/lib/ipaddr.gemspec
+@@ -6,6 +6,7 @@
+ Gem::Specification.new do |spec|
+ spec.name = "ipaddr"
+ spec.version = "1.2.2"
++ spec.date = RUBY_RELEASE_DATE
+ spec.authors = ["Akinori MUSHA", "Hajimu UMEMOTO"]
+ spec.email = ["knu@idaemons.org", "ume@mahoroba.org"]
+
+--- a/lib/rdoc/rdoc.gemspec
++++ b/lib/rdoc/rdoc.gemspec
+@@ -7,6 +7,7 @@
+
+ Gem::Specification.new do |s|
+ s.name = "rdoc"
++ s.date = RUBY_RELEASE_DATE
+ s.version = RDoc::VERSION
+
+ s.authors = [
diff --git a/meta/recipes-devtools/ruby/ruby_3.0.1.bb b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
index 4ac7383..a348946 100644
--- a/meta/recipes-devtools/ruby/ruby_3.0.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
@@ -9,6 +9,10 @@ SRC_URI += " \
file://CVE-2021-31810.patch \
file://CVE-2021-32066.patch \
file://CVE-2021-31799.patch \
+ file://0003-rdoc-build-reproducible-documentation.patch \
+ file://0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch \
+ file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \
+ file://0006-Make-gemspecs-reproducible.patch \
"
SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727"
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch
new file mode 100644
index 0000000..d01b5c6
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-1.patch
@@ -0,0 +1,135 @@
+The commit is required by the fix for CVE-2021-41072.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/80b8441]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 19:58:19 +0100
+Subject: [PATCH] unsquashfs: use squashfs_closedir() to delete directory
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/unsquash-1.c | 3 +--
+ squashfs-tools/unsquash-1234.c | 11 +++++++++--
+ squashfs-tools/unsquash-2.c | 3 +--
+ squashfs-tools/unsquash-3.c | 3 +--
+ squashfs-tools/unsquash-4.c | 3 +--
+ squashfs-tools/unsquashfs.c | 7 -------
+ squashfs-tools/unsquashfs.h | 1 +
+ 7 files changed, 14 insertions(+), 17 deletions(-)
+
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index acba821..7598499 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -373,8 +373,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index c2d4f42..0c8dfbb 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -25,8 +25,8 @@
+ * unsquash-4.
+ */
+
+-#define TRUE 1
+-#define FALSE 0
++#include "unsquashfs.h"
++
+ /*
+ * Check name for validity, name should not
+ * - be ".", "./", or
+@@ -56,3 +56,10 @@ int check_name(char *name, int size)
+
+ return TRUE;
+ }
++
++
++void squashfs_closedir(struct dir *dir)
++{
++ free(dir->dirs);
++ free(dir);
++}
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 0746b3d..86f62ba 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -465,8 +465,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index 094caaa..c04aa9e 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -499,8 +499,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 3a1b9e1..ff62dcc 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -436,8 +436,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
+index 7b590bd..04be53c 100644
+--- a/squashfs-tools/unsquashfs.c
++++ b/squashfs-tools/unsquashfs.c
+@@ -1350,13 +1350,6 @@ unsigned int *offset, unsigned int *type)
+ }
+
+
+-void squashfs_closedir(struct dir *dir)
+-{
+- free(dir->dirs);
+- free(dir);
+-}
+-
+-
+ char *get_component(char *target, char **targname)
+ {
+ char *start;
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 2e9201c..5ecb2ab 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -291,4 +291,5 @@ extern long long *alloc_index_table(int);
+
+ /* unsquash-1234.c */
+ extern int check_name(char *, int);
++extern void squashfs_closedir(struct dir *);
+ #endif
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch
new file mode 100644
index 0000000..0b80d07
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-2.patch
@@ -0,0 +1,109 @@
+The commit is required by the fix for CVE-2021-41072. Update context for
+version 4.4.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 20:09:13 +0100
+Subject: [PATCH] unsquashfs: dynamically allocate name
+
+Dynamically allocate name rather than store it
+directly in structure.
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/unsquash-1.c | 2 +-
+ squashfs-tools/unsquash-1234.c | 5 +++++
+ squashfs-tools/unsquash-2.c | 2 +-
+ squashfs-tools/unsquash-3.c | 2 +-
+ squashfs-tools/unsquash-4.c | 2 +-
+ squashfs-tools/unsquashfs.h | 2 +-
+ 6 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index 7598499..d0121c6 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -303,7 +303,7 @@ static struct dir *squashfs_opendir(unsi
+ "realloc failed!\n");
+ dir->dirs = new_dir;
+ }
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index 0c8dfbb..ac46d9d 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -60,6 +60,11 @@ int check_name(char *name, int size)
+
+ void squashfs_closedir(struct dir *dir)
+ {
++ int i;
++
++ for(i = 0; i < dir->dir_count; i++)
++ free(dir->dirs[i].name);
++
+ free(dir->dirs);
+ free(dir);
+ }
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 86f62ba..e847980 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -404,7 +404,7 @@ static struct dir *squashfs_opendir(unsi
+ "realloc failed!\n");
+ dir->dirs = new_dir;
+ }
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index c04aa9e..8223f27 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -431,7 +431,7 @@ static struct dir *squashfs_opendir(unsi
+ "realloc failed!\n");
+ dir->dirs = new_dir;
+ }
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index ff62dcc..1e199a7 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -367,7 +367,7 @@ static struct dir *squashfs_opendir(unsi
+ "realloc failed!\n");
+ dir->dirs = new_dir;
+ }
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 5ecb2ab..583fbe4 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -165,7 +165,7 @@ struct queue {
+ #define DIR_ENT_SIZE 16
+
+ struct dir_ent {
+- char name[SQUASHFS_NAME_LEN + 1];
++ char *name;
+ unsigned int start_block;
+ unsigned int offset;
+ unsigned int type;
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch
new file mode 100644
index 0000000..fad5898
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072-requisite-3.patch
@@ -0,0 +1,330 @@
+The commit is required by the fix for CVE-2021-41072. Update context for
+version 4.4.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/9938154]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 9938154174756ee48a94ea0b076397a2944b028d Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 22:58:11 +0100
+Subject: [PATCH] unsquashfs: use linked list to store directory names
+
+This should bring higher performance, and it allows sorting
+if necessary (1.x and 2.0 filesystems).
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/unsquash-1.c | 30 +++++++++++++++---------------
+ squashfs-tools/unsquash-1234.c | 12 ++++++++----
+ squashfs-tools/unsquash-2.c | 29 +++++++++++++++--------------
+ squashfs-tools/unsquash-3.c | 29 +++++++++++++++--------------
+ squashfs-tools/unsquash-4.c | 29 +++++++++++++++--------------
+ squashfs-tools/unsquashfs.c | 16 ++++++++++------
+ squashfs-tools/unsquashfs.h | 3 ++-
+ 7 files changed, 80 insertions(+), 68 deletions(-)
+
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index d0121c6..b604434 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -207,7 +207,7 @@ static struct dir *squashfs_opendir(unsi
+ long long start;
+ int bytes;
+ int dir_count, size;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -220,7 +220,7 @@ static struct dir *squashfs_opendir(unsi
+ EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n");
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -295,19 +295,20 @@ static struct dir *squashfs_opendir(unsi
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- EXIT_UNSQUASH("squashfs_opendir: "
+- "realloc failed!\n");
+- dir->dirs = new_dir;
+- }
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
++
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index ac46d9d..e389f8d 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -60,11 +60,15 @@ int check_name(char *name, int size)
+
+ void squashfs_closedir(struct dir *dir)
+ {
+- int i;
++ struct dir_ent *ent = dir->dirs;
+
+- for(i = 0; i < dir->dir_count; i++)
+- free(dir->dirs[i].name);
++ while(ent) {
++ struct dir_ent *tmp = ent;
++
++ ent = ent->next;
++ free(tmp->name);
++ free(tmp);
++ }
+
+- free(dir->dirs);
+ free(dir);
+ }
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index e847980..956f96f 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -308,7 +308,7 @@ static struct dir *squashfs_opendir(unsi
+ long long start;
+ int bytes;
+ int dir_count, size;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -321,7 +321,7 @@ static struct dir *squashfs_opendir(unsi
+ EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n");
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -396,19 +396,20 @@ static struct dir *squashfs_opendir(unsi
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- EXIT_UNSQUASH("squashfs_opendir: "
+- "realloc failed!\n");
+- dir->dirs = new_dir;
+- }
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
++
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index 8223f27..835a574 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -334,7 +334,7 @@ static struct dir *squashfs_opendir(unsi
+ long long start;
+ int bytes;
+ int dir_count, size;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -347,7 +347,7 @@ static struct dir *squashfs_opendir(unsi
+ EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n");
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -423,19 +423,20 @@ static struct dir *squashfs_opendir(unsi
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- EXIT_UNSQUASH("squashfs_opendir: "
+- "realloc failed!\n");
+- dir->dirs = new_dir;
+- }
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
++
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 1e199a7..694783d 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -281,7 +281,7 @@ static struct dir *squashfs_opendir(unsi
+ long long start;
+ long long bytes;
+ int dir_count, size;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -294,7 +294,7 @@ static struct dir *squashfs_opendir(unsi
+ EXIT_UNSQUASH("squashfs_opendir: malloc failed!\n");
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -359,19 +359,20 @@ static struct dir *squashfs_opendir(unsi
+ TRACE("squashfs_opendir: directory entry %s, inode "
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- EXIT_UNSQUASH("squashfs_opendir: "
+- "realloc failed!\n");
+- dir->dirs = new_dir;
+- }
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
++
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
+index 04be53c..fee28ec 100644
+--- a/squashfs-tools/unsquashfs.c
++++ b/squashfs-tools/unsquashfs.c
+@@ -1277,14 +1277,18 @@ failed:
+ int squashfs_readdir(struct dir *dir, char **name, unsigned int *start_block,
+ unsigned int *offset, unsigned int *type)
+ {
+- if(dir->cur_entry == dir->dir_count)
++ if(dir->cur_entry == NULL)
++ dir->cur_entry = dir->dirs;
++ else
++ dir->cur_entry = dir->cur_entry->next;
++
++ if(dir->cur_entry == NULL)
+ return FALSE;
+
+- *name = dir->dirs[dir->cur_entry].name;
+- *start_block = dir->dirs[dir->cur_entry].start_block;
+- *offset = dir->dirs[dir->cur_entry].offset;
+- *type = dir->dirs[dir->cur_entry].type;
+- dir->cur_entry ++;
++ *name = dir->cur_entry->name;
++ *start_block = dir->cur_entry->start_block;
++ *offset = dir->cur_entry->offset;
++ *type = dir->cur_entry->type;
+
+ return TRUE;
+ }
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 583fbe4..f8cf78c 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -169,17 +169,18 @@ struct dir_ent {
+ unsigned int start_block;
+ unsigned int offset;
+ unsigned int type;
++ struct dir_ent *next;
+ };
+
+ struct dir {
+ int dir_count;
+- int cur_entry;
+ unsigned int mode;
+ uid_t uid;
+ gid_t guid;
+ unsigned int mtime;
+ unsigned int xattr;
+ struct dir_ent *dirs;
++ struct dir_ent *cur_entry;
+ };
+
+ struct file_entry {
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch
new file mode 100644
index 0000000..29ec3bb
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-41072.patch
@@ -0,0 +1,316 @@
+CVE: CVE-2021-41072
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/e048580]
+
+Backport commit to fix CVE-2021-41072. And squash a follow-up fix for
+CVE-2021-41072 from upstream:
+https://github.com/plougher/squashfs-tools/commit/19fcc93
+
+Update context for version 4.4.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e0485802ec72996c20026da320650d8362f555bd Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 23:50:06 +0100
+Subject: [PATCH] Unsquashfs: additional write outside destination directory
+ exploit fix
+
+An issue on github (https://github.com/plougher/squashfs-tools/issues/72)
+showed how some specially crafted Squashfs filesystems containing
+invalid file names (with '/' and '..') can cause Unsquashfs to write
+files outside of the destination directory.
+
+Since then it has been shown that specially crafted Squashfs filesystems
+that contain a symbolic link pointing outside of the destination directory,
+coupled with an identically named file within the same directory, can
+cause Unsquashfs to write files outside of the destination directory.
+
+Specifically the symbolic link produces a pathname pointing outside
+of the destination directory, which is then followed when writing the
+duplicate identically named file within the directory.
+
+This commit fixes this exploit by explictly checking for duplicate
+filenames within a directory. As directories in v2.1, v3.x, and v4.0
+filesystems are sorted, this is achieved by checking for consecutively
+identical filenames. Additionally directories are checked to
+ensure they are sorted, to avoid attempts to evade the duplicate
+check.
+
+Version 1.x and 2.0 filesystems (where the directories were unsorted)
+are sorted and then the above duplicate filename check is applied.
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/Makefile | 6 +-
+ squashfs-tools/unsquash-1.c | 6 ++
+ squashfs-tools/unsquash-12.c | 110 +++++++++++++++++++++++++++++++++
+ squashfs-tools/unsquash-1234.c | 21 +++++++
+ squashfs-tools/unsquash-2.c | 16 +++++
+ squashfs-tools/unsquash-3.c | 6 ++
+ squashfs-tools/unsquash-4.c | 6 ++
+ squashfs-tools/unsquashfs.h | 4 ++
+ 8 files changed, 173 insertions(+), 2 deletions(-)
+ create mode 100644 squashfs-tools/unsquash-12.c
+
+diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
+index 7262a2e..1b544ed 100755
+--- a/squashfs-tools/Makefile
++++ b/squashfs-tools/Makefile
+@@ -156,8 +156,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o
+ caches-queues-lists.o
+
+ UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \
+- unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \
+- compressor.o unsquashfs_info.o
++ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o unsquash-12.o \
++ swap.o compressor.o unsquashfs_info.o
+
+ CFLAGS ?= -O2
+ CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \
+@@ -353,6 +353,8 @@ unsquash-34.o: unsquashfs.h unsquash-34.c unsquashfs_error.h
+
+ unsquash-1234.o: unsquash-1234.c
+
++unsquash-12.o: unsquash-12.c unsquashfs.h
++
+ unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h
+
+ unsquashfs_info.o: unsquashfs.h squashfs_fs.h
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -314,6 +314,12 @@ static struct dir *squashfs_opendir(unsi
+ }
+ }
+
++ /* check directory for duplicate names. Need to sort directory first */
++ sort_directory(dir);
++ if(check_directory(dir) == FALSE) {
++ ERROR("File system corrupted: directory has duplicate names\n");
++ goto corrupted;
++ }
+ return dir;
+
+ corrupted:
+diff --git a/squashfs-tools/unsquash-12.c b/squashfs-tools/unsquash-12.c
+new file mode 100644
+index 0000000..61bf128
+--- /dev/null
++++ b/squashfs-tools/unsquash-12.c
+@@ -0,0 +1,110 @@
++/*
++ * Unsquash a squashfs filesystem. This is a highly compressed read only
++ * filesystem.
++ *
++ * Copyright (c) 2021
++ * Phillip Lougher <phillip@squashfs.org.uk>
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2,
++ * or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++ *
++ * unsquash-12.c
++ *
++ * Helper functions used by unsquash-1 and unsquash-2.
++ */
++
++#include "unsquashfs.h"
++
++/*
++ * Bottom up linked list merge sort.
++ *
++ */
++void sort_directory(struct dir *dir)
++{
++ struct dir_ent *cur, *l1, *l2, *next;
++ int len1, len2, stride = 1;
++
++ if(dir->dir_count < 2)
++ return;
++
++ /*
++ * We can consider our linked-list to be made up of stride length
++ * sublists. Eacn iteration around this loop merges adjacent
++ * stride length sublists into larger 2*stride sublists. We stop
++ * when stride becomes equal to the entire list.
++ *
++ * Initially stride = 1 (by definition a sublist of 1 is sorted), and
++ * these 1 element sublists are merged into 2 element sublists, which
++ * are then merged into 4 element sublists and so on.
++ */
++ do {
++ l2 = dir->dirs; /* head of current linked list */
++ cur = NULL; /* empty output list */
++
++ /*
++ * Iterate through the linked list, merging adjacent sublists.
++ * On each interation l2 points to the next sublist pair to be
++ * merged (if there's only one sublist left this is simply added
++ * to the output list)
++ */
++ while(l2) {
++ l1 = l2;
++ for(len1 = 0; l2 && len1 < stride; len1 ++, l2 = l2->next);
++ len2 = stride;
++
++ /*
++ * l1 points to first sublist.
++ * l2 points to second sublist.
++ * Merge them onto the output list
++ */
++ while(len1 && l2 && len2) {
++ if(strcmp(l1->name, l2->name) <= 0) {
++ next = l1;
++ l1 = l1->next;
++ len1 --;
++ } else {
++ next = l2;
++ l2 = l2->next;
++ len2 --;
++ }
++
++ if(cur) {
++ cur->next = next;
++ cur = next;
++ } else
++ dir->dirs = cur = next;
++ }
++ /*
++ * One sublist is now empty, copy the other one onto the
++ * output list
++ */
++ for(; len1; len1 --, l1 = l1->next) {
++ if(cur) {
++ cur->next = l1;
++ cur = l1;
++ } else
++ dir->dirs = cur = l1;
++ }
++ for(; l2 && len2; len2 --, l2 = l2->next) {
++ if(cur) {
++ cur->next = l2;
++ cur = l2;
++ } else
++ dir->dirs = cur = l2;
++ }
++ }
++ cur->next = NULL;
++ stride = stride << 1;
++ } while(stride < dir->dir_count);
++}
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index e389f8d..98a81ed 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -72,3 +72,24 @@ void squashfs_closedir(struct dir *dir)
+
+ free(dir);
+ }
++
++
++/*
++ * Check directory for duplicate names. As the directory should be sorted,
++ * duplicates will be consecutive. Obviously we also need to check if the
++ * directory has been deliberately unsorted, to evade this check.
++ */
++int check_directory(struct dir *dir)
++{
++ int i;
++ struct dir_ent *ent;
++
++ if(dir->dir_count < 2)
++ return TRUE;
++
++ for(ent = dir->dirs, i = 0; i < dir->dir_count - 1; ent = ent->next, i++)
++ if(strcmp(ent->name, ent->next->name) >= 0)
++ return FALSE;
++
++ return TRUE;
++}
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 956f96f..0e36f7d 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -29,6 +29,7 @@ static squashfs_fragment_entry_2 *fragme
+ static unsigned int *uid_table, *guid_table;
+ static char *inode_table, *directory_table;
+ static squashfs_operations ops;
++static int needs_sorting = FALSE;
+
+ static void read_block_list(unsigned int *block_list, char *block_ptr, int blocks)
+ {
+@@ -415,6 +416,17 @@ static struct dir *squashfs_opendir(unsi
+ }
+ }
+
++ if(needs_sorting)
++ sort_directory(dir);
++
++ /* check directory for duplicate names and sorting */
++ if(check_directory(dir) == FALSE) {
++ if(needs_sorting)
++ ERROR("File system corrupted: directory has duplicate names\n");
++ else
++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
++ goto corrupted;
++ }
+ return dir;
+
+ corrupted:
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -442,6 +442,12 @@ static struct dir *squashfs_opendir(unsi
+ }
+ }
+
++ /* check directory for duplicate names and sorting */
++ if(check_directory(dir) == FALSE) {
++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
++ goto corrupted;
++ }
++
+ return dir;
+
+ corrupted:
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 694783d..c615bb8 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -378,6 +378,12 @@ static struct dir *squashfs_opendir(unsi
+ }
+ }
+
++ /* check directory for duplicate names and sorting */
++ if(check_directory(dir) == FALSE) {
++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
++ goto corrupted;
++ }
++
+ return dir;
+
+ corrupted:
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index f8cf78c..bf2a80d 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -266,4 +266,8 @@ extern long long *alloc_index_table(int)
+ /* unsquash-1234.c */
+ extern int check_name(char *, int);
+ extern void squashfs_closedir(struct dir *);
++extern int check_directory(struct dir *);
++
++/* unsquash-12.c */
++extern void sort_directory(struct dir *);
+ #endif
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
index 083e597..caa5417 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
@@ -9,9 +9,13 @@ LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
PV = "4.4"
SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67"
-SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \
+SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \
file://0001-squashfs-tools-fix-build-failure-against-gcc-10.patch;striplevel=2 \
file://CVE-2021-40153.patch;striplevel=2 \
+ file://CVE-2021-41072-requisite-1.patch;striplevel=2 \
+ file://CVE-2021-41072-requisite-2.patch;striplevel=2 \
+ file://CVE-2021-41072-requisite-3.patch;striplevel=2 \
+ file://CVE-2021-41072.patch;striplevel=2 \
"
S = "${WORKDIR}/git/squashfs-tools"
diff --git a/meta/recipes-devtools/strace/strace/run-ptest b/meta/recipes-devtools/strace/strace/run-ptest
index 3a51fb0..02bb91e 100755
--- a/meta/recipes-devtools/strace/strace/run-ptest
+++ b/meta/recipes-devtools/strace/strace/run-ptest
@@ -1,6 +1,15 @@
#!/bin/sh
+
+set -u
+
export TIMEOUT_DURATION=240
chown nobody tests
chown nobody tests/*
chown nobody ../ptest
+
su nobody -c "make -B -C tests -k test-suite.log"
+res=$?
+if [ $res -ne 0 ]; then
+ cat tests/test-suite.log
+fi
+exit $res
diff --git a/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb b/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb
index 905a0cb..44f0c8c 100644
--- a/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb
+++ b/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1 & GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c \
file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe"
-SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https \
+SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https;branch=master \
file://0001-architecture-Recognise-RISCV-32-RISCV-64.patch \
file://mips64.patch \
file://no_lto.patch \
diff --git a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
index a143b09..7f790c9 100644
--- a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
+++ b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
@@ -10,7 +10,7 @@ SRCREV = "a022ef2f1acfd9209a1bf792dda14ae4b0d1b60f"
PV = "1.7.0+git${SRCPV}"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
-SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https \
+SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \
file://fix_ranlib.patch \
file://ldflags.patch \
file://tcf-agent.init \
diff --git a/meta/recipes-devtools/unfs3/unfs3_git.bb b/meta/recipes-devtools/unfs3/unfs3_git.bb
index a21fb58..bcaa4e2 100644
--- a/meta/recipes-devtools/unfs3/unfs3_git.bb
+++ b/meta/recipes-devtools/unfs3/unfs3_git.bb
@@ -14,7 +14,7 @@ DEPENDS_append_class-nativesdk = " flex-nativesdk"
ASNEEDED = ""
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https \
+SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https;branch=master \
file://unfs3_parallel_build.patch \
file://alternate_rpc_ports.patch \
file://fix_pid_race_parent_writes_child_pid.patch \
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
index 70eb67f..d2f3444 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
@@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e
"
SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \
- git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests \
+ git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
file://run-ptest \
diff --git a/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch
new file mode 100644
index 0000000..44bdfbb
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch
@@ -0,0 +1,238 @@
+From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 7 Sep 2021 20:36:12 +0100
+Subject: [PATCH] Bug 704342: Include device specifier strings in access
+ validation
+
+for the "%pipe%", %handle%" and %printer% io devices.
+
+We previously validated only the part after the "%pipe%" Postscript device
+specifier, but this proved insufficient.
+
+This rebuilds the original file name string, and validates it complete. The
+slight complication for "%pipe%" is it can be reached implicitly using
+"|" so we have to check both prefixes.
+
+Addresses CVE-2021-3781
+
+CVE: CVE-2021-3781
+
+Upstream-Status: Backport (http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20)
+
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+---
+ base/gdevpipe.c | 22 +++++++++++++++-
+ base/gp_mshdl.c | 11 +++++++-
+ base/gp_msprn.c | 10 ++++++-
+ base/gp_os2pr.c | 13 +++++++++-
+ base/gslibctx.c | 69 ++++++++++---------------------------------------
+ 5 files changed, 65 insertions(+), 60 deletions(-)
+
+diff --git a/base/gdevpipe.c b/base/gdevpipe.c
+index 96d71f5d8..5bdc485be 100644
+--- a/base/gdevpipe.c
++++ b/base/gdevpipe.c
+@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ #else
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ /* The pipe device can be reached in two ways, explicltly with %pipe%
++ or implicitly with "|", so we have to check for both
++ */
++ char f[gp_file_name_sizeof];
++ const char *pipestr = "|";
++ const size_t pipestrlen = strlen(pipestr);
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
++ int code1;
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ code1 = gp_validate_path(mem, f, access);
++
++ memcpy(f, pipestr, pipestrlen);
++ memcpy(f + pipestrlen, fname, nlen + 1);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
+ return gs_error_invalidfileaccess;
+
+ /*
+diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c
+index 2b964ed74..8d87ceadc 100644
+--- a/base/gp_mshdl.c
++++ b/base/gp_mshdl.c
+@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ long hfile; /* Correct for Win32, may be wrong for Win64 */
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ char f[gp_file_name_sizeof];
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, f, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_handle method. */
+diff --git a/base/gp_msprn.c b/base/gp_msprn.c
+index ed4827968..746a974f7 100644
+--- a/base/gp_msprn.c
++++ b/base/gp_msprn.c
+@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(pname, iodev->dname, preflen);
++ memcpy(pname + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, pname, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c
+index f852c71fc..ba54cde66 100644
+--- a/base/gp_os2pr.c
++++ b/base/gp_os2pr.c
+@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ FILE ** pfile, char *rfname, uint rnamelen)
+ {
+ os2_printer_t *pr = (os2_printer_t *)iodev->state;
+- char driver_name[256];
++ char driver_name[gp_file_name_sizeof];
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const int size_t = strlen(fname);
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(driver_name, iodev->dname, preflen);
++ memcpy(driver_name + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, driver_name, access) != 0)
++ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+ /* Note that the loop condition here ensures we don't
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 6dfed6cd5..318039fad 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
+ int
+ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+ rewrite_percent_specifiers(f);
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_add_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_add_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_add_control_path(mem, gs_permit_file_control, fp);
++
++ code = gs_add_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_add_control_path(mem, gs_permit_file_writing, fp);
++ return gs_add_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_remove_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_remove_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_remove_control_path(mem, gs_permit_file_control, fp);
++ rewrite_percent_specifiers(f);
++
++ code = gs_remove_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_remove_control_path(mem, gs_permit_file_writing, fp);
++ return gs_remove_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+--
+2.33.0
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb
index 35826c2..2168224 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb
@@ -33,6 +33,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://do-not-check-local-libpng-source.patch \
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
+ file://0001-Bug-704342-Include-device-specifier-strings-in-acces.patch \
"
SRC_URI = "${SRC_URI_BASE} \
diff --git a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
index c51f163..3b738f8 100644
--- a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
+++ b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "https://golang.org/"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
-SRC_URI = "git://${GO_IMPORT}"
+SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https"
SRCREV = "46695d81d1fae905a270fb7db8a4d11a334562fe"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb
index e43abf2..dd541d4 100644
--- a/meta/recipes-extended/iputils/iputils_s20200821.bb
+++ b/meta/recipes-extended/iputils/iputils_s20200821.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390"
DEPENDS = "gnutls"
-SRC_URI = "git://github.com/iputils/iputils \
+SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
"
SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b"
diff --git a/meta/recipes-extended/libaio/libaio_0.3.112.bb b/meta/recipes-extended/libaio/libaio_0.3.112.bb
index b360647..3892f32 100644
--- a/meta/recipes-extended/libaio/libaio_0.3.112.bb
+++ b/meta/recipes-extended/libaio/libaio_0.3.112.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "http://lse.sourceforge.net/io/aio.html"
LICENSE = "LGPLv2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499"
-SRC_URI = "git://pagure.io/libaio.git;protocol=https \
+SRC_URI = "git://pagure.io/libaio.git;protocol=https;branch=master \
file://00_arches.patch \
file://libaio_fix_for_mips_syscalls.patch \
file://system-linkage.patch \
diff --git a/meta/recipes-extended/libnsl/libnsl2_git.bb b/meta/recipes-extended/libnsl/libnsl2_git.bb
index badb71d..0690d4c 100644
--- a/meta/recipes-extended/libnsl/libnsl2_git.bb
+++ b/meta/recipes-extended/libnsl/libnsl2_git.bb
@@ -14,7 +14,7 @@ PV = "1.3.0"
SRCREV = "fbad7b36acaa89a54023930af70805649f962999"
-SRC_URI = "git://github.com/thkukuk/libnsl \
+SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/libnss-nis/libnss-nis.bb b/meta/recipes-extended/libnss-nis/libnss-nis.bb
index a1d914e..984cc98 100644
--- a/meta/recipes-extended/libnss-nis/libnss-nis.bb
+++ b/meta/recipes-extended/libnss-nis/libnss-nis.bb
@@ -17,7 +17,7 @@ PV = "3.1+git${SRCPV}"
SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad"
-SRC_URI = "git://github.com/thkukuk/libnss_nis \
+SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.17.bb b/meta/recipes-extended/libsolv/libsolv_0.7.17.bb
index fa6e8a3..2b5da4d 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.17.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.17.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
DEPENDS = "expat zlib"
-SRC_URI = "git://github.com/openSUSE/libsolv.git \
+SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \
"
SRCREV = "4bc791c0d235eb14bfe4c5da607206bfdfa6983d"
diff --git a/meta/recipes-extended/ltp/ltp_20210121.bb b/meta/recipes-extended/ltp/ltp_20210121.bb
index 17adbf4..e816244 100644
--- a/meta/recipes-extended/ltp/ltp_20210121.bb
+++ b/meta/recipes-extended/ltp/ltp_20210121.bb
@@ -33,7 +33,7 @@ SRCREV = "4d005621edd109d119627eb9210b224a63bf22cb"
PR = "r4"
HASHEQUIV_HASH_VERSION .= ".4"
-SRC_URI = "git://github.com/linux-test-project/ltp.git \
+SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=https \
file://0001-build-Add-option-to-select-libc-implementation.patch \
file://0007-Fix-test_proc_kill-hanging.patch \
file://0001-Add-more-musl-exclusions.patch \
diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb
index de4a715..2dafe96 100644
--- a/meta/recipes-extended/net-tools/net-tools_2.10.bb
+++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://ifconfig.c;beginline=11;endline=15;md5=d1ca372080ad5401e23ca0afc35cf9ba"
SRCREV = "80d7b95067f1f22fece9537dea6dff53081f4886"
-SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https \
+SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \
file://net-tools-config.h \
file://net-tools-config.make \
file://Add_missing_headers.patch \
diff --git a/meta/recipes-extended/newt/libnewt_0.52.21.bb b/meta/recipes-extended/newt/libnewt_0.52.21.bb
index 88b4cf4..3d35a17 100644
--- a/meta/recipes-extended/newt/libnewt_0.52.21.bb
+++ b/meta/recipes-extended/newt/libnewt_0.52.21.bb
@@ -29,7 +29,7 @@ SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac
S = "${WORKDIR}/newt-${PV}"
-inherit autotools-brokensep python3native python3-dir
+inherit autotools-brokensep python3native python3-dir python3targetconfig
EXTRA_OECONF = "--without-tcl --with-python"
diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb
index c74a901..9fd3db1 100644
--- a/meta/recipes-extended/procps/procps_3.3.17.bb
+++ b/meta/recipes-extended/procps/procps_3.3.17.bb
@@ -12,7 +12,7 @@ DEPENDS = "ncurses"
inherit autotools gettext pkgconfig update-alternatives
-SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https \
+SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \
file://sysctl.conf \
file://0001-w.c-correct-musl-builds.patch \
file://0002-proc-escape.c-add-missing-include.patch \
diff --git a/meta/recipes-extended/psmisc/psmisc_23.4.bb b/meta/recipes-extended/psmisc/psmisc_23.4.bb
index 894443f..89fe8a7 100644
--- a/meta/recipes-extended/psmisc/psmisc_23.4.bb
+++ b/meta/recipes-extended/psmisc/psmisc_23.4.bb
@@ -2,7 +2,7 @@ require psmisc.inc
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
-SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https \
+SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https;branch=master \
file://0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch \
"
SRCREV = "5fab6b7ab385080f1db725d6803136ec1841a15f"
diff --git a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb
index 5aff2b5..ad39213 100644
--- a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb
+++ b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb
@@ -19,7 +19,7 @@ PV = "1.4.2"
SRCREV = "6f54e54455c073d08a56ea627c6cd2355a40eb53"
-SRC_URI = "git://github.com/thkukuk/${BPN} \
+SRC_URI = "git://github.com/thkukuk/${BPN};branch=master;protocol=https \
file://0001-Use-cross-compiled-rpcgen.patch \
"
diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb b/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb
index 5dfeca5..01a079f 100644
--- a/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb
+++ b/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5b4be4b2549338526758ef479c040943 \
inherit update-rc.d update-alternatives systemd autotools
-SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1 \
+SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1;protocol=https \
file://sysklogd \
"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index a89560b..5c19e9a 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2021a"
+PV = "2021d"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,5 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0"
-SRC_URI[tzdata.sha256sum] = "39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08"
+SRC_URI[tzcode.sha256sum] = "ed0d02be79b54f4449ba1f239aeaf9315da490bf32f401d302dcbba4921f591d"
+SRC_URI[tzdata.sha256sum] = "d7c188a2b33d4a3c25ee4a9fdc68c1ff462bfdb302cf41343d84ca5942dbddf6"
+
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
index 69d5b2f..c6d356d 100644
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=55c5fdf02cfcca3fc9621b6f2ceae10f"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
-SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https \
+SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https;branch=master \
file://xinetd.init \
file://xinetd.default \
file://xinetd.service \
diff --git a/meta/recipes-extended/zstd/zstd_1.4.9.bb b/meta/recipes-extended/zstd/zstd_1.4.9.bb
index 44224ec..b648c84 100644
--- a/meta/recipes-extended/zstd/zstd_1.4.9.bb
+++ b/meta/recipes-extended/zstd/zstd_1.4.9.bb
@@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \
file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0"
-SRC_URI = "git://github.com/facebook/zstd.git;branch=release \
+SRC_URI = "git://github.com/facebook/zstd.git;branch=release;protocol=https \
file://0001-Makefile-sort-all-wildcard-file-list-expansions.patch \
"
diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.66.1.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.66.1.bb
index 3b884f0..8b752f7 100644
--- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.66.1.bb
+++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.66.1.bb
@@ -94,7 +94,7 @@ EOF
# from the target sysroot.
cat > ${B}/g-ir-scanner-wrapper << EOF
#!/bin/sh
-# This prevents g-ir-scanner from writing cache data to $HOME
+# This prevents g-ir-scanner from writing cache data to user's HOME dir
export GI_SCANNER_DISABLE_CACHE=1
g-ir-scanner --lib-dirs-envvar=GIR_EXTRA_LIBS_PATH --use-binary-wrapper=${STAGING_BINDIR}/g-ir-scanner-qemuwrapper --use-ldd-wrapper=${STAGING_BINDIR}/g-ir-scanner-lddwrapper --add-include-path=${STAGING_DATADIR}/gir-1.0 --add-include-path=${STAGING_LIBDIR}/gir-1.0 "\$@"
diff --git a/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb b/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb
index 74e3430..d70265e 100644
--- a/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb
+++ b/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb
@@ -16,3 +16,7 @@ inherit allarch autotools
FILES_${PN} += "${datadir}/icons"
BBCLASSEXTEND = "native nativesdk"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-gnome/libhandy/libhandy_1.2.0.bb b/meta/recipes-gnome/libhandy/libhandy_1.2.0.bb
index 1e37feb..f39cbdc 100644
--- a/meta/recipes-gnome/libhandy/libhandy_1.2.0.bb
+++ b/meta/recipes-gnome/libhandy/libhandy_1.2.0.bb
@@ -9,7 +9,7 @@ BUGTRACKER = "https://gitlab.gnome.org/GNOME/libhandy/-/issues"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://gitlab.gnome.org/GNOME/libhandy.git;protocol=https"
+SRC_URI = "git://gitlab.gnome.org/GNOME/libhandy.git;protocol=https;branch=master"
SRCREV = "7b38a860ffcec6c2ad28153358cc3d037ddb618f"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-gnome/libportal/libportal_0.3.bb b/meta/recipes-gnome/libportal/libportal_0.3.bb
index bc4ff37..c24a794 100644
--- a/meta/recipes-gnome/libportal/libportal_0.3.bb
+++ b/meta/recipes-gnome/libportal/libportal_0.3.bb
@@ -6,7 +6,7 @@ BUGTRACKER = "https://github.com/flatpak/libportal/issues"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https"
+SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https;branch=master"
SRCREV = "a609e06d0c4adc5c510cf9ac7b060db3d368e78f"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/glslang/glslang_11.2.0.bb b/meta/recipes-graphics/glslang/glslang_11.2.0.bb
index 902f734..e00f73c 100644
--- a/meta/recipes-graphics/glslang/glslang_11.2.0.bb
+++ b/meta/recipes-graphics/glslang/glslang_11.2.0.bb
@@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exc
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c5ce49c0456e9b413b98a4368c378229"
SRCREV = "5421877c380d5f92c1965c7a94620dac861297dd"
-SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https \
+SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \
file://0001-generate-glslang-pkg-config.patch"
UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb b/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
index 1cc94cf..4b8630a 100644
--- a/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
+++ b/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
@@ -12,7 +12,7 @@ inherit meson
SRCREV = "d16ad07e7f2a028e14d61f570931c87fa5ce404c"
PV = "1.25+git${SRCPV}"
-SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https \
+SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https;branch=master \
file://0001-lib-igt_edid-Allocate-raw-8-bytes-for-VSDB.patch \
file://reproducibility.patch"
diff --git a/meta/recipes-graphics/libfakekey/libfakekey_git.bb b/meta/recipes-graphics/libfakekey/libfakekey_git.bb
index ab6f5ac..33ea6fe 100644
--- a/meta/recipes-graphics/libfakekey/libfakekey_git.bb
+++ b/meta/recipes-graphics/libfakekey/libfakekey_git.bb
@@ -13,7 +13,7 @@ SECTION = "x11/wm"
SRCREV = "7ad885912efb2131e80914e964d5e635b0d07b40"
PV = "0.3+git${SRCPV}"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
index 1a31677..06bd682 100644
--- a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
+++ b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
@@ -17,7 +17,7 @@ DEPENDS = "virtual/libx11 libxext"
#SRCREV for 1.12
SRCREV = "e846ee434f8e23d9db38af13c523f791495e0e87"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/libva/libva-utils_2.10.0.bb b/meta/recipes-graphics/libva/libva-utils_2.10.0.bb
index 828f4fb..39763ba 100644
--- a/meta/recipes-graphics/libva/libva-utils_2.10.0.bb
+++ b/meta/recipes-graphics/libva/libva-utils_2.10.0.bb
@@ -14,7 +14,7 @@ SECTION = "x11"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e"
-SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.10-branch"
+SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.10-branch;protocol=https"
SRCREV = "f112ee75fcd1472131b20f901b93f6ac1d293fad"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb
index a08eb25..3ea67d0 100644
--- a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb
+++ b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb
@@ -12,7 +12,7 @@ DEPENDS = "libmatchbox virtual/libx11 libxext libxrender startup-notification ex
# SRCREV tagged 1.2.2
SRCREV = "27da947e7fbdf9659f7e5bd1e92af92af6c03970"
-SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager \
+SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager;branch=master \
file://0001-Fix-build-with-gcc-10.patch \
file://kbdconfig"
diff --git a/meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch b/meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch
new file mode 100644
index 0000000..899450e
--- /dev/null
+++ b/meta/recipes-graphics/mesa/files/0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch
@@ -0,0 +1,52 @@
+commit 8bd63cd28939d79d6681943b840627eaa3614ee4
+Author: Pablo Saavedra <psaavedra@igalia.com>
+Date: Mon Oct 18 15:48:42 2021 +0200
+
+ gallium/dri: Make YUV formats we're going to emulate external-only.
+
+ If we're going to have to bind them as separate planes with colorspace
+ conversion for sampling on the frontend, then we need to report that
+ they're only for external-image samplers, otherwise the lowering won't be
+ applied.
+
+ Fixes: 4e3a7dcf ("gallium: enable EGL_EXT_image_dma_buf_import_modifiers unconditionally")
+ Reviewed-by: Jose Maria Casanova Crespo <jmcasanova@igalia.com>
+ Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13038>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13038]
+
+diff --git a/src/gallium/frontends/dri/dri2.c b/src/gallium/frontends/dri/dri2.c
+index b0c0d7e..ef8df5a 100644
+--- a/src/gallium/frontends/dri/dri2.c
++++ b/src/gallium/frontends/dri/dri2.c
+@@ -1445,16 +1445,24 @@ dri2_query_dma_buf_modifiers(__DRIscreen *_screen, int fourcc, int max,
+
+ format = map->pipe_format;
+
++ bool native_sampling = pscreen->is_format_supported(pscreen, format, screen->target, 0, 0,
++ PIPE_BIND_SAMPLER_VIEW);
+ if (pscreen->is_format_supported(pscreen, format, screen->target, 0, 0,
+- PIPE_BIND_RENDER_TARGET) ||
+- pscreen->is_format_supported(pscreen, format, screen->target, 0, 0,
+- PIPE_BIND_SAMPLER_VIEW) ||
+- dri2_yuv_dma_buf_supported(screen, map)) {
+- if (pscreen->query_dmabuf_modifiers != NULL)
++ PIPE_BIND_RENDER_TARGET) ||
++ native_sampling ||
++ dri2_yuv_dma_buf_supported(screen, map)) {
++ if (pscreen->query_dmabuf_modifiers != NULL) {
+ pscreen->query_dmabuf_modifiers(pscreen, format, max, modifiers,
+ external_only, count);
+- else
++ if (!native_sampling && external_only) {
++ /* To support it using YUV lowering, we need it to be samplerExternalOES.
++ */
++ for (int i = 0; i < *count; i++)
++ external_only[i] = true;
++ }
++ } else {
+ *count = 0;
++ }
+ return true;
+ }
+ return false;
diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc
index a85f94c..cfc1bc1 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -19,6 +19,7 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
file://0002-meson.build-make-TLS-ELF-optional.patch \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \
+ file://0001-gallium-dri-Make-YUV-formats-we-re-going-to-emulate-.patch \
"
SRC_URI[sha256sum] = "565c6f4bd2d5747b919454fc1d439963024fc78ca56fd05158c3b2cde2f6912b"
@@ -252,7 +253,7 @@ python mesa_populate_packages() {
import re
dri_drivers_root = oe.path.join(d.getVar('PKGD'), d.getVar('libdir'), "dri")
if os.path.isdir(dri_drivers_root):
- dri_pkgs = os.listdir(dri_drivers_root)
+ dri_pkgs = sorted(os.listdir(dri_drivers_root))
lib_name = d.expand("${MLPREFIX}mesa-megadriver")
for p in dri_pkgs:
m = re.match(r'^(.*)_dri\.so$', p)
diff --git a/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb b/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb
index 58a6997..88101b5 100644
--- a/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb
+++ b/meta/recipes-graphics/mx/mx-1.0_1.4.7.bb
@@ -7,7 +7,7 @@ PV = "1.4.7+git${SRCPV}"
# Exclude x.99.x versions from upstream checks
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>^\d+(\.(?!99)\d+)+)"
-SRC_URI = "git://github.com/clutter-project/mx.git;branch=mx-1.4 \
+SRC_URI = "git://github.com/clutter-project/mx.git;branch=mx-1.4;protocol=https \
file://fix-test-includes.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/piglit/piglit_git.bb b/meta/recipes-graphics/piglit/piglit_git.bb
index 14f4c75..96ec930 100644
--- a/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/meta/recipes-graphics/piglit/piglit_git.bb
@@ -6,7 +6,7 @@ BUGTRACKER = "https://gitlab.freedesktop.org/mesa/piglit/-/issues"
LICENSE = "MIT & LGPLv2+ & GPLv3 & GPLv2+ & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0"
-SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https \
+SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https;branch=master \
file://0001-cmake-install-bash-completions-in-the-right-place.patch \
file://0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \
file://0001-Add-a-missing-include-for-htobe32-definition.patch \
diff --git a/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb b/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb
index 7a43af5..ea7e173 100644
--- a/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb
+++ b/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb
@@ -8,7 +8,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d"
SRCREV = "bcf55210f13a4fa3c3d0963b509ff1070e434c79"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https"
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
S = "${WORKDIR}/git"
PV .= "+git${SRCPV}"
diff --git a/meta/recipes-graphics/spir/spirv-tools_2020.7.bb b/meta/recipes-graphics/spir/spirv-tools_2020.7.bb
index 8be6985..9a06408 100644
--- a/meta/recipes-graphics/spir/spirv-tools_2020.7.bb
+++ b/meta/recipes-graphics/spir/spirv-tools_2020.7.bb
@@ -8,7 +8,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "2573fd781b5408cd7fe5755a78b60d767a748ff9"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git \
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \
file://0001-fix-strncpy-bound-error.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$"
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb
index 5282119..7f035f8 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10"
DEPENDS = "libdrm virtual/libgl libepoxy"
SRCREV = "7d204f3927be65fb3365dce01dbcd04d447a4985"
-SRC_URI = "git://anongit.freedesktop.org/virglrenderer \
+SRC_URI = "git://anongit.freedesktop.org/virglrenderer;branch=master \
file://0001-gallium-Expand-libc-check-to-be-platform-OS-check.patch \
file://0001-meson.build-use-python3-directly-for-python.patch \
"
diff --git a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
index 5a8c62e..295ac12 100644
--- a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
+++ b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2119edef0916b0bd511cb3c731076271"
DEPENDS = "zlib"
-SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release \
+SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release;protocol=https \
file://0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch \
file://0001-Use-ASSIMP_LIB_INSTALL_DIR-to-search-library.patch \
"
diff --git a/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb b/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb
index 4c9c94f..b021143 100644
--- a/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-headers_1.2.170.0.bb
@@ -9,7 +9,7 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=master"
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=master;protocol=https"
SRCREV = "1d99b835ec3cd5a7fb2f2a2dd9a615ee2d1f0101"
diff --git a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb
index 6b6ed06..a866f0a 100644
--- a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.170.0.bb
@@ -9,7 +9,7 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7dbefed23242760aa3475ee42801c5ac"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git \
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=master;protocol=https \
"
SRCREV = "c5678a03db383fd0dc5bfb8e9a383043bdbcb57b"
diff --git a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
index b7c38f6..07d6e9d 100644
--- a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
@@ -5,7 +5,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a"
-SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git \
+SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \
file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \
file://debugfix.patch \
"
diff --git a/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb b/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb
index 0c8bcaa..d81dc14 100644
--- a/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-tools_1.2.170.0.bb
@@ -6,7 +6,7 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.2.170"
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.2.170;protocol=https"
SRCREV = "88ea55de928a08ba5c5f65a93d1e7c8f666fc43f"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/waffle/waffle_1.6.1.bb b/meta/recipes-graphics/waffle/waffle_1.6.1.bb
index 07d7279..5e5b227 100644
--- a/meta/recipes-graphics/waffle/waffle_1.6.1.bb
+++ b/meta/recipes-graphics/waffle/waffle_1.6.1.bb
@@ -3,17 +3,15 @@ DESCRIPTION = "A cross-platform C library that allows one to defer selection \
of an OpenGL API and window system until runtime. For example, on Linux, Waffle \
enables an application to select X11/EGL with an OpenGL 3.3 core profile, \
Wayland with OpenGL ES2, and other window system / API combinations."
-HOMEPAGE = "http://www.waffle-gl.org/"
+HOMEPAGE = "https://gitlab.freedesktop.org/mesa/waffle"
BUGTRACKER = "https://gitlab.freedesktop.org/mesa/waffle"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \
file://include/waffle/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf"
-SRC_URI = "http://waffle-gl.org/files/release/${BPN}-${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[md5sum] = "c91529e579483f44fb330052872b9c73"
-SRC_URI[sha256sum] = "31565649ff0e2d8dff1b8f7f2264ab7a78452063c7e04adfc4ce03e64b655080"
-
-UPSTREAM_CHECK_URI = "http://www.waffle-gl.org/releases.html"
+SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=maint-1.6"
+SRCREV = "d7e8c4759704b3c571fa3697c716279c26fd05eb"
+S = "${WORKDIR}/git"
inherit meson features_check lib_package bash-completion
diff --git a/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb b/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb
index 3fb78f6..35a46db 100644
--- a/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb
+++ b/meta/recipes-graphics/wayland/wayland-protocols_1.20.bb
@@ -20,3 +20,7 @@ inherit allarch autotools pkgconfig
PACKAGES = "${PN}"
FILES_${PN} += "${datadir}/pkgconfig/wayland-protocols.pc"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb b/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
index d2a1664..e524b82 100644
--- a/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
+++ b/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
@@ -12,7 +12,7 @@ inherit autotools pkgconfig features_check
REQUIRED_DISTRO_FEATURES = "x11"
SRCREV = "18ec53f1cada39f905614ebfaffed5c7754ecf46"
-SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput \
+SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput;protocol=https \
file://30xinput_calibrate.sh \
file://Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch \
file://0001-calibrator.hh-Include-string-to-get-std-string.patch \
diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
index 161371b..73c0cdc 100644
--- a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
+++ b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
@@ -13,7 +13,7 @@ SRCREV = "f66d39544bb8339130c96d282a80f87ca1606caf"
PV = "2.99.917+git${SRCPV}"
S = "${WORKDIR}/git"
-SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel \
+SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel;branch=master \
file://0001-Sync-i915_pciids-upto-8717c6b7414f.patch \
file://0001-i810-Avoid-duplicate-definition-of-I810PatternROP.patch \
"
diff --git a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb
index 713fcfb..02c8cff 100644
--- a/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb
+++ b/meta/recipes-graphics/xorg-font/encodings_1.0.5.bb
@@ -23,3 +23,7 @@ EXTRA_OECONF += "--with-encodingsdir=${datadir}/fonts/X11/encodings"
# postinst from .inc doesn't apply to this recipe
pkg_postinst_${PN} () {
}
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-kernel/blktrace/blktrace_git.bb b/meta/recipes-kernel/blktrace/blktrace_git.bb
index 7ccc022..2110bc7 100644
--- a/meta/recipes-kernel/blktrace/blktrace_git.bb
+++ b/meta/recipes-kernel/blktrace/blktrace_git.bb
@@ -14,7 +14,7 @@ SRCREV = "cca113f2fe0759b91fd6a0e10fdcda2c28f18a7e"
PV = "1.2.0+git${SRCPV}"
-SRC_URI = "git://git.kernel.dk/blktrace.git \
+SRC_URI = "git://git.kernel.dk/blktrace.git;branch=master \
file://ldflags.patch \
file://CVE-2018-10689.patch \
file://make-btt-scripts-python3-ready.patch \
diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc
index ae2c308..6ada0b0 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev.inc
+++ b/meta/recipes-kernel/cryptodev/cryptodev.inc
@@ -8,7 +8,7 @@ API is compatible with OpenBSD's cryptodev userspace API (/dev/crypto)."
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux \
+SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux;branch=master;protocol=https \
"
SRCREV = "e0c25e289d6baf1d83c2b9cb523d3bc237d0c0c9"
diff --git a/meta/recipes-kernel/dtc/dtc.inc b/meta/recipes-kernel/dtc/dtc.inc
index 5da6c24..461ab8f 100644
--- a/meta/recipes-kernel/dtc/dtc.inc
+++ b/meta/recipes-kernel/dtc/dtc.inc
@@ -5,7 +5,7 @@ SECTION = "bootloader"
LICENSE = "GPLv2 | BSD"
DEPENDS = "flex-native bison-native"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git \
+SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git;branch=master \
file://make_install.patch \
file://0001-dtc-Fix-Makefile-to-add-CFLAGS-not-override.patch \
"
diff --git a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index e967f48..ef035ae 100644
--- a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -14,7 +14,7 @@ PV = "0.2+git${SRCPV}"
inherit native
-SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git"
+SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;branch=master"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-kernel/kmod/kmod.inc b/meta/recipes-kernel/kmod/kmod.inc
index ba5ec7f..11220c5 100644
--- a/meta/recipes-kernel/kmod/kmod.inc
+++ b/meta/recipes-kernel/kmod/kmod.inc
@@ -19,7 +19,7 @@ SRCREV = "1ccfe994287119cc6cef37a7ca4c529d89de4b95"
# Lookout for PV bump too when SRCREV is changed
PV = "28"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git \
+SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git;branch=master \
file://depmod-search.conf \
file://avoid_parallel_tests.patch \
"
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20210818.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb
index 7f6db18..76aed9d 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20210818.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20211027.bb
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=15ad289bf2359e8ecf613f3b04f72fab \
+ file://WHENCE;md5=d627873bd934d7c52b2c8191304a8eb7 \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -205,7 +205,7 @@ PE = "1"
SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "bef3d317c348d962b3a1b95cb4e19ea4f282e18112b2c669cff74f9267ce3893"
+SRC_URI[sha256sum] = "bc2657dd8eb82386a9a7ec6df9ccf31c32c7e9073c05d37786c1edc273f9440a"
inherit allarch
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index a27c67b..93ebccf 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "31e2870ebfd892708e8c5f3aced96565e2456ed9"
-SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
+SRCREV_machine ?= "12f6a7187b3c8abab5e139dbfdf7f58f265f4169"
+SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.63"
+LINUX_VERSION ?= "5.10.78"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 7589d8e..e560c40 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "7f67141bca949eff8953f965c26475286d1a20cf"
-SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
+SRCREV_machine ?= "88b78bac3bf83e6b3ef08d77f895bba5128cc1cd"
+SRCREV_meta ?= "9e3ab4e615b651c1b63d4f0cce71da79a3e89763"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.144"
+LINUX_VERSION ?= "5.4.153"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index fc6acca..d3402f3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.63"
+LINUX_VERSION ?= "5.10.78"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "96ec3026283d29493f757a077f9c51e6d698c634"
-SRCREV_machine ?= "29ff88e6cdf170fbf71e27de32c09e4f6db95078"
-SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
+SRCREV_machine_qemuarm ?= "cdec5045c5323846adaf2510e539843d0cfe74ae"
+SRCREV_machine ?= "344c0c38f5b892312b0a1db7f613d2704dd4942f"
+SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 5ee1d35..e6e0ee7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.144"
+LINUX_VERSION ?= "5.4.153"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "08336ce8b4ebc2b21c28488c85098c6816f3d99f"
-SRCREV_machine ?= "8220749d3e8643091b118d93a857333e2c91a1eb"
-SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
+SRCREV_machine_qemuarm ?= "fed16a9b9cb56ce639eeddeedd756ad5207fa89e"
+SRCREV_machine ?= "942b0cc9a1ff13a66016167d4437f7694e96d04e"
+SRCREV_meta ?= "9e3ab4e615b651c1b63d4f0cce71da79a3e89763"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 49f9ef9..2652d01 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base"
KBRANCH_qemux86-64 ?= "v5.10/standard/base"
KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "36e0cc294f77cf72b01a1f9ea62bb13d1ab0693e"
-SRCREV_machine_qemuarm64 ?= "a1c9c936088b6cf4ec56f5180672d6f0e8e3b955"
-SRCREV_machine_qemumips ?= "4962920baaee3235448b48e992a3da0259dcfa57"
-SRCREV_machine_qemuppc ?= "57b30ad7f8a6c3be0ad8eac742476da3f97c23f3"
-SRCREV_machine_qemuriscv64 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine_qemuriscv32 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine_qemux86 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine_qemux86-64 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine_qemumips64 ?= "a615aa60bc10bea5262f2d65da7ddff4ba32146e"
-SRCREV_machine ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_meta ?= "bce2813b162bb472c137fb503951295a931c25b6"
+SRCREV_machine_qemuarm ?= "f98b917d7826304daeecf11cc52be2562a9304ff"
+SRCREV_machine_qemuarm64 ?= "13ff8a3ae368724e008e3bcd77833611de7962b2"
+SRCREV_machine_qemumips ?= "7b94dec2b0f5b582b97cdb3ac97fe153559869e4"
+SRCREV_machine_qemuppc ?= "652531fb0cc8eb3607109bb8d878253be2d3d534"
+SRCREV_machine_qemuriscv64 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
+SRCREV_machine_qemuriscv32 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
+SRCREV_machine_qemux86 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
+SRCREV_machine_qemux86-64 ?= "2daa192783edd4974da8e900c0dc93186e57a838"
+SRCREV_machine_qemumips64 ?= "4c817df0fd06350e18693551699c33361e16a193"
+SRCREV_machine ?= "2daa192783edd4974da8e900c0dc93186e57a838"
+SRCREV_meta ?= "a0238f7f4f2222d08bb18147bb5e24cc877b0546"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.63"
+LINUX_VERSION ?= "5.10.78"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index b600211..4418a85 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "78a2f9d323a755a34cdc96af4bcf61ffd32a3db0"
-SRCREV_machine_qemuarm64 ?= "aa6ec6934e35c8b0948f6b7c9bdbdef45d72be35"
-SRCREV_machine_qemumips ?= "a892524441b30e5e8c491e22e36e3473fc6a0fe0"
-SRCREV_machine_qemuppc ?= "784ca7c7837811123b5bd97cde964e45fbf5179b"
-SRCREV_machine_qemuriscv64 ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
-SRCREV_machine_qemux86 ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
-SRCREV_machine_qemux86-64 ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
-SRCREV_machine_qemumips64 ?= "d765ea7455bf978a9a86e8e90e032336b0baf887"
-SRCREV_machine ?= "e3134debcf01f0aa20103e22fe2ef5fc7c201120"
-SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
+SRCREV_machine_qemuarm ?= "7a9ca83b483c096e6bd5e1b99cca7fe2fb79fd1a"
+SRCREV_machine_qemuarm64 ?= "d2ea3664c5872b3046a2aa970035de51e359922f"
+SRCREV_machine_qemumips ?= "118685bb5211a7740de6bd419c68eb34728f8770"
+SRCREV_machine_qemuppc ?= "7e8785640416d3c6382f91a3f88e0eca14f0a8b5"
+SRCREV_machine_qemuriscv64 ?= "d54d61f9e363806a987c9ab01df0e66a31d4ead5"
+SRCREV_machine_qemux86 ?= "d54d61f9e363806a987c9ab01df0e66a31d4ead5"
+SRCREV_machine_qemux86-64 ?= "d54d61f9e363806a987c9ab01df0e66a31d4ead5"
+SRCREV_machine_qemumips64 ?= "bd5e23a14522aa81e0f0ee37f976edd108669eb5"
+SRCREV_machine ?= "d54d61f9e363806a987c9ab01df0e66a31d4ead5"
+SRCREV_meta ?= "9e3ab4e615b651c1b63d4f0cce71da79a3e89763"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.144"
+LINUX_VERSION ?= "5.4.153"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/powertop/powertop_2.13.bb b/meta/recipes-kernel/powertop/powertop_2.13.bb
index 8c7e78f..dc9c77f 100644
--- a/meta/recipes-kernel/powertop/powertop_2.13.bb
+++ b/meta/recipes-kernel/powertop/powertop_2.13.bb
@@ -6,7 +6,7 @@ DEPENDS = "ncurses libnl pciutils autoconf-archive"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
-SRC_URI = "git://github.com/fenrus75/powertop;protocol=https \
+SRC_URI = "git://github.com/fenrus75/powertop;protocol=https;branch=master \
file://0001-wakeup_xxx.h-include-limits.h.patch \
"
SRCREV = "184cee06b2d64679bae5f806fe0a218827fdde99"
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.inc b/meta/recipes-kernel/systemtap/systemtap_git.inc
index 73fba98..38bdbe3 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.inc
+++ b/meta/recipes-kernel/systemtap/systemtap_git.inc
@@ -3,7 +3,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRCREV = "988f439af39a359b4387963ca4633649866d8275"
PV = "4.4"
-SRC_URI = "git://sourceware.org/git/systemtap.git \
+SRC_URI = "git://sourceware.org/git/systemtap.git;branch=master \
file://0001-Do-not-let-configure-write-a-python-location-into-th.patch \
file://0001-Install-python-modules-to-correct-library-dir.patch \
file://0001-staprun-stapbpf-don-t-support-installing-a-non-root.patch \
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb
index f79c0b2..b1cad01 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.04.21.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.08.28.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa"
+SRC_URI[sha256sum] = "cff370c410d1e6d316ae0a7fa8ac6278fdf1efca5d3d664aca7cfd2aafa54446"
inherit bin_package allarch
@@ -41,3 +41,7 @@ do_install_append_class-native() {
RSUGGESTS_${PN} = "crda"
BBCLASSEXTEND = "native"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb
index 26542fb..0d4a30a 100644
--- a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb
+++ b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb
@@ -20,3 +20,7 @@ do_install() {
PACKAGES = "${PN}"
FILES_${PN} = "*"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb
index 32cf41c..7787dad 100644
--- a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb
+++ b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb
@@ -21,3 +21,7 @@ do_install() {
PACKAGES = "${PN}"
FILES_${PN} = "*"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-multimedia/x264/x264_git.bb b/meta/recipes-multimedia/x264/x264_git.bb
index f95fb0c..448d632 100644
--- a/meta/recipes-multimedia/x264/x264_git.bb
+++ b/meta/recipes-multimedia/x264/x264_git.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
DEPENDS = "nasm-native"
-SRC_URI = "git://github.com/mirror/x264;branch=stable \
+SRC_URI = "git://github.com/mirror/x264;branch=stable;protocol=https \
file://don-t-default-to-cortex-a9-with-neon.patch \
file://Fix-X32-build-by-disabling-asm.patch \
"
diff --git a/meta/recipes-sato/l3afpad/l3afpad_git.bb b/meta/recipes-sato/l3afpad/l3afpad_git.bb
index 85c2c50..4d5d299 100644
--- a/meta/recipes-sato/l3afpad/l3afpad_git.bb
+++ b/meta/recipes-sato/l3afpad/l3afpad_git.bb
@@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
DEPENDS = "gtk+3 intltool-native gettext-native"
PV = "0.8.18.1.11+git${SRCPV}"
-SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git"
+SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git;branch=master;protocol=https"
SRCREV ="3cdccdc9505643e50f8208171d9eee5de11a42ff"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb b/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb
index 547e851..5733a36 100644
--- a/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb
+++ b/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb
@@ -11,7 +11,7 @@ RDEPENDS_${PN} = "settings-daemon"
# SRCREV tagged 0.2
SRCREV = "ef2192ce98d9374ffdad5f78544c3f8f353c16aa"
-SRC_URI = "git://git.yoctoproject.org/${BPN} \
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \
file://no-handed.patch"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
diff --git a/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb b/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb
index d775b5c..71fb238 100644
--- a/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb
+++ b/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb
@@ -13,7 +13,7 @@ SECTION = "x11/wm"
# SRCREV tagged 2.2
SRCREV = "6bc67d09da4147e5552fe30011a05a2c59d2f777"
-SRC_URI = "git://git.yoctoproject.org/${BPN}-2 \
+SRC_URI = "git://git.yoctoproject.org/${BPN}-2;branch=master \
file://vfolders/ \
"
diff --git a/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb b/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb
index c659964..54fe578 100644
--- a/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb
+++ b/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb
@@ -23,7 +23,7 @@ RPROVIDES_${PN} = "matchbox-panel"
RREPLACES_${PN} = "matchbox-panel"
RCONFLICTS_${PN} = "matchbox-panel"
-SRC_URI = "git://git.yoctoproject.org/${BPN} \
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \
file://0001-applets-systray-Allow-icons-to-be-smaller.patch \
"
diff --git a/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb b/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb
index 9f00281..e2e81c2 100644
--- a/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb
+++ b/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb
@@ -11,7 +11,7 @@ SECTION = "x11/utils"
#SRCREV tagged 0.2
SRCREV = "161276d0f5d1be8187010fd0d9581a6feca70ea5"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb b/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb
index 7a043d3..bc40247 100644
--- a/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb
+++ b/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb
@@ -2,7 +2,7 @@ require matchbox-theme-sato.inc
# SRCREV tagged 0.2
SRCREV = "df085ba9cdaeaf2956890b0e29d7ea1779bf6c78"
-SRC_URI = "git://git.yoctoproject.org/matchbox-sato"
+SRC_URI = "git://git.yoctoproject.org/matchbox-sato;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/pulseaudio-sato/pulseaudio-client-conf-sato_1.bb b/meta/recipes-sato/pulseaudio-sato/pulseaudio-client-conf-sato_1.bb
index e27339f..cfba207 100644
--- a/meta/recipes-sato/pulseaudio-sato/pulseaudio-client-conf-sato_1.bb
+++ b/meta/recipes-sato/pulseaudio-sato/pulseaudio-client-conf-sato_1.bb
@@ -15,3 +15,7 @@ do_install() {
FILES_${PN} = "${sysconfdir}/pulse/client.conf.d/50-sato.conf"
CONFFILES_${PN} = "${sysconfdir}/pulse/client.conf.d/50-sato.conf"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb b/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb
index 2b1f513..7e76122 100644
--- a/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb
+++ b/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb
@@ -11,7 +11,7 @@ DEPENDS = "matchbox-panel-2 gtk+3"
# SRCREV tagged 0.3
SRCREV = "9250fa5a012d84ff45984e8c4345ee7635227756"
-SRC_URI = "git://git.yoctoproject.org/screenshot"
+SRC_URI = "git://git.yoctoproject.org/screenshot;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
index d01177f..19c4a73 100644
--- a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
+++ b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
@@ -9,7 +9,7 @@ SECTION = "x11"
# SRCREV tagged 0.0.2
SRCREV = "b2e5da502f8c5ff75e9e6da771372ef8e40fd9a2"
-SRC_URI = "git://git.yoctoproject.org/xsettings-daemon \
+SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;branch=master \
file://addsoundkeys.patch \
file://70settings-daemon.sh \
"
diff --git a/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb b/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb
index 28d5096..08d3c3f 100644
--- a/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb
+++ b/meta/recipes-sato/shutdown-desktop/shutdown-desktop.bb
@@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
SRC_URI = "file://shutdown.desktop"
-PR = "r1"
+PR = "r2"
S = "${WORKDIR}"
@@ -22,3 +22,6 @@ pkg_postinst_${PN} () {
}
inherit allarch
+
+# remove at next version upgrade or when output changes
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb
index 611c0fb..70ce12a 100644
--- a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb
+++ b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb
@@ -9,7 +9,7 @@ SECTION = "console/utils"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/intel/${BPN}"
+SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https"
SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/boost/boost-build-native_4.3.0.bb b/meta/recipes-support/boost/boost-build-native_4.3.0.bb
index 00f3a86..f09ff48 100644
--- a/meta/recipes-support/boost/boost-build-native_4.3.0.bb
+++ b/meta/recipes-support/boost/boost-build-native_4.3.0.bb
@@ -6,7 +6,7 @@ SECTION = "devel"
LICENSE = "BSL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
-SRC_URI = "git://github.com/boostorg/build;protocol=https"
+SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master"
SRCREV = "632ea768f3eb225b4472c5ed6d20afee708724ad"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+){2,}))"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
new file mode 100644
index 0000000..5c4a32f
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -0,0 +1,80 @@
+From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 18 Oct 2021 12:05:49 +0200
+Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
+ certificates."
+
+This avoids a dependency on python3-cryptography, and only checks
+for expired certs (which is upstream concern, but not ours).
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ debian/changelog | 1 -
+ debian/control | 2 +-
+ mozilla/certdata2pem.py | 11 -----------
+ 3 files changed, 1 insertion(+), 13 deletions(-)
+
+diff --git a/debian/changelog b/debian/changelog
+index 531e4d0..4006509 100644
+--- a/debian/changelog
++++ b/debian/changelog
+@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
+ - "Trustis FPS Root CA"
+ - "Staat der Nederlanden Root CA - G3"
+ * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
+- * mozilla/certdata2pem.py: print a warning for expired certificates.
+
+ -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
+
+diff --git a/debian/control b/debian/control
+index 4434b7a..5c6ba24 100644
+--- a/debian/control
++++ b/debian/control
+@@ -3,7 +3,7 @@ Section: misc
+ Priority: optional
+ Maintainer: Julien Cristau <jcristau@debian.org>
+ Build-Depends: debhelper-compat (= 13), po-debconf
+-Build-Depends-Indep: python3, openssl, python3-cryptography
++Build-Depends-Indep: python3, openssl
+ Standards-Version: 4.5.0.2
+ Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
+ Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
+diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
+index ede23d4..7d796f1 100644
+--- a/mozilla/certdata2pem.py
++++ b/mozilla/certdata2pem.py
+@@ -21,16 +21,12 @@
+ # USA.
+
+ import base64
+-import datetime
+ import os.path
+ import re
+ import sys
+ import textwrap
+ import io
+
+-from cryptography import x509
+-
+-
+ objects = []
+
+ # Dirty file parser.
+@@ -121,13 +117,6 @@ for obj in objects:
+ if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
+ if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+ continue
+-
+- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+- if cert.not_valid_after < datetime.datetime.now():
+- print('!'*74)
+- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+- print('!'*74)
+-
+ bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+ .replace(' ', '_')\
+ .replace('(', '=')\
+--
+2.20.1
+
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
deleted file mode 100644
index f343ebf..0000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-sbin/Makefile: Allow the sbin path to be configurable
-
-Some project sharing ca-certificates from Debian allow configuration
-of the installation location. Make the sbin location configurable.
-
-Also ensure the target directory exists
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5]
-
---- ca-certificates-20130119.orig/sbin/Makefile
-+++ ca-certificates-20130119/sbin/Makefile
-@@ -3,9 +3,12 @@
- #
- #
-
-+SBINDIR = /usr/sbin
-+
- all:
-
- clean:
-
- install:
-- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
-+ install -d $(DESTDIR)$(SBINDIR)
-+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch
deleted file mode 100644
index f787909..0000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir
-
-According to coreutils docs, mktemp -t is deprecated, switch to the
---tmpdir option instead.
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5]
-
-[This was originally for compatibility with toybox but toybox now
-supports -t]
----
- sbin/update-ca-certificates | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 79c41bb..ae9e3f1 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -113,9 +113,9 @@ trap cleanup 0
-
- # Helper files. (Some of them are not simple arrays because we spawn
- # subshells later on.)
--TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
--ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
--REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
-+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")"
-+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
-+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
-
- # Adds a certificate to the list of trusted ones. This includes a symlink
- # in /etc/ssl/certs to the certificate file and its inclusion into the
---
-2.1.4
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
index 7dcc86f..a54d6b4 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
@@ -14,15 +14,14 @@ DEPENDS_class-nativesdk = "openssl-native"
# Need rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
-SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
+SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
-SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
+SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
file://0002-update-ca-certificates-use-SYSROOT.patch \
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
- file://update-ca-certificates-support-Toybox.patch \
file://default-sysroot.patch \
- file://sbindir.patch \
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
+ file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
diff --git a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb
index 9005bde..e0a5499 100644
--- a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb
+++ b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb
@@ -8,7 +8,7 @@ SECTION = "support"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING.txt;md5=8a7c3499a1142df819e727253cd53a12"
-SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix"
+SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))"
SRCREV = "72596f0ae21faa25a07a872d4843bc885475115d"
diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb
index e5c69c0..19f32e8 100644
--- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb
+++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2018.1.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \
file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4"
-SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http"
+SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http;branch=master"
SRCREV = "4decade67b29ad170fcf3de148e41695fc459f48"
DEPENDS = "glib-2.0"
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.27.bb b/meta/recipes-support/gnupg/gnupg_2.2.27.bb
index 1181c83..18bb855 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.27.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.27.bb
@@ -32,6 +32,7 @@ EXTRA_OECONF = "--disable-ldap \
--with-zlib=${STAGING_LIBDIR}/.. \
--with-bzip2=${STAGING_LIBDIR}/.. \
--with-readline=${STAGING_LIBDIR}/.. \
+ --with-mailprog=${sbindir}/sendmail \
--enable-gpg-is-gpg2 \
"
diff --git a/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch b/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch
new file mode 100644
index 0000000..1c46684
--- /dev/null
+++ b/meta/recipes-support/gpgme/gpgme/0001-use-closefrom-on-linux-and-glibc-2.34.patch
@@ -0,0 +1,24 @@
+From adb1d4e5498a19e9d591ac8f42f9ddfdb23a1354 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 15 Jul 2021 12:33:13 -0700
+Subject: [PATCH] use closefrom() on linux and glibc 2.34+
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/posix-io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/posix-io.c b/src/posix-io.c
+index e712ef2..ab8ded9 100644
+--- a/src/posix-io.c
++++ b/src/posix-io.c
+@@ -570,7 +570,7 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags,
+ if (fd_list[i].fd > fd)
+ fd = fd_list[i].fd;
+ fd++;
+-#if defined(__sun) || defined(__FreeBSD__)
++#if defined(__sun) || defined(__FreeBSD__) || (defined(__GLIBC__) && __GNUC_PREREQ(2, 34))
+ closefrom (fd);
+ max_fds = fd;
+ #else /*!__sun */
diff --git a/meta/recipes-support/gpgme/gpgme_1.15.1.bb b/meta/recipes-support/gpgme/gpgme_1.15.1.bb
index dc38aa8..f207e81 100644
--- a/meta/recipes-support/gpgme/gpgme_1.15.1.bb
+++ b/meta/recipes-support/gpgme/gpgme_1.15.1.bb
@@ -20,7 +20,8 @@ SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \
file://0006-fix-build-path-issue.patch \
file://0007-python-Add-variables-to-tests.patch \
file://0008-do-not-auto-check-var-PYTHON.patch \
- "
+ file://0001-use-closefrom-on-linux-and-glibc-2.34.patch \
+ "
SRC_URI[sha256sum] = "eebc3c1b27f1c8979896ff361ba9bb4778b508b2496c2fc10e3775a40b1de1ad"
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb
index f915716..cd27fb0 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.6.0.bb
@@ -20,3 +20,7 @@ S = "${WORKDIR}/git"
inherit allarch autotools
FILES_${PN} += "${datadir}/xml/"
+
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
diff --git a/meta/recipes-support/libgit2/libgit2_1.1.0.bb b/meta/recipes-support/libgit2/libgit2_1.1.0.bb
index 2bbf59e..9b2eec9 100644
--- a/meta/recipes-support/libgit2/libgit2_1.1.0.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.1.0.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1;protocol=https"
SRCREV = "7f4fa178629d559c037a1f72f79f79af9c1ef8ce"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb b/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
index 197bb78..f335abb 100644
--- a/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
+++ b/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.1.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \
file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \
file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
"
-SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git"
+SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git;branch=master;protocol=https"
SRCREV = "747bf030b0ea9c44548b4e29bcfab7ae416675fc"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/libunistring/libunistring_0.9.10.bb b/meta/recipes-support/libunistring/libunistring_0.9.10.bb
index 0a7b18e..589faac 100644
--- a/meta/recipes-support/libunistring/libunistring_0.9.10.bb
+++ b/meta/recipes-support/libunistring/libunistring_0.9.10.bb
@@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \
file://README;beginline=45;endline=65;md5=08287d16ba8d839faed8d2dc14d7d6a5 \
file://doc/libunistring.texi;md5=287fa6075f78a3c85c1a52b0a92547cd \
"
+DEPENDS = "gperf-native"
SRC_URI = "${GNU_MIRROR}/libunistring/libunistring-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.3.bb
index 9d5dc02..1586702 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.3.bb
@@ -12,7 +12,7 @@ PE = "1"
SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
-SRC_URI = "git://github.com/lz4/lz4.git;branch=release \
+SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
file://run-ptest \
file://CVE-2021-3520.patch \
"
diff --git a/meta/recipes-support/numactl/numactl_git.bb b/meta/recipes-support/numactl/numactl_git.bb
index 6c8a667..a0e7225 100644
--- a/meta/recipes-support/numactl/numactl_git.bb
+++ b/meta/recipes-support/numactl/numactl_git.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e
SRCREV = "dd6de072c92c892a86e18c0fd0dfa1ba57a9a05d"
PV = "2.0.14"
-SRC_URI = "git://github.com/numactl/numactl \
+SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \
file://Fix-the-test-output-format.patch \
file://Makefile \
file://run-ptest \
diff --git a/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
index 623afcc..5f1b73e 100644
--- a/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
+++ b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
@@ -10,7 +10,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi"
DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
-SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23"
+SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23;protocol=https"
SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
index b14b947..6544b37 100644
--- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
+++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa"
PV .= "+git${SRCPV}"
-SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \
+SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service
index 0559b97..568686e 100644
--- a/meta/recipes-support/rng-tools/rng-tools/rngd.service
+++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service
@@ -3,6 +3,7 @@ Description=Hardware RNG Entropy Gatherer Daemon
DefaultDependencies=no
After=systemd-udev-settle.service
Before=sysinit.target shutdown.target
+Wants=systemd-udev-settle.service
Conflicts=shutdown.target
[Service]
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.11.bb b/meta/recipes-support/rng-tools/rng-tools_6.11.bb
index 61a0cef..bc98efa 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.11.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.11.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "sysfsutils openssl"
SRC_URI = "\
- git://github.com/nhorman/rng-tools.git \
+ git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \
file://init \
file://default \
file://rngd.service \
diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index ff32259..9eb70b7 100644
--- a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native"
-SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https"
+SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master"
SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70"
PV = "2.1"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/vim/files/CVE-2021-3872.patch b/meta/recipes-support/vim/files/CVE-2021-3872.patch
new file mode 100644
index 0000000..f0f3093
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3872.patch
@@ -0,0 +1,57 @@
+From 132d060ffbb9651f0d79bd0b6d80cab460235a99 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Fri, 12 Nov 2021 02:56:51 +0000
+Subject: [PATCH] patch 8.2.3487: illegal memory access if buffer name is very
+ long
+
+Problem: Illegal memory access if buffer name is very long.
+Solution: Make sure not to go over the end of the buffer.
+
+CVE: CVE-2021-3872
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/drawscreen.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/drawscreen.c b/src/drawscreen.c
+index 3a88ee979..9acb70552 100644
+--- a/src/drawscreen.c
++++ b/src/drawscreen.c
+@@ -446,13 +446,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
+ *(p + len++) = ' ';
+ if (bt_help(wp->w_buffer))
+ {
+- STRCPY(p + len, _("[Help]"));
++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
+ len += (int)STRLEN(p + len);
+ }
+ #ifdef FEAT_QUICKFIX
+ if (wp->w_p_pvw)
+ {
+- STRCPY(p + len, _("[Preview]"));
++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
+ len += (int)STRLEN(p + len);
+ }
+ #endif
+@@ -462,12 +462,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
+ #endif
+ )
+ {
+- STRCPY(p + len, "[+]");
+- len += 3;
++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
++ len += (int)STRLEN(p + len);
+ }
+ if (wp->w_buffer->b_p_ro)
+ {
+- STRCPY(p + len, _("[RO]"));
++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
+ len += (int)STRLEN(p + len);
+ }
+
+--
+2.31.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2021-3875.patch b/meta/recipes-support/vim/files/CVE-2021-3875.patch
new file mode 100644
index 0000000..d62d875f
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3875.patch
@@ -0,0 +1,37 @@
+From 40aa9802ef56d3cdbe256b4c9e58049953051a2d Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Mon, 15 Nov 2021 14:34:50 +0800
+Subject: [PATCH] patch 8.2.3489: ml_get error after search with range
+
+Problem: ml_get error after search with range.
+Solution: Limit the line number to the buffer line count.
+
+CVE: CVE-2021-3875
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/ex_docmd.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index fb07450f8..89d33ba90 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -3586,8 +3586,10 @@ get_address(
+
+ // When '/' or '?' follows another address, start from
+ // there.
+- if (lnum != MAXLNUM)
+- curwin->w_cursor.lnum = lnum;
++ if (lnum > 0 && lnum != MAXLNUM)
++ curwin->w_cursor.lnum =
++ lnum > curbuf->b_ml.ml_line_count
++ ? curbuf->b_ml.ml_line_count : lnum;
+
+ // Start a forward search at the end of the line (unless
+ // before the first line).
+--
+2.17.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2021-3903.patch b/meta/recipes-support/vim/files/CVE-2021-3903.patch
new file mode 100644
index 0000000..fb45857
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3903.patch
@@ -0,0 +1,38 @@
+From a366598006f4d7bf9b4fbcd334a2e5078dcb6ad8 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Fri, 12 Nov 2021 02:23:38 +0000
+Subject: [PATCH] =?UTF-8?q?patch=208.2.3564:=20invalid=20memory=20access?=
+ =?UTF-8?q?=20when=20scrolling=20without=20valid=20sc=E2=80=A6?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+…reen
+
+Problem: Invalid memory access when scrolling without a valid screen.
+Solution: Do not set VALID_BOTLINE in w_valid.
+
+CVE: CVE-2021-3903
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/move.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/move.c b/src/move.c
+index 8e53d8bcb..10165ef4d 100644
+--- a/src/move.c
++++ b/src/move.c
+@@ -198,7 +198,6 @@ update_topline(void)
+ {
+ curwin->w_topline = curwin->w_cursor.lnum;
+ curwin->w_botline = curwin->w_topline;
+- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP;
+ curwin->w_scbind_pos = 1;
+ return;
+ }
+--
+2.31.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2021-3927.patch b/meta/recipes-support/vim/files/CVE-2021-3927.patch
new file mode 100644
index 0000000..90b1b6b
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3927.patch
@@ -0,0 +1,32 @@
+From f334a87204b4aab76536063b37b4d4a10be46a3a Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 17 Nov 2021 11:09:48 +0800
+Subject: [PATCH] patch 8.2.3581: reading character past end of line
+
+Problem: Reading character past end of line.
+Solution: Correct the cursor column.
+
+CVE: CVE-2021-3927
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/ex_docmd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index 89d33ba90..54d7f4cb3 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap)
+ eap->forceit = TRUE;
+ }
+ curwin->w_cursor.lnum = eap->line2;
++ check_cursor_col();
+ do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L,
+ PUT_LINE|PUT_CURSLINE);
+ }
+--
+2.17.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2021-3928.patch b/meta/recipes-support/vim/files/CVE-2021-3928.patch
new file mode 100644
index 0000000..8672367
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3928.patch
@@ -0,0 +1,34 @@
+From ad7f7a3f81077ddfac451acd33ca049b9f2a5178 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 17 Nov 2021 11:22:21 +0800
+Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving
+ spell suggestions
+
+Problem: Reading uninitialized memory when giving spell suggestions.
+Solution: Check that preword is not empty.
+
+CVE: CVE-2021-3928
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/spellsuggest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/spellsuggest.c b/src/spellsuggest.c
+index 9d6df7930..88307b203 100644
+--- a/src/spellsuggest.c
++++ b/src/spellsuggest.c
+@@ -1600,7 +1600,7 @@ suggest_trie_walk(
+ // char, e.g., "thes," -> "these".
+ p = fword + sp->ts_fidx;
+ MB_PTR_BACK(fword, p);
+- if (!spell_iswordp(p, curwin))
++ if (!spell_iswordp(p, curwin) && *preword != NUL)
+ {
+ p = preword + STRLEN(preword);
+ MB_PTR_BACK(preword, p);
+--
+2.17.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index e04c653..8640061 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -11,7 +11,7 @@ RSUGGESTS_${PN} = "diffutils"
LICENSE = "vim"
LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a"
-SRC_URI = "git://github.com/vim/vim.git \
+SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://disable_acl_header_check.patch \
file://vim-add-knob-whether-elf.h-are-checked.patch \
file://0001-src-Makefile-improve-reproducibility.patch \
@@ -20,6 +20,11 @@ SRC_URI = "git://github.com/vim/vim.git \
file://CVE-2021-3778.patch \
file://CVE-2021-3796.patch \
file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \
+ file://CVE-2021-3903.patch \
+ file://CVE-2021-3872.patch \
+ file://CVE-2021-3875.patch \
+ file://CVE-2021-3927.patch \
+ file://CVE-2021-3928.patch \
"
SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
diff --git a/meta/recipes-support/xxhash/xxhash_0.8.0.bb b/meta/recipes-support/xxhash/xxhash_0.8.0.bb
index 9e38872..daa1bc2 100644
--- a/meta/recipes-support/xxhash/xxhash_0.8.0.bb
+++ b/meta/recipes-support/xxhash/xxhash_0.8.0.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/"
LICENSE = "BSD-2-Clause & GPL-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b335320506abb0505437e39295e799cb"
-SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=git"
+SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
SRCREV = "94e5f23e736f2bb67ebdf90727353e65344f9fc0"
diff --git a/scripts/contrib/convert-srcuri.py b/scripts/contrib/convert-srcuri.py
new file mode 100755
index 0000000..5873923
--- /dev/null
+++ b/scripts/contrib/convert-srcuri.py
@@ -0,0 +1,77 @@
+#!/usr/bin/env python3
+#
+# Conversion script to update SRC_URI to add branch to git urls
+#
+# Copyright (C) 2021 Richard Purdie
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+import re
+import os
+import sys
+import tempfile
+import shutil
+import mimetypes
+
+if len(sys.argv) < 2:
+ print("Please specify a directory to run the conversion script against.")
+ sys.exit(1)
+
+def processfile(fn):
+ def matchline(line):
+ if "MIRROR" in line or ".*" in line or "GNOME_GIT" in line:
+ return False
+ return True
+ print("processing file '%s'" % fn)
+ try:
+ if "distro_alias.inc" in fn or "linux-yocto-custom.bb" in fn:
+ return
+ fh, abs_path = tempfile.mkstemp()
+ modified = False
+ with os.fdopen(fh, 'w') as new_file:
+ with open(fn, "r") as old_file:
+ for line in old_file:
+ if ("git://" in line or "gitsm://" in line) and "branch=" not in line and matchline(line):
+ if line.endswith('"\n'):
+ line = line.replace('"\n', ';branch=master"\n')
+ elif re.search('\s*\\\\$', line):
+ line = re.sub('\s*\\\\$', ';branch=master \\\\', line)
+ modified = True
+ if ("git://" in line or "gitsm://" in line) and "github.com" in line and "protocol=https" not in line and matchline(line):
+ if "protocol=git" in line:
+ line = line.replace('protocol=git', 'protocol=https')
+ elif line.endswith('"\n'):
+ line = line.replace('"\n', ';protocol=https"\n')
+ elif re.search('\s*\\\\$', line):
+ line = re.sub('\s*\\\\$', ';protocol=https \\\\', line)
+ modified = True
+ new_file.write(line)
+ if modified:
+ shutil.copymode(fn, abs_path)
+ os.remove(fn)
+ shutil.move(abs_path, fn)
+ except UnicodeDecodeError:
+ pass
+
+ourname = os.path.basename(sys.argv[0])
+ourversion = "0.1"
+
+if os.path.isfile(sys.argv[1]):
+ processfile(sys.argv[1])
+ sys.exit(0)
+
+for targetdir in sys.argv[1:]:
+ print("processing directory '%s'" % targetdir)
+ for root, dirs, files in os.walk(targetdir):
+ for name in files:
+ if name == ourname:
+ continue
+ fn = os.path.join(root, name)
+ if os.path.islink(fn):
+ continue
+ if "/.git/" in fn or fn.endswith(".html") or fn.endswith(".patch") or fn.endswith(".m4") or fn.endswith(".diff"):
+ continue
+ processfile(fn)
+
+print("All files processed with version %s" % ourversion)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 566c753..116bdfd 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -389,6 +389,9 @@ def reformat_git_uri(uri):
parms.update({('protocol', 'ssh')})
elif (scheme == "http" or scheme == 'https' or scheme == 'ssh') and not ('protocol' in parms):
parms.update({('protocol', scheme)})
+ # We assume 'master' branch if not set
+ if not 'branch' in parms:
+ parms.update({('branch', 'master')})
# Always append 'git://'
fUrl = bb.fetch2.encodeurl(('git', host, path, user, pswd, parms))
return fUrl
diff --git a/scripts/lib/wic/help.py b/scripts/lib/wic/help.py
index bd3a2b9..9c2d699 100644
--- a/scripts/lib/wic/help.py
+++ b/scripts/lib/wic/help.py
@@ -840,8 +840,8 @@ DESCRIPTION
meanings. The commands are based on the Fedora kickstart
documentation but with modifications to reflect wic capabilities.
- http://fedoraproject.org/wiki/Anaconda/Kickstart#part_or_partition
- http://fedoraproject.org/wiki/Anaconda/Kickstart#bootloader
+ https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#part-or-partition
+ https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader
Commands
diff --git a/scripts/oe-pkgdata-browser b/scripts/oe-pkgdata-browser
index 8d22318..65a6ee9 100755
--- a/scripts/oe-pkgdata-browser
+++ b/scripts/oe-pkgdata-browser
@@ -236,6 +236,8 @@ class PkgUi():
update_deps("RPROVIDES", "Provides: ", self.provides_label, clickable=False)
def load_recipes(self):
+ if not os.path.exists(pkgdata):
+ sys.exit("Error: Please ensure %s exists by generating packages before using this tool." % pkgdata)
for recipe in sorted(os.listdir(pkgdata)):
if os.path.isfile(os.path.join(pkgdata, recipe)):
self.recipe_iters[recipe] = self.recipe_store.append([recipe])